<html><head><meta http-equiv="content-type" content="text/html; charset=us-ascii"><style>body { line-height: 1.5; }blockquote { margin-top: 0px; margin-bottom: 0px; margin-left: 0.5em; }body { font-size: 10.5pt; font-family: ????; color: rgb(0, 0, 0); line-height: 1.5; }</style></head><body>
<div><span></span>Hi, <span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">Amos</span></div><div> Thanks a lot for your reply. In my conf, squid is not only a <span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">reverse-proxy server, but also a cache server. And that is important to me. In fact , it does't normally for my product environment. </span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">10.112.4.54 is the </span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">apache server(been agent by squid) , and my request is also sent by it(such as browser reque</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">s</span><span style="background-color: window; font-size: 10.5pt; line-height: 1.5;">t and mimetic of httpclient reque</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">s</span><span style="background-color: window; font-size: 10.5pt; line-height: 1.5;">t by java). </span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">10.113.10.191 is the peer squid server, And is closed now. </span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">10.113.10.190</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">, as you see,</span><span style="background-color: window; font-size: 10.5pt; line-height: 1.5;"> is the</span></div><div><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">current </span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">reverse-proxy server. </span></div><div><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;"> W</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">hole proceess like this:</span></div><div> <span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">10.112.4.54(</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">browser</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">) <u>send request</u><i> </i></span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">10.113.10.190 <u>if not cached, forward the requset to apache server</u></span><span style="color: rgb(0, 0, 0); font-size: 10.5pt; line-height: 1.5; background-color: rgba(0, 0, 0, 0);"> </span><span style="color: rgb(0, 0, 0); font-size: 10.5pt; line-height: 1.5; background-color: rgba(0, 0, 0, 0);"> </span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">10.112.4.54</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">(</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">apache server</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">)</span><span style="color: rgb(0, 0, 0); font-size: 10.5pt; line-height: 1.5; background-color: rgba(0, 0, 0, 0);"> <u>return the response page to browser</u> </span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">10.112.4.54</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">(</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">browser</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">)</span></div><div><span style="color: rgb(0, 0, 0); background-color: rgba(0, 0, 0, 0);"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><span style="background-color: rgba(0, 0, 0, 0); font-size: 10.5pt; line-height: 1.5;"> </span><u style="color: rgb(0, 0, 0); font-size: 10.5pt; line-height: 1.5; background-color: rgba(0, 0, 0, 0);">if cached, return the page</u><span style="color: rgb(0, 0, 0); font-size: 10.5pt; line-height: 1.5; background-color: rgba(0, 0, 0, 0);"> </span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">10.112.4.54</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">(</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">browser</span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">)</span></div><div><br></div><div>> below is my squid.conf</div><div>> acl gsrc src 10.112.4.54 10.113.10.191</div><div>> acl gdst dst 10.112.4.54 10.113.10.191</div><div>> http_access allow gsrc</div><div>> http_access allow gdst</div><div> </div><div>>>What is the above supposed to mean?