Anyone got any other ideas on why this isn't delving into the cache when the backend server is down? On Tue, Mar 22, 2011 at 10:37 AM, Morgan Storey <me@xxxxxxxxxxxxxxxx> wrote: > Thanks Amos I tried your suggestions, still no good when the webserver > is offline. I get only a single line in the cache.log "2011/03/22 > 10:28:50| TCP connection to myAccel (10.0.0.18:80) failed" > I have put the squid.conf in the email to make corrections easier (I > have tried that offline mode on but it doesn't seem to work); > > dns_nameservers 10.0.0.2 10.0.0.1 > > cache_dir ufs d:/cache 8000 100 256 > cache_mem 512 MB > maximum_object_size_in_memory 10240 KB > > access_log e:/squidlogs/access.log squid > cache_log e:/squidlogs/cache.log > cache_store_log e:/squidlogs/store.log > logfile_rotate 10 > > > acl all src all > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 > acl localnet src all # RFC1918 possible internal network > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 443 # https > acl CONNECT method CONNECT > > ############################################################## > > http_port 80 accel defaultsite=www.site.com vhost > > # proxy icp > # hostname type port port options > # -------------------- -------- ----- ----- ----------- > cache_peer 10.0.0.18 parent 80 0 no-query originserver name=myAccel > > > acl our_sites dstdomain www.site.com > forwarded_for on > > http_access allow our_sites > cache_peer_access myAccel allow our_sites > cache_peer_access myAccel deny all > > cache_effective_group proxy > > ############################################################## > > # > #Allow ICP queries from All > icp_access allow all > > # TAG: max_stale time-units > # This option puts an upper limit on how stale content Squid > # will serve from the cache if cache validation fails. > # > #Default: > max_stale 1 week > > #Suggested default: > #refresh_pattern ^ftp: 1440 20% 10080 > #refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern -i (/umbraco/|\?) 0 0% 0 > refresh_pattern . 120 20% 4320 > > acl QUERY urlpath_regex umbraco \? > acl POST method POST > no_cache deny QUERY > no_cache deny POST > > # TIMEOUTS > forward_timeout 15 seconds > > # Do not tell the world that which squid version we're running > httpd_suppress_version_string on > > # Remove the Caching Control header for upstream servers > header_access Cache-Control deny all > > cache_mgr someone@xxxxxxxxxxxxx > > #offline_mode on > > > On Mon, Mar 21, 2011 at 10:26 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: >> On 21/03/11 21:44, Morgan Storey wrote: > >> Some notes on those configs: >> >> (squid1) >> * You can deny CONNECT entirely. It should never happen to a reverse-proxy. >> They get native HTTPS connections to their https_port. >> >> * Your reverse-proxy settings, for cache_peer and the related http_access >> rule MUST be above the default forward-proxy rules. Since this appears to be >> a pure reverse-proxy you can drop the default config file http_access lines >> entirely. >> NP: do that and I believe your Squid will stop needing to wait for DNS. It >> only uses it now to check the localnet ACL :) >> >> * header_access is not a very safe thing to do for Squid-2. It affects both >> the client request headers passed to your main server AND the reply headers >> destined for the visitor. >> refresh_pattern flag "reload-into-ims" is much safer and helps avoid the >> forced reload clients sometimes send. >> >> (squid2) >> * you are missing the http_access reverse-proxy settings. squid1 was >> better. >> >> >> Amos >> -- >> Please be using >> Current Stable Squid 2.7.STABLE9 or 3.1.11 >> Beta testers wanted for 3.2.0.5 >> >