<div dir="ltr"><div><div><div>Sorry for nagging. We want to use both tproxy and accelerator mode. Mainly tproxy for internet traffic and accelerator mode for web server. Also we want to ignore cache control header in the HTTP requests destined for our webserver (<a href="http://abcexample.com">abcexample.com</a>) Does the below configuration work ? or Do we need to do add IPtables rules?<br><br>http_port 3128<br>http_port 3129 tproxy<br>http_port 80 accel defaultsite=<a href="http://abcexample.com">abcexample.com</a> ignore-cc<br><span class="im"></span><br><br>cache_peer <a href="http://abcexample.com/data/">abcexample.com/data/</a> parent 80 0 no-query originserver name=myAccel<br><br>acl our_sites dstdomain <a href="http://abcexample.com">abcexample.com</a><br>http_access allow our_sites<br>cache_peer_access myAccel allow our_sites<br>cache_peer_access myAccel deny all<br><br></div></div>- Cross<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Feb 28, 2016 at 12:05 AM, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 28/02/2016 5:31 p.m., Anonymous cross wrote:<br>
> Hi, Amos,<br>
> We are using forward tproxy . We used to redirect the packets coming from<br>
> client for port 80 to squid proxy server. Squid spoofs the request and<br>
> establishes a connection with Server transparently. Please find the<br>
> configuration below<br>
><br>
> Client --- > Squid proxy server --- > web Server<br>
><br>
<br>
</span>You talk about TPROXY up here. But your config with the refresh pattern<br>
is for the accel port domain.<br>
<br>
If you are a legitimate reverse-proxy / CDN / accel - then intercepting,<br>
even with TPROXY is just plain daft.<br>
<span class=""><br>
<br>
> =====<br>
> http_port 3128<br>
> http_port 3129 tproxy<br>
> http_port 80 accel defaultsite=<a href="http://abcexample.com" rel="noreferrer" target="_blank">abcexample.com</a><br>
> refresh_pattern -i <a href="http://abcexample.com/*" rel="noreferrer" target="_blank">abcexample.com/*</a> 600 0% 600 override-expire<br>
> override-lastmod reload-into-ims ignore-reload<br>
> refresh_pattern -i <a href="http://abcexample2.com/*" rel="noreferrer" target="_blank">abcexample2.com/*</a> 600 0% 600 override-expire<br>
> override-lastmod reload-into-ims ignore-reload<br>
> =====<br>
<br>
</span>You can remove the "/*" part of those patterns, its just wasting config<br>
file space and perhapse confusing you into thinking the '/' part is<br>
being looked for by regex (the '*' cancels its existence out).<br>
<br>
<br>
reload-into-ims and ignore-reload are mutually exclusive options. Squid<br>
cannot both adjust a reload action and ignore it at the same time.<br>
Remove the ignore-reload.<br>
<br>
Add "ignore-cc" to the accel port line to ignore a Cache-Control<br>
arriving from the clients. No you cannot do the same on the tproxy line<br>
without causing a lot of trouble.<br>
<br>
You should seriously consider removing override-lastmod as well. That is<br>
usually only used on dynamic content, which is important to keep up-to-date.<br>
<span class=""><br>
<br>
><br>
> Basically we want to increase the page load times by caching the images.<br>
<br>
</span>Then adjust your web server outputs to make that happen. Page times will<br>
get even better if you allow cache in the ISPs closer to the clients to<br>
store your images correctly instead of hacking your proxy config to be<br>
the only one doing so efficiently.<br>
<br>
The config above indicates that you are the owner of <a href="http://abcexample.com" rel="noreferrer" target="_blank">abcexample.com</a> (or<br>
they are a customer of yours) and thus in a position to get problems<br>
like caching times for images fixed at the web server end.<br>
<span class=""><br>
<br>
> Sometimes the specific client is triggering HTTP request with cache-control<br>
> as no-cache. We want to mandate the packets coming from specific client to<br>
> be cached in squid to increase the page load times . In order to avoid<br>
> serving the stale content we have configured a refresh pattern.<br>
><br>
<br>
</span>You have configured the refresh_pattern to force Squid to serve stale<br>
content for up to 10 hours. It does not prevent the content being stale.<br>
It just gets delivered by the proxy anyway.<br>
<br>
This is kind of what I meant by there usually being a reason for seeing<br>
no-cache.<br>
<br>
If you have used refresh_pattern to force things to cache for long times<br>
and the web server indicates they are not supposed to. Then you can<br>
cause pages looking weird, not updating correctly, etc ...<br>
<br>
... users press the force-refresh button in their browser to 'fix' the<br>
page they see. Thus generating a no-cache or max-age=0 request (aka<br>
reload) to try and make the page update properly.<br>
<br>
... downstream caches think the content is constantly stale and<br>
re-request updates for every user until they get something fresh.<br>
<br>
These can waste more bandwidth and actually increase avg page load times<br>
versus letting the objects get refreshed once every N requests.<br>
<br>
Force-caching is a pretty popular pasttime. ISPs at least have a little<br>
bit of excuse since they have no way to fix what the web server outputs.<br>
As reverse-proxy operator you do.<br>
<div class="HOEnZb"><div class="h5"><br>
Amos<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">Regards,<br>Anonymous cross.</div>
</div>