</div><div><br></div><div>></div><div>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network</div><div>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network</div><div>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network</div><div>> acl localnet src fc00::/7 # RFC 4193 local private network range</div><div>> acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines</div><div>></div><div>> acl purge method PURGE</div><div>> acl clientServers src 10.112.4.54</div><div>> http_access allow purge clientServers</div><div>> http_access deny purge</div><div>></div><div>> acl gat method GET</div><div>> acl clientS src 10.112.4.54 10.113.10.190</div><div>> http_access allow gat clientS</div><div>> #http_access deny gat</div><div> </div><div>>>The localnet ACL defines 10.*/8 as allowed and your rules below specify</div><div>>>that all localnet traffic is allowed.</div><div>>> </div><div>>>So the above four lines of config seem pointless.</div><div><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">>></span></div><div><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">>></span>You have configured the machines 10.112.4.54 and 10.113.10.190 as your</div><div><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">>></span>cache_peer servers. So why are they listed as "src" ?</div><div><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">>></span></div><div><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">>></span>In a reverse-proxy "src" is the IP of a client requesting a URL.</div><div><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">>></span></div><div><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">>></span>"dst" is the destination server - as determined by DNS records for the</div><div><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">>></span>URL domain being fetched. In a reverse-proxy those DNS records should</div><div><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">>></span>hold the proxies own IP address. So dst-IP is rarely ever useful and are</div><div><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">>></span>downright dangerous to make use of in the reverse-proxy.</div><div> </div><div><br></div><div><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">ICP requset cannot sent to peer server </span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">at first. So I add it to try to solve it . </span> </div><div> </div><div><br></div><div><br></div><div><br></div><div>></div><div>> acl SSL_ports port 443</div><div>> acl Safe_ports port 80 # http</div><div>> acl Safe_ports port 21 # ftp</div><div>> acl Safe_ports port 443 # https</div><div>> acl Safe_ports port 70 # gopher</div><div>> acl Safe_ports port 210 # wais</div><div>> acl Safe_ports port 1025-65535 # unregistered ports</div><div>> acl Safe_ports port 280 # http-mgmt</div><div>> acl Safe_ports port 488 # gss-http</div><div>> acl Safe_ports port 591 # filemaker</div><div>> acl Safe_ports port 777 # multiling http</div><div>> acl Safe_ports port 3130 # icp</div><div>> acl Safe_ports port 3128</div><div>> acl CONNECT method CONNECT</div><div>></div><div>> http_access deny !Safe_ports</div><div>></div><div>> http_access deny CONNECT !SSL_ports</div><div>></div><div>> http_access allow localhost manager</div><div>> http_access deny manager</div><div>></div><div><br></div><div>As the default config file says:</div><div>"</div><div>#</div><div># INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS</div><div>#</div><div>"</div><div><br></div><div>thanks a lot, I'll delete the needless port info. </div><div> </div><div><br></div><div><br></div><div>> http_access allow localnet</div><div>> http_access allow localhost</div><div>></div><div>> http_port 80 accel defaultsite=youlun.lvmama.com no-vhost</div><div>></div><div>> cache_dir aufs /var/spool/squid 8198 16 256</div><div>> cache_mem 5120 MB</div><div>> cache_swap_low 90</div><div>> cache_swap_high 95</div><div>> cache_mgr zhongzhe@lvmama.com</div><div>></div><div>> visible_hostname cache190</div><div>></div><div><br></div><div>So the domain name Squid announces to your clients is "cache190" as in</div><div>http://cache190/ship_front/youlun/1012487.