On 13/01/11 18:30, Tahseen wrote:
Below is the configuration. I have only pasted what we have changed in the
default configuration of Squid
Hmm, okay three possibilities come to mind (in order of likeliness):
1) your pages may all contain query strings '?' and are blocked from
caching by hierarchy_stoplist.
** removing that directive is safe in Squid-3.x. Care is needed in
squid-2.x if using siblings (which you are not).
2a) Apache may be sending out headers to prevent caching.
use the tool at http://redbot.org on some of the URL which you
believe should cache.
2b) the client software may be sending such headers. There were some
versions of chrome which were known to send no-cache on every single
request.
3) all your objects maybe >4MB and being blocked by the max object limit.
============================================================
# some restriction definitions
acl all src 0.0.0.0/0.0.0.0
"all" ACL is pre-defined in squid-3. remove this line to quieten the
warnings.
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl CONNECT method CONNECT
acl sitedomin dstdomin 192.168.1.15
http_access allow sitedomin
The above looks strange. "dstdomain" is a text match.
The "vhost" option tells Squid to use the FQDN from request headers
and this is supported by the cache_peer link allowing only *.example.com
domains.
So...
It's unlikely that the FQDN received will be a raw IP address, let
alone one in your private IP space.
Clients which *would* match this are blocked by the rules preventing
them going to the peer.
The peer link rules also block clients relying on the defaultsite=. The
defaultsite= should contain the default public website domain, probably
whatever you have replaced with example.com in the peer config.
http_access allow manager
# Define the HTTP port
http_port 192.168.1.15:80 vhost vport=8080 defaultsite=192.168.1.15
# Specify the local and remote peers
cache_peer 127.0.0.1 parent 8080 0 no-query originserver name=server1
# Tell squid which domains to forward to which servers
acl sitedomains dstdomain .example.com
cache_peer_access server1 allow sitedomains
right here in the ordering is where you place:
http_access allow sitedomains
Note how the ACL named is the "cache_peer_access allow" one.
...
Down here below the reverse-proxy config is where you place the
forward-proxy http_access rules like CONNECT and manager access. Along
with a http_port to receive such management forward-proxy traffic.
# Do not cache cgi-bin, ? urls, posts, etc.
hierarchy_stoplist cgi-bin ?
acl apache rep_header Server ^Apache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 60 100% 4320
negative_ttl 0 minutes
# Cache properties
cache_mem 1024 MB
maximum_object_size_in_memory 2048 KB
cache_replacement_policy heap LRU
memory_replacement_policy heap LRU
cache_dir ufs /var/spool/squid 20000 16 256
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts
======================================================
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.10
Beta testers wanted for 3.2.0.4
