[squid-users] FW: squid 3.3.10 always gives TCP_MISS for SSL requests

From: Ragheb Rustom <ragheb_at_smartelecom.org>
Date: Tue, 26 Aug 2014 03:11:30 +0300

Dear All,

I have lately installed squid 3.3.11 on Centos 6.5 x86_64 system. I have
configured it as a transparent SSL_BUMP proxy. All is working well I can
browse all SSL websites successfully after I have imported my generated CA
file. The problem is that no matter how many times I request the SSL
websites I always get a TCP_MISS in the squid access log. Among other
websites I am trying to cache yahoo.com, facebook and youtube but most
websites are always being served directly from source nothing is being
served for the squid proxy. Please find below my configuration files. I
deeply value any help on this matter.

Squid setup settings:

Squid Cache: Version 3.3.11
configure options:� '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr'
'--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--with-logdir=$(localstatedir)/log/squid'
'--with-pidfile=$(localstatedir)/run/squid.pid'
'--disable-dependency-tracking' '--enable-eui'
'--enable-follow-x-forwarded-for' '--enable-auth'
'--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam'
'--enable-auth-ntlm=smb_lm,fake'
'--enable-auth-digest=file,LDAP,eDirectory'
'--enable-auth-negotiate=kerberos,wrapper'
'--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,AD_group'
'--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
'--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
'--enable-ident-lookups' '--enable-linux-netfilter'
'--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl'
'--enable-ssl-crtd' '--enable-storeio=aufs,diskd,ufs,rock'
'--enable-wccpv2' '--enable-esi' '--enable-zph-qos' '--with-aio'
'--with-default-user=squid' '--with-filedescriptors=65535' '--with-dl'
'--with-openssl' '--with-pthreads' '--disable-arch-native'
'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu'
'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic' 'CXXFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC'
'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig'

squid.conf file:

acl snmppublic snmp_community public
acl bamboe src 10.128.135.0/24
#uncomment noway url, if necessary.
#acl noway url_regex -i "/etc/squid/noway"
acl SSL_ports port 443
acl Safe_ports port 80��������� # http
acl Safe_ports port 1935��������� # http acl Safe_ports port 21��������� #
ftp acl Safe_ports port 443�������� # https acl Safe_ports port 70���������
# gopher acl Safe_ports port 210�������� # wais acl Safe_ports port
1025-65535� # unregistered ports acl Safe_ports port 280�������� # http-mgmt
acl Safe_ports port 488�������� # gss-http acl Safe_ports port 591�������� #
filemaker acl Safe_ports port 777�������� # multiling http

acl CONNECT method CONNECT
#http_access deny noway
http_access allow manager localhost
http_access allow bamboe
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
htcp_access deny all
miss_access allow all

# NETWORK OPTIONS
http_port 8080
http_port 8082 intercept
https_port 8081 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=8MB cert=/etc/squid/myconfigure.pem
key=/etc/squid/myconfigure.pem ssl_bump server-first all always_direct allow
all sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER

sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 8MB
sslcrtd_children 5 hierarchy_stoplist cgi-bin ? .js .jsp mivo.tv
192.168.10.29 192.168.10.30 static.videoku.tv acl QUERY urlpath_regex
cgi-bin \? .js .jsp 192.168.10.29 192.168.10.30 youtube.com indowebster.com
static.videoku.tv no_cache deny QUERY

#� MEMORY CACHE OPTIONS
cache_mem 6000 MB
maximum_object_size_in_memory 16 KB
memory_replacement_policy heap GDSF

# DISK CACHE OPTIONS
cache_replacement_policy heap LFUDA
cache_dir aufs /cache1 300000 64 256
store_dir_select_algorithm least-load
minimum_object_size 16 KB
maximum_object_size 2 GB
cache_swap_low 97
cache_swap_high 99

#LOGFILE OPTIONS
access_log stdio:/var/log/squid/access.log cache_log
/var/log/squid/cache.log cache_store_log none cache_swap_log
/cache1/swap.state logfile_rotate 5 log_icp_queries off buffered_logs off

#OPTIONS FOR TUNING THE CACHE
refresh_pattern -i \.swf$ 20160 80% 20160� override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i \.gif$ 20160 80% 20160� override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i \.jpg$ 20160 80% 20160� override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i \.jpeg$ 20160 80% 20160� override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache ignore-private� ignore-auth
refresh_pattern -i \.exe$ 20160 80% 20160� override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache ignore-private� ignore-auth

