Adrian Chadd wrote:
G'day,
Just remove the QUERY ACL and the cache ACL line using "QUERY" in it.
Then turn on header logging (log_mime_hdrs on) and see if the replies
to the dynamically generated content is actually giving caching info.
>
> Adrian
http://wiki.squid-cache.org/ConfigExamples/DynamicContent
Amos
On Fri, Feb 29, 2008, Saul Waizer wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello List,
I am having problems trying to cache images*/content that comes from a
URL containing a question mark on it ('?')
Background:
I am running squid Version 2.6.STABLE17 on FreeBSD 6.2 as a reverse
proxy to accelerate content hosted in America served in Europe.
The content comes from an application that uses TOMCAT so a URL
requesting dynamic content would look similar to this:
http://domain.com/storage/storage?fileName=/.domain.com-1/usr/14348/image/thumbnail/th_8837728e67eb9cce6fa074df7619cd0d193_1_.jpg
The result of such request always results on a MISS with a log similar
to this:
TCP_MISS/200 8728 GET http://domain.com/storage/storage? -
FIRST_UP_PARENT/server_1 image/jpg
I've added this to my config: acl QUERY urlpath_regex cgi-bin as you can
see bellow but it makes no difference and I tried adding this:
acl QUERY urlpath_regex cgi-bin \? and for some reason ALL requests
result in a MISS.
Any help is greatly appreciated.
My squid config looks like this: (obviously real ip's were changed)
################# STANDARD ACL'S ###############################
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
################# REVERSE CONFIG FOR SITE #####
http_port 80 accel vhost
cache_peer 1.1.1.1 parent 80 0 no-query originserver name=server_1
acl sites_server_1 dstdomain domain.com
################# REVERSE ACL'S FOR OUR DOMAINS ##############
acl ourdomain0 dstdomain www.domain.com
acl ourdomain1 dstdomain domain.com
http_access allow ourdomain0
http_access allow ourdomain1
http_access deny all
icp_access allow all
################ HEADER CONTROL ###############
visible_hostname cacheA.domain.com
cache_effective_user nobody
forwarded_for on
follow_x_forwarded_for allow all
header_access All allow all
############### SNMP CONTROL ###############
snmp_port 161
acl snmppublic snmp_community public1
snmp_access allow all
############## CACHE CONTROL ################
access_log /usr/local/squid/var/logs/access.log squid
acl QUERY urlpath_regex cgi-bin
cache_mem 1280 MB
cache_swap_low 95
cache_swap_high 98
maximum_object_size 6144 KB
minimum_object_size 1 KB
maximum_object_size_in_memory 4096 KB
cache_dir ufs /storage/ram_dir1 128 16 256
cache_dir ufs /storage/cache_dir1 5120 16 256
cache_dir ufs /storage/cache_dir2 5120 16 256
cache_dir ufs /storage/cache_dir3 5120 16 256
Also here is the result of a custom script I made to parse the
access.log that will sort and display the top 22 responses so I can
compare them with cacti, I am trying to increase the Hit ratio but so
far is extremely low.
1 571121 69.3643% TCP_MISS/200
2 98432 11.9549% TCP_HIT/200
3 51590 6.26576% TCP_MEM_HIT/200
4 47009 5.70938% TCP_MISS/304
5 17757 2.15664% TCP_IMS_HIT/304
6 11982 1.45525% TCP_REFRESH_HIT/200
7 11801 1.43327% TCP_MISS/404
8 6810 0.827095% TCP_MISS/500
9 2508 0.304604% TCP_MISS/000
10 1323 0.160682% TCP_MISS/301
11 1151 0.139792% TCP_MISS/403
12 1051 0.127647% TCP_REFRESH_HIT/304
13 430 0.0522248% TCP_REFRESH_MISS/200
14 127 0.0154245% TCP_CLIENT_REFRESH_MISS/200
15 83 0.0100806% TCP_MISS/401
16 81 0.00983769% TCP_CLIENT_REFRESH_MISS/304
17 35 0.00425085% TCP_MISS/503
18 20 0.00242906% TCP_DENIED/400
19 19 0.00230761% TCP_HIT/000
20 19 0.00230761% TCP_DENIED/403
21 14 0.00170034% TCP_SWAPFAIL_MISS/200
22 1 0.000121453% TCP_SWAPFAIL_MISS/30
Thanks!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHyHfrAcr37anguZsRAtktAKCKlqDTxrtmLLpfEK+cq92OOS0JwQCeIuiG
59G9YtNTZXD5JIExywCYprI=
=1Uls
-----END PGP SIGNATURE-----
--
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.