[squid-users] Why is squid caching local intranet domains??

Im scratching my head here, Ive got an issue thats driving me bonkers...

1338994323.846 0 10.10.1.105 TCP_IMS_HIT/304 278 GET
http://deviant.evil/ - NONE/- text/html

Clearly this local site is being cached, what is frustrating is that I
have the following meta tag on the page

<meta http-equiv="Cache-control" content="no-cache">

Yet squid is apparently ignoring that directive completely.

Ok, no problem, so we set our conf up to always go direct for localnet acl right? No dice, still caching,

Could one of you be so kind as to take a look at my conf and tell me why?

##############################################################

#transparent because ddwrt is forwarding traffic to it
http_port 3128 transparent
#parent disabled due to location outside scope of firewall rules
#cache_peer 192.168.1.205 parent 3128 3129 default
# no-query no-digest
never_direct deny all

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

dns_nameservers 10.10.1.1
hosts_file /etc/hosts
cache_swap_low 95
cache_swap_high 98
access_log /var/log/squid3/access.log
cache_mem 320 MB
memory_pools on
maximum_object_size_in_memory 512 KB
maximum_object_size 400 MB
log_icp_queries off
half_closed_clients on
cache_mgr mrnicholsb_at_gmail.com
cache_dir ufs /mnt/secondary/var/spool/squid3 30000 32 256
visible_hostname deviant.evil
shutdown_lifetime 1 second

#icap_enable on
#icap_send_client_ip on
#icap_send_client_username on
#icap_client_username_encode off
#icap_client_username_header X-Authenticated-User
#icap_preview_enable on
#icap_preview_size 1024
#icap_service service_req reqmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
#adaptation_access service_req allow all
#icap_service service_resp respmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
#adaptation_access service_resp allow all

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.10.1.0/24
acl blacklist dstdomain "/mnt/secondary/squid3/squid-block.acl"

acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21 # http
acl Safe_ports port 443 # ftp
acl Safe_ports port 70 # https
acl Safe_ports port 210 # gopher
acl Safe_ports port 1025-65535 # wais
acl Safe_ports port 280 # unregistered ports
acl Safe_ports port 488 # http-mgmt
acl Safe_ports port 591 # gss-http
acl Safe_ports port 777 # filemaker
acl CONNECT method CONNECT # multiling http

always_direct allow localnet

#icp_access allow localnet
#icp_access deny all

http_access deny blacklist
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all

#Thanks heaps in advance. Squid 3.1.6-1.2 Debian Squeeze
Received on Wed Jun 06 2012 - 15:01:57 MDT