<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
And dont forget that cache must be warmed up first, before it can
cause increase HIT-ratio.<br>
<br>
<div class="moz-cite-prefix">14.03.15 6:45, Alberto Perez пишет:<br>
</div>
<blockquote
cite="mid:CAMZauGpA5spVJ0JtMXFkeBECbR5jES=rPZi3oS42_f-=53G8ew@mail.gmail.com"
type="cite">
<div dir="ltr">Thanks a lot Yuri,
<div>I made some merge with my config and some of this options,
I will see now how HIT rate it goes, my squid run so limited
of bandwidth that I need to be as much aggressive as I can
caching the content.</div>
<div><br>
</div>
<div>Thanks again for sharing, very appreciated</div>
<div><br>
</div>
<div>Alberto</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Mar 13, 2015 at 4:01 PM, Yuri
Voinov <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:yvoinov@gmail.com" target="_blank">yvoinov@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span
class="">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
</span>This is know-how to himself. ;)<br>
<br>
To be serious,<br>
<br>
you must carefully play with refresh_pattern(s), and some
squid.conf<br>
parameters (and also with store ID feature) to get higher
HIT ratio.<br>
<br>
Just for example (this is NOT complete config! No
responsibility or<br>
any guarantees in case of simple copy-n-pasted into your
configs! This<br>
is AS IS example!):<br>
<br>
# Keep swf in cache even if asked not to<br>
refresh_pattern -i \.(swf)(\?|$) 10080 90%
43200 override-expire<br>
ignore-reload reload-into-ims ignore-private<br>
# .NET cache<br>
refresh_pattern -i \.(as(h|p)x?)(\?|$) 10080 90%
43200 reload-into-ims<br>
# Updates: Windows, Adobe, Java<br>
refresh_pattern -i<br>
<a moz-do-not-send="true"
href="http://microsoft.com/.*%5C.%28cab%7Cexe%7Cms[i%7Cu%7Cf%7Cp]%7Casf%7Cwm[v%7Ca]%7Cdat%7Czip%29"
target="_blank">microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)</a>
4320<br>
80% 43200 reload-into-ims<br>
refresh_pattern -i<br>
<a moz-do-not-send="true"
href="http://windowsupdate.com/.*%5C.%28cab%7Cexe%7Cms[i%7Cu%7Cf%7Cp]%7Casf%7Cwm[v%7Ca]%7Cdat%7Czip%29"
target="_blank">windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)</a><br>
4320 80% 43200 reload-into-ims<br>
refresh_pattern -i<br>
<a moz-do-not-send="true"
href="http://my.windowsupdate.website.com/.*%5C.%28cab%7Cexe%7Cms[i%7Cu%7Cf%7Cp]%7Casf%7Cwm[v%7Ca]%7Cdat%7Czip%29"
target="_blank">my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)</a><br>
4320 80% 43200 reload-into-ims<br>
refresh_pattern -i <a moz-do-not-send="true"
href="http://adobe.com/.*%5C.%28zip%7Cexe%29"
target="_blank">adobe.com/.*\.(zip|exe)</a> 4320
80% 43200 reload-into-ims<br>
refresh_pattern -i <a moz-do-not-send="true"
href="http://java.com/.*%5C.%28zip%7Cexe%29"
target="_blank">java.com/.*\.(zip|exe)</a> 4320
80% 43200 reload-into-ims<br>
refresh_pattern -i <a moz-do-not-send="true"
href="http://sun.com/.*%5C.%28zip%7Cexe%29"
target="_blank">sun.com/.*\.(zip|exe)</a> 4320
80% 43200 reload-into-ims<br>
refresh_pattern -i google\.com.*\.(zip|exe) 4320 80%
43200 reload-into-ims<br>
refresh_pattern -i macromedia\.com.*\.(zip|exe) 4320 80%
43200<br>
reload-into-ims<br>
# Other long-lived items<br>
refresh_pattern -i<br>
\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|webp|flv|mp4)(\?|$)
14400<br>
99% 518400 ignore-no-store override-expire
ignore-reload<br>
reload-into-ims ignore-private ignore-must-revalidate<br>
refresh_pattern -i<br>
\.((m?|x?|s?)htm(l?)|css|js|xml|php|json)(\?|$)
10080 90% 86400<br>
ignore-no-store override-expire override-lastmod
reload-into-ims<br>
ignore-private ignore-must-revalidate<br>
# Default patterns<br>
<span class="">refresh_pattern -i (/cgi-bin/|\?) 0
0% 0<br>
</span>refresh_pattern . 0 20% 10080
override-lastmod reload-into-ims<br>
<br>
The example above also requires some additional
cached-related<br>
parameters to be changed.<br>
<br>
Also, you strictly recommended to research average users
activity AND<br>
play around VARY http headers.<br>
<br>
And others.<br>