# 1 year = 525600 mins, 1 month = 20160 mins, 1 day = 1440 refresh_pattern
^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.ad
brite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xte
ndmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-a
dvertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adse
rving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 20160 20%
20160 ignore-no-cache� ignore-private override-expire ignore-reload
ignore-auth refresh_pattern ^.*safebrowsing.*google
20160 80% 20160 override-expire ignore-reload ignore-no-cache ignore-private
ignore-auth refresh_pattern
^https://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk)
20160 80% 20160 override-expire ignore-reload ignore-private refresh_pattern
ytimg\.com�������������������������������������� 20160 80%
20160 override-expire ignore-reload
refresh_pattern images\.friendster\.com.*\.(png|gif)
20160 80% 20160 override-expire ignore-reload refresh_pattern garena\.com
20160 80% 20160 override-expire reload-into-ims refresh_pattern
photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)
20160 80% 20160 override-expire ignore-reload refresh_pattern
vid\.akm\.dailymotion\.com.*\.on2\?
20160 80% 20160 ignore-no-cache override-expire override-lastmod
refresh_pattern
mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)��� 20160 80%
20160 reload-into-ims override-expire ignore-private refresh_pattern
^http:\/\/images|pics|thumbs[0-9]\.
20160 80% 20160 reload-into-ims ignore-no-cache� ignore-reload
override-expire refresh_pattern ^http:\/\/www.onemanga.com.*\/
20160 80% 20160 reload-into-ims ignore-no-cache� ignore-reload
override-expire refresh_pattern
^http://v\.okezone\.com/get_video\/([a-zA-Z0-9])
20160 80% 20160 override-expire ignore-reload ignore-no-cache ignore-private
ignore-auth override-lastmod #images facebook refresh_pattern -i
\.facebook.com����������������� 20160 80% 20160 ignore-reload
override-expire ignore-no-cache

# Facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif|css)
20160 80% 20160 ignore-reload� override-expire ignore-no-cache
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)
20160 80% 20160 ignore-reload� override-expire ignore-no-cache
refresh_pattern� static\.ak\.fbcdn\.net*\.(jpg|gif|png)
20160 80% 20160 ignore-reload� override-expire ignore-no-cache
refresh_pattern ^https:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)
20160 80% 20160 ignore-reload� override-expire ignore-no-cache
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)
20160 80% 20160 ignore-reload override-expire ignore-no-cache
refresh_pattern� static\.ak\.fbcdn\.net*\.(jpg|gif|png)
20160 80% 20160 ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)
20160 80% 20160 ignore-reload override-expire ignore-no-cache

#All File
refresh_pattern -i
\.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt)������ 20160
80% 20160 ignore-no-cache�� override-expire override-lastmod reload-into-ims
refresh_pattern -i
\.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar)� 20160
80% 20160 ignore-no-cache�� override-expire override-lastmod reload-into-ims
refresh_pattern -i
\.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll)�������� 20160
80% 20160 ignore-no-cache�� override-expire override-lastmod reload-into-ims
refresh_pattern -i
\.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|sn
d|vob) 20160 80% 20160 ignore-no-cache�� override-expire
d|override-lastmod
reload-into-ims
refresh_pattern -i
\.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|
x-flv) 20160 80% 20160 ignore-no-cache�� override-expire override-lastmod
reload-into-ims refresh_pattern ^ftp:���������� 1440��� 90%���� 201600�
override-lastmod reload-into-ims refresh_pattern ^gopher:������� 1440���
0%����� 1440��� override-lastmod reload-into-ims refresh_pattern
(cgi-bin|\?)��� 0������ 0%����� 0 refresh_pattern .� �������������1440���
80%���� 201600 override-lastmod reload-into-ims quick_abort_min 64 KB
quick_abort_max 64 KB quick_abort_pct 95

shutdown_lifetime 10 seconds
half_closed_clients off
cache_effective_user squid
cache_effective_group squid

dns_nameservers 127.0.0.1 46.20.98.62 8.8.8.8 8.8.4.4 ipcache_size 2048
ipcache_low 90 ipcache_high 95