</div><div> </div><div><br></div><div>I think my domain name is <span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">youlun.lvmama.com. </span><span style="font-size: 10.5pt; line-height: 1.5; background-color: window;">cache190 is just a individual name to distinguish with squid server 10.113.10.191.</span></div><div> </div><div><br></div><div><br></div><div><br></div><div><br></div><div>> coredump_dir /var/spool/squid</div><div>></div><div>> via off</div><div> </div><div>At least while debugging peering issues set "via on". Only turn it off</div><div>if you really have to and *after* you have a fully working proxy hierarchy.</div><div> </div><div><br></div><div>agree with your.</div><div> </div><div><br></div><div><br></div><div>> maximum_object_size 500 KB</div><div>></div><div>> icp_port 3130</div><div>> icp_access allow all</div><div>> icp_query_timeout 2000</div><div>></div><div>> cache_peer 10.112.4.54 parent 8090 0 no-query originserver name=youlun</div><div>> acl mysites dstdomain youlun.lvmama.com</div><div>> http_access allow mysites</div><div>> cache_peer_access youlun allow all</div><div>> cache_peer_access youlun deny all</div><div> </div><div>The default for cache_peer_access is to allow. No need to specify that</div><div>"allow all". What you need to do to allow everything to reach that peer</div><div>server is *not* specify "deny all".</div><div> </div><div>Though the normal thing is to use an ACL (eg your "mysites" one) to</div><div>allow the domains an origin server is known to supply and to deny other</div><div>things. Since it is not even worth trying that peer for things it is not</div><div>known to be capable of serving.</div><div> </div><div>So:</div><div> http_access allow mysites</div><div> cache_peer_access youlun allow mysites</div><div> cache_peer_access youlun deny all</div><div> </div><div> </div><div>Also be aware that all of this peer and http_access config needs to be</div><div>located up where it says " INSERT YOUR OWN RULE(S) HERE " etc.</div><div> </div><div> </div><div>Thanks , I had delete it.</div><div><br></div><div> </div><div>></div><div>> refresh_pattern -i .*/youlun/([0-9]+) 1440 100% 10080 ignore-no-store ignore-must-revalidate store-stale ignore-reload</div><div>></div><div> </div><div>Why? if your server is not producing correct cacheability headers then</div><div>everyone trying to use your site will be having problems. "Fixing" it</div><div>for only your proxy by ignoring required things is the worst possible</div><div>action to take.</div><div> </div><div>Your proxy is a reverse-proxy (aka CDN), it advertises its Surrogate</div><div>abilities to the origin server so your proxy cache can be given custom</div><div>values different from the general public. If you need</div><div> </div><div><br></div><div>I want to squid server response a cache page to the request if it's exit .</div><div><br></div><div> </div><div>> refresh_pattern ^ftp: 1440 20% 10080</div><div>> refresh_pattern ^gopher: 1440 0% 1440</div><div>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0</div><div>> refresh_pattern . 0 20% 4320</div><div>></div><div>> cache_log /var/log/squid/cache.log</div><div>> cache_access_log /var/log/squid/access.log</div><div> </div><div>The directive name is "access_log"</div><div><br></div><div>Changed.</div><div> </div><div>> cache_store_log /var/log/squid/store.log</div><div>></div><div>> log_icp_queries off</div><div>></div><div>> http_access allow all</div><div> </div><div>Do not do that "allow all".</div><div> </div><div>Been deleted.</div><div><br></div><div>> http_access deny all</div>
<div><br></div><hr style="WIDTH: 210px; HEIGHT: 1px" color="#b5c4df" size="1" align="left">
<div><span><div style="MARGIN: 10px; FONT-FAMILY: verdana; FONT-SIZE: 10pt"><div>zhongzhe@lvmama.com</div></div></span></div>
<blockquote style="margin-top: 0px; margin-bottom: 0px; margin-left: 0.5em;"><div> </div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm"><div style="PADDING-RIGHT: 8px; PADDING-LEFT: 8px; FONT-SIZE: 12px;FONT-FAMILY:tahoma;COLOR:#000000; BACKGROUND: #efefef; PADDING-BOTTOM: 8px; PADDING-TOP: 8px"><div><b>From:</b> <a href="mailto:squid3@treenet.co.nz">Amos Jeffries</a></div><div><b>Date:</b> 2017-12-14 02:04</div><div><b>To:</b> <a href="mailto:squid-users@lists.squid-cache.org">squid-users</a></div><div><b>Subject:</b> Re: [squid-users] TCP_MISS_ABORTED</div></div></div><div><div>On 13/12/17 20:30, zhongzhe@lvmama.com wrote:</div>