<br>
Each squid setup is place-specific. And depending your
access/deny<br>
lists, security policy, users/network activity etc.etc.etc.<br>
<br>
WBR, Yuri<br>
<br>
PS. Your question has NO simple answer. Beware -
copy-n-paste any<br>
foreign config can not guarantee the same results for YOU.<br>
<br>
14.03.15 1:52, Alberto Perez пишет:<br>
<span class="">> Can you share more details about
"Agressive dynamic content<br>
> caching requires some special tweaks" I am very
interested.<br>
><br>
> Thanks<br>
><br>
><br>
><br>
> On 3/13/15, Yuri Voinov <<a moz-do-not-send="true"
href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a>>
wrote:<br>
><br>
><br>
</span>
<div>
<div class="h5">> 13.03.15 23:33, Amos Jeffries пишет:<br>
>>>> On 14/03/2015 5:47 a.m., Monah Baki
wrote:<br>
>>>><br>
>>>> <snip><br>
>>>><br>
>>>>> half_closed_clients off
quick_abort_min 0 KB<br>
>>>>> quick_abort_max 0 KB
vary_ignore_expire on reload_into_ims<br>
>>>>> on memory_pools off cache_mem 4096
MB visible_hostname<br>
>>>>> isn-phc-cache minimum_object_size 0
bytes<br>
>>>><br>
>>>>> maximum_object_size 512 MB
maximum_object_size 512 KB<br>
>>>><br>
>>>> KB value overwriting MB value.<br>
>>>><br>
>>>><br>
>>>>> ipcache_size 1024 ipcache_low 90
ipcache_high 95<br>
>>>>> cache_swap_low 98 cache_swap_high
100 fqdncache_size 16384<br>
>>>>> retry_on_error on offline_mode off
logfile_rotate 10<br>
>>>>> dns_nameservers 8.8.8.8
41.78.211.30<br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>> access.log:<br>
>>>>><br>
>>>>> 1426267535.210 198 10.0.0.23
TCP_MISS/200 412 GET<br>
>>>>> <a moz-do-not-send="true"
href="http://jadserve.postrelease.com/trk.gif"
target="_blank">http://jadserve.postrelease.com/trk.gif</a>?
-<br>
>>>>> ORIGINAL_DST/<a
moz-do-not-send="true" href="http://54.225.133.227"
target="_blank">54.225.133.227</a> image/gif
1426267535.211<br>
>>>>> 198 10.0.0.23 TCP_MISS/200 412 GET<br>
>>>>> <a moz-do-not-send="true"
href="http://jadserve.postrelease.com/trk.gif"
target="_blank">http://jadserve.postrelease.com/trk.gif</a>?
-<br>
>>>>> ORIGINAL_DST/<a
moz-do-not-send="true" href="http://54.225.133.227"
target="_blank">54.225.133.227</a> image/gif
1426267535.211<br>
>>>>> 198 10.0.0.23 TCP_MISS/200 412 GET<br>
>>>>> <a moz-do-not-send="true"
href="http://jadserve.postrelease.com/trk.gif"
target="_blank">http://jadserve.postrelease.com/trk.gif</a>?
-<br>
>>>>> ORIGINAL_DST/<a
moz-do-not-send="true" href="http://54.225.133.227"
target="_blank">54.225.133.227</a> image/gif
1426267535.223<br>
>>>>> 301 10.0.0.23 TCP_MISS/200 222 GET<br>
>>>>> <a moz-do-not-send="true"
href="http://rma-api.gravity.com/v1/beacons/log"
target="_blank">http://rma-api.gravity.com/v1/beacons/log</a>?
-<br>
>>>>> ORIGINAL_DST/<a
moz-do-not-send="true" href="http://80.239.148.18"
target="_blank">80.239.148.18</a> text/html
1426267535.244 195<br>
>>>>> 10.0.0.23 TCP_MISS/200 412 GET<br>
>>>>> <a moz-do-not-send="true"
href="http://jadserve.postrelease.com/trk.gif"
target="_blank">http://jadserve.postrelease.com/trk.gif</a>?
-<br>
>>>>> ORIGINAL_DST/<a
moz-do-not-send="true" href="http://54.225.133.227"
target="_blank">54.225.133.227</a> image/gif<br>
>>>><br>
>>>><br>
>>>> Lots of Akamai hosted requests. Akamai
play tricks with DNS<br>
>>>> responses.<br>
> In my installation I've used local Unbound DNS
cache and, before<br>
> it, forced DNS interception to him with Cisco. :)<br>
><br>
> So, I don't care about any hosts DNS quirks. ;)<br>
><br>
>>>><br>
>>>> Check your cache.log for security
warnings;<br>
>>>> <<a moz-do-not-send="true"
href="http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery"
target="_blank">http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery</a>><br>
>>>><br>
>>>><br>
>>>><br>
Note that objects failing the Host validation are not
cacheable.<br>
>>>><br>
>>>><br>
>>>>> 1426267535.333 423 10.0.0.23
TCP_MISS/200 1420 GET<br>
>>>>> <a moz-do-not-send="true"
href="http://hpr.outbrain.com/utils/get"
target="_blank">http://hpr.outbrain.com/utils/get</a>?
