[squid-users] squid intercept config
Yuri Voinov
yvoinov at gmail.com
Fri Mar 13 18:43:54 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
13.03.15 23:33, Amos Jeffries пишет:
> On 14/03/2015 5:47 a.m., Monah Baki wrote:
>
> <snip>
>
>> half_closed_clients off quick_abort_min 0 KB quick_abort_max 0
>> KB vary_ignore_expire on reload_into_ims on memory_pools off
>> cache_mem 4096 MB visible_hostname isn-phc-cache
>> minimum_object_size 0 bytes
>
>> maximum_object_size 512 MB maximum_object_size 512 KB
>
> KB value overwriting MB value.
>
>
>> ipcache_size 1024 ipcache_low 90 ipcache_high 95 cache_swap_low
>> 98 cache_swap_high 100 fqdncache_size 16384 retry_on_error on
>> offline_mode off logfile_rotate 10 dns_nameservers 8.8.8.8
>> 41.78.211.30
>>
>>
>>
>>
>> access.log:
>>
>> 1426267535.210 198 10.0.0.23 TCP_MISS/200 412 GET
>> http://jadserve.postrelease.com/trk.gif? -
>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.211 198
>> 10.0.0.23 TCP_MISS/200 412 GET
>> http://jadserve.postrelease.com/trk.gif? -
>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.211 198
>> 10.0.0.23 TCP_MISS/200 412 GET
>> http://jadserve.postrelease.com/trk.gif? -
>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.223 301
>> 10.0.0.23 TCP_MISS/200 222 GET
>> http://rma-api.gravity.com/v1/beacons/log? -
>> ORIGINAL_DST/80.239.148.18 text/html 1426267535.244 195
>> 10.0.0.23 TCP_MISS/200 412 GET
>> http://jadserve.postrelease.com/trk.gif? -
>> ORIGINAL_DST/54.225.133.227 image/gif
>
>
> Lots of Akamai hosted requests. Akamai play tricks with DNS
> responses.
In my installation I've used local Unbound DNS cache and, before it,
forced DNS interception to him with Cisco. :)
So, I don't care about any hosts DNS quirks. ;)
>
> Check your cache.log for security warnings;
> <http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery>
>
> Note that objects failing the Host validation are not cacheable.
>
>
>> 1426267535.333 423 10.0.0.23 TCP_MISS/200 1420 GET
>> http://hpr.outbrain.com/utils/get? - ORIGINAL_DST/50.31.185.42
>> text/x-json 1426267535.345 412 10.0.0.23 TCP_MISS/200 11179
>> GET http://p.visualrevenue.com/? - ORIGINAL_DST/50.31.185.40
>> text/javascript 1426267535.346 411 10.0.0.23 TCP_MISS/200 423
>> GET http://t1.visualrevenue.com/? - ORIGINAL_DST/64.74.232.44
>> image/gif
>
> Not sure about them. Maybe genuine MISS, maybe not.
Agressive dynamic content caching requires some special tweaks. ;)
>
> It could also be the issues Antony pointed out, with the objects
> just naturally not being cacheable.
>
>
>> 1426267535.363 128 10.0.0.23 TCP_REFRESH_UNMODIFIED/304 327
>> GET
>> http://z.cdn.turner.com/cnn/.element/widget/video/videoapi/api/js/vendor/jquery.ba-bbq.js
>>
>>
- - ORIGINAL_DST/80.239.152.153 application/x-javascript
>
> There is a hit.
>
> I guess you are new to Squid-3 ? Squid is HTTP/1.1 compliant now
> and the caching rules are slightly different from requirements on
> HTTP/1.0 software. A lot of content that previously could not be
> stored now can (authenticated, private, no-cache, etc.). But being
> sensitive info also requires revalidation in order to be used, so
> they show up like the above.
>
> Amos
>
> _______________________________________________ squid-users mailing
> list squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJVAy/qAAoJENNXIZxhPexGOUEH/2yt1ql+ndo1We1E06LvIZl7
4PXY1kzuHT6EpOYO9LpLKtE+dPNYJuHKiUEF2hAGz5DP/heKq8PFRBTkMD18sueN
jm+UfP8BdxgRYuiQWtWNteV0gbH4nOBeJ6QwqlEHMwcsdPtkwWCGA0MS6co+IXKb
poouP6xQoNddx/UKicu6PQZDj5HRmynTP2c0mJuFEdlQxONgFiP4mqSFBwWhH/B/
hhdSfxg53xfQ+2B5TsVrKyxmJoIYpHgFZid/pk+Q2bb0WIy8bhHA72EHPjIu5K5Z
wobLGng+oE0i2erqtZiFR8daGdKcRW7FDYzHi+LJEHJj3i+z0mRIQkGTn3Nxfhg=
=Cnai
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list