#another optimizing
memory_pools off
client_db on
coredump_dir /cache1
reload_into_ims on
balance_on_multiple_ip on
vary_ignore_expire on
pipeline_prefetch on
max_filedescriptors 65535

#MARKING ZPH for squid 3.1
qos_flows local-hit=0x30

extracts from access.log:

1409008205.780� 55164 10.128.135.3 TCP_MISS/200 602 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008262.400� 55233 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008318.273� 55166 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008374.149� 55167 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008400.029��� 215 10.128.135.3 TCP_MISS/200 1640 POST
https://tools.google.com/service/update2? - HIER_DIRECT/173.194.35.2
text/xml
1409008430.036� 55169 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008462.103��� 225 10.128.135.3 TCP_MISS/200 1580 POST
https://www.facebook.com/ajax/chat/buddy_list.php -
HIER_DIRECT/31.13.93.17 application/x-javascript
1409008485.934� 55164 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008541.849� 55166 10.128.135.3 TCP_MISS/200 602 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008598.386� 55165 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008654.275� 55166 10.128.135.3 TCP_MISS/200 602 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008710.154� 55168 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008716.949��� 194 10.128.135.3 TCP_MISS/200 412 GET
https://clients3.google.com/crsignal/client? - HIER_DIRECT/173.194.39.32
application/json
1409008762.710��� 166 10.128.135.3 TCP_MISS/200 1580 POST
https://www.facebook.com/ajax/chat/buddy_list.php -
HIER_DIRECT/31.13.81.97 application/x-javascript
1409008766.061� 55167 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008824.407� 55167 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008880.535� 55165 10.128.135.3 TCP_MISS/200 602 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008936.620� 55165 10.128.135.3 TCP_MISS/200 602 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409008992.479� 55163 10.128.135.3 TCP_MISS/200 602 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009048.489� 55233 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009063.325��� 288 10.128.135.3 TCP_MISS/200 1579 POST
https://www.facebook.com/ajax/chat/buddy_list.php -
HIER_DIRECT/31.13.80.49 application/x-javascript
1409009087.790��� 256 10.128.135.3 TCP_MISS/200 1471 POST
https://safebrowsing.google.com/safebrowsing/downloads? -
HIER_DIRECT/173.194.39.35 application/vnd.google.safebrowsing-update
1409009088.230��� 136 10.128.135.3 TCP_MISS/200 1742 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChVnb29nLWJhZGJpbnVy
bC1zaGF2YXIQARiJjQIgsI0CKgmNhgAA_____w8yBYmGAAAP -
HIER_DIRECT/173.194.35.103 application/vnd.google.safebrowsing-chunk
1409009088.562���� 56 10.128.135.3 TCP_MISS/200 1436 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChVnb29nLWJhZGJpbnVy
bC1zaGF2YXIQABiF6AEgmOgBKgYOdAAA_wcyBgV0AAD_AQ -
HIER_DIRECT/173.194.35.103 application/vnd.google.safebrowsing-chunk
1409009088.901���� 58 10.128.135.3 TCP_MISS/200 2762 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUt
c2hhdmFyEAEY-dYIIKDXCCoJgSsCAP____8AMgZ5KwIA_wA -
HIER_DIRECT/173.194.35.103 application/vnd.google.safebrowsing-chunk
1409009089.239���� 56 10.128.135.3 TCP_MISS/200 1945 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUt
c2hhdmFyEAAYhZQJIJiUCSoGDUoCAP8PMgYFSgIA_wA - HIER_DIRECT/173.194.35.103
application/vnd.google.safebrowsing-chunk
1409009089.589���� 59 10.128.135.3 TCP_MISS/200 659 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNo
YXZhchABGIGHCyCAjAsqVIXDAgD_______________________________________________
__________________________________________________________DzIFgcMCAA8 -
HIER_DIRECT/173.194.35.103 application/vnd.google.safebrowsing-chunk
1409009089.923���� 57 10.128.135.3 TCP_MISS/200 2635 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNo
YXZhchAAGIP5FCCM-RQyBoM8BQD_Aw - HIER_DIRECT/173.194.35.103
application/vnd.google.safebrowsing-chunk
1409009090.251���� 57 10.128.135.3 TCP_MISS/200 1117 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNo
