[squid-users] How to use "cache", "store_miss" and "send_hit" directives?
Robert Senger
rs-squid at lists.microscopium.de
Wed Oct 16 23:17:56 UTC 2019
Hi Alex,
you're right, the correct way is to use "cache deny <aclname>" only,
all others are allowed then.
I tried this before, but it did not work, because of my very special
setup.
I need to encrypt browser->squid connection (on mobile devices). With
squid 3.x, I used stunnel client on the mobile device and stunnel
server on squid's machine. With squid 4.6, I wanted to get rid of
stunnel server and use squid's https_port directive instead, but
https_port + sslbump did not go together. So, I created a loop that
forwarded https_port connections with a cache_peer directive to squid's
own http_port. That worked, except for caching... The http_port ACLs
never matched in the cache directive, instead, the https_port ACLs did,
but that is not what I want and need. Some coincidence made that
tcp_outgoing_address matched and routing was correct, anyway.
I switched back to the old stunnel server setup, and things are fine
now. But I still don't know why the http_port connections ACLs do not
match...
Regards,
Robert
Am Mittwoch, den 16.10.2019, 11:38 -0400 schrieb Alex Rousskov:
> On 10/16/19 10:38 AM, Robert wrote:
>
> > after upgrading to 4.6 from 3.x
> > I am struggling with caching objects. The goal is, to have objects
> > requested by proxy-basic clients not to be cached, but objects
> > requested by proxy-standard to be cached normally.
> >
> > Tried this:
> >
> > cache deny proxy-basic
> > cache allow all
> >
> > And this:
> >
> > cache allow proxy-standard
> > cache deny all
>
> Based on your description, you probably want the former or its
> simpler
> version:
>
> cache deny proxy-basic
>
>
> > If I use ANY "cache ___" directive other than a (useless) "cache
> > allow
> > all", caching is completely disabled for all ACLs.
>
> FYI: Squid does not (yet) treat the "all" ACL specially -- Squid does
> not ignore or automatically apply seemingly "useless" rules with it.
> If
> you are getting correct results with "allow all" and incorrect
> results
> with "allow foo", then your foo ACL does not match (in that specific
> context). Why it does not match is a separate question.
>
>
> > What am I doing wrong?
>
> Nothing that warrants discussing here IMO. I suggest trying the
> latest
> v4 release and, if the problem is still there, filing a bug report.
> If
> you can share a compressed ALL,7+ cache.log while reproducing the
> problem with a single transaction, we may be able to triage this
> problem
> faster. Squid wiki has instructions at
> https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction
>
>
> HTH,
>
> Alex.
>
> > I am using ACLs for different handling of clients connecting to
> > different local ports:
> >
> > acl proxy-basic localip 172.16.2.243
> > acl proxy-standard localip 172.16.3.243
> >
> > These ACLs are used to determine outgoing address, which are routed
> > to
> > different outgoing interfaces like this:
> >
> > tcp_outgoing_address 172.16.3.244 proxy-basic
> > tcp_outgoing_address 172.16.4.244 proxy-standard
> >
> > This works as desired.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
--
Robert Senger <robert.senger at familie-senger.net>
PGP/GPG Public Key ID: A51A4BCD
More information about the squid-users
mailing list