Hi Amos, I changed my configuration file as you suggested. There is an another clarification from my side. I could able to see TCP_HIT only when I clear browser cache manually . The behavior is same for all the websites I have tried to connect. Is this an expected behavior? If not, What needs to be done in order to get TCP_HIT without manually clearing browser cache? Regards, Saravanan N On Mon, Aug 19, 2013 at 7:48 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 19/08/2013 11:29 p.m., SaRaVanAn wrote: >> >> Hi Amos, >> Thanks a lot for your help. There is an issue in web-server >> connectivity which has been solved as you suggested. I could able to >> connect the webserver via squid successfully. >> >> But there is an issue in caching webpages . I am always getting >> "TCP/MISS 200" messages from squid. I could not able to see a single >> "TCP_HIT" message even I try to access the same webpages from browser >> again and again. >> >> 1376909027.627 211 10.1.1.1 TCP_MISS/200 416 GET >> http://b.scorecardresearch.com/p? - DIRECT/120.29.145.65 image/gif >> [Host: b.scorecardresearch.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux >> i686; rv:10.0.12) Gecko/20130109 Firefox/10.0.12\r\nAccept: >> image/png,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: >> en-us,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: >> keep-alive\r\nReferer: http://in.yahoo.com/?p=us\r\nCookie: >> UID=6cdd678-61.213.189.48-1366091370; UIDR=1366091370\r\n] [HTTP/1.1 >> 200 OK\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Mon, >> 19 Aug 2013 10:27:24 GMT\r\nConnection: keep-alive\r\nPragma: >> no-cache\r\nExpires: Mon, 01 Jan 1990 00:00:00 GMT\r\nCache-Control: >> private, no-cache, no-cache=Set-Cookie, no-store, >> proxy-revalidate\r\n\r] > > > This response object has been configured explicitly and rather emphatically > to prevent caching. > Expires, no less than 5 ways to force MISS or at least REFRESH behaviour > from Cache-Control, and even the invalid Pragma header in case something > obeys it. > > Several of these are way beyond what server frameworks add by default. So it > is clearly an explicit admin design that this object be a MISS. Perhapse it > woudl be a good idea to let it, yes? > > Amos > > >> >> Squid.conf >> --------------- >> acl all src all > > > Please run "squid -k parse". If your Squid is not at least complaining about > the above line being redundant then your proxy is seriously outdated. > > >> acl manager proto cache_object >> acl localhost src 127.0.0.1/32 ::1 >> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 >> acl SSL_ports port 443 # https >> acl SSL_ports port 563 # snews >> acl SSL_ports port 873 # rsync >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl Safe_ports port 631 # cups >> acl Safe_ports port 873 # rsync >> acl Safe_ports port 901 # SWAT >> acl purge method PURGE >> acl CONNECT method CONNECT >> http_access allow manager localhost >> http_access deny manager >> http_access deny !Safe_ports >> http_reply_access allow all > > > "allow all" is the default for http_reply_access. You can drop the above > line entirely from your config. > > You are also missing the basic security protection for CONNECT requests: > http_access deny CONNECT !SSL_ports > > >> http_port 3128 >> http_port 3129 tproxy >> hierarchy_stoplist cgi-bin ? > > You can omit "hierarchy_stoplist" from your config. > > >> cache_mem 256 MB >> cache_dir ufs /var/spool/squid3 1000 16 256 >> maximum_object_size 20480 KB >> access_log /var/log/squid3/access.log >> cache_log /var/log/squid3/cache.log >> mime_table /usr/share/squid3/mime.conf >> log_mime_hdrs on >> refresh_pattern ^ftp: 1440 20% 10080 >> refresh_pattern ^gopher: 1440 0% 1440 > > > You are missing the refresh pattern instructing Squid how to safely handle > dynamic responses without expiry information: > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > > > >> refresh_pattern . 0 20% 4320 >> acl apache rep_header Server ^Apache >> coredump_dir /var/spool/squid3 >> acl localnet src 10.1.1.0/24 >> http_access allow localhost >> http_access allow localnet >> cache allow all > > > "allow all" is teh default for the "cache" directive. You can omit this line > entirely from your config file. > > >> request_header_access Allow allow all >> request_header_access Authorization allow all >> request_header_access WWW-Authenticate allow all >> request_header_access Proxy-Authorization allow all >> request_header_access Proxy-Authenticate allow all >> request_header_access Cache-Control allow all >> request_header_access Content-Encoding allow all >> request_header_access Content-Length allow all >> request_header_access Content-Type allow all >> request_header_access Date allow all >> request_header_access Expires allow all >> request_header_access Host allow all >> request_header_access If-Modified-Since allow all >> request_header_access Last-Modified allow all >> request_header_access Location allow all >> request_header_access Pragma allow all >> request_header_access Accept allow all >> request_header_access Accept-Charset allow all >> request_header_access Accept-Encoding allow all >> request_header_access Accept-Language allow all >> request_header_access Content-Language allow all >> request_header_access Mime-Version allow all >> request_header_access Retry-After allow all >> request_header_access Title allow all >> request_header_access Connection allow all >> request_header_access Proxy-Connection allow all >> request_header_access User-Agent allow all >> request_header_access Cookie allow all >> request_header_access All deny all >> >> Am I missing something in squid.conf? >> > > Amos
