Re: [squid-users] trouble caching some url

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 16 Nov 2011 14:16:43 +1300

 On Tue, 15 Nov 2011 09:43:45 -0500, Sergey Yazikov wrote:
> Hi, I'm wondering if anyone can help me.
>
> I'm unable to cache the following URL and there is a HTTP header:
>
>
> http://10.10.202.126/services/json?method=media.getFiles&filters[moderationStatus]=notdenied&filters[parentid]=5050233&filters[context]=comment&noCache=0&sort=upload+DESC&limit=5&start=0&fields[0]=filetype&fields[1]=uid&fields[2]=user_name&fields[3]=votecount&fields[4]=author&fields[5]=upload&fields[6]=message&fields[7]=publicUrl&fields[8]=status&fields[9]=avatar&fields[10]=user_firstname&fields[11]=user_lastname&vhost=123&APIKEY=19b3b6ffe399eb681aa3372cc2cbd6a2
>
> GET
>
> /services/json?method=media.getFiles&filters[moderationStatus]=notdenied&filters[parentid]=5050233&filters[context]=comment&noCache=0&sort=upload+DESC&limit=5&start=0&fields[0]=filetype&fields[1]=uid&fields[2]=user_name&fields[3]=votecount&fields[4]=author&fields[5]=upload&fields[6]=message&fields[7]=publicUrl&fields[8]=status&fields[9]=avatar&fields[10]=user_firstname&fields[11]=user_lastname&vhost=123&APIKEY=19b3b6ffe399eb681aa3372cc2cbd6a2
> HTTP/1.1
> Host: 10.10.202.126
> User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101
> Firefox/8.0
> Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-us,en;q=0.8,fr-ca;q=0.5,ru;q=0.3
> Accept-Encoding: gzip, deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> DNT: 1
> Connection: keep-alive
> Cookie: SABRE_ID=8961c05907e412b9bdcfcb3a2364b31a
>
> HTTP/1.0 200 OK
> Date: Tue, 15 Nov 2011 14:37:43 GMT
> Server: Apache
> Accept-Ranges: bytes
> P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND
> CNT"
> X-FM: ip-10-85-159-13
> Expires: Thu, 19 Nov 1981 08:52:00 GMT

 The object being returned to squid expired in 1981. It should not be
 cached. Reverse-proxy MAY ignore this provided the max-stale or max-age
 values are sent by the server.

> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
> pre-check=0

 "no-store" - the object MUST NOT be stored anywhere other than the
 backend server.

 "must-revalidate" - every new request MUST contact the backend server
 for new data or approval before re-using this object.

 "no-cache" - see must-revalidate.

 "post-check=0, pre-check=0" - invalid.

> Pragma: no-cache
> Content-Type: application/json
> X-Cache: MISS from ip-10-85-159-13.ec2.internal, MISS from
> fmgateway-test.testdmz.pelmorex.com
> X-Cache-Lookup: MISS from ip-10-85-159-13.ec2.internal:80, MISS from
> fmgateway-test.testdmz.pelmorex.com:80
> Via: 1.1 ip-10-85-159-13.ec2.internal:80 (squid), 1.0
> fmgateway-test.testdmz.pelmorex.com (squid/3.1.4)
> Connection: close
>
> Here is the squid.conf:
>
> [root_at_fmgateway-test squid]# grep -v ^# /etc/squid/squid.conf
> cache_mgr netops_at_pelmorex.com
> hosts_file /etc/hosts
> visible_hostname fmgateway-test.testdmz.pelmorex.com
> cache_effective_user squid
> cache_effective_group squid
> cache_dir ufs /var/spool/squid 4096 16 256
> cache_mem 500 MB
> maximum_object_size_in_memory 128 KB
> minimum_expiry_time 120 seconds
> read_ahead_gap 30 KB
> negative_ttl 1 seconds
> forward_timeout 30 seconds
> connect_timeout 30 seconds
> read_timeout 30 seconds
> request_timeout 30 seconds

 NP: connect_timeout being the same as forward_timeout means that
 alternative connections cannot be made within forward_timeout.

