Search squid archive

Re: squid intercept config

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



13.03.15 23:33, Amos Jeffries пишет:
> On 14/03/2015 5:47 a.m., Monah Baki wrote:
> 
> <snip>
> 
>> half_closed_clients off quick_abort_min 0 KB quick_abort_max 0
>> KB vary_ignore_expire on reload_into_ims on memory_pools off 
>> cache_mem 4096 MB visible_hostname isn-phc-cache 
>> minimum_object_size 0 bytes
> 
>> maximum_object_size 512 MB maximum_object_size 512 KB
> 
> KB value overwriting MB value.
> 
> 
>> ipcache_size 1024 ipcache_low 90 ipcache_high 95 cache_swap_low
>> 98 cache_swap_high 100 fqdncache_size 16384 retry_on_error on 
>> offline_mode off logfile_rotate 10 dns_nameservers 8.8.8.8
>> 41.78.211.30
>> 
>> 
>> 
>> 
>> access.log:
>> 
>> 1426267535.210    198 10.0.0.23 TCP_MISS/200 412 GET 
>> http://jadserve.postrelease.com/trk.gif? -
>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.211    198
>> 10.0.0.23 TCP_MISS/200 412 GET 
>> http://jadserve.postrelease.com/trk.gif? -
>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.211    198
>> 10.0.0.23 TCP_MISS/200 412 GET 
>> http://jadserve.postrelease.com/trk.gif? -
>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.223    301
>> 10.0.0.23 TCP_MISS/200 222 GET 
>> http://rma-api.gravity.com/v1/beacons/log? -
>> ORIGINAL_DST/80.239.148.18 text/html 1426267535.244    195
>> 10.0.0.23 TCP_MISS/200 412 GET 
>> http://jadserve.postrelease.com/trk.gif? -
>> ORIGINAL_DST/54.225.133.227 image/gif
> 
> 
> Lots of Akamai hosted requests. Akamai play tricks with DNS
> responses.
In my installation I've used local Unbound DNS cache and, before it,
forced DNS interception to him with Cisco. :)

So, I don't care about any hosts DNS quirks. ;)

> 
> Check your cache.log for security warnings; 
> <http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery>
> 
> Note that objects failing the Host validation are not cacheable.
> 
> 
>> 1426267535.333    423 10.0.0.23 TCP_MISS/200 1420 GET 
>> http://hpr.outbrain.com/utils/get? - ORIGINAL_DST/50.31.185.42
>> text/x-json 1426267535.345    412 10.0.0.23 TCP_MISS/200 11179
>> GET http://p.visualrevenue.com/? - ORIGINAL_DST/50.31.185.40
>> text/javascript 1426267535.346    411 10.0.0.23 TCP_MISS/200 423
>> GET http://t1.visualrevenue.com/? - ORIGINAL_DST/64.74.232.44
>> image/gif
> 
> Not sure about them. Maybe genuine MISS, maybe not.

Agressive dynamic content caching requires some special tweaks. ;)

> 
> It could also be the issues Antony pointed out, with the objects
> just naturally not being cacheable.
> 
> 
>> 1426267535.363    128 10.0.0.23 TCP_REFRESH_UNMODIFIED/304 327
>> GET 
>> http://z.cdn.turner.com/cnn/.element/widget/video/videoapi/api/js/vendor/jquery.ba-bbq.js
>>
>> 
- - ORIGINAL_DST/80.239.152.153 application/x-javascript
> 
> There is a hit.
> 
> I guess you are new to Squid-3 ? Squid is HTTP/1.1 compliant now
> and the caching rules are slightly different from requirements on
> HTTP/1.0 software. A lot of content that previously could not be
> stored now can (authenticated, private, no-cache, etc.). But being
> sensitive info also requires revalidation in order to be used, so
> they show up like the above.
> 
> Amos
> 
> _______________________________________________ squid-users mailing
> list squid-users@xxxxxxxxxxxxxxxxxxxxx 
> http://lists.squid-cache.org/listinfo/squid-users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJVAy/qAAoJENNXIZxhPexGOUEH/2yt1ql+ndo1We1E06LvIZl7
4PXY1kzuHT6EpOYO9LpLKtE+dPNYJuHKiUEF2hAGz5DP/heKq8PFRBTkMD18sueN
jm+UfP8BdxgRYuiQWtWNteV0gbH4nOBeJ6QwqlEHMwcsdPtkwWCGA0MS6co+IXKb
poouP6xQoNddx/UKicu6PQZDj5HRmynTP2c0mJuFEdlQxONgFiP4mqSFBwWhH/B/
hhdSfxg53xfQ+2B5TsVrKyxmJoIYpHgFZid/pk+Q2bb0WIy8bhHA72EHPjIu5K5Z
wobLGng+oE0i2erqtZiFR8daGdKcRW7FDYzHi+LJEHJj3i+z0mRIQkGTn3Nxfhg=
=Cnai
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux