<div dir="ltr">Thanks a lot Yuri,<div>I made some merge with my config and some of this options, I will see now how HIT rate it goes, my squid run so limited of bandwidth that I need to be as much aggressive as I can caching the content.</div><div><br></div><div>Thanks again for sharing, very appreciated</div><div><br></div><div>Alberto</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Mar 13, 2015 at 4:01 PM, Yuri Voinov <span dir="ltr"><<a href="mailto:yvoinov@gmail.com" target="_blank">yvoinov@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
</span>This is know-how to himself. ;)<br>
<br>
To be serious,<br>
<br>
you must carefully play with refresh_pattern(s), and some squid.conf<br>
parameters (and also with store ID feature) to get higher HIT ratio.<br>
<br>
Just for example (this is NOT complete config! No responsibility or<br>
any guarantees in case of simple copy-n-pasted into your configs! This<br>
is AS IS example!):<br>
<br>
# Keep swf in cache even if asked not to<br>
refresh_pattern -i \.(swf)(\?|$) 10080 90% 43200 override-expire<br>
ignore-reload reload-into-ims ignore-private<br>
# .NET cache<br>
refresh_pattern -i \.(as(h|p)x?)(\?|$) 10080 90% 43200 reload-into-ims<br>
# Updates: Windows, Adobe, Java<br>
refresh_pattern -i<br>
<a href="http://microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)" target="_blank">microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)</a> 4320<br>
80% 43200 reload-into-ims<br>
refresh_pattern -i<br>
<a href="http://windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)" target="_blank">windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)</a><br>
4320 80% 43200 reload-into-ims<br>
refresh_pattern -i<br>
<a href="http://my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)" target="_blank">my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)</a><br>
4320 80% 43200 reload-into-ims<br>
refresh_pattern -i <a href="http://adobe.com/.*\.(zip|exe)" target="_blank">adobe.com/.*\.(zip|exe)</a> 4320 80% 43200 reload-into-ims<br>
refresh_pattern -i <a href="http://java.com/.*\.(zip|exe)" target="_blank">java.com/.*\.(zip|exe)</a> 4320 80% 43200 reload-into-ims<br>
refresh_pattern -i <a href="http://sun.com/.*\.(zip|exe)" target="_blank">sun.com/.*\.(zip|exe)</a> 4320 80% 43200 reload-into-ims<br>
refresh_pattern -i google\.com.*\.(zip|exe) 4320 80% 43200 reload-into-ims<br>
refresh_pattern -i macromedia\.com.*\.(zip|exe) 4320 80% 43200<br>
reload-into-ims<br>
# Other long-lived items<br>
refresh_pattern -i<br>
\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|webp|flv|mp4)(\?|$) 14400<br>
99% 518400 ignore-no-store override-expire ignore-reload<br>
reload-into-ims ignore-private ignore-must-revalidate<br>
refresh_pattern -i<br>
\.((m?|x?|s?)htm(l?)|css|js|xml|php|json)(\?|$) 10080 90% 86400<br>
ignore-no-store override-expire override-lastmod reload-into-ims<br>
ignore-private ignore-must-revalidate<br>
# Default patterns<br>
<span class="">refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>
</span>refresh_pattern . 0 20% 10080 override-lastmod reload-into-ims<br>
<br>
The example above also requires some additional cached-related<br>
parameters to be changed.<br>
<br>
Also, you strictly recommended to research average users activity AND<br>
