<div dir="ltr"><div><br></div><div>I have the following configuration:</div><div><br></div><div>http_port 3128 ssl-bump generate-host-certificates=on tls-cert=/etc/squid/ssl/myCA.pem<br>ssl_bump bump all</div><div><br></div><div># BMCs return Cache-Control: private<br></div><div>reply_header_access Cache-Control deny all<br></div><div>reply_header_add Cache-Control  "public, max-age=1800"</div><div><br></div><div>follow_x_forwarded_for allow all<br>http_access allow all<br>include /etc/squid/conf.d/*.conf<br>host_verify_strict off<br>tls_outgoing_options min-version=1.0 flags=DONT_VERIFY_PEER,DONT_VERIFY_DOMAIN<br>sslproxy_cert_error allow all<br><br>sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/spool/squid/ssl_db -M 4MB<br>sslcrtd_children 5<br><br>cache_mem 8192 MB<br>cache_dir rock /cm/squid/squid 8192<br><br>buffered_logs on<br>access_log daemon:/var/log/squid/access.log logformat=squid<br>logfile_daemon /usr/lib/squid/log_file_daemon<br>cache_store_log daemon:/var/log/squid/store.log<br>log_mime_hdrs on<br>coredump_dir /var/spool/squid<br>shutdown_lifetime 2 seconds<br>max_filedesc 4096<br>workers 4</div><div><br></div><div><br></div><div>A curl will note the resource is stale (with new host), but I never get a cache hit on subsequent retries:<br></div><div><br></div><div>Store log:</div><div><br></div><div>1728502393.992 RELEASE -1 FFFFFFFF 02000000000000003A632F0003000000  200 1728502382        -1        -1 application/json 1182/1182 GET <a href="https://10.170.31.77/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics">https://10.170.31.77/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics</a><br>1728502395.674 RELEASE -1 FFFFFFFF 02000000000000003B632F0002000000  200 1728502384        -1        -1 application/json 1182/1182 GET <a href="https://10.170.31.77/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics">https://10.170.31.77/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics</a><br>1728502408.317 RELEASE 00 00056924 04000000000000003C632F0001000000  200 1728420588        -1 1728422388 application/json 1189/1189 GET <a href="https://10.170.31.81/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics">https://10.170.31.81/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics</a><br>1728502408.318 RELEASE -1 FFFFFFFF 03000000000000003C632F0001000000  200 1728502404        -1        -1 application/json 1179/1179 GET <a href="https://10.170.31.81/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics">https://10.170.31.81/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics</a><br>1728502417.161 RELEASE -1 FFFFFFFF 05000000000000003C632F0001000000  200 1728502413        -1        -1 application/json 1179/1179 GET <a href="https://10.170.31.81/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics">https://10.170.31.81/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics</a></div><div><br></div><div>Response headers:</div><div><br></div><div>HTTP/1.1 200 Connection established<br><br>HTTP/1.1 200 OK<br>Link: <<a href="http://redfish.dmtf.org/schemas/v1/Z.v1_5_2.json">http://redfish.dmtf.org/schemas/v1/Z.v1_5_2.json</a>>; rel=describedby<br>Allow: GET<br>Content-Length: 1179<br>Content-Type: application/json; charset=UTF-8<br>Strict-Transport-Security: max-age=31536000; includeSubdomains<br>X-XSS-Protection: 1; mode=block<br>Content-Security-Policy: default-src 'self';connect-src 'self' ws: wss:;frame-src 'self';img-src 'self' data:;object-src 'self';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';worker-src 'self' blob:;<br>X-Frame-Options: SAMEORIGIN<br>X-Content-Type-Options: nosniff<br>OData-Version: 4.0<br>Date: Wed, 09 Oct 2024 19:35:50 GMT<br>Cache-Status: squid;detail=mismatch<br>Via: 1.1 squid (squid/6.10)<br>Connection: keep-alive<br>Cache-Control: public, max-age=1800</div><div><br></div><div>If I use a cache peer with MITMPROXY, squid will cache the results however this is inefficient and slow.<br></div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Bryan Seitz<br><a href="mailto:seitzbg@gmail.com" target="_blank">seitzbg@gmail.com</a></div></div>