there was a bug on some old version of squid. you better use the newest version. ELiezer On 06/06/2012 18:01, mrnicholsb wrote:
Im scratching my head here, Ive got an issue thats driving me bonkers... 1338994323.846 0 10.10.1.105 TCP_IMS_HIT/304 278 GET http://deviant.evil/ - NONE/- text/html Clearly this local site is being cached, what is frustrating is that I have the following meta tag on the page <meta http-equiv="Cache-control" content="no-cache"> Yet squid is apparently ignoring that directive completely. Ok, no problem, so we set our conf up to always go direct for localnet acl right? No dice, still caching, Could one of you be so kind as to take a look at my conf and tell me why? ############################################################## #transparent because ddwrt is forwarding traffic to it http_port 3128 transparent #parent disabled due to location outside scope of firewall rules #cache_peer 192.168.1.205 parent 3128 3129 default # no-query no-digest never_direct deny all refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 dns_nameservers 10.10.1.1 hosts_file /etc/hosts cache_swap_low 95 cache_swap_high 98 access_log /var/log/squid3/access.log cache_mem 320 MB memory_pools on maximum_object_size_in_memory 512 KB maximum_object_size 400 MB log_icp_queries off half_closed_clients on cache_mgr mrnicholsb@xxxxxxxxx cache_dir ufs /mnt/secondary/var/spool/squid3 30000 32 256 visible_hostname deviant.evil shutdown_lifetime 1 second #icap_enable on #icap_send_client_ip on #icap_send_client_username on #icap_client_username_encode off #icap_client_username_header X-Authenticated-User #icap_preview_enable on #icap_preview_size 1024 #icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav #adaptation_access service_req allow all #icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav #adaptation_access service_resp allow all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src 10.10.1.0/24 acl blacklist dstdomain "/mnt/secondary/squid3/squid-block.acl" acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 # http acl Safe_ports port 443 # ftp acl Safe_ports port 70 # https acl Safe_ports port 210 # gopher acl Safe_ports port 1025-65535 # wais acl Safe_ports port 280 # unregistered ports acl Safe_ports port 488 # http-mgmt acl Safe_ports port 591 # gss-http acl Safe_ports port 777 # filemaker acl CONNECT method CONNECT # multiling http always_direct allow localnet #icp_access allow localnet #icp_access deny all http_access deny blacklist http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet http_access deny all #Thanks heaps in advance. Squid 3.1.6-1.2 Debian Squeeze
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il
