Re: [squid-users] Help needed with Squid 3.0-STABLE12 reverse proxy messages in cache.log

From: Chris Robertson <crobertson_at_gci.net>
Date: Fri, 23 Jan 2009 14:06:56 -0900

Tom Williams wrote:
> Amos Jeffries wrote:
>> Tom Williams wrote:
>>> I've got Squid 3.0-STABLE12 configured as a reverse proxy on RedHat
>>> Enterprise Linux 5.
>>>
>>> We have pages for logged-in users we DO NOT want cached and pages
>>> for anonymous users (not logged into the site) that we do want cached.
>>>
>>> We found this article which describes how to this:
>>>
>>> http://www.howtoforge.com/how-to-set-up-a-caching-reverse-proxy-with-squid-2.6-on-debian-etch-p2
>>>
>>>
>>> Section 5 entitled "Different Content For Different Users" describes
>>> what we want to do.
>>>
>>> Per that article, I've added these lines to my squid config file:
>>>
>>> acl set_logged_in_user_cookie rep_header Set-Cookie LOGGED_IN=Y
>>> cache deny set_logged_in_user_cookie
>>> acl clear_logged_in_user_cookie rep_header Cookie LOGGED_IN=Y
>>> cache deny clear_logged_in_user_cookie
>>> acl logged_in_user_cookie req_header Cookie LOGGED_IN=Y
>>> cache deny logged_in_user_cookie
>>>
>>> During testing, I see a bunch of messages like this in my cache.log
>>> file:
>>>
>>> 2009/01/22 23:52:35| ACL::checklistMatches WARNING:
>>> 'set_logged_in_user_cookie' ACL is used but there is no HTTP reply
>>> -- not matching.
>>> 2009/01/22 23:52:35| ACL::checklistMatches WARNING:
>>> 'clear_logged_in_user_cookie' ACL is used but there is no HTTP reply
>>> -- not matching.
>>>
>>> What do these warning messages mean? Does this mean Squid didn't
>>> see a HTTP header with "Set-Cookie LOGGED_IN=Y"?
>>>
>>> Peace...
>>>
>>> Tom
>>>
>>
>> Squid checks to see whether something is allowed to be cached at the
>> time it is requested. Not when the reply is already coming back.
>> Seems daft yes, but thats the way its currently done.
>>
>> Which means until someone gets time or money to clean that up, you
>> can only use request or connection information in the cache ACLs.
>>
>> Amos
> Ok. If I'm understanding your correctly, the above acls won't work
> because they are looking for a HTTP header that won't exist?

Close. You are using rep_header, when you need to use req_header. Also
any match for "cache deny" will remove the data from the cache. You
might be better off seeing if you can add something to the URL of logged
in users (a GET query term, or an added directory that gets mapped out
on the back end) so you can use refresh_patterns. Even better, of
course is using Cache-Control headers so other web caches know what data
to cache, and what not to...

>
> Peace...
>
> Tom

Chris
Received on Fri Jan 23 2009 - 23:04:04 MST

This archive was generated by hypermail 2.2.0 : Sat Jan 24 2009 - 12:00:03 MST