[squid-users] caching issues - caching traffic from another proxy, and caching https traffic
John Smith
burnncrashnow at gmail.com
Thu Nov 5 15:47:01 UTC 2015
Amos,
Thanks (again) very much for the reply.
The news does not surprise me at all, but I needed to ask the questions.
Let's assume I could require a different port for http and https, and
cleaned up the squid configurations like we did privately for http. How
hard would it be to solve either caching problem at that point? Would that
solve problem #1 without taking any further action? At that point, how
hard would it be to implement ssl-bump?
Thanks,
John
On Thu, Nov 5, 2015 at 7:31 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 5/11/2015 7:16 a.m., John Smith wrote:
> > Hi,
> >
> > I'm trying to improve our cache hit ratio. We have a fairly complicated
> > layer of squid 3.10 proxies as previously detailed.
> >
> > Problem 1. Some of the traffic is identified by domain to go to another
> > layer of proxies. I've called this proxy otherl1proxy in the squid.conf
> > below. I've noticed that this traffic is not cached at all on either set
> > of proxies. I'd like it cached at the top layer if possible because
> these
> > will be the largest servers with the largest caches. I've removed
> > 'originserver' from the squid.conf to test but that didn't seem to help.
> >
> > Problem 2. We are not caching any https traffic. Is it possible to
> cache
> > https traffic, and if so how would one do it? As many websites are
> moving
> > towards https for all traffic this lowers the effectiveness of cache...
> >
>
> Hi John,
>
> Sorry to be the bearer of bad news. But problem #1 is another side
> effect of the ELB situation. These will also come right back to the same
> ELB problems, and the same multiple-ports solution.
>
> Every time you get that NAT failure message from the last issue we
> discussed, the requests in that connection will not be cacheable.
>
>
> As for #2, there is SSL-bump feature in Squid. But for your current
> configuration it would be extremely painful to deal with.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151105/2f107688/attachment-0001.html>
More information about the squid-users
mailing list