play around VARY http headers.<br>
<br>
And others.<br>
<br>
Each squid setup is place-specific. And depending your access/deny<br>
lists, security policy, users/network activity etc.etc.etc.<br>
<br>
WBR, Yuri<br>
<br>
PS. Your question has NO simple answer. Beware - copy-n-paste any<br>
foreign config can not guarantee the same results for YOU.<br>
<br>
14.03.15 1:52, Alberto Perez пишет:<br>
<span class="">> Can you share more details about "Agressive dynamic content<br>
> caching requires some special tweaks" I am very interested.<br>
><br>
> Thanks<br>
><br>
><br>
><br>
> On 3/13/15, Yuri Voinov <<a href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a>> wrote:<br>
><br>
><br>
</span><div><div class="h5">> 13.03.15 23:33, Amos Jeffries пишет:<br>
>>>> On 14/03/2015 5:47 a.m., Monah Baki wrote:<br>
>>>><br>
>>>> <snip><br>
>>>><br>
>>>>> half_closed_clients off quick_abort_min 0 KB<br>
>>>>> quick_abort_max 0 KB vary_ignore_expire on reload_into_ims<br>
>>>>> on memory_pools off cache_mem 4096 MB visible_hostname<br>
>>>>> isn-phc-cache minimum_object_size 0 bytes<br>
>>>><br>
>>>>> maximum_object_size 512 MB maximum_object_size 512 KB<br>
>>>><br>
>>>> KB value overwriting MB value.<br>
>>>><br>
>>>><br>
>>>>> ipcache_size 1024 ipcache_low 90 ipcache_high 95<br>
>>>>> cache_swap_low 98 cache_swap_high 100 fqdncache_size 16384<br>
>>>>> retry_on_error on offline_mode off logfile_rotate 10<br>
>>>>> dns_nameservers 8.8.8.8 41.78.211.30<br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>> access.log:<br>
>>>>><br>
>>>>> 1426267535.210 198 10.0.0.23 TCP_MISS/200 412 GET<br>
>>>>> <a href="http://jadserve.postrelease.com/trk.gif" target="_blank">http://jadserve.postrelease.com/trk.gif</a>? -<br>
>>>>> ORIGINAL_DST/<a href="http://54.225.133.227" target="_blank">54.225.133.227</a> image/gif 1426267535.211<br>
>>>>> 198 10.0.0.23 TCP_MISS/200 412 GET<br>
>>>>> <a href="http://jadserve.postrelease.com/trk.gif" target="_blank">http://jadserve.postrelease.com/trk.gif</a>? -<br>
>>>>> ORIGINAL_DST/<a href="http://54.225.133.227" target="_blank">54.225.133.227</a> image/gif 1426267535.211<br>
>>>>> 198 10.0.0.23 TCP_MISS/200 412 GET<br>
>>>>> <a href="http://jadserve.postrelease.com/trk.gif" target="_blank">http://jadserve.postrelease.com/trk.gif</a>? -<br>
>>>>> ORIGINAL_DST/<a href="http://54.225.133.227" target="_blank">54.225.133.227</a> image/gif 1426267535.223<br>
>>>>> 301 10.0.0.23 TCP_MISS/200 222 GET<br>
>>>>> <a href="http://rma-api.gravity.com/v1/beacons/log" target="_blank">http://rma-api.gravity.com/v1/beacons/log</a>? -<br>
>>>>> ORIGINAL_DST/<a href="http://80.239.148.18" target="_blank">80.239.148.18</a> text/html 1426267535.244 195<br>
>>>>> 10.0.0.23 TCP_MISS/200 412 GET<br>
>>>>> <a href="http://jadserve.postrelease.com/trk.gif" target="_blank">http://jadserve.postrelease.com/trk.gif</a>? -<br>
>>>>> ORIGINAL_DST/<a href="http://54.225.133.227" target="_blank">54.225.133.227</a> image/gif<br>
>>>><br>
>>>><br>
>>>> Lots of Akamai hosted requests. Akamai play tricks with DNS<br>
>>>> responses.<br>
> In my installation I've used local Unbound DNS cache and, before<br>
> it, forced DNS interception to him with Cisco. :)<br>
><br>
> So, I don't care about any hosts DNS quirks. ;)<br>
><br>
>>>><br>
>>>> Check your cache.log for security warnings;<br>
