Re: [squid-users] Can't cache static content (exe file) from Eliezer Croitoru on 2013-09-15 (squid-users)

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Mon, 16 Sep 2013 03:34:33 +0300

The file is valid for about a DAY..
I would say that the main thing will be to look at the access.log and
then into the squid.conf and then into the store.log.

If you can share squid.conf and access.log We will be able to help you.

Notice that there is kind of a "bug" that forces squid 3.4 or couple
other versions into a state which the maximum file size for a cache_dir
must be declared in the cache_dir line.

I do think and hope the above hint will help you.

Eliezer

On 09/15/2013 07:22 PM, root_at_linuxcoding.org wrote:
> i'm can't cache this file using squid-3.HEAD-20130910-r13002
> http://download.nullsoft.com/winamp/client/winamp565_full_emusic-7plus_en-us.exe
>
>
> i think that is static file but can't be cache.
>
> here my squid.conf
>
> # ACL Local Network
> acl localnet src 192.168.1.0/24 # localnet
>
> # ACL ports group
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> ################################################################
> # ACL url rewrite acl trick Warning!!! dont change this position
> acl blocksite url_regex -i siteblock-forbiden
> http_access deny blocksite
> ################################################################
>
> # ACL store id
> acl QUERY urlpath_regex -i (begin|start)\=
> acl QUERY urlpath_regex -i cgi-bin \? .php$ .asp$ .shtml$ .cfm$ .cfml$
> .phtml$ .php3$ localhost
> acl dontrewrite url_regex -i c\.youtube\.com\/.*(begin|start)\=.*
> acl dontrewrite url_regex redbot\.org
> acl getmethod method GET
> acl redir urlpath_regex -i &redirect_counter=1&cms_redirect=yes
> acl redir urlpath_regex -i &ir=1&rr=12
> acl rewrite_prog url_regex -i siteblock-forbiden # ACL url rewrite trick
> deny for store id
> acl yutub url_regex -i
> youtube\.com\/(generate_204|ptracking|stream_204|player_204|s|(.*(playback|watchtime|delayplay)))\?.*$
>
> acl yutub url_regex -i gstatic\.com\/csi\?.*$
>
> acl rewritedoms url_regex -i dl\.sourceforge\.net.*
> acl rewritedoms url_regex -i i[0-9]*\.ytimg\.com.*
> acl rewritedoms url_regex -i ak\.fbcdn\.net.*
> acl rewritedoms url_regex -i (youtube|google).*\/videoplayback\?.*
> acl rewritedoms url_regex -i
> [a-z][a-z][0-9][0-9]\.filehippo\.com\/.*(exe|zip|rar)
>
> #banking deny ssl-bump
> acl bank dstdomain ib.bri.co.id
>
> # HTTP access rules
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost manager
> http_access deny manager
> http_access allow localnet
> http_access allow localhost
> http_access deny all
>
>
> # Store-ID cache rules
> cache allow rewritedoms
> cache deny QUERY
> cache deny redir
> cache allow all
>
> # squidGuard url_rewrite
> url_rewrite_program /usr/bin/squidGuard -c
> /etc/squid3/squidGuard/squidGuard.conf
>
> # Store-ID running and rules
> store_id_program /usr/lib/squid3/mynet-storeid.pl
> store_id_children 20 startup=10 idle=5 concurrency=30
> store_id_access deny !getmethod
> store_id_access deny redir
> store_id_access deny rewrite_prog # deny url rewrite trick access by
> store id
> store_id_access deny dontrewrite
> store_id_access allow rewritedoms
> store_id_access deny all
>
> # Squid listens to port 3128
> http_port 3128 ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB key=/etc/squid3/cert/private.pem
> cert=/etc/squid3/cert/public.pem
>
> always_direct allow all
> ssl_bump none bank
> ssl_bump client-first all
> sslproxy_cert_error allow all
> # Or may be deny all according to your company policy
> # sslproxy_cert_error deny all
> sslproxy_flags DONT_VERIFY_PEER
> sslcrtd_program /usr/lib/squid3/ssl_crtd -s /etc/squid3/ssl_db/ -M 4MB
> sslcrtd_children 20
> ssl_unclean_shutdown on
>
> # cache directory
> cache_dir aufs /cache01 5320 12 256 max-size=128000
> cache_dir aufs /cache02 5320 12 256 max-size=128000
> cache_dir aufs /cache03 87115 10 256 min-size=128000
> cache_dir aufs /cache04 87115 10 256 min-size=128000
> cache_dir aufs /cache05 87115 10 256 min-size=128000
>
> # Leave coredumps in the first cache dir
> coredump_dir /var/spool/squid3
>
> # Cache options
> memory_replacement_policy heap GDSF
> cache_replacement_policy heap LFUDA
