On 7/09/2012 10:53 a.m., E.S. Rosenberg wrote:
Hi all,
We have the following proxy structure at the moment:
Internet --- Squid cache1 --- Squid cache2 --- users
|
ICAP Anti Virus server
The documentation of the AV server states clearly that they don't
recommend having a caching proxy behind it because then a virus may be
cached and served for a while.
If this is indeed the case then I would like squid cache2 to send of
only the cache-hits for a rescan because the misses anyhow already
passed through SQ1 and were scanned, is this possible?
Yes by re-ordering cache2 closer to the Internet than cache1.
The ordering you show above HITS on cache2 will never even reach cache1.
Also it seems to me that this anyhow may not be 100% true, because
would the AV server not warn when squid tries to establish of the file
has gone stale before serving it?
No. The revalidation process usually only involves an IMS request and
short 304 response. No object gets transferred during that process. I
think they are meaning that the cached objects need re-scanning after AV
signatures get updated, the revalidate would not trigger any re-scan.
Amos
