On Tue, 8 Nov 2011 00:06:35 -0000, zongo saiba wrote:
> Amos,
>
> Thanks.
> FYI
> You wrote ' nonhierarchichal_direct off' --> I think the last 'h' is
> to be dropped ' nonhierarchical_direct off'
Er, yes. Sorry.
>
> With that option I have the same result as before. TCP MISS 200
MISS and 200 is not related to DIRECT.
DIRECT means a direct connections Squid->origin is being made. As
opposed to relaying through another proxy before getting to the origin.
MISS means the local storage cache did not have an existing copy of the
response. Since the CONNECT is a two-way tunnel containing a unique
stream of binary bits in both directions it cannot be cached or ever
produce a valid HIT.
If caching of HTTPS is that critical to you, look up the ssl-bump
feature and upgrade to at least 3.1.16. With that you can strip away the
encryption and manipulate the individual requests inside it.
>
> I added the 'never_direct' tag to the acl without the 'CONNECT' and
> now I get 'TCP_MISS/503'. The service is rendered unavailable.; which
> makes sense as the never_direct stopped the service from contacting
> the end server.
>
> Any other idea to force the caching on those domains? I think I
> might just add them in the no logging acls for the moment until I
> have
> a way around.
>
> acl windows_live dstdomain .sse.bay04.calendar.live.com
> .sync.calendar.live.com .login.live.com
> .sn129ds.mail.services.live.com .contacts.msn.com
> http_access allow windows_live localnet
> nonhierarchical_direct off
> always_direct deny all
> never_direct allow windows_live
>
> Kind Regards,
>
> Zongo
>
> -----Original Message-----
> From: Amos Jeffries
>
> On Mon, 7 Nov 2011 22:15:31 -0000, zongo saiba wrote:
>> Greetings,
>>
>> I have been trying for a couple of days now to have squid those
>> domains below but with no success at all. All of the domain below
>> seem
>> to always go direct.
>> Is there any possibilities to cache domain related to windows ?
>> I have been strolling for days the internet but with no solution and
>> that is why I decided to ask for help
>>
>> I am using Squid 3.1.10 on FreeBSD 8.2
>>
>> acl windows_live dstdomain login.live.com:443 acl windows_live
>> dstdomain sync.calendar.live.com:443 acl windows_live dstdomain
>> mail.services.live.com:443 acl windows_live dstdomain
>> sn129ds.mail.services.live.com:443
>> acl windows_live dstdomain contacts.msn.com:443
>
> ":443" is not a valid part of any domain name. These will not match
> properly.
>
> Use this instead to replace all of the above lines:
> acl windows_live dstdomain .live.com contacts.msn.com
>
> Also, CONNECT is a request for Squid to make a tunnel DIRECT to that
> server. To pass it through a peer instead you need to set:
>
> nonhierarchichal_direct off
>
> Amos
Received on Tue Nov 08 2011 - 00:37:38 MST
This archive was generated by hypermail 2.2.0 : Tue Nov 08 2011 - 12:00:03 MST