> persistent_request_timeout 1 minute
> client_lifetime 20 hours
>
> icp_port 3130
> http_port 80 accel defaultsite=api.filemobile.com ignore-cc
> cache_peer api.filemobile.com parent 80 0 no-query originserver
> name=myAccel
> acl our_sites dstdomain api.filemobile.com
> http_access allow our_sites
> cache_peer_access myAccel allow all
>
> acl intsrc src 10.10.6.0/23 10.10.202.0/24 10.10.201.0/24
> acl intdst dst 10.10.6.0/23 10.10.202.0/24 10.10.201.0/24
> acl apache rep_header Server ^Apache
> http_reply_access allow all
> url_rewrite_host_header off
> acl CONNECT method CONNECT
> acl PURGE method PURGE
> acl POST method POST
> acl QUERY urlpath_regex storage
> acl JS urlpath_regex js
> no_cache deny QUERY
> no_cache deny POST
> no_cache deny JS

 NOTE: "no_cache" was renamed to "cache" long ago. Remove the "no_" part
 of all those lines.

 Also, "cache deny JS", matches the letters 'j' followed by 's' anywhere
 in the URL path. For example in '/services/json?'

 Also, POST method is never cacheable. You can optimize your cache ACLs
 a bit by removing "no_cache deny POST" entirely.

> http_access allow our_sites

 You have "http_access allow our_sites" already listed with
 cache_peer_access.

> http_access allow all
> http_access allow intsrc
> http_access allow intdst
> http_access allow PURGE intsrc
> http_access allow PURGE all

 Since you only have one http_port, which is configured to set the
 domain on all requests to "api.filemobile.com". The earlier ACL test
 "allow our_sites" will always match. Making these http_access lines
 completely useless. You can remove them, and the other http_access lines
 below.

> icp_access allow all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl internal src 10.10.201.60/32
> acl sergey src 10.10.6.164/32
> acl dennis src 10.10.6.176/32
> http_access allow manager localhost
> http_access allow manager internal
> cachemgr_passwd 6twN+9Mtl all

 NOTE: you had probably better change that password quickly. This is a
 public mailing list.

> request_header_access Via allow all
> request_header_access Age deny all
> request_header_access X-Cache deny all
> request_header_access Etag deny all

 ETag is a seriously important header to prevent objects with different
 binary representations being mixed up. This is a bad idea.

> request_header_access Expires deny all

 "Expires:" is not a request header.

>
>
> refresh_pattern -i ^http.*filemobile.com\/services\/php 40 90% 50
> override-expire override-lastmod ignore-reload reload-into-ims
> ignore-no-cache
>
> refresh_pattern -i ^http.*filemobile.com\/services\/json 10 90% 10
> override-expire override-lastmod ignore-reload reload-into-ims
> ignore-no-cache reload-into-ims ignore-no-store
> ignore-must-revalidate
>
> logformat combined %>a '-' '-' [%tl] "%rm %ru %>Hs HTTP/%rv"
> "%{User-Agent}>h" %>st %<st %Ss
>
> access_log /var/log/squid/access.log combined
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
> buffered_logs on
> strip_query_terms
>
> I tried acl's but no result either:
>
> acl GET method GET
> acl POST method POST
>
> acl FM_url url_regex ^http//api.filemobile.com/services/json/
> cache allow POST FM_url
> cache allow GET FM_url

 This might have worked to evade your "deny JS" rule. If you had left
 off the final '/' after '/json'.

 Note how the URL has "/services/json?" instead of "/services/json/?"

 I would alter the FM_url ACL definition and write the earlier "no_cache
 deny JS" line as: cache deny JS !FM_url

 Amos
Received on Wed Nov 16 2011 - 01:16:52 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 17 2011 - 12:00:02 MST