<div dir="ltr">Can we do that to cache https?<br><span style="color:rgb(255,0,0)"><font size="1">http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/monkey.pem</font></span><br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-09-24 11:24 GMT-03:00 Jorgeley Junior <span dir="ltr"><<a href="mailto:jorgeley@gmail.com" target="_blank">jorgeley@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Is it not possible to cache the https due the encryption?<br></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">2015-09-18 9:44 GMT-03:00 Antony Stone <span dir="ltr"><<a href="mailto:Antony.Stone@squid.open.source.it" target="_blank">Antony.Stone@squid.open.source.it</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On Friday 18 September 2015 at 14:27:42, Jorgeley Junior wrote:<br>
<br>
> there is a way to improve it?<br>
<br>
</span>Improve what? The percentage of your traffic which is cached, or the accuracy<br>
of the information reported by your monitoring system?<br>
<br>
<br>
If you want to cache more content:<br>
<br>
1. Make sure the sites being visited have available content (note that 12.6%<br>
of your requests resulted in the remote server saying some variation on<br>
"nothing available").<br>
<br>
2. Ignore things which are meaningless - such as the 27% of your requests<br>
which resulted in 407 Authentication Required - that tells you nothing about<br>
whether the user then successfully authenticated and got what they wanted, or<br>
didn't, but either way it's a standard response from the server which tells<br>
you nothing about the effectiveness of your cache.<br>
<br>
3. Make sure your traffic is HTTP instead of HTTPS.<br>
<br>
4. Make sure your users are visiting the same sites repeatedly so that content<br>
which gets cached gets re-used.<br>
<br>
5. Make sure the sites they're visiting are not setting "don't cache" or<br>
"already expired" headers (such as is common for news sites, for example) so<br>
that the content is cacheable.<br>
<br>
6. Run your cache for long enough that it's likely to have a representative<br>
proportion of what the users are asking for when you start measuring its<br>
effectiveness - if you start from an empty cache and pass requests through it,<br>
it's going to take some time for the content to build up so that you see some<br>
hits.<br>
<br>
<br>
If you want to improve the information you're getting from the monitoring<br>
system, make sure it's telling you how much was cached as a proportion of<br>
requests which could have been cached - in other words, leave out HTTPS (36%)<br>
and 407 Auth Required (27%), plus anything where the remote server had nothing<br>
to provide (13%), and requests where the user's browser already had a cached<br>
copy and didn't to request an update (4%).<br>
<br>
That throws out 80% of your current statistics, so you concentrate on the data<br>
about connections Squid *could* have helped with.<br>
<div><div><br>
> 2015-09-18 8:25 GMT-03:00 Antony Stone:<br>
> > On Friday 18 September 2015 at 13:13:27, Jorgeley Junior wrote:<br>
> > > hey guys, forgot-me? :(<br>
> ><br>
> > Surely you can see for yourself how many connections you've had of<br>
> > different types? Here are the most common (all those over 100 instances)<br>
> > from your list of 5240 results<br>
> ><br>
> > > > 290 TAG_NONE/503<br>
> > > > 368 TCP_DENIED/403<br>
> > > > 1421 TCP_DENIED/407<br>
> > > > 680 TCP_MISS/200<br>
> > > > 192 TCP_REFRESH_UNMODIFIED/304<br>
> > > > 1896 TCP_TUNNEL/200<br>
> ><br>
> > So:<br>
> ><br>
> > 290 (5.5%) got a 503 result (service unavailable)<br>
> > 368 (7%) were denied by the remote server with code 403 (forbidden)<br>
> > 1421 (27%) were deined by the remote server with code 407 (auth required)<br>
> > 680 (13%) were successfully retreived from the remote servers but were<br>
> > not previously in your cache<br>
> > 192 (3.6%) were already cached by your browser and didn't need to be<br>
> > retreived<br>
> > 1896 (36%) were successful HTTPS tunneled connections, simply being<br>
> > forwarded<br>
> > by the proxy<br>
> ><br>
> > This accounts for 4847 (92.5%) of your 5240 results.<br>
> ><br>
> > As you can see, just measuring HIT and MISS is not the whole picture.<br>
> ><br>
> ><br>
> > Hope that helps,<br>
> ><br>
> ><br>
> > Antony.<br>
<br>
--<br>
</div></div>"The problem with television is that the people must sit and keep their eyes<br>
glued on a screen; the average American family hasn't time for it."<br>
<br>
- New York Times, following a demonstration at the 1939 World's Fair.<br>
<div><div><br>
Please reply to the list;<br>
please *don't* CC me.<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div></div></blockquote></div><br><br clear="all"><br></div></div><span class="HOEnZb"><font color="#888888">-- <br><div><div style="text-align:left"><font size="4"><b><u><br></u></b></font></div><div style="text-align:left"><font size="4"><b><u><img src="https://lh6.googleusercontent.com/-xODPvbH2piQ/T6RqD0dqXjI/AAAAAAAAAPk/0I8Y3aq0mYM/h120/linuxano+assinatura+e-mail.png"><br></u></b></font></div></div>
</font></span></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div style="text-align:left"><font size="4"><b><u><br></u></b></font></div><div style="text-align:left"><font size="4"><b><u><img src="https://lh6.googleusercontent.com/-xODPvbH2piQ/T6RqD0dqXjI/AAAAAAAAAPk/0I8Y3aq0mYM/h120/linuxano+assinatura+e-mail.png"><br></u></b></font></div></div>
</div>