[squid-users] squid intercept config

Alberto Perez alberto2perez at gmail.com
Sat Mar 14 00:45:48 UTC 2015


Thanks a lot Yuri,
I made some merge with my config and some of this options, I will see now
how HIT rate it goes, my squid run so limited of bandwidth that I need to
be as much aggressive as I can caching the content.

Thanks again for sharing, very appreciated

Alberto

On Fri, Mar 13, 2015 at 4:01 PM, Yuri Voinov <yvoinov at gmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This is know-how to himself. ;)
>
> To be serious,
>
> you must carefully play with refresh_pattern(s), and some squid.conf
> parameters (and also with store ID feature) to get higher HIT ratio.
>
> Just for example (this is NOT complete config! No responsibility or
> any guarantees in case of simple copy-n-pasted into your configs! This
> is AS IS example!):
>
> # Keep swf in cache even if asked not to
> refresh_pattern -i \.(swf)(\?|$)        10080   90%     43200
>  override-expire
> ignore-reload reload-into-ims ignore-private
> # .NET cache
> refresh_pattern -i \.(as(h|p)x?)(\?|$)  10080   90%     43200
>  reload-into-ims
> # Updates: Windows, Adobe, Java
> refresh_pattern -i
> microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)
>        4320
> 80% 43200       reload-into-ims
> refresh_pattern -i
> windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)
> 4320 80% 43200  reload-into-ims
> refresh_pattern -i
> my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip)
> 4320 80% 43200  reload-into-ims
> refresh_pattern -i adobe.com/.*\.(zip|exe)      4320    80%     43200
>  reload-into-ims
> refresh_pattern -i java.com/.*\.(zip|exe)       4320    80%     43200
>  reload-into-ims
> refresh_pattern -i sun.com/.*\.(zip|exe)        4320    80%     43200
>  reload-into-ims
> refresh_pattern -i google\.com.*\.(zip|exe)     4320    80%     43200
>  reload-into-ims
> refresh_pattern -i macromedia\.com.*\.(zip|exe) 4320    80%     43200
> reload-into-ims
> # Other long-lived items
> refresh_pattern -i
> \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|webp|flv|mp4)(\?|$)
>       14400
> 99%     518400  ignore-no-store override-expire ignore-reload
> reload-into-ims ignore-private ignore-must-revalidate
> refresh_pattern -i
> \.((m?|x?|s?)htm(l?)|css|js|xml|php|json)(\?|$)                 10080
>  90%     86400
> ignore-no-store override-expire override-lastmod reload-into-ims
> ignore-private ignore-must-revalidate
> # Default patterns
> refresh_pattern -i (/cgi-bin/|\?)       0       0%      0
> refresh_pattern .       0       20%     10080   override-lastmod
> reload-into-ims
>
> The example above also requires some additional cached-related
> parameters to be changed.
>
> Also, you strictly recommended to research average users activity AND
> play around VARY http headers.
>
> And others.
>
> Each squid setup is place-specific. And depending your access/deny
> lists, security policy, users/network activity etc.etc.etc.
>
> WBR, Yuri
>
> PS. Your question has NO simple answer. Beware - copy-n-paste any
> foreign config can not guarantee the same results for YOU.
>
> 14.03.15 1:52, Alberto Perez пишет:
> > Can you share more details about "Agressive dynamic content
> > caching requires some special tweaks" I am very interested.
> >
> > Thanks
> >
> >
> >
> > On 3/13/15, Yuri Voinov <yvoinov at gmail.com> wrote:
> >
> >
> > 13.03.15 23:33, Amos Jeffries пишет:
> >>>> On 14/03/2015 5:47 a.m., Monah Baki wrote:
> >>>>
> >>>> <snip>
> >>>>
> >>>>> half_closed_clients off quick_abort_min 0 KB
> >>>>> quick_abort_max 0 KB vary_ignore_expire on reload_into_ims
> >>>>> on memory_pools off cache_mem 4096 MB visible_hostname
> >>>>> isn-phc-cache minimum_object_size 0 bytes
> >>>>
> >>>>> maximum_object_size 512 MB maximum_object_size 512 KB
> >>>>
> >>>> KB value overwriting MB value.
> >>>>
> >>>>
> >>>>> ipcache_size 1024 ipcache_low 90 ipcache_high 95
