[squid-users] 'cache' config option and rewrite
James Harper
james at ejbdigital.com.au
Tue Dec 16 10:01:06 UTC 2014
I have a rewrite rule so that any request for a list of apt repositories (acl dstdomain) are rewritten to instead go to my apt-cacher server, and then a "cache deny" rule to make sure squid doesn't cache files from these repositories. This seemed to be working fine but my latest attempt at a debian install kept failing because the gpg signature didn't match. It turns that that squid was actually caching these requests, which is the opposite of what I wanted as it meant that the sig and the file got out of sync (I guess apt-cacher doesn't return a proper indication of what is allowed to be cached and what isn't... so the sig was cached but the file wasn't, or something like that)
It turns out that "cache deny <dstdomain acl>" is processed after the rewrite, and against the rewritten url, so I needed to also exclude requests for my server running apt-cacher.
So for example:
acl apt_repo dstdomain ftp.au.debian.org
acl apt_cacher browser apt-cacher # apt-cacher itself
cache deny apt_repo
cache deny apt_cacher
cache allow all
but I needed to add:
acl apt_repo dstdomain my.apt.cacher.server
This is kind of obvious in retrospect, but is it described anywhere which rules apply against the url before it is rewritten and which are applied to the rewritten url?
Thanks
James
More information about the squid-users
mailing list