Re: [squid-users] Squid not caching

 On Tue, 21 Jun 2011 22:15:12 -0300, Fabiano Carlos Heringer wrote:
> Hi,
>
> My squid is not caching any content, all request is TCP_MISS/200,
>

 Version?

> Below my config:
>
> http_port 10.0.0.1:3128
> http_port 127.0.0.1:80 transparent
> icp_port 0
>
> pid_filename /var/run/squid.pid
> cache_effective_user proxy
> cache_effective_group proxy
> error_directory /usr/local/etc/squid/errors/Portuguese
> icon_directory /usr/local/etc/squid/icons
> visible_hostname localhost
> cache_mgr admin_at_localhost
> access_log /var/squid/logs/access.log
> cache_log /var/squid/logs/cache.log
> cache_store_log none
> logfile_rotate 2
> shutdown_lifetime 3 seconds
> # Allow local network(s) on interface(s)
> acl localnet src 10.0.0.0/255.255.255.0
> uri_whitespace strip
> cache_mem 24 MB
> maximum_object_size_in_memory 900 KB
> memory_replacement_policy lru
> cache_replacement_policy lru
> cache_dir ufs /var/squid/cache 100 16 256
> minimum_object_size 512 KB

 This is a global limit. No object smaller than 512 KB may be stored by
 this Squid.

> maximum_object_size 200 bytes

 This is a global limit. No object greater than 200 bytes may be stored
 by this Squid.

 Between them your limits will erase all objects your Squid gets a
 request for.

> offline_mode off
> cache_swap_low 90
> cache_swap_high 95
> acl all src 0.0.0.0/0.0.0.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128
> 1025-65535
> acl sslports port 443 563
> acl manager proto cache_object
> acl purge method PURGE
> acl connect method CONNECT
> refresh_pattern (get_video\?|videoplayback\?|videodownload\?) 5259487
> 99999999% 5259487 override-expire ignore-reload ignore-private
> negative-ttl=0
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

 This cgi-bin pattern is in the wrong place. It forces non-caching fro
 any dynamic pages. It will override the file patterns below on a lot of
 traffic.
  It should be place immediately above the "." pattern at the end of the
 refresh_pattern list.

> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
> override-expire ignore-no-cache ignore-private
> refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200
> 90% 432000 override-expire ignore-no-cache ignore-private
> refresh_pattern -i
> \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|gz)$ 10080 90%
> 43200 override-expire ignore-no-cache ignore-private

 Interesting things happen when you turn ignore-private on. Do you have
 any example cases? (just for my/our interest).

 I do know that .tiff format is used in the medical area for personal
 files (x-rays and other imaging scans) which get transferred over the
 web between health practitioners down the stages of treatment. Caching
 and re-using those could lead to some serious side effects. The archive
 types could also contain personal information.

> refresh_pattern -i \.index.(html|htm)$ 0 40% 10080

 NP: Both of the dots in the above pattern need to be \.

> refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
> refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|msi) 10080
> 100% 43200 reload-into-ims
> refresh_pattern download.microsoft.com/.*\.(cab|exe|msi) 10080 100%
> 43200 reload-into-ims
> refresh_pattern msgruser.dlservice.microsoft.com/.*\.(cab|exe|msi)
> 10080 100% 43200 reload-into-ims
> refresh_pattern windowsupdate.com/.*\.(cab|exe|msi) 10080 100% 43200
> reload-into-ims
> refresh_pattern www.microsoft.com/.*\.(cab|exe|msi) 10080 100% 43200
> reload-into-ims

 NP: you can combine the above pattern rules into one by dropping the
 initial prefix.

 ie:: refresh_pattern -i
 (windowsupdate|microsoft)\.com/.*\.(cab|exe|msi) 10080 100% 43200
 reload-into-ims

  *** (/cgi-bin/|\?) pattern check goes here.

> refresh_pattern . 0 40% 40320
> http_access allow manager localhost
>
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !safeports
> http_access deny CONNECT !sslports
> http_access allow localhost
> quick_abort_min 0 KB
> quick_abort_max 0 KB
> request_body_max_size 0 KB
> reply_body_max_size 51200000 deny all

 One reason I ask for version is that "deny" is not valid here and the
 versions which accept ACL controls all expect a unit name.
 one of: bytes / KB / MB / GB / TB

> delay_pools 1
> delay_class 1 2
> delay_parameters 1 -1/-1 -1/-1
> delay_initial_bucket_level 100
> delay_access 1 allow all

 This delay pool stuff needs to be removed. It is not doing anything
 useful, just consuming CPU on every request.

> http_access allow localnet
> http_access deny all
>
>
> in store.log i get only RELEASE -1 FFFFFFFF
>
> Any suggestions?
>

 See above.

 Amos
Received on Wed Jun 22 2011 - 02:44:04 MDT