[squid-users] squid intercept config

Amos Jeffries squid3 at treenet.co.nz
Fri Mar 13 17:33:17 UTC 2015 

On 14/03/2015 5:47 a.m., Monah Baki wrote:

<snip>

> half_closed_clients off
> quick_abort_min 0 KB
> quick_abort_max 0 KB
> vary_ignore_expire on
> reload_into_ims on
> memory_pools off
> cache_mem 4096 MB
> visible_hostname isn-phc-cache
> minimum_object_size 0 bytes

> maximum_object_size 512 MB
> maximum_object_size 512 KB

KB value overwriting MB value.


> ipcache_size 1024
> ipcache_low 90
> ipcache_high 95
> cache_swap_low 98
> cache_swap_high 100
> fqdncache_size 16384
> retry_on_error on
> offline_mode off
> logfile_rotate 10
> dns_nameservers 8.8.8.8 41.78.211.30
> 
> 
> 
> 
> access.log:
> 
> 1426267535.210    198 10.0.0.23 TCP_MISS/200 412 GET
> http://jadserve.postrelease.com/trk.gif? - ORIGINAL_DST/54.225.133.227
> image/gif
> 1426267535.211    198 10.0.0.23 TCP_MISS/200 412 GET
> http://jadserve.postrelease.com/trk.gif? - ORIGINAL_DST/54.225.133.227
> image/gif
> 1426267535.211    198 10.0.0.23 TCP_MISS/200 412 GET
> http://jadserve.postrelease.com/trk.gif? - ORIGINAL_DST/54.225.133.227
> image/gif
> 1426267535.223    301 10.0.0.23 TCP_MISS/200 222 GET
> http://rma-api.gravity.com/v1/beacons/log? - ORIGINAL_DST/80.239.148.18
> text/html
> 1426267535.244    195 10.0.0.23 TCP_MISS/200 412 GET
> http://jadserve.postrelease.com/trk.gif? - ORIGINAL_DST/54.225.133.227
> image/gif


Lots of Akamai hosted requests. Akamai play tricks with DNS responses.

Check your cache.log for security warnings;
 <http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery>

Note that objects failing the Host validation are not cacheable.


> 1426267535.333    423 10.0.0.23 TCP_MISS/200 1420 GET
> http://hpr.outbrain.com/utils/get? - ORIGINAL_DST/50.31.185.42 text/x-json
> 1426267535.345    412 10.0.0.23 TCP_MISS/200 11179 GET
> http://p.visualrevenue.com/? - ORIGINAL_DST/50.31.185.40 text/javascript
> 1426267535.346    411 10.0.0.23 TCP_MISS/200 423 GET
> http://t1.visualrevenue.com/? - ORIGINAL_DST/64.74.232.44 image/gif

Not sure about them. Maybe genuine MISS, maybe not.

It could also be the issues Antony pointed out, with the objects just
naturally not being cacheable.


> 1426267535.363    128 10.0.0.23 TCP_REFRESH_UNMODIFIED/304 327 GET
> http://z.cdn.turner.com/cnn/.element/widget/video/videoapi/api/js/vendor/jquery.ba-bbq.js
> - ORIGINAL_DST/80.239.152.153 application/x-javascript

There is a hit.

I guess you are new to Squid-3 ?
 Squid is HTTP/1.1 compliant now and the caching rules are slightly
different from requirements on HTTP/1.0 software. A lot of content that
previously could not be stored now can (authenticated, private,
no-cache, etc.). But being sensitive info also requires revalidation in
order to be used, so they show up like the above.

Amos

More information about the squid-users mailing list