Re: [squid-users] Why does squid 2.6 stable 16 running in accelerator mode NEVER caches html requests ?

From: Amos Jeffries <[email protected]>
Date: Thu, 11 Oct 2007 14:42:36 +1300 (NZDT)

> Dear squid-cache.org,
>
> I have three RHEL4 servers :
>
> 1. configured with squid 2.6 Version 2.6.STABLE16 in
> accelerator mode
> 2. configured with (apache) httpd daemon
> 3. this machine has curl installed (to generate http
> requests)
>
>
> Each time I do curl http://omp.wc.be/home.html, I
> notice that the WC ALLWAYS sends the reqeust to the
> http server. It does NOT cache my home.html page.
> If I remove the "always_direct allow all" statement
> then I get the error back from WC that it is unable to
> forward request.
> I have :
> "cache allow all" statement.
> "refresh_pattern" but even if I comment it, I have the
> same issue.
>
> What is wrong in my configuration that the accelerator
> does not cache the file, but always asks for it ?
>
> #[root]
> #[root]cat squid.conf
> #ACCELERATOR
> ###################
> http_port 80 defaultsite=10.10.10.3

defaultsite should be the public FQDN of your website
you also need either accel or vhost option to perform accelerator actions
in 2.6+
So;

http_port 80 accel defaultsite=omp.wc.be

> cache_peer omp.wc.be parent 80 0 no-query originserver

Probably better off NOT being the public name. No need for DNS trickery then:

cache_peer 10.10.10.3 parent 80 0 no-query originserver name=webserver

(you can now define omp.wc.be as the squid interface, no exceptions needed.)

> ######ACLS###############
> acl all src 0.0.0.0/0.0.0.0

acl all src all # nicer way of saying it.

> acl port80 port 80
> http_access allow port80
> always_direct allow all

All the above do are make your proxy an open proxy on port 80.
I wouldn't be surprised to find general web requests for random spam
domains logged in access.log

Better to use some rules specifically limiting to your domain, and to pass
to named peer instead of general upstreams.

cache_peer_domain webserver omp.wc.be
acl mydomain dstdomain omp.wc.be
http_access allow mydomain
never_direct allow mydomain

(With just that, anybody, internal or external can get to your
reverse-hosted domain through squid.)

# ... other rules
http_access deny all

>
> #CACHING RULES
> ###############
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> cache allow all
> refresh_pattern . 1440 20%
> 4320
>
> #MISCELLANIOUS
> ##################3
> visible_hostname omp.wc.be
> cache_effective_user squid
> cache_effective_group squid

Better to leave group unset and allow OS security policy to handle the
user/group permissions.

> dns_testnames omp.wc.be
> cache_mem 50 MB
> #[root]
> #[root]
> #[root]
>
> note : 10.10.10.3 is the IP of the http server
> omp.wc.be is referenced as 10.10.10.3 by DNS.
> on curl-machine omp.wc.be is resolved as
> 12.1.1.1 (=listening interface on squid)
> note : home.html is only a one-line html page
> with no cgi, ... in it !
>
> Many thanks in advance !
>

Amos
Received on Wed Oct 10 2007 - 19:42:39 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT