Thanks for the continued support! You say "The CONNECT rule does need to be "deny CONNECT !SSL_Ports". " - But I dont' see a !SSL_Ports You say "I'd shift that one http pattern above up above the ftp pattern." But I dont see http as a refresh pattern. I do see html. Is this what you mean? My currrent squid.conf http_port 3128 acl QUERY urlpath_regex cgi-bin \? #no_cache deny QUERY cache_mem 512 MB maximum_object_size_in_memory 2048 KB maximum_object_size 1 GB cache_dir aufs /cache 500000 256 256 redirect_rewrites_host_header off cache_replacement_policy lru #acl QUERY urlpath_regex cgi-bin \? acl all src all acl localnet src 10.60.0.0/255.255.0.0 acl localhost src 127.0.0.1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/8 acl Safe_ports port 80 443 210 119 70 21 1025-65535 acl CONNECT method CONNECT http_access allow localnet http_access allow localhost http_access deny !Safe_ports http_access allow localnet http_access allow localhost http_access deny CONNECT http_access deny CONNECT !Safe_Ports http_access deny all icp_port 0 refresh_pattern \.jpg$ 3600 50% 60 ignore-reload refresh_pattern \.gif$ 3600 50% 60 ignore-reload refresh_pattern \.css$ 3600 50% 60 ignore-reload refresh_pattern \.js$ 3600 50% 60 ignore-reload refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern \.html$ 300 50% 10 ignore-reload refresh_pattern . 60 50% 10 ignore-reload refrsh_pattern . 0 20% 4320 visible_hostname AHSPX01 -- View this message in context: http://www.nabble.com/not-caching-enough-tp25530445p25681166.html Sent from the Squid - Users mailing list archive at Nabble.com.
