[squid-users] Config Recommendations

creditu at eml.cc creditu at eml.cc
Tue Dec 6 15:05:03 UTC 2016 

On Sun, Dec 4, 2016, at 08:19 PM, Amos Jeffries wrote:
> On 5/12/2016 1:44 p.m., creditu at eml.cc wrote:
> > For a 3.1 accelerator we have put the followinconfig together.  This
> > accelerator will not be doing any caching since we use an external
> > service.  Initially both http and https will be provided.   Some
> > questions:   I think the ordering of statements and acls is correct, but
> > was hoping to get some feedback if possible.  Also, since we  want to
> > turn caching off completely  I was wondering if some of the statements
> > are unnecessary.  Any feedback or recommendations on the overall config
> > would be appreciated.     
> 
> You can remove any options which are setting things to their default
> values.
> 
> Add "cache_mem 0" to prevent the memory cache being allocated.
> And remove the *_replacement_policy lines, they are pointless without
> caching.
> 
> The "cachemgr_passwd none info" line is useless, since the next thing
> done is disabled.
> That also means the "http_access allow manager localhost" line is not
> useful either unless you re-open the info report.
> 
> 
> Amo
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

Quick follow up.  When using debug 28,3 does this record
cache_peer_access and deny_info acls in the cache log?  Since I'm using
the same ACL declaration  for both the cache_peer_access and http_access
statements,  in a lot of cases, I just want to make sure I'm
interpreting  the ACL debug information correctly.  

For example:
acl www dstdomain www.example.com
cache_peer 10.10.10.1 parent 80 0 no-query no-digest originserver
round-robin
cache_peer_access 10.10.10.1 allow www
cache_peer_access 10.10.10.1 deny all

cache_peer 10.10.10.2 parent 80 0 no-query no-digest originserver
round-robin
cache_peer_access 10.10.10.2 allow www
cache_peer_access 10.10.10.2 deny all
. . . 
http_access allow www

As always, thanks for the help.

More information about the squid-users mailing list