Re: [squid-users] Squid reverse proxy with cache.

this works only with squid 2.7
if you are using squid 2.7 stable 7 and newer please remove the
stale-while-revalidate

On 03/29/2011 10:52 AM, Morgan Storey wrote:
> I think I am already using it;
>
> I have also played with the cache control setting in IIS, I get the below if
> I wget the index on the webserver:
>
> Server: Microsoft-IIS/6.0
> X-Powered-By: ASP.NET
> Cache-Control: public, max-age=5,stale-while-revalidate=600,
> stale-if-error=36000
> Set-Cookie: ASP.NET_SessionId=fdlkjayuf98dsfgnkjdsl7; path=/; HttpOnly
> Cache-Control: private
>
> 2011/3/29 George Halkias<admin_at_atcom.gr>:
>
>> Use stale-if-error cache directive!
>>
>> http://www.mnot.net/blog/2007/12/12/stale
>>
>> -----Original Message-----
>> From: Morgan Storey [mailto:me_at_morganstorey.com]
>> Sent: Tuesday, March 29, 2011 10:42 AM
>> To: squid-users_at_squid-cache.org
>> Subject: Re: [squid-users] Squid reverse proxy with cache.
>>
>> Anyone got any other ideas on why this isn't delving into the cache
>> when the backend server is down?
>>
>> On Tue, Mar 22, 2011 at 10:37 AM, Morgan Storey<me_at_morganstorey.com> wrote:
>>
>>> Thanks Amos I tried your suggestions, still no good when the webserver
>>> is offline. I get only a single line in the cache.log "2011/03/22
>>> 10:28:50| TCP connection to myAccel (10.0.0.18:80) failed"
>>> I have put the squid.conf in the email to make corrections easier (I
>>> have tried that offline mode on but it doesn't seem to work);
>>>
>>> dns_nameservers 10.0.0.2 10.0.0.1
>>>
>>> cache_dir ufs d:/cache 8000 100 256
>>> cache_mem 512 MB
>>> maximum_object_size_in_memory 10240 KB
>>>
>>> access_log e:/squidlogs/access.log squid
>>> cache_log e:/squidlogs/cache.log
>>> cache_store_log e:/squidlogs/store.log
>>> logfile_rotate 10
>>>
>>>
>>> acl all src all
>>> acl manager proto cache_object
>>> acl localhost src 127.0.0.1/32
>>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
>>> acl localnet src all # RFC1918 possible internal network
>>>
>>> acl SSL_ports port 443
>>> acl Safe_ports port 80 # http
>>> acl Safe_ports port 443 # https
>>> acl CONNECT method CONNECT
>>>
>>> ##############################################################
>>>
>>> http_port 80 accel defaultsite=www.site.com vhost
>>>
>>> # proxy icp
>>> # hostname type port port options
>>> # -------------------- -------- ----- ----- -----------
>>> cache_peer 10.0.0.18 parent 80 0 no-query originserver name=myAccel
>>>
>>>
>>> acl our_sites dstdomain www.site.com
>>> forwarded_for on
>>>
>>> http_access allow our_sites
>>> cache_peer_access myAccel allow our_sites
>>> cache_peer_access myAccel deny all
>>>
>>> cache_effective_group proxy
>>>
>>> ##############################################################
>>>
>>> #
>>> #Allow ICP queries from All
>>> icp_access allow all
>>>
>>> # TAG: max_stale time-units
>>> # This option puts an upper limit on how stale content Squid
>>> # will serve from the cache if cache validation fails.
>>> #
>>> #Default:
>>> max_stale 1 week
>>>
>>> #Suggested default:
>>> #refresh_pattern ^ftp: 1440 20% 10080
>>> #refresh_pattern ^gopher: 1440 0% 1440
>>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>>> refresh_pattern -i (/umbraco/|\?) 0 0% 0
>>> refresh_pattern . 120 20% 4320
>>>
>>> acl QUERY urlpath_regex umbraco \?
>>> acl POST method POST
>>> no_cache deny QUERY
>>> no_cache deny POST
>>>
>>> # TIMEOUTS
>>> forward_timeout 15 seconds
>>>
>>> # Do not tell the world that which squid version we're running
>>> httpd_suppress_version_string on
>>>
>>> # Remove the Caching Control header for upstream servers
>>> header_access Cache-Control deny all
>>>
>>> cache_mgr someone_at_somewhere.com
>>>
>>> #offline_mode on
>>>
>>>
>>> On Mon, Mar 21, 2011 at 10:26 PM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
>>>
>>>> On 21/03/11 21:44, Morgan Storey wrote:
>>>>
>>>
>>>> Some notes on those configs:
>>>>
>>>> (squid1)
>>>> * You can deny CONNECT entirely. It should never happen to a reverse-proxy.
>>>> They get native HTTPS connections to their https_port.
>>>>
>>>> * Your reverse-proxy settings, for cache_peer and the related http_access
>>>> rule MUST be above the default forward-proxy rules. Since this appears to be
>>>> a pure reverse-proxy you can drop the default config file http_access lines
>>>> entirely.
>>>> NP: do that and I believe your Squid will stop needing to wait for DNS. It
>>>> only uses it now to check the localnet ACL :)
>>>>
>>>> * header_access is not a very safe thing to do for Squid-2. It affects both
>>>> the client request headers passed to your main server AND the reply headers
>>>> destined for the visitor.
>>>> refresh_pattern flag "reload-into-ims" is much safer and helps avoid the
>>>> forced reload clients sometimes send.
>>>>
>>>> (squid2)
>>>> * you are missing the http_access reverse-proxy settings. squid1 was
>>>> better.
>>>>
>>>>
>>>> Amos
>>>> --
>>>> Please be using
>>>> Current Stable Squid 2.7.STABLE9 or 3.1.11
>>>> Beta testers wanted for 3.2.0.5
>>>>
>>>>
>>>
>>
Received on Tue Mar 29 2011 - 07:55:17 MDT