Hi Amos, We have done additional tests in production with ISPs and the ORIGINAL_DST in tproxy cannot be cached. In normal mode (not tproxy), ORIGINAL_DST can be cached, no problem. But once in tproxy (http_port 3128 tproxy), no way, it's impossible to get TCP_HIT. We have played with the client_dst_passthru and the host_verify_strict, many combinaisons on/off. By settings client_dst_passthru ON and host_verify_strict OFF, we can reduce the number of ORIGINAL_DST (generating DNS "alerts" in the cache.log) but it makes issues with HTTPS websites (facebook, hotmail, gmail, etc...). We have also tried many DNS servers (internals and/or externals), same issue. I read what you explain in your previous email but it seems there is something weird. The problem is that the ORIGINAL_DST could be up to 25% of the traffic with some installations meaning this part is "out-of-control" in term of cache potential. All help is welcome here Thanks in advance. Bye Fred -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TProxy-and-client-dst-passthru-tp4670189p4670629.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
