On 5/04/24 17:25, Jonathan Lee wrote:
ssl_bump splice https_login
ssl_bump splice splice_only
ssl_bump splice NoSSLIntercept
ssl_bump bump bump_only markBumped
ssl_bump stare all
acl markedBumped note bumped true
url_rewrite_access deny markedBumped
for good hits should the url_rewirte_access deny be splice not bumped
connections ?
I feel I mixed this up
Depends on what the re-write program is doing.
Ideally no traffic should be re-written by your proxy at all. Every
change you make to the protocol(s) as they go throug adds problems to
traffic behaviour.
Since you have squidguard..
* if it only does ACL checks, that is fine. But ideally those checks
would be done by http_access rules instead.
* if it is actually changing URLs, that is where the problems start
and caching is risky.
If you are re-writing URLs just to improve caching, I recommend using
Store-ID feature instead for those URLs. It does a better job of
balancing the caching risk vs ratio gains, even though outwardly it can
appear to have less HITs.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users