[squid-users] Squid cache questions
Amos Jeffries
squid3 at treenet.co.nz
Sun Apr 7 03:00:31 UTC 2024
On 5/04/24 17:25, Jonathan Lee wrote:
>> ssl_bump splice https_login
>> ssl_bump splice splice_only
>> ssl_bump splice NoSSLIntercept
>> ssl_bump bump bump_only markBumped
>> ssl_bump stare all
>> acl markedBumped note bumped true
>> url_rewrite_access deny markedBumped
>
> for good hits should the url_rewirte_access deny be splice not bumped
> connections ?
>
> I feel I mixed this up
>
Depends on what the re-write program is doing.
Ideally no traffic should be re-written by your proxy at all. Every
change you make to the protocol(s) as they go throug adds problems to
traffic behaviour.
Since you have squidguard..
* if it only does ACL checks, that is fine. But ideally those checks
would be done by http_access rules instead.
* if it is actually changing URLs, that is where the problems start
and caching is risky.
If you are re-writing URLs just to improve caching, I recommend using
Store-ID feature instead for those URLs. It does a better job of
balancing the caching risk vs ratio gains, even though outwardly it can
appear to have less HITs.
HTH
Amos
More information about the squid-users
mailing list