On 01/07/11 05:48, Gromly Romain wrote:
> Hello list,
>
> I'm configuring a squid 2.6 (can't upgrade) as reverse proxy and i've
> some questions about how cache works.
>
Please see http://www.mnot.net/cache_docs/ it has a lot of enlightening
descriptions.
> Here, how my architecture works:
>
> AV Client> GET /file.zip (HTTP/1.1 with Cache-Control: max-age=0 and
> sometimes, with also If-Modified-Since: date, it depends of the file)
> => Squid configured with refresh_pattern -i \.zip$ 1440 100% 1440 =>
> Apache server with file.zip hosted with a classic configuration
>
> If I try to get the file.zip with IE, it seems to work, I first have a
> TCP_MISS/200 and then TCP_HIT/200. No request to the Apache server.
>
> If I try to get the file.zip with the AV Client, I first have a
> TCP_MISS/200 but then, I always have a TCP_REFRESH_HIT/200, so Squid
> ask to the Apache server if the file is modified, Apache says 304.
>
> I don't want to have this 304 all the time on my Apache but only when
> the file is older than 1 day.
AV client is sending "max-age=0" otherwise known as "revalidate
immediately" or "don't send me anything you are in the slightest bit
unsure about".
refresh_pattern "ignore-reload" is the closest 2.x series has to
ignoring that.
refresh_pattern "reload_into_ims" will covert max-age=0 requests into
IMS which allow the Apache to respond with the small 304 to instead of a
full 2xx and copy of the object.
>
> I think it could come from the cache-control: max-age=0 and I've tried
> all different refresh_pattern configuration, particulary with
> override-expires but I still have this TCP_REFRESH_HIT
>
> Also, all my 404 ou 403 are relayed to the Apache, even if I've put
> negative_ttl to 15 minutes...
negative_ttl is a DoS on the clients. If one of them gets a temporary
failure. They all see it for the duration of the TTL.
This is the digital equivalent of unplugging the whole box whenever
the network card starts to get a little overloaded. Instead of just
dropping the odd packet.
>
> So to resume for all that don't want to read: how not to have
> TCP_REFRESH_HIT all the time and how not to relay 404 or 403 error to
> the Apache?
I was about to say: Apache needs to send Date: and Cache-Control:
headers on the 4xx messages it emits. Squid should cache them same as
for 2xx results.
But sadly you say you are stuck using 2.6. That version does not cache a
lot of things which later versions are fixed to cache. Those headers may
help, but then again it may not.
Is there any particular reason you are stuck with 2.6? I'm not awarae of
any technical reasons why you can't move to 2.7 series at least.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.9 and 3.1.12.3Received on Fri Jul 01 2011 - 01:47:20 MDT
This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 12:00:03 MDT