[squid-users] squid cache

Alex Rousskov rousskov at measurement-factory.com
Mon Mar 1 15:12:15 UTC 2021


On 3/1/21 2:07 AM, Majed Zouhairy wrote:
> i tried this, but neither the https download bandwidth restriction nor
> caching seems to be working as expected

Squid cannot cache HTTP responses without bumping HTTPS traffic. This is
a protocol-level limitation, not a bug.

There are known delay pools bugs for not-bumped (i.e. tunneled or
CONNECT) traffic. IIRC, the pools may work for some tunnels, but the
imposed limits may vary significantly from the configured values.


HTH,

Alex.


> acl slower src 10.46.10.78
> acl localnet src 10.46.10.0/24
> 
> acl SSL_ports port 443
> acl Safe_ports port 80        # http
> acl Safe_ports port 8080    # http
> acl Safe_ports port 21        # ftp
> acl Safe_ports port 443        # https
> acl Safe_ports port 70        # gopher
> acl Safe_ports port 210        # wais
> acl Safe_ports port 1025-65535    # unregistered ports
> acl Safe_ports port 280        # http-mgmt
> acl Safe_ports port 488        # gss-http
> acl Safe_ports port 591        # filemaker
> acl Safe_ports port 777        # multiling http
> acl CONNECT method CONNECT
> acl blockfiles urlpath_regex -i "/etc/squid/blocks.files.acl"
> 
> #
> # Recommended minimum Access Permission configuration:
> #
> # Deny requests to certain unsafe ports
> http_access deny !Safe_ports
> 
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
> 
> # Only allow cachemgr access from localhost
> http_access allow localhost manager
> http_access deny manager
> 
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> #http_access deny to_localhost
> visible_hostname proxy.lk.sk
> 
> 
> delay_pools 1
> delay_class 1 3
> delay_access 1 allow slower
> delay_access 1 deny all
> delay_parameters 1 51200/51200 -1/-1 51200/25600
> 
> http_access allow localnet
> http_access allow localhost
> 
> 
> 
> # And finally deny all other access to this proxy
> http_access deny all
> 
> # Squid normally listens to port 3128
> http_port 8080
> 
> # Uncomment and adjust the following to add a disk cache directory.
> # Updates: chrome and acrobat
> refresh_pattern -i gvt1.com/.*\.(exe|ms[i|u|f|p]|dat|zip|psf) 43200 80%
> 129600 reload-into-ims
> refresh_pattern -i adobe.com/.*\.(exe|ms[i|u|f|p]|dat|zip|psf) 43200 80%
> 129600 reload-into-ims
> 
> 
> 
> range_offset_limit 200 MB
> maximum_object_size 200 MB
> quick_abort_min -1
> 
> # DONT MODIFY THESE LINES
> refresh_pattern \^ftp:           1440    20%     10080
> refresh_pattern \^gopher:        1440    0%      1440
> refresh_pattern -i (/cgi-bin/|\?) 0      0%      0
> refresh_pattern .           0      20%     43200
> 
> cache_dir ufs /var/cache/squid 3000 16 256
> 
> # Leave coredumps in the first cache dir
> coredump_dir /var/cache/squid
> 
> cache_mem 1024 MB
> 
> netdb_filename none
> 
> #
> # Add any of your own refresh_pattern entries above these.
> #
> refresh_pattern ^ftp:        1440    20%    10080
> refresh_pattern ^gopher:    1440    0%    1440
> refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
> refresh_pattern .        0    20%    4320
> 
> url_rewrite_program /usr/local/ufdbguard/bin/ufdbgclient -m 4 -l
> /var/log/squid/
> url_rewrite_children 16 startup=8 idle=2 concurrency=4
> #debug_options ALL,1 33,2 28,9
> 
> 
> any help?
> 
> 
> On 2/26/21 10:22 AM, Majed Zouhairy wrote:
>>
>> Health be Upon you,
>>
>> i want to cache certain files, let's say exe, msi... above 20MB and
>> below 300MB, limit the cache directory to 3GB
>> i have no ssl bump not configured
>> version 4.14
>> how to do that?
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list