[squid-users] Tracking down cache MISSes

Wed Feb 25 10:46:10 UTC 2015

On 25 February 2015 at 03:30, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 2015-02-25 05:31, Greg wrote:
>>>> so, there's my proxy problem I couldn't crack, even after spending
>>>> 2+ days tweaking-googling-debugging. :(
>>>>
>>>> The problem: my _new_ Squid installation (Ubuntu 14 LTS with Squid
>>>> 3.3.8) won't cache most pages the old Squid does (old Fedora with
>>>> Squid 3.1.15).
>>>
>>>
>>> Both versions are antique.
>>>
>>> Man, you change one rancid meat to another rancid meat.
>>>
>>> Just FYI - current Squid version at least 3.4.12. Oh, this branch is
>>> already deprecated... shit, current version is 3.5.2!
>>>
>>> This must be your starting point.
>>
>>
>> Thanks for your comment. Please note that this version is what's
>> supported by Ubuntu LTS for the next 5 years. This happens with all
>> packages - LTS maintainers choose a stable version and merge security
>> updates into it, so it stays secure and needs no config updates for 5
>> years. This is just we need, and it has worked well for Ubuntu 10
>> (squid 2.7.STABLE7-1ubuntu12.6 is still being supported until this
>> April!), but it has EOL now and we have to upgrade.
>
>
>
> And these types of problem are the cost. Ubuntu and other distros providing
> long LTS support choose not to backport bug fixes *unless* its a security
> fix. That is their choice, and your choice to accept by using their distro
> version.

Exactly. I reckon it's not easy for everyone involved.

> For the record this appears to be bug 3806 which was fixed in 3.3.12 just
> over a year ago. 3.3.8 is just too old by ~4 months.

Wow, thanks! This is a breakthrough for me. Indeed, the requests that
do get cached don't have a Vary header.

This one's for you: http://goo.gl/qK5dE3

Now that I understand the problem I can think about a possible solution:
- Try to convince the Ubuntu 14 LTS maintainers to merge the fixes (
http://bugs.squid-cache.org/attachment.cgi?id=2854&action=diff and
http://bugs.squid-cache.org/attachment.cgi?id=2969&action=diff ). Not
sure about my chances ;)
- Create a new baseline server for our proxies with Ubuntu 12 LTS
(Squid 3.1.19-1ubuntu3.12.04.3) and upgrade to Ubuntu 16 LTS in 2017.
Pro: I tested it and that old Squid version doesn't seem to have this
bug. Will work and will be getting security fixes until 2017. Con:
well it's a rather old Squid and a less comfortable Ubuntu.
- Step out of the safe zone of LTS and install the latest stable
Squid. Pro: all the fixes and fresh code. Con: will have to manually
monitor the Squid security fixes, and on each security update upgrade
to the newest stable, manually testing if anything breaks,
merging/changing configs when necessary, then manually upgrade all
(10+) proxies - from now till forever.

Since I'm a ~beginner sysadmin, any thoughts and comments are warmly welcome.

Best regards,
Greg