[squid-users] Squid cache questions

Jonathan Lee jonathanlee571 at gmail.com
Sun Apr 7 04:29:53 UTC 2024


Thanks for the reply I am using the built in StoreID program however it requires the database file so I have it only set to the items in the dynamic cache settings custom refresh areas. 

The rewrite program should redirect to pull from the cache right? Only for bumped connections and or cab files from Windows that come over as http. Squidguard only does URL checks and blocks some items that cause me issues mainly doubleclick.net and a couple other invasive sites and or different profiles for different devices. 

Everything works however I started to wonder if I am bumping connections for some I still would want the Windows refresh patterns to work so I thought if I url_rewrite_access deny them that would block the cache from being used also right? Of course the splice items I just want them spliced and checked with Squirdguard again the error page itself is that not considered a url_rewrite?

That’s what got me confused as I was thinking at the time an invasive container could redirect from the cache so I thought that’s why I would set up blocks for it however I am now wondering about the refresh items.

Thanks for the reply. Are you the guy that invented phone mail for Amos OS on Semens PBX systems and ROLM phones? I did training with you in Texas if that is you.

Thanks agin for your reply

Jonathan Lee
Adult Student 

> On Apr 6, 2024, at 20:00, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> 
> On 5/04/24 17:25, Jonathan Lee wrote:
>>> ssl_bump splice https_login
>>> ssl_bump splice splice_only
>>> ssl_bump splice NoSSLIntercept
>>> ssl_bump bump bump_only markBumped
>>> ssl_bump stare all
>>> acl markedBumped note bumped true
>>> url_rewrite_access deny markedBumped
>> for good hits should the url_rewirte_access deny be splice not bumped connections ?
>> I feel I mixed this up
> 
> Depends on what the re-write program is doing.
> 
> Ideally no traffic should be re-written by your proxy at all. Every change you make to the protocol(s) as they go throug adds problems to traffic behaviour.
> 
> Since you have squidguard..
> * if it only does ACL checks, that is fine. But ideally those checks would be done by http_access rules instead.
> * if it is actually changing URLs, that is where the problems start and caching is risky.
> 
> If you are re-writing URLs just to improve caching, I recommend using Store-ID feature instead for those URLs. It does a better job of balancing the caching risk vs ratio gains, even though outwardly it can appear to have less HITs.
> 
> 
> HTH
> Amos



More information about the squid-users mailing list