[squid-users] squid intercept config

Alberto Perez alberto2perez at gmail.com
Fri Mar 13 19:52:19 UTC 2015 

Can you share more details about "Agressive dynamic content caching
requires some special tweaks" I am very interested.

Thanks



On 3/13/15, Yuri Voinov <yvoinov at gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> 13.03.15 23:33, Amos Jeffries пишет:
>> On 14/03/2015 5:47 a.m., Monah Baki wrote:
>>
>> <snip>
>>
>>> half_closed_clients off quick_abort_min 0 KB quick_abort_max 0
>>> KB vary_ignore_expire on reload_into_ims on memory_pools off
>>> cache_mem 4096 MB visible_hostname isn-phc-cache
>>> minimum_object_size 0 bytes
>>
>>> maximum_object_size 512 MB maximum_object_size 512 KB
>>
>> KB value overwriting MB value.
>>
>>
>>> ipcache_size 1024 ipcache_low 90 ipcache_high 95 cache_swap_low
>>> 98 cache_swap_high 100 fqdncache_size 16384 retry_on_error on
>>> offline_mode off logfile_rotate 10 dns_nameservers 8.8.8.8
>>> 41.78.211.30
>>>
>>>
>>>
>>>
>>> access.log:
>>>
>>> 1426267535.210    198 10.0.0.23 TCP_MISS/200 412 GET
>>> http://jadserve.postrelease.com/trk.gif? -
>>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.211    198
>>> 10.0.0.23 TCP_MISS/200 412 GET
>>> http://jadserve.postrelease.com/trk.gif? -
>>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.211    198
>>> 10.0.0.23 TCP_MISS/200 412 GET
>>> http://jadserve.postrelease.com/trk.gif? -
>>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.223    301
>>> 10.0.0.23 TCP_MISS/200 222 GET
>>> http://rma-api.gravity.com/v1/beacons/log? -
>>> ORIGINAL_DST/80.239.148.18 text/html 1426267535.244    195
>>> 10.0.0.23 TCP_MISS/200 412 GET
>>> http://jadserve.postrelease.com/trk.gif? -
>>> ORIGINAL_DST/54.225.133.227 image/gif
>>
>>
>> Lots of Akamai hosted requests. Akamai play tricks with DNS
>> responses.
> In my installation I've used local Unbound DNS cache and, before it,
> forced DNS interception to him with Cisco. :)
>
> So, I don't care about any hosts DNS quirks. ;)
>
>>
>> Check your cache.log for security warnings;
>> <http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery>
>>
>> Note that objects failing the Host validation are not cacheable.
>>
>>
>>> 1426267535.333    423 10.0.0.23 TCP_MISS/200 1420 GET
>>> http://hpr.outbrain.com/utils/get? - ORIGINAL_DST/50.31.185.42
>>> text/x-json 1426267535.345    412 10.0.0.23 TCP_MISS/200 11179
>>> GET http://p.visualrevenue.com/? - ORIGINAL_DST/50.31.185.40
>>> text/javascript 1426267535.346    411 10.0.0.23 TCP_MISS/200 423
>>> GET http://t1.visualrevenue.com/? - ORIGINAL_DST/64.74.232.44
>>> image/gif
>>
>> Not sure about them. Maybe genuine MISS, maybe not.
>
> Agressive dynamic content caching requires some special tweaks. ;)
>
>>
>> It could also be the issues Antony pointed out, with the objects
>> just naturally not being cacheable.
>>
>>
>>> 1426267535.363    128 10.0.0.23 TCP_REFRESH_UNMODIFIED/304 327
>>> GET
>>> http://z.cdn.turner.com/cnn/.element/widget/video/videoapi/api/js/vendor/jquery.ba-bbq.js
>>>
>>>
> - - ORIGINAL_DST/80.239.152.153 application/x-javascript
>>
>> There is a hit.
>>
>> I guess you are new to Squid-3 ? Squid is HTTP/1.1 compliant now
>> and the caching rules are slightly different from requirements on
>> HTTP/1.0 software. A lot of content that previously could not be
>> stored now can (authenticated, private, no-cache, etc.). But being
>> sensitive info also requires revalidation in order to be used, so
>> they show up like the above.
>>
>> Amos
>>
>> _______________________________________________ squid-users mailing
>> list squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBAgAGBQJVAy/qAAoJENNXIZxhPexGOUEH/2yt1ql+ndo1We1E06LvIZl7
> 4PXY1kzuHT6EpOYO9LpLKtE+dPNYJuHKiUEF2hAGz5DP/heKq8PFRBTkMD18sueN
> jm+UfP8BdxgRYuiQWtWNteV0gbH4nOBeJ6QwqlEHMwcsdPtkwWCGA0MS6co+IXKb
> poouP6xQoNddx/UKicu6PQZDj5HRmynTP2c0mJuFEdlQxONgFiP4mqSFBwWhH/B/
> hhdSfxg53xfQ+2B5TsVrKyxmJoIYpHgFZid/pk+Q2bb0WIy8bhHA72EHPjIu5K5Z
> wobLGng+oE0i2erqtZiFR8daGdKcRW7FDYzHi+LJEHJj3i+z0mRIQkGTn3Nxfhg=
> =Cnai
> -----END PGP SIGNATURE-----
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

More information about the squid-users mailing list