> cache_mem 128 MB
> maximum_object_size_in_memory 32 KB
> minimum_object_size 0 KB
> maximum_object_size 1024 MB
> cache_swap_low 95
> cache_swap_high 99
>
> # Refresh pattern custom
> # Max stale
> max_stale 1 week
>
> #PATTERN REFRESH
> refresh_pattern .*(begin|start)\=[1-9][0-9].* 0 0% 0
> refresh_pattern -i (cgi-bin|mrtg|graph) 0 0% 0
> refresh_pattern -i \.(php|lst|ui|ini|list)$ 0 0% 0
> refresh_pattern
> (update.ini|Update.ini|version.list|Version.list|update.1st|update.exe|autoup.exe)
> 0 0% 0
> refresh_pattern (hackshield|nprotect) 240 100% 420 override-expire
> override-lastmod reload-into-ims
> refresh_pattern \.gemscool.com.*\.(exe|dll|cab|zip|iop|npz|swf)$ 1440
> 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth
> store-stale
> refresh_pattern \.crossfire.web.id.*\.(cab|zip|exe|rar|dat|swf)$ 1440
> 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth
> store-stale
> refresh_pattern \.cabalonline.co.id.*\.(cab|zip|exe|rar|dat|swf) 1440
> 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth
> store-stale
> refresh_pattern \.megaxus.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100%
> 4320 override-expire override-lastmod reload-into-ims ignore-auth
> store-stale
> refresh_pattern \.lytogame.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100%
> 4320 override-expire override-lastmod reload-into-ims ignore-auth
> store-stale
> refresh_pattern
> ((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2}).*\.(pak|exe|zip|kom|stg|npz|swf)$
> 1440 100% 4320 override-expire override-lastmod reload-into-ims
> ignore-auth store-stale
>
> #PATTERN REFRESH
> refresh_pattern -i \.(html|htm|css|js|png|jsp|asx|asp|aspx)$ 240 100% 420
> refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf) 0 99% 14400
> override-expire ignore-reload ignore-private ignore-reload
> override-lastmod reload-into-ims
> refresh_pattern
> .pixieimage\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440
> 99% 14400 override-expire ignore-reload ignore-private ignore-reload
> override-lastmod reload-into-ims
> refresh_pattern
> .blogspot\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99%
> 14400 override-expire ignore-reload ignore-private ignore-reload
> override-lastmod reload-into-ims
> refresh_pattern
> .multiply\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99%
> 14400 override-expire ignore-reload ignore-private ignore-reload
> override-lastmod reload-into-ims
> refresh_pattern .((blogspot\.com)|(pixieimage\.com)|(multiply\.com)).*
> 60 30% 240
> #refresh_pattern ^http:\/\/.*\.dl\.sourceforge\.net\/(.*) 43200 99%
> 43200 override-expire ignore-reload ignore-must-revalidate ignore-private
> #refresh_pattern ^http:\/\/.*.filehippo\.com\/.*\.(exe|zip|rar) 43200
> 99% 43200 override-expire ignore-reload ignore-must-revalidate
> ignore-private ignore-no-cache
>
> refresh_pattern -i \.(sc-|dl-|ex-|mh-|dll|da-) 0 2% 50 reload-into-ims
> refresh_pattern -i \.(mst|Xtp|iop)$ 0 50% 1440 reload-into-ims
> refresh_pattern -i
> (index.php|autoup.exe|main.exe|xtrap.xt|autoupgrade.exe|update.exe|grandchase.exe|FSLauncher.exe|FreeStyle_Setup.exe|grandchase.exe|filelist.zip)$
> 0 50% 1440
> refresh_pattern -i
> (PointBlank.exe.zip|HSUpdate.exe.zip|PBConfig.exe.zip) 0 50% 1440
> refresh_pattern -i
> (wks_avira-win32-en-pecl.info.gz|wks_avira10-win32-en-pecl.info.gz|servers.def.vpx)$
> 0 50% 1440
> refresh_pattern -i
> (setup.exe.gz|avscan.exe.gz|avguard.exe.gz|filelist.zip|AvaClient.exe) 0
> 50% 1440
> refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60
>
> #FB & YOUTUBE
> refresh_pattern
> \.facebook\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99%
> 14400 override-expire ignore-reload ignore-private
> refresh_pattern \.facebook\.com.* 240 50% 480
> refresh_pattern
> \.fbcdn\.net.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99%
> 14400 override-expire ignore-reload ignore-private store-stale
> refresh_pattern \.gstatic\.com/images\? 1440 99% 14400 override-expire
> override-lastmod ignore-reload ignore-private ignore-must-revalidate
> refresh_pattern
> \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4))
> 1440 99% 14400 override-expire override-lastmod ignore-reload
> ignore-private
> refresh_pattern (gstatic|diggstatic)\.com/.* 1440 99% 14400
