<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:795871144;
mso-list-type:hybrid;
mso-list-template-ids:1013729356 -126996084 536870915 536870917 536870913 536870915 536870917 536870913 536870915 536870917;}
@list l0:level1
{mso-level-start-at:6;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Aptos",sans-serif;
mso-fareast-font-family:Aptos;
mso-bidi-font-family:Aptos;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1054891802;
mso-list-type:hybrid;
mso-list-template-ids:-1028474776 630763676 536870915 536870917 536870913 536870915 536870917 536870913 536870915 536870917;}
@list l1:level1
{mso-level-start-at:6;
mso-level-number-format:bullet;
mso-level-text:\F0E8;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;
mso-fareast-font-family:Aptos;
mso-bidi-font-family:Aptos;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="fr-MG" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p><span lang="EN-GB">Hello everyone,<o:p></o:p></span></p>
<p><span lang="EN-GB"> <o:p></o:p></span></p>
<p><span lang="EN-GB">My team and I are working on setting up <b>a squid with ssl-bump</b> to cache binary content (jpeg, png, pdf and json) on a remote site over HTTPS.
<o:p></o:p></span></p>
<p><span lang="EN-GB">The size of the binary content can vary from a few dozen KB to several hundred MB.<o:p></o:p></span></p>
<p><span lang="EN-GB"> <o:p></o:p></span></p>
<p><span lang="EN-GB">We had a working HTTP configuration under squid 3.14, but for security reasons, all our links must now go through HTTPS.<o:p></o:p></span></p>
<p><span lang="EN-GB"> <o:p></o:p></span></p>
<p><span lang="EN-GB">We've tried configuring Squid 5 and Squid 6, but the behavior described below is the same for both versions of the tool.<o:p></o:p></span></p>
<p><span lang="EN-GB"> <o:p></o:p></span></p>
<p><span lang="EN-GB">In fact, we're seeing 200/TCP_MISS_ABORTED codes for content larger than around 100kb.
<o:p></o:p></span></p>
<p><span lang="EN-GB">When content sizes are smaller, the expected behaviour occurs and data is returned from the cache.<o:p></o:p></span></p>
<p><span lang="EN-GB"> <o:p></o:p></span></p>
<p><span lang="EN-GB">On the client side, for content larger than 100kb :<o:p></o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li style="mso-list:l0 level1 lfo1"><span lang="EN-GB">squid 5 returns x-cache = “MISS” and x-cache-lookup = “HIT”.
<o:p></o:p></span></li><li style="mso-list:l0 level1 lfo1"><span lang="EN-GB">squid 6 returns cache-status = “url;detail=match”, which is equivalent if my understanding is correct.<o:p></o:p></span></li></ul>
<p><span lang="EN-GB"> <o:p></o:p></span></p>
<p><span lang="EN-GB">We first thought it might be linked to the following bug: </span>
<u><span style="color:#0563C1"><a href="https://bugs.squid-cache.org/show_bug.cgi?id=5214"><span lang="EN-GB" style="color:#0563C1">https://bugs.squid-cache.org/show_bug.cgi?id=5214</span></a></span></u><span lang="EN-GB">, which encouraged us to try version
6, but without success.<o:p></o:p></span></p>
<p><span lang="EN-GB"> <o:p></o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li style="mso-list:l1 level1 lfo2"><span lang="EN-GB">Is it a configuration problem that we missed?
