[squid-users] How to use "cache", "store_miss" and "send_hit" directives?
rousskov at measurement-factory.com
Thu Oct 17 02:18:17 UTC 2019
On 10/16/19 7:17 PM, Robert Senger wrote:
> I need to encrypt browser->squid connection (on mobile devices). With
> squid 3.x, I used stunnel client on the mobile device and stunnel
> server on squid's machine. With squid 4.6, I wanted to get rid of
> stunnel server and use squid's https_port directive instead, but
> https_port + sslbump did not go together. So, I created a loop that
> forwarded https_port connections with a cache_peer directive to squid's
> own http_port.
IIRC, this trick also creates problems for built-in cache_peer checks
that may fail because those checks start before Squid starts listening
on its own ports. This problem may be specific to SMP setups. YMMV.
> That worked, except for caching... The http_port ACLs
> never matched in the cache directive, instead, the https_port ACLs did,
> but that is not what I want and need. Some coincidence made that
> tcp_outgoing_address matched and routing was correct, anyway.
AFAICT, bugs notwithstanding, those ACLs should have matched in the
"cache" directive context, especially if they actually matched in the
tcp_outgoing_address context later.
> Am Mittwoch, den 16.10.2019, 11:38 -0400 schrieb Alex Rousskov:
>> On 10/16/19 10:38 AM, Robert wrote:
>>> after upgrading to 4.6 from 3.x
>>> I am struggling with caching objects. The goal is, to have objects
>>> requested by proxy-basic clients not to be cached, but objects
>>> requested by proxy-standard to be cached normally.
>>> Tried this:
>>> cache deny proxy-basic
>>> cache allow all
>>> And this:
>>> cache allow proxy-standard
>>> cache deny all
>> Based on your description, you probably want the former or its
>> cache deny proxy-basic
>>> If I use ANY "cache ___" directive other than a (useless) "cache
>>> all", caching is completely disabled for all ACLs.
>> FYI: Squid does not (yet) treat the "all" ACL specially -- Squid does
>> not ignore or automatically apply seemingly "useless" rules with it.
>> you are getting correct results with "allow all" and incorrect
>> with "allow foo", then your foo ACL does not match (in that specific
>> context). Why it does not match is a separate question.
>>> What am I doing wrong?
>> Nothing that warrants discussing here IMO. I suggest trying the
>> v4 release and, if the problem is still there, filing a bug report.
>> you can share a compressed ALL,7+ cache.log while reproducing the
>> problem with a single transaction, we may be able to triage this
>> faster. Squid wiki has instructions at
>>> I am using ACLs for different handling of clients connecting to
>>> different local ports:
>>> acl proxy-basic localip 172.16.2.243
>>> acl proxy-standard localip 172.16.3.243
>>> These ACLs are used to determine outgoing address, which are routed
>>> different outgoing interfaces like this:
>>> tcp_outgoing_address 172.16.3.244 proxy-basic
>>> tcp_outgoing_address 172.16.4.244 proxy-standard
>>> This works as desired.
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
More information about the squid-users