-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is know-how to himself. ;) To be serious, you must carefully play with refresh_pattern(s), and some squid.conf parameters (and also with store ID feature) to get higher HIT ratio. Just for example (this is NOT complete config! No responsibility or any guarantees in case of simple copy-n-pasted into your configs! This is AS IS example!): # Keep swf in cache even if asked not to refresh_pattern -i \.(swf)(\?|$) 10080 90% 43200 override-expire ignore-reload reload-into-ims ignore-private # .NET cache refresh_pattern -i \.(as(h|p)x?)(\?|$) 10080 90% 43200 reload-into-ims # Updates: Windows, Adobe, Java refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i adobe.com/.*\.(zip|exe) 4320 80% 43200 reload-into-ims refresh_pattern -i java.com/.*\.(zip|exe) 4320 80% 43200 reload-into-ims refresh_pattern -i sun.com/.*\.(zip|exe) 4320 80% 43200 reload-into-ims refresh_pattern -i google\.com.*\.(zip|exe) 4320 80% 43200 reload-into-ims refresh_pattern -i macromedia\.com.*\.(zip|exe) 4320 80% 43200 reload-into-ims # Other long-lived items refresh_pattern -i \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|webp|flv|mp4)(\?|$) 14400 99% 518400 ignore-no-store override-expire ignore-reload reload-into-ims ignore-private ignore-must-revalidate refresh_pattern -i \.((m?|x?|s?)htm(l?)|css|js|xml|php|json)(\?|$) 10080 90% 86400 ignore-no-store override-expire override-lastmod reload-into-ims ignore-private ignore-must-revalidate # Default patterns refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 10080 override-lastmod reload-into-ims The example above also requires some additional cached-related parameters to be changed. Also, you strictly recommended to research average users activity AND play around VARY http headers. And others. Each squid setup is place-specific. And depending your access/deny lists, security policy, users/network activity etc.etc.etc. WBR, Yuri PS. Your question has NO simple answer. Beware - copy-n-paste any foreign config can not guarantee the same results for YOU. 14.03.15 1:52, Alberto Perez пишет: > Can you share more details about "Agressive dynamic content > caching requires some special tweaks" I am very interested. > > Thanks > > > > On 3/13/15, Yuri Voinov <yvoinov@xxxxxxxxx> wrote: > > > 13.03.15 23:33, Amos Jeffries пишет: >>>> On 14/03/2015 5:47 a.m., Monah Baki wrote: >>>> >>>> <snip> >>>> >>>>> half_closed_clients off quick_abort_min 0 KB >>>>> quick_abort_max 0 KB vary_ignore_expire on reload_into_ims >>>>> on memory_pools off cache_mem 4096 MB visible_hostname >>>>> isn-phc-cache minimum_object_size 0 bytes >>>> >>>>> maximum_object_size 512 MB maximum_object_size 512 KB >>>> >>>> KB value overwriting MB value. >>>> >>>> >>>>> ipcache_size 1024 ipcache_low 90 ipcache_high 95 >>>>> cache_swap_low 98 cache_swap_high 100 fqdncache_size 16384 >>>>> retry_on_error on offline_mode off logfile_rotate 10 >>>>> dns_nameservers 8.8.8.8 41.78.211.30 >>>>> >>>>> >>>>> >>>>> >>>>> access.log: >>>>> >>>>> 1426267535.210 198 10.0.0.23 TCP_MISS/200 412 GET >>>>> http://jadserve.postrelease.com/trk.gif? - >>>>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.211 >>>>> 198 10.0.0.23 TCP_MISS/200 412 GET >>>>> http://jadserve.postrelease.com/trk.gif? - >>>>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.211 >>>>> 198 10.0.0.23 TCP_MISS/200 412 GET >>>>> http://jadserve.postrelease.com/trk.gif? - >>>>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.223 >>>>> 301 10.0.0.23 TCP_MISS/200 222 GET >>>>> http://rma-api.gravity.com/v1/beacons/log? - >>>>> ORIGINAL_DST/80.239.148.18 text/html 1426267535.244 195 >>>>> 10.0.0.23 TCP_MISS/200 412 GET >>>>> http://jadserve.postrelease.com/trk.gif? - >>>>> ORIGINAL_DST/54.225.133.227 image/gif >>>> >>>> >>>> Lots of Akamai hosted requests. Akamai play tricks with DNS >>>> responses. > In my installation I've used local Unbound DNS cache and, before > it, forced DNS interception to him with Cisco. :) > > So, I don't care about any hosts DNS quirks. ;) > >>>> >>>> Check your cache.log for security warnings; >>>> <http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery> >>>> >>>> >>>> Note that objects failing the Host validation are not cacheable. >>>> >>>> >>>>> 1426267535.333 423 10.0.0.23 TCP_MISS/200 1420 GET >>>>> http://hpr.outbrain.com/utils/get? - >>>>> ORIGINAL_DST/50.31.185.42 text/x-json 1426267535.345 412 >>>>> 10.0.0.23 TCP_MISS/200 11179 GET >>>>> http://p.visualrevenue.com/? - ORIGINAL_DST/50.31.185.40 >>>>> text/javascript 1426267535.346 411 10.0.0.23 >>>>> TCP_MISS/200 423 GET http://t1.visualrevenue.com/? - >>>>> ORIGINAL_DST/64.74.232.44 image/gif >>>> >>>> Not sure about them. Maybe genuine MISS, maybe not. > > Agressive dynamic content caching requires some special tweaks. ;) > >>>> >>>> It could also be the issues Antony pointed out, with the >>>> objects just naturally not being cacheable. >>>> >>>> >>>>> 1426267535.363 128 10.0.0.23 TCP_REFRESH_UNMODIFIED/304 >>>>> 327 GET >>>>> http://z.cdn.turner.com/cnn/.element/widget/video/videoapi/api/js/vendor/jquery.ba-bbq.js >>>>> >>>>> > >>>>> - - ORIGINAL_DST/80.239.152.153 application/x-javascript >>>> >>>> There is a hit. >>>> >>>> I guess you are new to Squid-3 ? Squid is HTTP/1.1 compliant >>>> now and the caching rules are slightly different from >>>> requirements on HTTP/1.0 software. A lot of content that >>>> previously could not be stored now can (authenticated, >>>> private, no-cache, etc.). But being sensitive info also >>>> requires revalidation in order to be used, so they show up >>>> like the above. >>>> >>>> Amos >>>> >>>> _______________________________________________ squid-users >>>> mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx >>>> http://lists.squid-cache.org/listinfo/squid-users >>>> >> _______________________________________________ squid-users >> mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users >> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVA0InAAoJENNXIZxhPexG6JAIALq2tAxa9Vawr1/Rkojl0UFj HQF9p/4mk0ZHPnL4zkV6h/Ctg/s+AgK+O/H38ncn+2JS4eyiZfSHLOxmxkmrKi11 av/yjG++JGnhQkic/3y7ETOSkvaDuAbDP+Iwrtuc+kBpJz54No9Pu37oVlIOdMLZ uv/8Bpk9uQEc3kE5FCgCmM2nIr2tuxr6opK6T5DZ2TvcqnQin752P60R91iS7unF XHX3tsGsFvrKflEEC7w1xDRn3u3kSGrx+gPpktA0dv6vT8ATXqPEV5+anIEZVfLZ NKDIwoeSNHYMMknlK7QTUlcNjuq+UXmfcO3mp+eraUQbGRkxwqTPxRwvIqp/43U= =VW9B -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
