I think I am already using it; I have also played with the cache control setting in IIS, I get the below if I wget the index on the webserver: Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Cache-Control: public, max-age=5,stale-while-revalidate=600, stale-if-error=36000 Set-Cookie: ASP.NET_SessionId=fdlkjayuf98dsfgnkjdsl7; path=/; HttpOnly Cache-Control: private 2011/3/29 George Halkias <admin@xxxxxxxx>: > Use stale-if-error cache directive! > > http://www.mnot.net/blog/2007/12/12/stale > > -----Original Message----- > From: Morgan Storey [mailto:me@xxxxxxxxxxxxxxxx] > Sent: Tuesday, March 29, 2011 10:42 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Squid reverse proxy with cache. > > Anyone got any other ideas on why this isn't delving into the cache > when the backend server is down? > > On Tue, Mar 22, 2011 at 10:37 AM, Morgan Storey <me@xxxxxxxxxxxxxxxx> wrote: >> Thanks Amos I tried your suggestions, still no good when the webserver >> is offline. I get only a single line in the cache.log "2011/03/22 >> 10:28:50| TCP connection to myAccel (10.0.0.18:80) failed" >> I have put the squid.conf in the email to make corrections easier (I >> have tried that offline mode on but it doesn't seem to work); >> >> dns_nameservers 10.0.0.2 10.0.0.1 >> >> cache_dir ufs d:/cache 8000 100 256 >> cache_mem 512 MB >> maximum_object_size_in_memory 10240 KB >> >> access_log e:/squidlogs/access.log squid >> cache_log e:/squidlogs/cache.log >> cache_store_log e:/squidlogs/store.log >> logfile_rotate 10 >> >> >> acl all src all >> acl manager proto cache_object >> acl localhost src 127.0.0.1/32 >> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 >> acl localnet src all # RFC1918 possible internal network >> >> acl SSL_ports port 443 >> acl Safe_ports port 80 # http >> acl Safe_ports port 443 # https >> acl CONNECT method CONNECT >> >> ############################################################## >> >> http_port 80 accel defaultsite=www.site.com vhost >> >> # proxy icp >> # hostname type port port options >> # -------------------- -------- ----- ----- ----------- >> cache_peer 10.0.0.18 parent 80 0 no-query originserver name=myAccel >> >> >> acl our_sites dstdomain www.site.com >> forwarded_for on >> >> http_access allow our_sites >> cache_peer_access myAccel allow our_sites >> cache_peer_access myAccel deny all >> >> cache_effective_group proxy >> >> ############################################################## >> >> # >> #Allow ICP queries from All >> icp_access allow all >> >> # TAG: max_stale time-units >> # This option puts an upper limit on how stale content Squid >> # will serve from the cache if cache validation fails. >> # >> #Default: >> max_stale 1 week >> >> #Suggested default: >> #refresh_pattern ^ftp: 1440 20% 10080 >> #refresh_pattern ^gopher: 1440 0% 1440 >> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 >> refresh_pattern -i (/umbraco/|\?) 0 0% 0 >> refresh_pattern . 120 20% 4320 >> >> acl QUERY urlpath_regex umbraco \? >> acl POST method POST >> no_cache deny QUERY >> no_cache deny POST >> >> # TIMEOUTS >> forward_timeout 15 seconds >> >> # Do not tell the world that which squid version we're running >> httpd_suppress_version_string on >> >> # Remove the Caching Control header for upstream servers >> header_access Cache-Control deny all >> >> cache_mgr someone@xxxxxxxxxxxxx >> >> #offline_mode on >> >> >> On Mon, Mar 21, 2011 at 10:26 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: >>> On 21/03/11 21:44, Morgan Storey wrote: >> >>> Some notes on those configs: >>> >>> (squid1) >>> * You can deny CONNECT entirely. It should never happen to a reverse-proxy. >>> They get native HTTPS connections to their https_port. >>> >>> * Your reverse-proxy settings, for cache_peer and the related http_access >>> rule MUST be above the default forward-proxy rules. Since this appears to be >>> a pure reverse-proxy you can drop the default config file http_access lines >>> entirely. >>> NP: do that and I believe your Squid will stop needing to wait for DNS. It >>> only uses it now to check the localnet ACL :) >>> >>> * header_access is not a very safe thing to do for Squid-2. It affects both >>> the client request headers passed to your main server AND the reply headers >>> destined for the visitor. >>> refresh_pattern flag "reload-into-ims" is much safer and helps avoid the >>> forced reload clients sometimes send. >>> >>> (squid2) >>> * you are missing the http_access reverse-proxy settings. squid1 was >>> better. >>> >>> >>> Amos >>> -- >>> Please be using >>> Current Stable Squid 2.7.STABLE9 or 3.1.11 >>> Beta testers wanted for 3.2.0.5 >>> >> >
