Re: How *NOT* cache with v.2?

From: Jens-S. Voeckler <[email protected]>
Date: Fri, 6 Nov 1998 14:10:21 +0100

On Fri, 6 Nov 1998, George Amaro wrote:

]In squid v.1, using local_domain and cache_stoplist, an object the
]matches the words in the list will never be cache. What is the
]best way to do this using acl lists with squid v.2? Is there any
]way to use words like foo*, abc*?

Have a look at the "no_cache" directive, which works with ACLs. And ACLs
in turn can work with url_regex, e.g:

        # url that contain the verbatim words foo or abc in any case
        # read squid-users, if "-i" really works...
        ACL foo url_regex -i foo abc
        no_cache deny foo

        # variation, also allow to fetch queries directly
        ACL QUERY urlpath_regex cgi-bin \? \.cgi$
        no_cache deny QUERY
        # ask Duane, Alex, ... about the difference to "hierarchy_stoplist"
        always_direct allow QUERY

The local_domain stuff has been overcome with the much more versatile (and
error prone) "never_direct" and "always_direct", e.g.:

        # please note, this uses "dst*", not "src*"
        ACL dst_somedomain dstdomain foo.bar
        ACL dst_someip dst 192.168.0.0/16
        always_direct allow dst_somedomain
        always_direct allow dst_someip

or even some nifty features like AS, based on the assumption that servers
within your own AS (not just network) are usually faster to reach directly
than via yet another cache. This is not always true. The whois server is
queried once at squid startup, *not* all the time:

        # need to configure either the MERIT whois server, or a local
        # mirror which understands the '!gasXXXX' syntax, e.g. IRRd
        as_whois_server some.merit.whois.mirror
        ACL DST_DTAG dst_as 3320
        always_direct allow DST_DTAG

I highly recommend to prefix the ACL names used with "dst*" or "src*" with
something like "DST_" and "SRC_" respectively, in order to avoid
confusion, because the ACL for accessing your service usually use "src*",
and the other ACLs mostly use "dst*".

Le deagh dh�rachd,
Dipl.-Ing. Jens-S. V�ckler (voeckler@rvs.uni-hannover.de)
Institute for Computer Networks and Distributed Systems
University of Hanover, Germany; +49 511 762 4726
Received on Fri Nov 06 1998 - 06:26:30 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:58 MST