franzoni@edisons.it writes:
> I am using squid Version 2.2.STABLE4, and I have to avoid caching of the
> LAN pages. I've read the mailing list archive and found about the no_cache
> directive, but it seems it's not working. The machine acts as a
> transparent proxy, so there is a cisco which routes all the http requests
> to it; the request arrive all right, they are processed and the cache
> works fine, but it caches everything. I checked the ACL with the debug
> option and it's used correctly. Here is my squid.conf file... does anybody
> understand what I'm missing? :-)
I haven't looked at the source to confirm this, but I think there
*might* be an issue on the dst acls when you're using the
> httpd_accel_uses_host_header on
directive with transparent caching, due to Squid not having time to
look up the DNS for the URL. Try using the dstdomain acl instead, if
feasible?
-- Clifton
...
> http_port 3128
> icp_port 3130
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> acl local-servers dst 212.104.0.0/255.255.192.0
> no_cache deny local-servers
> cache_mem 16 MB
> cache_swap_low 90
> cache_swap_high 95
> maximum_object_size 2048 KB
> ipcache_size 1024
> ipcache_low 90
> ipcache_high 95
> cache_dir /usr/local/squid/cache 2800 16 256
> cache_access_log /usr/local/squid/logs/access.log
> cache_log /usr/local/squid/logs/cache.log
> mime_table /usr/local/squid/etc/mime.conf
> pid_filename /usr/local/squid/logs/squid.pid
> debug_options ALL,1
> ftp_user Squid@DOMAIN
> cache_dns_program /usr/local/squid/bin/dnsserver
> dns_children 15
> dns_nameservers DNS IPs
> unlinkd_program /usr/local/squid/bin/unlinkd
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl CONNECT method CONNECT
> ### LAN ACLs:
> acl lan src LAN_IPS/NETMASK
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow lan
> http_access deny all
> icp_access allow all
> miss_access allow all
> cache_mgr root
> cache_effective_user squid
> cache_effective_group squid
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> logfile_rotate 0
> memory_pools on
> memory_pools_limit 16 MB
> cachemgr_passwd PASSWORD all
> always_direct allow local-servers
> icon_directory /usr/local/squid/etc/icons
-- Clifton Royston -- LavaNet Systems Architect -- cliftonr@lava.net "An absolute monarch would be absolutely wise and good. But no man is strong enough to have no interest. Therefore the best king would be Pure Chance. It is Pure Chance that rules the Universe; therefore, and only therefore, life is good." - ACReceived on Sat Sep 18 1999 - 18:42:16 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:28 MST