> override-expire ignore-reload ignore-private
> refresh_pattern
> (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3))
> 1440 99% 14400 override-expire ignore-reload ignore-private
> refresh_pattern
> (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.*
> 1440 99% 14400 override-expire ignore-reload ignore-private
> refresh_pattern ^http:\/\/images|image|img|pics|openx|thumbs[0-9]\. 1440
> 99% 14400 override-expire ignore-reload ignore-private
> refresh_pattern ^.*safebrowsing.*google 1440 99% 14400 override-expire
> ignore-reload ignore-private ignore-auth ignore-must-revalidate
> refresh_pattern ^http://.*\.squid\.internal\/.* 10080 100% 79900
> override-expire override-lastmod ignore-reload ignore-no-store
> ignore-must-revalidate ignore-private ignore-auth max-stale=10000
> store-stale
> refresh_pattern
> (get_video\?|videoplayback\?|videodownload\?|\.flv\?|\.fid\?) 43200 99%
> 43200 override-expire ignore-reload ignore-must-revalidate ignore-private
>
> #ADS SITE
> refresh_pattern
> ^\.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).*
> 1440 99% 14400 ignore-private override-expire ignore-reload ignore-auth
> max-stale=1440
> refresh_pattern \.(ico|video-stats) 1440 99% 14400 override-expire
> ignore-reload ignore-private ignore-auth override-lastmod
> ignore-must-revalidate
> refresh_pattern
> ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 99%
> 14400 override-expire override-lastmod ignore-reload ignore-private
> ignore-auth ignore-must-revalidate
> refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400
> override-expire override-lastmod
> refresh_pattern galleries\.video(\?|sz) 1440 99% 14400 override-expire
> ignore-reload ignore-must-revalidate ignore-private
> refresh_pattern \.wikimapia\.org\/? 1440 99% 14400 override-expire
> override-lastmod ignore-reload ignore-private
>
> #FILES
> refresh_pattern -i
> \.(7z|arj|bin|bz2|cab|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|rar|rpm|tar|tgz|zip|rtp|rpz|nui|kom|stg|pak|sup|nzp|npz|iop)$
> 1440 99% 14400 override-expire override-lastmod ignore-private
> reload-into-ims ignore-must-revalidate ignore-reload store-stale
> refresh_pattern -i
> \.(class|doc|docx|pdf|pps|ppt|ppsx|pptx|ps|rtx|txt|wpl|xls|xlsx)$ 1440
> 99% 14400 override-expire override-lastmod ignore-private
> reload-into-ims ignore-must-revalidate ignore-reload store-stale
> refresh_pattern -i
> \.(3gp|ac4|agx|au|avi|axd|bmp|cbr|cbt|cbz|dat|divx|flv|gif|hqx|ico|jp(2|e|eg|g)|mid|mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tiff|wa(v|x)|wm(a|v|x)|x-flv)$
> 1440 99% 14400 override-expire override-lastmod ignore-private
> reload-into-ims ignore-must-revalidate ignore-reload store-stale
> refresh_pattern -i .(html|htm|css|js)$ 1440 75% 40320
> refresh_pattern -i .index.(html|htm)$ 0 75% 10080
>
> # Dont edit default refresh_pattern
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 60 50% 14400 store-stale
>
> #logformat
> access_log stdio:/var/log/squid3/access.log
> cache_log /var/log/squid3/cache.log
> cache_store_log none
> debug_options ALL,1 rotate=10
> logfile_rotate 5
> log_icp_queries off
> strip_query_terms off
>
> # Tunning
> hierarchy_stoplist cgi-bin ?
> memory_pools off
> client_db off
> pipeline_prefetch 2
> cache_effective_user proxy
> cache_effective_group proxy
> range_offset_limit -1
> quick_abort_min -1
>
> uri_whitespace encode
>
> # DNS name server
> dns_nameservers 8.8.8.8 8.8.4.4
> hosts_file /etc/hosts
> visible_hostname ithinkdev
>
> # Request anonymizer
> request_header_access From deny all
> request_header_access Server deny all
> request_header_access WWW-Authenticate deny all
> request_header_access Link deny all
> request_header_access Cache-Control deny all
> request_header_access Proxy-Connection deny all
> request_header_access X-Cache deny all
> request_header_access X-Cache-Lookup deny all
> request_header_access Via deny all
> request_header_access Forwarded-For deny all
> request_header_access X-Forwarded-For deny all
> request_header_access Pragma deny all
> request_header_access Keep-Alive deny all
> vary_ignore_expire on
Received on Mon Sep 16 2013 - 00:34:49 MDT

This archive was generated by hypermail 2.2.0 : Mon Sep 16 2013 - 12:00:11 MDT