[squid-users] Squid 6.10 SSL-Bump Woes

Bryan Seitz seitzbg at gmail.com
Fri Oct 11 23:48:35 UTC 2024 

   I wanted to note that since these are BMCs they require basic auth headers to return their response. I noticed that the ignore-auth option was removed awhile ago.  Is my only option to go back to Squid 3.5 ?

TIA,

Bryan Seitz
On Oct 11, 2024 at 4:17 AM -0400, Amos Jeffries <squid3 at treenet.co.nz>, wrote:
> On 11/10/24 11:08, Bryan Seitz wrote:
> > I removed the header mods and changed the refresh pattern to:
> >
> > refresh_pattern .               15      20%     1800    override-expire
> > ignore-no-cache ignore-no-store ignore-private
> >
> > And I always get TCP_MISS.  Any other thoughts?
>
> Ah, I believe it would be best to get a baseline of what Squid default
> behaviour is like in your environment. So we can identify what/how you
> need to improve it.
>
>
> Firstly, FYI; this is what those controls **actually** do in current
> Squid ..
>
> * override-expires ... forces Squid to handle all responses to act as
> if they received "Cache-Control: max-age=900" (15 min) ... store, but
> revalidate 180+ seconds (20% of 15min) later.
> Result: Anything that could cache longer than 15min becomes a
> REFRESH_MISS or MISS, instead of HIT.
> Squid default: **do** cache. Revalidate
> * after("Date"+"CC: max-age=N") timestamp, otherwise
> * after "Expires" timestamp, otherwise
> * after ("Date" +1800 minutes) timestamp.
>
> * ignore-no-cache ... the standardized "CC: no-cache" is badly named,
> it tells Squid what **can** be cached.
> Result: Squid will discard many stored objects and perform a MISS
> instead.
> Squid default: **do** cache "CC:private" responses, revalidate on
> HIT. Log as REFRESH.
>
> * ignore-no-store ... force everything marked "CC: no-store" to be stored.
> Result: cache fills with non-reusable objects. Leaving not much room
> for actual HIT objects.
> Squid default: store only objects with can result in more HITs.
>
> * ignore-private ... force everything with "CC: private" to be discarded.
> Result: same as "ignore-no-store".
> Squid default: **do** cache "CC:private" responses, revalidate on HIT.
>
> Note that both HIT and REFRESH mean the object **was** cached.
>
>
> You said that the access.log now contains MISS. Would that be just
> "MISS" or "REFRESH" + "MISS" (actually a HIT, but a new object was given
> by the server and replaced the pre-stored object).
>
>
> Can you show a pair of request headers from the client, with matching
> response from the server? You can use "debug_options 11,2" in recent
> Squid versions to get a cache.log trace of the HTTP transactions.
>
> That might help us spot something more specific. The config change makes
> the earlier given ones obsolete.
>
>
> HTH
> Amos
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20241011/97cd09cc/attachment.htm>

More information about the squid-users mailing list