[squid-users] TProxy and client_dst_passthru

Stakres vdoctor at neuf.fr
Mon Apr 6 08:10:01 UTC 2015


Hi Amos,

We have done additional tests in production with ISPs and the ORIGINAL_DST
in tproxy cannot be cached.
In normal mode (not tproxy), ORIGINAL_DST can be cached, no problem.
But once in tproxy (http_port 3128 tproxy), no way, it's impossible to get
TCP_HIT.

We have played with the client_dst_passthru and the host_verify_strict, many
combinaisons on/off.
By settings client_dst_passthru ON and host_verify_strict OFF, we can reduce
the number of ORIGINAL_DST (generating DNS "alerts" in the cache.log) but it
makes issues with HTTPS websites (facebook, hotmail, gmail, etc...).
We have also tried many DNS servers (internals and/or externals), same
issue.

I read what you explain in your previous email but it seems there is
something weird.
The problem is that the ORIGINAL_DST could be up to 25% of the traffic with
some installations meaning this part is "out-of-control" in term of cache
potential.

All help is welcome here 
Thanks in advance.

Bye Fred



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TProxy-and-client-dst-passthru-tp4670189p4670629.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list