<o:p></o:p></span></li><li style="mso-list:l1 level1 lfo2"><span lang="EN-GB">Can you help us ?<o:p></o:p></span></li></ul>
<p><span lang="EN-GB"> <o:p></o:p></span></p>
<p><span lang="EN-GB">HTTP client-side headers returned by squid 6 :<o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">[2025-01-14T08:46:49.875] [TRACE] default - [0/1] getContentStream (user) header: {</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> "date": "Tue, 14 Jan 2025 05:47:30 GMT",</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> "server": "Apache-Chemistry-OpenCMIS/1.2.0_1859862-XXXXX-1",</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> "strict-transport-security": "max-age=15768000",</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span>"x-xss-protection": "1; mode=block",</i><o:p></o:p></p>
<p><i> </i><i><span lang="EN-GB">"x-frame-options": "SAMEORIGIN",</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> "x-content-type-options": "nosniff",</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> "access-control-allow-origin": "*",</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> "access-control-expose-headers": "Content-Disposition",</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> "cache-control": "public, s-maxage=3600, must-revalidate",</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> "etag": "\"08bd240128b475722db82d36c7ae7f164c37cab4ad2480abae052875fe7bc3bfdfef9996197d40110a13208d39a3db3a789879bc31803c82f25211eeba505455\"",</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> "content-disposition": "inline; filename=FILENAME.jpg",</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> "content-type": "image/jpeg",</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> "content-length": "2069587",</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> "content-security-policy": "default-src 'none'; connect-src 'self'; font-src 'self' fonts.gstatic.com; img-src blob: 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com",</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><b><i><span lang="EN-GB" style="color:red"> "cache-status": "sv-infra-pxy4;detail=match",</span></i></b><span lang="EN-GB"><o:p></o:p></span></p>
<p><b><i><span lang="EN-GB" style="color:red"> </span><span style="color:red">"via": "1.1 sv-infra-pxy4 (squid/6.10)",</span></i></b><o:p></o:p></p>
<p><i> </i><i><span lang="EN-GB">"connection": "close"</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">}</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">[2025-01-14T08:46:49.875] [INFO] default - [0/1][2] getCS oId:'369926' sId:<b><span style="color:red">'80669'</span></b><span style="color:red">
</span>name:' filename= FILENAME.jpg' type:'image/jpeg' size:<b><span style="color:red">'2021.08ko'</span></b><span style="color:red">
</span>res:[via:true hit:false length:true]</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p>squid 6 acces.log extract:<o:p></o:p></p>
<p><i> </i><o:p></o:p></p>
<p><i><img border="0" width="1315" height="79" style="width:13.6979in;height:.8229in" id="x_Image_x0020_93" src="cid:image001.png@01DB765E.24C1B6C0"></i><o:p></o:p></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><span lang="EN-GB">full server configuration file :<o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl localnet src fc00::/7 # RFC 4193 local private network range</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i>acl SSL_ports port 443</i><o:p></o:p></p>
<p><i>acl Safe_ports port 80 # http</i><o:p></o:p></p>
<p><i>acl Safe_ports port 21 # ftp</i><o:p></o:p></p>
<p><i>acl Safe_ports port 443 # https</i><o:p></o:p></p>
<p><i>acl Safe_ports port 70 # gopher</i><o:p></o:p></p>
<p><i>acl Safe_ports port 210 # wais</i><o:p></o:p></p>
<p><i>acl Safe_ports port 1025-65535 # unregistered ports</i><o:p></o:p></p>
<p><i>acl Safe_ports port 280 # http-mgmt</i><o:p></o:p></p>
<p><i>acl Safe_ports port 488 # gss-http</i><o:p></o:p></p>
<p><i>acl Safe_ports port 591 # filemaker</i><o:p></o:p></p>
<p><i>acl Safe_ports port 777 # multiling http</i><o:p></o:p></p>
<p><i> </i><o:p></o:p></p>
<p><i><span lang="EN-GB">#ACL pour SmartGED</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl smartged-mime req_mime_type -i ^image/jpeg$</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl smartged-mime req_mime_type -i ^image/png$</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl smartged-mime req_mime_type -i ^application/pdf$</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl smartged-mime req_mime_type -i ^application/json$</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl intermediate_fetching transaction_initiator certificate-fetching</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">http_access deny !Safe_ports</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">http_access deny CONNECT !SSL_ports</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"># Only allow cachemgr access from localhost</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">http_access allow localhost manager</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">http_access deny manager</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">http_access allow localnet</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">http_access deny all</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i>logformat toto %{%d/%b/%Y:%H:%M:%S}tl.%tu %>a %rm %03Hs/%Ss %6tr %ru %mt</i><o:p></o:p></p>
<p><i> </i><o:p></o:p></p>
<p><i>access_log /var/log/squid/access.log toto</i><o:p></o:p></p>
<p><i> </i><o:p></o:p></p>
