[squid-users] Windows Updates a Caching Stub zone, A windows updates store.

Amos Jeffries squid3 at treenet.co.nz
Tue Jul 19 14:01:55 UTC 2016 

On 19/07/2016 10:58 p.m., Omid Kosari wrote:
> Eliezer Croitoru-2 wrote
>> Hey Omid,
>>
>> Indeed my preference is that if you can ask ask and I will try to give you
>> couple more details on the service and the subject.
> 
> Hey Eliezer,
> 
> 1.I have refresh patterns from days before your code . Currently i prefer
> not to store windows updates in squid internal storage because of
> deduplication . Now what should i do ? delete this refresh pattern ? or even
> create a pattern not to cache windows updates ?
> 
> refresh_pattern -i
> (microsoft|windowsupdate)\.com/.*?\.(cab|exe|dll|ms[iuf]|asf|wm[va]|dat|zip|iso|psf)$
> 10080 100% 172800 ignore-no-store ignore-reload ignore-private
> ignore-must-revalidate override-expire override-lastmod
> 

Either;
  cache deny ...

Or (if your Squid supports it)

  store_miss deny ...


The cache ACLs are again request-only ones. So based on dstdomain of WU
services.

The store_miss ACLs can be based on request or reply. So nice things
like reply Content-Type header etc. can be used.


If your refresh_pattern causes something to be a HIT in cache, then the
store_miss stuff will never happen of course.

Likewise, if the store_miss prevents something being added to cache the
refresh_pattern will not then be able to have any effect on its cache entry.



> 2.Is the position of your squid config important to prevent logical
> conflicts? for example should it be before above refresh patterns to prevent
> deduplication ?
> 
> acl wu dstdom_regex \.download\.windowsupdate\.com$
> acl wu-rejects dstdom_regex stats
> acl GET method GET
> cache_peer 127.0.0.1 parent 8080 0 proxy-only no-tproxy no-digest no-query
> no-netdb-exchange name=ms1
> cache_peer_access ms1 allow GET wu !wu-rejects
> cache_peer_access ms1 deny all
> never_direct allow GET wu !wu-rejects
> never_direct deny all


For these directives ordering is relevant only with regards to other
lines of the same directive name.

The exception being cache_peer_access; where the peer name field defines
which lines are a sequential group. And the cache_peer definition line
must come first.


> 
> 3.Is it good idea to change your squid config as bellow to have more hits?
> Or maybe it is big mistake !
> 
> acl msip dst 13.107.4.50
> acl wu dstdom_regex \.download\.windowsupdate\.com$
> \.download\.microsoft\.com$
> acl wu-rejects dstdom_regex stats
> acl GET method GET
> cache_peer 127.0.0.1 parent 8080 0 proxy-only no-tproxy no-digest no-query
> no-netdb-exchange name=ms1
> cache_peer_access ms1 allow GET wu !wu-rejects
> cache_peer_access ms1 allow GET msip !wu-rejects
> cache_peer_access ms1 deny all
> never_direct allow GET wu !wu-rejects
> never_direct allow GET msip !wu-rejects
> never_direct deny all


Your question here is not clear. None of this config is directly related
to HITs. With Eliezers setup HITs are a intentional by-product of the
manipulatinoon happening in the peer.
So you either use the peer and get what HITs it causes, or you don't.

> 
> 4.Current storage capacity is 500G andmore than 50% of it becomes full and
> growing fast . Is there any mechanism for garbage collection in your code ?
> If not is it good idea to remove files based on last access time (ls -ltu
> /cache1/body/v1/) ? should i also delete old files from header and request
> folders ?
> 

I'll leave that to Eliezer to answer.

Amos

More information about the squid-users mailing list