Thanks Amos I tried your suggestions, still no good when the webserver is offline. I get only a single line in the cache.log "2011/03/22 10:28:50| TCP connection to myAccel (10.0.0.18:80) failed" I have put the squid.conf in the email to make corrections easier (I have tried that offline mode on but it doesn't seem to work); dns_nameservers 10.0.0.2 10.0.0.1 cache_dir ufs d:/cache 8000 100 256 cache_mem 512 MB maximum_object_size_in_memory 10240 KB access_log e:/squidlogs/access.log squid cache_log e:/squidlogs/cache.log cache_store_log e:/squidlogs/store.log logfile_rotate 10 acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src all # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl CONNECT method CONNECT ############################################################## http_port 80 accel defaultsite=www.site.com vhost # proxy icp # hostname type port port options # -------------------- -------- ----- ----- ----------- cache_peer 10.0.0.18 parent 80 0 no-query originserver name=myAccel acl our_sites dstdomain www.site.com forwarded_for on http_access allow our_sites cache_peer_access myAccel allow our_sites cache_peer_access myAccel deny all cache_effective_group proxy ############################################################## # #Allow ICP queries from All icp_access allow all # TAG: max_stale time-units # This option puts an upper limit on how stale content Squid # will serve from the cache if cache validation fails. # #Default: max_stale 1 week #Suggested default: #refresh_pattern ^ftp: 1440 20% 10080 #refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern -i (/umbraco/|\?) 0 0% 0 refresh_pattern . 120 20% 4320 acl QUERY urlpath_regex umbraco \? acl POST method POST no_cache deny QUERY no_cache deny POST # TIMEOUTS forward_timeout 15 seconds # Do not tell the world that which squid version we're running httpd_suppress_version_string on # Remove the Caching Control header for upstream servers header_access Cache-Control deny all cache_mgr someone@xxxxxxxxxxxxx #offline_mode on On Mon, Mar 21, 2011 at 10:26 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 21/03/11 21:44, Morgan Storey wrote: > Some notes on those configs: > > (squid1) > * You can deny CONNECT entirely. It should never happen to a reverse-proxy. > They get native HTTPS connections to their https_port. > > * Your reverse-proxy settings, for cache_peer and the related http_access > rule MUST be above the default forward-proxy rules. Since this appears to be > a pure reverse-proxy you can drop the default config file http_access lines > entirely. > NP: do that and I believe your Squid will stop needing to wait for DNS. It > only uses it now to check the localnet ACL :) > > * header_access is not a very safe thing to do for Squid-2. It affects both > the client request headers passed to your main server AND the reply headers > destined for the visitor. > refresh_pattern flag "reload-into-ims" is much safer and helps avoid the > forced reload clients sometimes send. > > (squid2) > * you are missing the http_access reverse-proxy settings. squid1 was > better. > > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.11 > Beta testers wanted for 3.2.0.5 >
