[squid-users] Squid 6.10 SSL-Bump Woes

Amos Jeffries squid3 at treenet.co.nz
Fri Oct 11 01:09:03 UTC 2024 

On 11/10/24 11:08, Bryan Seitz wrote:
> I removed the header mods and changed the refresh pattern to:
> 
> refresh_pattern .               15      20%     1800    override-expire 
> ignore-no-cache ignore-no-store ignore-private
> 
> And I always get TCP_MISS.  Any other thoughts?

Ah, I believe it would be best to get a baseline of what Squid default 
behaviour is like in your environment. So we can identify what/how you 
need to improve it.


Firstly, FYI; this is what those controls **actually** do in current 
Squid ..

  * override-expires ... forces Squid to handle all responses to act as 
if they received "Cache-Control: max-age=900" (15 min) ... store, but 
revalidate 180+ seconds (20% of 15min) later.
   Result: Anything that could cache longer than 15min becomes a 
REFRESH_MISS or MISS, instead of HIT.
   Squid default: **do** cache. Revalidate
     * after("Date"+"CC: max-age=N") timestamp, otherwise
     * after "Expires" timestamp, otherwise
     * after ("Date" +1800 minutes) timestamp.

  * ignore-no-cache ... the standardized "CC: no-cache" is badly named, 
it tells Squid what **can** be cached.
   Result: Squid will discard many stored objects and perform a MISS 
instead.
   Squid default: **do** cache "CC:private" responses, revalidate on 
HIT. Log as REFRESH.

  * ignore-no-store ... force everything marked "CC: no-store" to be stored.
  Result: cache fills with non-reusable objects. Leaving not much room 
for actual HIT objects.
   Squid default: store only objects with can result in more HITs.

  * ignore-private ... force everything with "CC: private" to be discarded.
   Result: same as "ignore-no-store".
   Squid default: **do** cache "CC:private" responses, revalidate on HIT.

Note that both HIT and REFRESH mean the object **was** cached.


You said that the access.log now contains MISS. Would that be just 
"MISS" or "REFRESH" + "MISS" (actually a HIT, but a new object was given 
by the server and replaced the pre-stored object).


Can you show a pair of request headers from the client, with matching 
response from the server?  You can use "debug_options 11,2" in recent 
Squid versions to get a cache.log trace of the HTTP transactions.

That might help us spot something more specific. The config change makes 
the earlier given ones obsolete.


HTH
Amos

More information about the squid-users mailing list