Re: [squid-users] Re: squid and https URLs

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Mon, 02 Aug 2010 21:17:44 +0200

mån 2010-08-02 klockan 04:11 -0700 skrev isaac:
> Problem Solved!
>
> I've aksed this question in ServerFault and find a solution by just adding
> these lines in squid.conf:
>
>
> acl CONNECT method CONNECT
> acl POST method POST
> never_direct allow CONNECT
> never_direct allow POST
>
> But i still don't understand this behaviour of squid:
>
> Why should we add these lines for CONNECT and POST method explicity while
> GET method works correctly without such settings?
>
> Is this default behaviour of squid or what?

Sounds like you should really have

  never_direct allow all

What is happening is that Squid by default acts somewhat differently
depending on if it thinks the response may be possible to cache. If it
knows that the response won't be possible to cache then it selects the
shortest possible path to retrieve the requested object which is going
direct unless forbidden.

  CONNECT/POST/etc (most non-HEAD/GET) can never be cached.

  GET/HEAD depends on a number of factors. There is many kinds of GET
requests as well which Squid will consider non-cacheable and go direct
if allowed.

The never_direct directive is what you use to tune this when you need
requests forwarded even if it's worthless from a cache perspective.
never_direct tells Squid that it is not allowed to go direct and MUST
forward requests to a peer (usually parent peer). Used for example if
you are behinda firewall without direct connectivity, or otherwise MUST
use a parent proxy.

Regards
Henrik
Received on Mon Aug 02 2010 - 19:17:48 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 03 2010 - 12:00:02 MDT