-<br>
>>>>> ORIGINAL_DST/<a
moz-do-not-send="true" href="http://50.31.185.42"
target="_blank">50.31.185.42</a> text/x-json
1426267535.345 412<br>
>>>>> 10.0.0.23 TCP_MISS/200 11179 GET<br>
>>>>> <a moz-do-not-send="true"
href="http://p.visualrevenue.com/" target="_blank">http://p.visualrevenue.com/</a>?
- ORIGINAL_DST/<a moz-do-not-send="true"
href="http://50.31.185.40" target="_blank">50.31.185.40</a><br>
>>>>> text/javascript 1426267535.346
411 10.0.0.23<br>
>>>>> TCP_MISS/200 423 GET <a
moz-do-not-send="true"
href="http://t1.visualrevenue.com/" target="_blank">http://t1.visualrevenue.com/</a>?
-<br>
>>>>> ORIGINAL_DST/<a
moz-do-not-send="true" href="http://64.74.232.44"
target="_blank">64.74.232.44</a> image/gif<br>
>>>><br>
>>>> Not sure about them. Maybe genuine
MISS, maybe not.<br>
><br>
> Agressive dynamic content caching requires some
special tweaks. ;)<br>
><br>
>>>><br>
>>>> It could also be the issues Antony
pointed out, with the<br>
>>>> objects just naturally not being
cacheable.<br>
>>>><br>
>>>><br>
>>>>> 1426267535.363 128 10.0.0.23
TCP_REFRESH_UNMODIFIED/304<br>
>>>>> 327 GET<br>
>>>>> <a moz-do-not-send="true"
href="http://z.cdn.turner.com/cnn/.element/widget/video/videoapi/api/js/vendor/jquery.ba-bbq.js"
target="_blank">http://z.cdn.turner.com/cnn/.element/widget/video/videoapi/api/js/vendor/jquery.ba-bbq.js</a><br>
>>>>><br>
>>>>><br>
><br>
>>>>><br>
- - ORIGINAL_DST/<a moz-do-not-send="true"
href="http://80.239.152.153" target="_blank">80.239.152.153</a>
application/x-javascript<br>
>>>><br>
>>>> There is a hit.<br>
>>>><br>
>>>> I guess you are new to Squid-3 ? Squid
is HTTP/1.1 compliant<br>
>>>> now and the caching rules are slightly
different from<br>
>>>> requirements on HTTP/1.0 software. A
lot of content that<br>
>>>> previously could not be stored now can
(authenticated,<br>
>>>> private, no-cache, etc.). But being
sensitive info also<br>
>>>> requires revalidation in order to be
used, so they show up<br>
>>>> like the above.<br>
>>>><br>
>>>> Amos<br>
>>>><br>
>>>>
_______________________________________________
squid-users<br>
>>>> mailing list <a moz-do-not-send="true"
href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
>>>> <a moz-do-not-send="true"
href="http://lists.squid-cache.org/listinfo/squid-users"
target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
>>>><br>
>> _______________________________________________
squid-users<br>
>> mailing list <a moz-do-not-send="true"
href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
>> <a moz-do-not-send="true"
href="http://lists.squid-cache.org/listinfo/squid-users"
target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
>><br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
<br>
</div>
</div>
iQEcBAEBAgAGBQJVA0InAAoJENNXIZxhPexG6JAIALq2tAxa9Vawr1/Rkojl0UFj<br>
HQF9p/4mk0ZHPnL4zkV6h/Ctg/s+AgK+O/H38ncn+2JS4eyiZfSHLOxmxkmrKi11<br>
av/yjG++JGnhQkic/3y7ETOSkvaDuAbDP+Iwrtuc+kBpJz54No9Pu37oVlIOdMLZ<br>
uv/8Bpk9uQEc3kE5FCgCmM2nIr2tuxr6opK6T5DZ2TvcqnQin752P60R91iS7unF<br>
XHX3tsGsFvrKflEEC7w1xDRn3u3kSGrx+gPpktA0dv6vT8ATXqPEV5+anIEZVfLZ<br>
NKDIwoeSNHYMMknlK7QTUlcNjuq+UXmfcO3mp+eraUQbGRkxwqTPxRwvIqp/43U=<br>
=VW9B<br>
-----END PGP SIGNATURE-----<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>