<div>> Hi, All</div>
<div>> I used httpclient to imitate a request to squid , but the response </div>
<div>> page had not stored by squid although response header is 200. I had </div>
<div>> tried many times with three different pages . only one can be stored by </div>
<div>> the squid cache. and the others must need to send requset by brower then </div>
<div>> they were cached. I had checked the access.log , it show me like this.</div>
<div>> 1513148548.653 9172 10.112.4.54 TCP_MISS_ABORTED/200 106197 GET http://youlun.lvmama.com/ship_front/youlun/1012487 - FIRSTUP_PARENT/10.112.4.54 text/html</div>
<div>> </div>
<div>> do you know what's wrong of my squid.conf ? need your help !\</div>
<div> </div>
<div>There seem to be many things. But none of them have much to do with te </div>
<div>above.</div>
<div> </div>
<div>What the above says is that a client at 10.112.4.54 requested </div>
<div>http://youlun.lvmama.com/ship_front/youlun/1012487 and disconnected </div>
<div>after 9 seconds.</div>
<div> </div>
<div>The fact that ~100KB of traffic happened in that transaction implies </div>
<div>that everything was going okay for a while at least. So there is no </div>
<div>visible problem with Squid in that log entry. The ABORTED simply means </div>
<div>one of the endpoints (probably the client) decided to disconnect early.</div>
<div> </div>
<div> </div>
<div> </div>
<div>Back to your squid.conf;</div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div>> below is my squid.conf</div>
<div>> acl gsrc src 10.112.4.54 10.113.10.191</div>
<div>> acl gdst dst 10.112.4.54 10.113.10.191</div>
<div>> http_access allow gsrc</div>
<div>> http_access allow gdst</div>
<div> </div>
<div>What is the above supposed to mean?</div>
<div> </div>
<div>> </div>
<div>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network</div>
<div>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network</div>
<div>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network</div>
<div>> acl localnet src fc00::/7 # RFC 4193 local private network range</div>
<div>> acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines</div>
<div>> </div>
<div>> acl purge method PURGE</div>
<div>> acl clientServers src 10.112.4.54</div>
<div>> http_access allow purge clientServers</div>
<div>> http_access deny purge</div>
<div>> </div>
<div>> acl gat method GET</div>
<div>> acl clientS src 10.112.4.54 10.113.10.190</div>
<div>> http_access allow gat clientS</div>
<div>> #http_access deny gat</div>
<div> </div>
<div>The localnet ACL defines 10.*/8 as allowed and your rules below specify </div>
<div>that all localnet traffic is allowed.</div>
<div> </div>
<div>So the above four lines of config seem pointless.</div>
<div> </div>
<div> </div>
<div>You have configured the machines 10.112.4.54 and 10.113.10.190 as your </div>
<div>cache_peer servers. So why are they listed as "src" ?</div>
<div> </div>
<div>In a reverse-proxy "src" is the IP of a client requesting a URL.</div>
<div> </div>
<div>"dst" is the destination server - as determined by DNS records for the </div>
<div>URL domain being fetched. In a reverse-proxy those DNS records should </div>
<div>hold the proxies own IP address. So dst-IP is rarely ever useful and are </div>
<div>downright dangerous to make use of in the reverse-proxy.</div>
<div> </div>
<div> </div>
<div> </div>
<div>> </div>
<div>> acl SSL_ports port 443</div>
<div>> acl Safe_ports port 80 # http</div>
<div>> acl Safe_ports port 21 # ftp</div>
<div>> acl Safe_ports port 443 # https</div>
<div>> acl Safe_ports port 70 # gopher</div>
<div>> acl Safe_ports port 210 # wais</div>
<div>> acl Safe_ports port 1025-65535 # unregistered ports</div>
<div>> acl Safe_ports port 280 # http-mgmt</div>
<div>> acl Safe_ports port 488 # gss-http</div>
<div>> acl Safe_ports port 591 # filemaker</div>
<div>> acl Safe_ports port 777 # multiling http</div>
<div>> acl Safe_ports port 3130 # icp</div>
<div>> acl Safe_ports port 3128</div>
<div>> acl CONNECT method CONNECT</div>
<div>> </div>
<div>> http_access deny !Safe_ports</div>
<div>> </div>
<div>> http_access deny CONNECT !SSL_ports</div>