YXZhchAAGI35FCCg-RQqB5A8BQD__wEyBY08BQAH - HIER_DIRECT/173.194.35.103
application/vnd.google.safebrowsing-chunk
1409009104.366� 55165 10.128.135.3 TCP_MISS/200 1547 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009160.254� 55164 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009216.115� 55167 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009272.613� 55591 10.128.135.3 TCP_MISS/200 602 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009329.063� 55168 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009363.999��� 338 10.128.135.3 TCP_MISS/200 2916 POST
https://www.facebook.com/ajax/chat/buddy_list.php -
HIER_DIRECT/179.60.192.65 application/x-javascript
1409009384.920� 55168 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009440.846� 55167 10.128.135.3 TCP_MISS/200 602 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009496.713� 55165 10.128.135.3 TCP_MISS/200 602 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009505.577��� 160 10.128.135.3 TCP_MISS/302 737 GET
https://nexus.officeapps.live.com/nexus/rules? -
HIER_DIRECT/137.117.165.100 text/plain
1409009506.362��� 757 10.128.135.3 TCP_MISS/200 70281 GET
https://nexus.officeapps.live.com/nexus/rules/_t789ltHouvFHfjsttlvpFjDHPGj
yxi6085tDM0Usuc - HIER_DIRECT/137.117.165.100
application/vnd.ms-nexus-rules-v2+xml
1409009512.443��� 223 10.128.135.3 TCP_MISS/200 1558 GET
https://outlook.linkedinlabs.com/osc/capabilities? -
HIER_DIRECT/54.84.41.245 text/xml
1409009552.593� 55165 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009608.462� 55165 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009664.563� 55165 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009664.737��� 289 10.128.135.3 TCP_MISS/200 1579 POST
https://www.facebook.com/ajax/chat/buddy_list.php -
HIER_DIRECT/179.60.192.65 application/x-javascript
1409009720.453� 55166 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009759.349��� 265 10.128.135.3 TCP_MISS/200 1355 POST
https://safebrowsing.google.com/safebrowsing/downloads? -
HIER_DIRECT/173.194.39.35 application/vnd.google.safebrowsing-update
1409009759.781��� 145 10.128.135.3 TCP_MISS/200 2190 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChVnb29nLWJhZGJpbnVy
bC1zaGF2YXIQARiJjQIgsI0CKgmOhgAA_____wcyBYmGAAAf -
HIER_DIRECT/173.194.35.99 application/vnd.google.safebrowsing-chunk
1409009759.849���� 57 10.128.135.3 TCP_MISS/200 1452 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChVnb29nLWJhZGJpbnVy
bC1zaGF2YXIQABiF6AEgmOgBKgYPdAAA_wMyBgV0AAD_Aw - HIER_DIRECT/173.194.35.99
application/vnd.google.safebrowsing-chunk
1409009759.915���� 57 10.128.135.3 TCP_MISS/200 1946 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUt
c2hhdmFyEAAYhZQJIJiUCSoGDUoCAP8PMgYFSgIA_wA - HIER_DIRECT/173.194.35.99
application/vnd.google.safebrowsing-chunk
1409009759.983���� 57 10.128.135.3 TCP_MISS/200 744 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNo
YXZhchABGIGHCyCAjAsqVIbDAgD_______________________________________________
__________________________________________________________BzIFgcMCAB8 -
HIER_DIRECT/173.194.35.99 application/vnd.google.safebrowsing-chunk
1409009760.049���� 58 10.128.135.3 TCP_MISS/200 1393 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNo
YXZhchAAGI35FCCg-RQqB5E8BQD__wAyBY08BQAP - HIER_DIRECT/173.194.35.99
application/vnd.google.safebrowsing-chunk
1409009776.344� 55167 10.128.135.3 TCP_MISS/200 602 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009832.702� 55251 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009845.118��� 247 10.128.135.3 TCP_MISS/201 631 POST
https://nexus.officeapps.live.com/nexus/upload/%7b6397977B-5B34-442C-8EBE-
F0C01C37BF0B%7d - HIER_DIRECT/137.117.165.100 -
1409009888.592� 55164 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009944.468� 55164 10.128.135.3 TCP_MISS/200 1578 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409009965.543��� 224 10.128.135.3 TCP_MISS/200 1579 POST
https://www.facebook.com/ajax/chat/buddy_list.php -
HIER_DIRECT/31.13.81.33 application/x-javascript