<p><i>http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB tls-cert=/etc/squid/ssl_cert/xxxx_.pem tls-key=/etc/squid/ssl_cert/xxxx_.key tls-dh=/etc/squid/ssl_cert/dhparam.pem</i><o:p></o:p></p>
<p><i>tls_outgoing_options cipher=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384</i><o:p></o:p></p>
<p><i><span lang="EN-GB">sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/spool/squid/ssl_db -M 20MB</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">sslcrtd_children 5</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">ssl_bump server-first all</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">ssl_bump splice all</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">sslproxy_cert_error allow all</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i># ACL deny pour les fichiers javascript</i><o:p></o:p></p>
<p><i><span lang="EN-GB">acl denyjs urlpath_regex \.js</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"># ok deny all requests above</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">cache deny denyjs</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"># Leave coredumps in the first cache dir</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i>coredump_dir /cache1/squid</i><o:p></o:p></p>
<p><i> </i><o:p></o:p></p>
<p><i># Affichage des requetes GET completes dans cache.log</i><o:p></o:p></p>
<p><i><span lang="EN-GB">strip_query_terms off</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">cache_mem 20480 MB</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i># début d'éviction du cache</i><o:p></o:p></p>
<p><i>cache_swap_low 50</i><o:p></o:p></p>
<p><i># aggressivité maximal de l'algorithme d'éviction du cache</i><o:p></o:p></p>
<p><i><span lang="EN-GB">cache_swap_high 80</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"># The LRU policies keeps recently referenced objects.</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">cache_replacement_policy lru</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">#</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"># Add any of your own refresh_pattern entries above these.</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">#</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">refresh_pattern ^ftp: 1440 20% 10080</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">refresh_pattern -i (/cgi-bin/|\?) 0 0% 0</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">refresh_pattern . 0 20% 4320</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">ftp_user <u><span style="color:#0563C1"><a href="mailto:anonymous@xxx.fr">anonymous@xxx.fr</a></span></u></span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">#acl QUERY urlpath_regex cgi-bin \?</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">#no_cache deny QUERY</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">client_request_buffer_max_size 10240 KB</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">maximum_object_size 1024 MB</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"># to keep object in memory cache</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">maximum_object_size_in_memory 10240 KB</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">#to cause Squid to prefetch the whole file</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">range_offset_limit 16 MB</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">#quick_abort_min -1</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i>#Définition de la taille maximum d'un en-tête HTTP lors d'une requête</i><o:p></o:p></p>
<p><i>reply_header_max_size 8192 KB</i><o:p></o:p></p>
<p><i>#taille maximum d'un en-tête de réponse HTTP</i><o:p></o:p></p>
<p><i><span lang="EN-GB">reply_header_max_size 8192 KB</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"># Uncomment and adjust the following to add a disk cache directory.</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i>cache_dir aufs /cache1/squid 1024000 16 256 max-size=16777216</i><o:p></o:p></p>
<p><i> </i><o:p></o:p></p>
<p><i> </i><o:p></o:p></p>
<p><i><span lang="EN-GB">error_directory /usr/share/squid/errors/fr</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">half_closed_clients off</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">max_filedescriptors 8192</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">forward_max_tries 50</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">#Affichage du store-id</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">cache_store_log daemon:/var/log/squid/store_daemon.log</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">cache_store_log stdio:/var/log/squid/store_stdio.log</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">#debug_options "ALL,3 33,7 47,7 61,7 85,7"</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"># Log all critical and important messages.</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">#debug_options ALL,1</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">debug_options ALL,3</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"> </span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB"># Enable SQUID's SNMP</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">snmp_port 3401</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">acl snmppublic snmp_community PASdePUBLIC</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p><i><span lang="EN-GB">snmp_access allow snmppublic all</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-ligatures:none;mso-fareast-language:#2000">Thomas PALFRAY<o:p></o:p></span></b></p>
</div>
</body>
</html>