>>>> <<a href="http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery" target="_blank">http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery</a>><br>
>>>><br>
>>>><br>
>>>><br>
Note that objects failing the Host validation are not cacheable.<br>
>>>><br>
>>>><br>
>>>>> 1426267535.333 423 10.0.0.23 TCP_MISS/200 1420 GET<br>
>>>>> <a href="http://hpr.outbrain.com/utils/get" target="_blank">http://hpr.outbrain.com/utils/get</a>? -<br>
>>>>> ORIGINAL_DST/<a href="http://50.31.185.42" target="_blank">50.31.185.42</a> text/x-json 1426267535.345 412<br>
>>>>> 10.0.0.23 TCP_MISS/200 11179 GET<br>
>>>>> <a href="http://p.visualrevenue.com/" target="_blank">http://p.visualrevenue.com/</a>? - ORIGINAL_DST/<a href="http://50.31.185.40" target="_blank">50.31.185.40</a><br>
>>>>> text/javascript 1426267535.346 411 10.0.0.23<br>
>>>>> TCP_MISS/200 423 GET <a href="http://t1.visualrevenue.com/" target="_blank">http://t1.visualrevenue.com/</a>? -<br>
>>>>> ORIGINAL_DST/<a href="http://64.74.232.44" target="_blank">64.74.232.44</a> image/gif<br>
>>>><br>
>>>> Not sure about them. Maybe genuine MISS, maybe not.<br>
><br>
> Agressive dynamic content caching requires some special tweaks. ;)<br>
><br>
>>>><br>
>>>> It could also be the issues Antony pointed out, with the<br>
>>>> objects just naturally not being cacheable.<br>
>>>><br>
>>>><br>
>>>>> 1426267535.363 128 10.0.0.23 TCP_REFRESH_UNMODIFIED/304<br>
>>>>> 327 GET<br>
>>>>> <a href="http://z.cdn.turner.com/cnn/.element/widget/video/videoapi/api/js/vendor/jquery.ba-bbq.js" target="_blank">http://z.cdn.turner.com/cnn/.element/widget/video/videoapi/api/js/vendor/jquery.ba-bbq.js</a><br>
>>>>><br>
>>>>><br>
><br>
>>>>><br>
- - ORIGINAL_DST/<a href="http://80.239.152.153" target="_blank">80.239.152.153</a> application/x-javascript<br>
>>>><br>
>>>> There is a hit.<br>
>>>><br>
>>>> I guess you are new to Squid-3 ? Squid is HTTP/1.1 compliant<br>
>>>> now and the caching rules are slightly different from<br>
>>>> requirements on HTTP/1.0 software. A lot of content that<br>
>>>> previously could not be stored now can (authenticated,<br>
>>>> private, no-cache, etc.). But being sensitive info also<br>
>>>> requires revalidation in order to be used, so they show up<br>
>>>> like the above.<br>
>>>><br>
>>>> Amos<br>
>>>><br>
>>>> _______________________________________________ squid-users<br>
>>>> mailing list <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
>>>> <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
>>>><br>
>> _______________________________________________ squid-users<br>
>> mailing list <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
>> <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
>><br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
<br>
</div></div>iQEcBAEBAgAGBQJVA0InAAoJENNXIZxhPexG6JAIALq2tAxa9Vawr1/Rkojl0UFj<br>
HQF9p/4mk0ZHPnL4zkV6h/Ctg/s+AgK+O/H38ncn+2JS4eyiZfSHLOxmxkmrKi11<br>
av/yjG++JGnhQkic/3y7ETOSkvaDuAbDP+Iwrtuc+kBpJz54No9Pu37oVlIOdMLZ<br>
uv/8Bpk9uQEc3kE5FCgCmM2nIr2tuxr6opK6T5DZ2TvcqnQin752P60R91iS7unF<br>
XHX3tsGsFvrKflEEC7w1xDRn3u3kSGrx+gPpktA0dv6vT8ATXqPEV5+anIEZVfLZ<br>
NKDIwoeSNHYMMknlK7QTUlcNjuq+UXmfcO3mp+eraUQbGRkxwqTPxRwvIqp/43U=<br>
=VW9B<br>
-----END PGP SIGNATURE-----<br>
</blockquote></div><br></div>