Re: [squid-users] not caching enough from Amos Jeffries on 2009-09-28 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 29 Sep 2009 11:43:44 +1200

On Mon, 28 Sep 2009 06:36:33 -0700 (PDT), ant2ne <tcygne_at_altonschools.org>
wrote:
> Ok, it has come to my attention that /cache only grwos when I run a
report
> using sarg. So it maybe that my proxy server is working, but only as a
> proxy
> and not as a web cache proxy. Below is my squid.conf file with the
comment
> #
> invert grepped out. Please review and tell me what it is that I need to
> change to turn this proxy server into a web cache server.
>
> below is me squid.conf
> acl all src 0.0.0.0/0.0.0.0

Please use:
acl all src all

> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8

Please instead use:
acl localhost src 127.0.0.1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/8

> acl purge method PURGE
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny to_localhost
> acl our_networks src 10.60.140.0/24
> http_access allow our_networks
> http_access allow localhost
> http_access allow all

So everybody on the entire Internet is allowed to use your cache? not good.

> http_access deny all
> icp_access allow all

Also not good, for the same reasons. Try:

icp_access allow our_networks
icp_access allow localhost
icp_access deny all

> http_port 3128
> hierarchy_stoplist cgi-bin ?
> cache_dir ufs /cache 500000 256 256
> maximum_object_size 32768 KB

With sich large disk I would not worry about limiting objects to small
sizes. You probably want set that as:
maximum_object_size 1 GB

... or "0 KB " for 'off'

> access_log /var/log/squid/access.log squid

> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY

There is a sizable amount of dynamic content which is cacheable these days.
Erase the above two lines.

> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440

Add at this exact spot in the config:
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

> refresh_pattern . 0 20% 4320
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> extension_methods REPORT MERGE MKACTIVITY CHECKOUT
> hosts_file /etc/hosts
> coredump_dir /var/spool/squid
> visible_hostname AHSPX01

Amos
Received on Mon Sep 28 2009 - 23:43:50 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 29 2009 - 12:00:03 MDT