Hi Alex, you're right, the correct way is to use "cache deny <aclname>" only, all others are allowed then. I tried this before, but it did not work, because of my very special setup. I need to encrypt browser->squid connection (on mobile devices). With squid 3.x, I used stunnel client on the mobile device and stunnel server on squid's machine. With squid 4.6, I wanted to get rid of stunnel server and use squid's https_port directive instead, but https_port + sslbump did not go together. So, I created a loop that forwarded https_port connections with a cache_peer directive to squid's own http_port. That worked, except for caching... The http_port ACLs never matched in the cache directive, instead, the https_port ACLs did, but that is not what I want and need. Some coincidence made that tcp_outgoing_address matched and routing was correct, anyway. I switched back to the old stunnel server setup, and things are fine now. But I still don't know why the http_port connections ACLs do not match... Regards, Robert Am Mittwoch, den 16.10.2019, 11:38 -0400 schrieb Alex Rousskov: > On 10/16/19 10:38 AM, Robert wrote: > > > after upgrading to 4.6 from 3.x > > I am struggling with caching objects. The goal is, to have objects > > requested by proxy-basic clients not to be cached, but objects > > requested by proxy-standard to be cached normally. > > > > Tried this: > > > > cache deny proxy-basic > > cache allow all > > > > And this: > > > > cache allow proxy-standard > > cache deny all > > Based on your description, you probably want the former or its > simpler > version: > > cache deny proxy-basic > > > > If I use ANY "cache ___" directive other than a (useless) "cache > > allow > > all", caching is completely disabled for all ACLs. > > FYI: Squid does not (yet) treat the "all" ACL specially -- Squid does > not ignore or automatically apply seemingly "useless" rules with it. > If > you are getting correct results with "allow all" and incorrect > results > with "allow foo", then your foo ACL does not match (in that specific > context). Why it does not match is a separate question. > > > > What am I doing wrong? > > Nothing that warrants discussing here IMO. I suggest trying the > latest > v4 release and, if the problem is still there, filing a bug report. > If > you can share a compressed ALL,7+ cache.log while reproducing the > problem with a single transaction, we may be able to triage this > problem > faster. Squid wiki has instructions at > https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction > > > HTH, > > Alex. > > > I am using ACLs for different handling of clients connecting to > > different local ports: > > > > acl proxy-basic localip 172.16.2.243 > > acl proxy-standard localip 172.16.3.243 > > > > These ACLs are used to determine outgoing address, which are routed > > to > > different outgoing interfaces like this: > > > > tcp_outgoing_address 172.16.3.244 proxy-basic > > tcp_outgoing_address 172.16.4.244 proxy-standard > > > > This works as desired. > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -- Robert Senger <robert.senger@xxxxxxxxxxxxxxxxxx> PGP/GPG Public Key ID: A51A4BCD _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
