On 13/01/11 18:30, Tahseen wrote:
> Below is the configuration. I have only pasted what we have changed in the
> default configuration of Squid
>
Hmm, okay three possibilities come to mind (in order of likeliness):
1) your pages may all contain query strings '?' and are blocked from
caching by hierarchy_stoplist.
** removing that directive is safe in Squid-3.x. Care is needed in
squid-2.x if using siblings (which you are not).
2a) Apache may be sending out headers to prevent caching.
use the tool at http://redbot.org on some of the URL which you
believe should cache.
2b) the client software may be sending such headers. There were some
versions of chrome which were known to send no-cache on every single
request.
3) all your objects maybe >4MB and being blocked by the max object limit.
>
> ============================================================
> # some restriction definitions
> acl all src 0.0.0.0/0.0.0.0
"all" ACL is pre-defined in squid-3. remove this line to quieten the
warnings.
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl CONNECT method CONNECT
>
>
> acl sitedomin dstdomin 192.168.1.15
> http_access allow sitedomin
The above looks strange. "dstdomain" is a text match.
The "vhost" option tells Squid to use the FQDN from request headers
and this is supported by the cache_peer link allowing only *.example.com
domains.
So...
It's unlikely that the FQDN received will be a raw IP address, let
alone one in your private IP space.
Clients which *would* match this are blocked by the rules preventing
them going to the peer.
The peer link rules also block clients relying on the defaultsite=. The
defaultsite= should contain the default public website domain, probably
whatever you have replaced with example.com in the peer config.
>
> http_access allow manager
>
> # Define the HTTP port
> http_port 192.168.1.15:80 vhost vport=8080 defaultsite=192.168.1.15
> # Specify the local and remote peers
> cache_peer 127.0.0.1 parent 8080 0 no-query originserver name=server1
>
> # Tell squid which domains to forward to which servers
> acl sitedomains dstdomain .example.com
> cache_peer_access server1 allow sitedomains
right here in the ordering is where you place:
http_access allow sitedomains
Note how the ACL named is the "cache_peer_access allow" one.
...
Down here below the reverse-proxy config is where you place the
forward-proxy http_access rules like CONNECT and manager access. Along
with a http_port to receive such management forward-proxy traffic.
>
> # Do not cache cgi-bin, ? urls, posts, etc.
> hierarchy_stoplist cgi-bin ?
>
> acl apache rep_header Server ^Apache
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 60 100% 4320
>
> negative_ttl 0 minutes
>
> # Cache properties
> cache_mem 1024 MB
> maximum_object_size_in_memory 2048 KB
> cache_replacement_policy heap LRU
> memory_replacement_policy heap LRU
> cache_dir ufs /var/spool/squid 20000 16 256
> access_log /var/log/squid/access.log squid
> hosts_file /etc/hosts
>
>
> ======================================================
>
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4Received on Thu Jan 13 2011 - 14:30:18 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 14 2011 - 12:00:04 MST