<div>> </div>
<div>> http_access allow localhost manager</div>
<div>> http_access deny manager</div>
<div>> </div>
<div> </div>
<div>As the default config file says:</div>
<div> </div>
<div>"</div>
<div>#</div>
<div># INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS</div>
<div>#</div>
<div>"</div>
<div> </div>
<div> </div>
<div>> http_access allow localnet</div>
<div>> http_access allow localhost</div>
<div>> </div>
<div>> http_port 80 accel defaultsite=youlun.lvmama.com no-vhost</div>
<div>> </div>
<div>> cache_dir aufs /var/spool/squid 8198 16 256</div>
<div>> cache_mem 5120 MB</div>
<div>> cache_swap_low 90</div>
<div>> cache_swap_high 95</div>
<div>> cache_mgr zhongzhe@lvmama.com</div>
<div>> </div>
<div>> visible_hostname cache190</div>
<div>> </div>
<div> </div>
<div>So the domain name Squid announces to your clients is "cache190" as in </div>
<div>http://cache190/ship_front/youlun/1012487.</div>
<div> </div>
<div> </div>
<div>> coredump_dir /var/spool/squid</div>
<div>> </div>
<div>> via off</div>
<div> </div>
<div>At least while debugging peering issues set "via on". Only turn it off </div>
<div>if you really have to and *after* you have a fully working proxy hierarchy.</div>
<div> </div>
<div> </div>
<div>> maximum_object_size 500 KB</div>
<div>> </div>
<div>> icp_port 3130</div>
<div>> icp_access allow all</div>
<div>> icp_query_timeout 2000</div>
<div>> </div>
<div>> cache_peer 10.112.4.54 parent 8090 0 no-query originserver name=youlun</div>
<div>> acl mysites dstdomain youlun.lvmama.com</div>
<div>> http_access allow mysites</div>
<div>> cache_peer_access youlun allow all</div>
<div>> cache_peer_access youlun deny all</div>
<div> </div>
<div>The default for cache_peer_access is to allow. No need to specify that </div>
<div>"allow all". What you need to do to allow everything to reach that peer </div>
<div>server is *not* specify "deny all".</div>
<div> </div>
<div>Though the normal thing is to use an ACL (eg your "mysites" one) to </div>
<div>allow the domains an origin server is known to supply and to deny other </div>
<div>things. Since it is not even worth trying that peer for things it is not </div>
<div>known to be capable of serving.</div>
<div> </div>
<div>So:</div>
<div> http_access allow mysites</div>
<div> cache_peer_access youlun allow mysites</div>
<div> cache_peer_access youlun deny all</div>
<div> </div>
<div> </div>
<div>Also be aware that all of this peer and http_access config needs to be </div>
<div>located up where it says " INSERT YOUR OWN RULE(S) HERE " etc.</div>
<div> </div>
<div> </div>
<div> </div>
<div>> </div>
<div>> refresh_pattern -i .*/youlun/([0-9]+) 1440 100% 10080 ignore-no-store ignore-must-revalidate store-stale ignore-reload</div>
<div>> </div>
<div> </div>
<div>Why? if your server is not producing correct cacheability headers then </div>
<div>everyone trying to use your site will be having problems. "Fixing" it </div>
<div>for only your proxy by ignoring required things is the worst possible </div>
<div>action to take.</div>
<div> </div>
<div>Your proxy is a reverse-proxy (aka CDN), it advertises its Surrogate </div>
<div>abilities to the origin server so your proxy cache can be given custom </div>
<div>values different from the general public. If you need</div>
<div> </div>
<div> </div>
<div>> refresh_pattern ^ftp: 1440 20% 10080</div>
<div>> refresh_pattern ^gopher: 1440 0% 1440</div>
<div>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0</div>
<div>> refresh_pattern . 0 20% 4320</div>
<div>> </div>
<div>> cache_log /var/log/squid/cache.log</div>
<div>> cache_access_log /var/log/squid/access.log</div>
<div> </div>
<div>The directive name is "access_log"</div>
<div> </div>
<div>> cache_store_log /var/log/squid/store.log</div>
<div>> </div>
<div>> log_icp_queries off</div>
<div>> </div>
<div>> http_access allow all</div>
<div> </div>
<div>Do not do that "allow all".</div>
<div> </div>
<div>> http_access deny all</div>
<div>> </div>
<div> </div>
<div> </div>
<div>Amos</div>
<div>_______________________________________________</div>
<div>squid-users mailing list</div>
<div>squid-users@lists.squid-cache.org</div>
<div>http://lists.squid-cache.org/listinfo/squid-users</div>
</div></blockquote>
</body></html>