Re: [squid-users] not caching enough

From: tookers <gareth_at_garethcoffey.com>
Date: Tue, 29 Sep 2009 12:24:16 -0700 (PDT)

ant2ne wrote:
>
> Thanks for all of the great replies. There is lots of information to
> digest. I appreciate all of the suggestions.
>
> But, Before I got any of these replies, I went ahead and made
> modifications to my squid.conf to match an example I found on the internet
> here is my current running squid.conf
>
> http_port 3128
> icp_port 0
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> cache_mem 16 MB
> cache_dir ufs /cache 500000 256 256
> redirect_rewrites_host_header off
> cache_replacement_policy lru
> acl localnet src 10.60.0.0/255.255.0.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl Safe_ports port 80 443 210 119 70 21 1025-65535
> acl CONNECT method CONNECT
> acl all src 0.0.0.0/0.0.0.0
> http_access allow localnet
> http_access allow localhost
> http_access deny !Safe_ports
> http_access deny CONNECT
> http_access deny all
> log_icp_queries off
>
> This one seems to be caching. I can refresh webmin system info every few
> hours and see that /cache is growing in space used. Although, very slowly.
>
> Amos Jeffries & tookers; I've taken the working squid.conf (above), and
> applied your suggestions to it (below). Please review this squid.conf
> (below) and make suggestions to it before I put it into production.
>
> http_port 3128
> icp_port 0
> no_cache deny QUERY
> cache_mem 512 MB
> maximum_object_size_in_memory 2048 KB
> maximum_object_size 1 GB
> cache_dir ufs /cache 500000 256 256
> redirect_rewrites_host_header off
> cache_replacement_policy lru
> acl QUERY urlpath_regex cgi-bin \?
> acl all src all
> acl localnet src 10.60.0.0/255.255.0.0
> acl localhost src 127.0.0.1
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/8
> acl Safe_ports port 80 443 210 119 70 21 1025-65535
> acl CONNECT method CONNECT
> http_access allow localnet
> http_access allow localhost
> http_access deny !Safe_ports
> http_access deny CONNECT
> http_access deny all
> icp_access allow our_networks
> icp_access allow localhost
> icp_access deny all
> refresh_pattern \.jpg$ 3600 50% 60 ignore-reload
> refresh_pattern \.gif$ 3600 50% 60 ignore-reload
> refresh_pattern \.css$ 3600 50% 60 ignore-reload
> refresh_pattern \.js$ 3600 50% 60 ignore-reload
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern \.html$ 300 50% 10 ignore-reload
>
> THANKS!!
>

Hey there,
I don't think you need to include...
icp_access allow our_networks
icp_access allow localhost
icp_access deny all

As icp_port 0, icp is essentially disabled, you shouldn't need to specify
the icp_access lines.

After your Acl CONNECT you need to add
http_access deny CONNECT !Safe_Ports

You might also want a 'catch-all' refresh_pattern... cache all for 60
seconds if not already matched above. Stick this right at the end of your
config.
refresh_pattern . 60 50% 10 ignore-reload

-- 
View this message in context: http://www.nabble.com/not-caching-enough-tp25530445p25669291.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Tue Sep 29 2009 - 19:24:18 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 30 2009 - 12:00:03 MDT