[squid-users] Growing cache.log

Vernet Jerome Jerome.Vernet at belambra.fr
Thu Jan 8 08:28:10 UTC 2015 

Hello,



-----Message d'origine-----
De : squid-users [mailto:squid-users-bounces at lists.squid-cache.org] De la part de Eliezer Croitoru
Envoyé : mercredi 7 janvier 2015 14:20
À : squid-users at lists.squid-cache.org
Objet : Re: [squid-users] Growing cache.log

>Hey (Is it Jerome? or Vernet?),

Jerome
>Is there a chance you can test it with a newer version of squid?
Unfortunatly not easy. I tried several time but was never able to make newer version of Squid working in our production environnement. Either Authentification not working or ACL not working, I don't know.... I upgraded from 3.1.3 to 3.1.23 .

>What OS are you using?
Debian Squeeze

>Can you share your squid.conf?

http_port 3128
cache_peer 127.0.0.1 parent 8080 7 no-query no-digest no-netdb-exchange
acl NOBELAMBRA url_regex -i "/etc/squid3/nocache.url"
cache deny NOBELAMBRA
cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 32 MB
minimum_object_size 0 KB
maximum_object_size_in_memory  256 KB
# 256 KB
ipcache_size 4096
ipcache_low 90
ipcache_high 95
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA
cache_dir ufs /var/spool/squid3 3120 16 256
cache_access_log /var/log/squid3/access.log
cache_log /var/log/squid3/cache.log
cache_store_log none
emulate_httpd_log off
log_mime_hdrs off
debug_options ALL,1 33,0 29,1
log_fqdn on
client_netmask 255.255.255.255
#ftp_user proxy at vvf-vacances.com
#ftp_list_width 128
#ftp_passive on
#ftp_sanitycheck on
dns_retransmit_interval 2 seconds
#JV 18/10/2011 pour corsica
dns_timeout 20 secondes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 10
#JV 07/05/2013 8 a 10
auth_param basic realm AD2003.INTRA
auth_param basic credentialsttl 4 hours
auth_param basic casesensitive off
external_acl_type ad_group %LOGIN /usr/lib/squid3/wbinfo_group.pl
authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour
authenticate_ip_ttl 3600 seconds
request_header_max_size 200 KB
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
quick_abort_min -1 KB
quick_abort_max 128 KB
quick_abort_pct 95
negative_ttl 1 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 2 minute
range_offset_limit 0 KB
connect_timeout 4 minute
request_timeout 5 minutes
persistent_request_timeout 60 second
shutdown_lifetime 10 seconds
#acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443          # https
acl SSL_ports port 8000                 # https
acl SSL_ports port 8080         # https
acl SSL_ports port 873          # rsync
acl Safe_ports port 80 4280             # http
acl Safe_ports port 8000 8080   # http
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny CONNECT !SSL_ports
http_access allow CONNECT SSL_ports
acl proxy dst 192.168.1.5/32
http_access allow proxy
http_access deny to_localhost
acl Authenticated proxy_auth REQUIRED
acl directaccess external ad_group www-directaccess
acl activefilter external ad_group www-activefilter
acl directurls dstdomain "/etc/squid3/directurls"
http_access allow directurls
always_direct allow directurls
http_access allow localhost
acl restrictedfilter01 external ad_group www-restricted01
acl restrictedfilter02 external ad_group www-restricted02
acl goodsites01 url_regex "/etc/squid3/contentlist01"
acl goodsites02 url_regex "/etc/squid3/contentlist02"
http_access deny !Safe_ports activefilter
http_access deny !Safe_ports restrictedfilter01
http_access deny !Safe_ports restrictedfilter02
http_access allow goodsites01 restrictedfilter01
http_access allow goodsites02 restrictedfilter02
http_access allow directaccess
always_direct allow directaccess
http_access allow activefilter
http_access allow directaccess SSL_ports
http_access allow activefilter SSL_ports
http_access deny restrictedfilter01
http_access deny restrictedfilter02
http_access deny !Authenticated !localhost
http_access deny all
http_access deny all
http_reply_access allow all
icp_access allow all
#cache_peer_access puck allow activefilter
#cache_peer_access puck deny all
reply_header_max_size 20 KB
cache_mgr exploitation_dsi at belambra.fr
cache_effective_user proxy
cache_effective_group proxy
visible_hostname belambra
cachemgr_passwd proxyvvfmgr all
always_direct allow localhost
always_direct allow directurls
never_direct allow activefilter
forwarded_for off
never_direct deny all
error_directory /var/hera/squiderrors
coredump_dir /var/spool/squid3
client_persistent_connections on
server_persistent_connections on
detect_broken_pconn on
pipeline_prefetch on

Eliezer

More information about the squid-users mailing list