> >>>>> cache_swap_low 98 cache_swap_high 100 fqdncache_size 16384
> >>>>> retry_on_error on offline_mode off logfile_rotate 10
> >>>>> dns_nameservers 8.8.8.8 41.78.211.30
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> access.log:
> >>>>>
> >>>>> 1426267535.210    198 10.0.0.23 TCP_MISS/200 412 GET
> >>>>> http://jadserve.postrelease.com/trk.gif? -
> >>>>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.211
> >>>>> 198 10.0.0.23 TCP_MISS/200 412 GET
> >>>>> http://jadserve.postrelease.com/trk.gif? -
> >>>>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.211
> >>>>> 198 10.0.0.23 TCP_MISS/200 412 GET
> >>>>> http://jadserve.postrelease.com/trk.gif? -
> >>>>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.223
> >>>>> 301 10.0.0.23 TCP_MISS/200 222 GET
> >>>>> http://rma-api.gravity.com/v1/beacons/log? -
> >>>>> ORIGINAL_DST/80.239.148.18 text/html 1426267535.244    195
> >>>>> 10.0.0.23 TCP_MISS/200 412 GET
> >>>>> http://jadserve.postrelease.com/trk.gif? -
> >>>>> ORIGINAL_DST/54.225.133.227 image/gif
> >>>>
> >>>>
> >>>> Lots of Akamai hosted requests. Akamai play tricks with DNS
> >>>> responses.
> > In my installation I've used local Unbound DNS cache and, before
> > it, forced DNS interception to him with Cisco. :)
> >
> > So, I don't care about any hosts DNS quirks. ;)
> >
> >>>>
> >>>> Check your cache.log for security warnings;
> >>>> <http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery>
> >>>>
> >>>>
> >>>>
> Note that objects failing the Host validation are not cacheable.
> >>>>
> >>>>
> >>>>> 1426267535.333    423 10.0.0.23 TCP_MISS/200 1420 GET
> >>>>> http://hpr.outbrain.com/utils/get? -
> >>>>> ORIGINAL_DST/50.31.185.42 text/x-json 1426267535.345    412
> >>>>> 10.0.0.23 TCP_MISS/200 11179 GET
> >>>>> http://p.visualrevenue.com/? - ORIGINAL_DST/50.31.185.40
> >>>>> text/javascript 1426267535.346    411 10.0.0.23
> >>>>> TCP_MISS/200 423 GET http://t1.visualrevenue.com/? -
> >>>>> ORIGINAL_DST/64.74.232.44 image/gif
> >>>>
> >>>> Not sure about them. Maybe genuine MISS, maybe not.
> >
> > Agressive dynamic content caching requires some special tweaks. ;)
> >
> >>>>
> >>>> It could also be the issues Antony pointed out, with the
> >>>> objects just naturally not being cacheable.
> >>>>
> >>>>
> >>>>> 1426267535.363    128 10.0.0.23 TCP_REFRESH_UNMODIFIED/304
> >>>>> 327 GET
> >>>>>
> http://z.cdn.turner.com/cnn/.element/widget/video/videoapi/api/js/vendor/jquery.ba-bbq.js
> >>>>>
> >>>>>
> >
> >>>>>
> - - ORIGINAL_DST/80.239.152.153 application/x-javascript
> >>>>
> >>>> There is a hit.
> >>>>
> >>>> I guess you are new to Squid-3 ? Squid is HTTP/1.1 compliant
> >>>> now and the caching rules are slightly different from
> >>>> requirements on HTTP/1.0 software. A lot of content that
> >>>> previously could not be stored now can (authenticated,
> >>>> private, no-cache, etc.). But being sensitive info also
> >>>> requires revalidation in order to be used, so they show up
> >>>> like the above.
> >>>>
> >>>> Amos
> >>>>
> >>>> _______________________________________________ squid-users
> >>>> mailing list squid-users at lists.squid-cache.org
> >>>> http://lists.squid-cache.org/listinfo/squid-users
> >>>>
> >> _______________________________________________ squid-users
> >> mailing list squid-users at lists.squid-cache.org
> >> http://lists.squid-cache.org/listinfo/squid-users
> >>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBAgAGBQJVA0InAAoJENNXIZxhPexG6JAIALq2tAxa9Vawr1/Rkojl0UFj
> HQF9p/4mk0ZHPnL4zkV6h/Ctg/s+AgK+O/H38ncn+2JS4eyiZfSHLOxmxkmrKi11
> av/yjG++JGnhQkic/3y7ETOSkvaDuAbDP+Iwrtuc+kBpJz54No9Pu37oVlIOdMLZ
> uv/8Bpk9uQEc3kE5FCgCmM2nIr2tuxr6opK6T5DZ2TvcqnQin752P60R91iS7unF
> XHX3tsGsFvrKflEEC7w1xDRn3u3kSGrx+gPpktA0dv6vT8ATXqPEV5+anIEZVfLZ
> NKDIwoeSNHYMMknlK7QTUlcNjuq+UXmfcO3mp+eraUQbGRkxwqTPxRwvIqp/43U=
> =VW9B
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150313/59497ba5/attachment-0001.html>


More information about the squid-users mailing list