[squid-users] Poor cache from Délsio Cabá on 2014-08-19 (squid-users)

From: Délsio Cabá <delsio_at_gmail.com>
Date: Tue, 19 Aug 2014 23:21:46 +0200

Hi guys,
Need some help on cache. Basically I do not see many caches.

root_at_c /]# cat /var/log/squid/access.log | awk '{print $4}' | sort |
uniq -c | sort -rn
  17403 TCP_MISS/200
   3107 TCP_MISS/304
   1903 TCP_MISS/000
   1452 TCP_MISS/204
   1421 TCP_MISS/206
   1186 TCP_MISS/302
    659 TCP_MISS/503
    641 NONE/400
    548 TCP_MISS/301
    231 TCP_OFFLINE_HIT/200
    189 TCP_MISS/404
    126 TCP_IMS_HIT/304
    112 TCP_MISS/504
     68 TCP_MISS/401
     56 TCP_MEM_HIT/200
     50 TCP_SWAPFAIL_MISS/304
     49 TCP_REFRESH_UNMODIFIED/200
     46 TCP_SWAPFAIL_MISS/200
     39 TCP_MISS/500
     36 TCP_MISS/502
     34 TCP_REFRESH_UNMODIFIED/304
     31 TCP_MISS/403
     25 TCP_MISS/400
     19 TCP_CLIENT_REFRESH_MISS/200
     17 TCP_REFRESH_MODIFIED/200
     11 NONE/417
      9 TCP_MISS/303
      6 TCP_HIT/000
      5 TCP_MISS/501
      5 TCP_HIT/200
      4 TCP_MISS/202
      3 TCP_MISS/412
      2 TCP_SWAPFAIL_MISS/000
      2 TCP_MISS/408
      1 TCP_MISS/522
      1 TCP_MISS/410
      1 TCP_MISS/405
      1 TCP_CLIENT_REFRESH_MISS/000

The cache dir is raiserfs
Config:
cache_dir ufs /cache 640 32 512 max-size=1048576
minimum_object_size 0 KB
maximum_object_size 10 MB
cache_swap_low 90
cache_swap_high 95
snmp_port 0
snmp_access deny all
icp_port 0
htcp_port 0
icp_access deny all
htcp_access deny all
pipeline_prefetch on
shutdown_lifetime 1 second
visible_hostname c.webmasters.co.mz
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#debug_options rotate=1 ALL,1
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src x.x.x.0/24 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly
plugged) machines
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow all

acl winupdate dstdomain .windowsupdate.com
acl peakperiod time 10:00-16:00
delay_pools 1
delay_class 1 1
# 64 Kbit/s
delay_parameters 1 8000/8000
delay_access 1 allow winupdate peakperiod
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy

http_access deny all

# Squid normally listens to port 3401
http_port 0.0.0.0:3401 intercept

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

maximum_object_size 1280096 KB

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /cache

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp: 144000 20% 1008000
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 43200
override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i
\.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv|mpg|wma|ogg|wmv|asx|asf)$
260000 90% 260009 override-expire ignore-no-cache ignore-no-store
ignore-private
refresh_pattern -i
\.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf|uxx)$ 260000
90% 260009 override-expire ignore-no-cache ignore-no-store
ignore-private
refresh_pattern -i \.index.(html|htm)$ 1440 90% 40320
refresh_pattern -i \.(html|htm|css|js)$ 1440 90% 40320
refresh_pattern (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 5259487 100% 9259487 ignore-no-cache ignore-private
override-lastmod override-expire ignore-no-store
ignore-must-revalidate

# caching windows update various windows versions
refresh_pattern -i
microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|psf) 4320 80%
43200 reload-into-ims
refresh_pattern -i
windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|psf) 4320
80% 43200 reload-into-ims

# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin) 10800 80%
10800 ignore-no-cache ignore-reload reload-into-ims
refresh_pattern (avgate|avira).*(idx|gz)$
10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims
refresh_pattern kaspersky.*\.avc$
10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims
refresh_pattern kaspersky
10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims
refresh_pattern update.nai.com/.*\.(gem|zip|mcs)
10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)
10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims

refresh_pattern af.avg.com/.*\.(bin) 4320 100% 43200 reload-into-ims
refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200
reload-into-ims

#images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif)
10800 80% 10800 ignore-reload override-expire ignore-no-cache
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)
10800 80% 10800 ignore-reload override-expire ignore-no-cache
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png)
10800 80% 10800 ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)
10800 80% 10800 ignore-reload override-expire ignore-no-cache

positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
ipcache_size 16384
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 16384
max_filedescriptors 8192

cache allow all
#always_direct allow all
ipcache_size 10240
negative_dns_ttl 5 minutes
forwarded_for delete
via off
offline_mode on
ignore_expect_100 on
minimum_object_size 20 KB

read_ahead_gap 1 MB
maximum_object_size 500 MB
cache_swap_low 96
cache_swap_high 97
memory_replacement_policy lru

wccp2_router x.x.x.x
wccp2_rebuild_wait on
wccp_version 4
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_service standard 0
Received on Tue Aug 19 2014 - 21:21:53 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 20 2014 - 12:00:06 MDT