Farhad Ibragimov wrote:
Hello Amos,
Is this configuration is normally for large ISP provider ?
I'm not sure what you mean by "this config"? the one you posted, the
default you obviously altered to get it, or my recommended changes?
The default config is set to be secure, and help as many varied installs
as possible have a workable experience.
The security bits I mention first apply to everybody using 3.0, and
second applies to everybody. The http_access comment is particular to
your displayed config.
The traffic comment may not apply as Adrian pointed out. Only testing
your own traffic will show whats happens on your network.
You wanted HITS though, which means you are after those many small
requests, not the few large ones. (one 1MB file will cause MISS on 1000
x 1KB files shoved out of cache to store the big one) It's a trade off,
the only way to increase both is to raise RAM and disk available. And
that has limits too.
Saturday, July 25, 2009, 6:12:40 AM, you wrote:
Farhad Ibragimov wrote:
Hello Squid-users,
Dear Squid Guru
I am install new squid 3 days ago . The version is 3.0 15 . The
problem is that i don't see TCP_HIT (only TCP_MISS) in access log file .
Configuration file is attached . Please help
# WELCOME TO SQUID 3.0.STABLE15
# ----------------------------
http_port 3128 transparent
cache_mem 1024 MB
minimum_object_size 2048 KB
?? looks like your problem. Most of the web traffic you will ever see is
under 2 MB big.
Average size is somewhere between 32KB and 128KB depending on your clients.
... more point to follow....
icp_port 0
wccp2_router 85.132.32.20
visible_hostname "url..."
url_rewrite_children 20
cache_dir ufs /cache 6000 16 256
cache_swap_low 90
cache_swap_high 95
allow_underscore on
request_header_max_size 128 KB
Please do NOT raise this above 64KB in Squid 3.0!
There are a very large number of remote DDoS vulnerabilities that opens
up. The default for each squid version is kept at the largest safe value
we can be sure of.
client_persistent_connections on
server_persistent_connections on
maximum_object_size_in_memory 50 KB
cache_replacement_policy heap LFUDA
maximum_object_size 50 MB
######LOG################
access_log /var/squid/logs/access.log squid
cache_log /var/squid/logs/cache.log
cache_store_log /var/squid/logs/store.log
###############################
cache_mgr "mail address"
httpd_suppress_version_string on
# SNMP OPTIONS
# -----------------------------------------------------------------------------
#snmp_port 1161
#snmp_access allow snmppublic localhost
#snmp_access deny all
cache_effective_user squid
cache_effective_group squid
###############################################################
acl dayaz dstdomain .day.az
always_direct allow dayaz
###############################################################
refresh_pattern -i \.gif$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.png$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.jpg$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.jpeg$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.pdf$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.zip$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.tar$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.gz$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.tgz$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.exe$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.prz$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.ppt$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.inf$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.swf$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.mid$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.wav$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.mp3$ 43200 100% 43200 override-lastmod override-expire
#refresh_pattern ^ftp: 1440 20% 10080
#refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
#refresh_pattern . 0 20% 4320
Please do not alter the four above. They ensure that your cache is not
vulnerable to cache poisoning attacks or committing them against other
caches.
# ACCESS CONTROLS
##############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# TAG: http_access
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access allow localnet
Something has gone wrong. The above line commented out prevents local
networks from being serviced by this Squid.
I would expect this config to show constant TCP_MISS:DENIED in access.log.
http_access deny all
icp_access deny all
htcp_access deny all
hierarchy_stoplist cgi-bin ?
# TAG: debug_options
# Logging options are set as section,level where each source file
# is assigned a unique section. Lower levels result in less
# output, Full debugging (level 9) can result in a very large
# log file, so be careful. The magic word "ALL" sets debugging
# levels for all sections. We recommend normally running with
# "ALL,1".
#
#Default:
# debug_options ALL,1
icp_port 0
htcp_port 0
log_icp_queries off
allow_underscore on
# WCCPv1 AND WCCPv2 CONFIGURATION OPTIONS
#wccp_version 4
# wccp2_rebuild_wait on
# wccp2_forwarding_method 1
# wccp2_return_method 1
# wccp2_assignment_method 1
# wccp2_service standard 0
# wccp2_weight 10000
# wccp_address 0.0.0.0
# wccp2_address 0.0.0.0
# ERROR PAGE OPTIONS
# -----------------------------------------------------------------------------
# error_directory /squid/share/errors/templates
email_err_data on
client_db on
coredump_dir /var/squid/cache
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
Current Beta Squid 3.1.0.10 or 3.1.0.11