1409010000.344� 55166 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010056.252� 55164 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010112.134� 55168 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010168.629� 55167 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010224.500� 55165 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010266.179��� 246 10.128.135.3 TCP_MISS/200 1579 POST
https://www.facebook.com/ajax/chat/buddy_list.php -
HIER_DIRECT/179.60.192.65 application/x-javascript
1409010280.372� 55165 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010336.259� 55164 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010392.133� 55164 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010448.006� 55165 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010503.974� 55165 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010559.838� 55164 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010566.793��� 292 10.128.135.3 TCP_MISS/200 1579 POST
https://www.facebook.com/ajax/chat/buddy_list.php -
HIER_DIRECT/31.13.80.33 application/x-javascript
1409010615.707� 55165 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010671.826� 55164 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010727.699� 55164 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010783.668� 55165 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010839.526� 55163 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010867.422��� 255 10.128.135.3 TCP_MISS/200 2381 POST
https://www.facebook.com/ajax/chat/buddy_list.php -
HIER_DIRECT/31.13.80.33 application/x-javascript
1409010883.018��� 256 10.128.135.3 TCP_MISS/200 1350 POST
https://safebrowsing.google.com/safebrowsing/downloads? -
HIER_DIRECT/173.194.45.70 application/vnd.google.safebrowsing-update
1409010883.536��� 140 10.128.135.3 TCP_MISS/200 2191 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChVnb29nLWJhZGJpbnVy
bC1zaGF2YXIQARiJjQIgsI0CKgmOhgAA_____wcyBYmGAAAf -
HIER_DIRECT/173.194.44.0 application/vnd.google.safebrowsing-chunk
1409010883.903���� 64 10.128.135.3 TCP_MISS/200 2459 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChVnb29nLWJhZGJpbnVy
bC1zaGF2YXIQABiF6AEgmOgBKgYRdAAA_wAyBgV0AAD_Dw - HIER_DIRECT/173.194.44.0
application/vnd.google.safebrowsing-chunk
1409010884.266� ���64 10.128.135.3 TCP_MISS/200 2877 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUt
c2hhdmFyEAEY-dYIIKDXCCoIgisCAP___38yBnkrAgD_AQ - HIER_DIRECT/173.194.44.0
application/vnd.google.safebrowsing-chunk
1409010884.637���� 63 10.128.135.3 TCP_MISS/200 2133 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUt
c2hhdmFyEAAYhZQJIJiUCSoGDkoCAP8HMgYFSgIA_wE - HIER_DIRECT/173.194.44.0
application/vnd.google.safebrowsing-chunk
1409010885.001���� 64 10.128.135.3 TCP_MISS/200 855 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNo
YXZhchABGIGHCyCAjAsqVIfDAgD_______________________________________________
__________________________________________________________AzIFgcMCAD8 -
HIER_DIRECT/173.194.44.0 application/vnd.google.safebrowsing-chunk
1409010885.363���� 63 10.128.135.3 TCP_MISS/200 1716 GET
https://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNo
YXZhchAAGI35FCCg-RQqBpQ8BQD_HzIFjTwFAH8 - HIER_DIRECT/173.194.44.0
application/vnd.google.safebrowsing-chunk
1409010895.410� 55166 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json
1409010951.341� 55187 10.128.135.3 TCP_MISS/200 607 GET
https://0-channel-proxy-04-frc3.facebook.com/pull? -
HIER_DIRECT/173.252.107.16 application/json

As you can see all my https requests are being flagged as TCP_MISS no
TCP_HIT.

Extracts from cache.log:

Starting Squid Cache version 3.3.11 for x86_64-redhat-linux-gnu...
2014/08/26 00:25:08 kid1| Process ID 7955
2014/08/26 00:25:08 kid1| Process Roles: worker
2014/08/26 00:25:08 kid1| With 65535 file descriptors available
2014/08/26 00:25:08 kid1| Initializing IP Cache...
2014/08/26 00:25:08 kid1| DNS Socket created at [::], FD 7
2014/08/26 00:25:08 kid1| DNS Socket created at 0.0.0.0, FD 8
2014/08/26 00:25:08 kid1| Adding nameserver 127.0.0.1 from squid.conf
2014/08/26 00:25:08 kid1| Adding nameserver 46.20.98.62 from squid.conf
2014/08/26 00:25:08 kid1| Adding nameserver 8.8.8.8 from squid.conf
2014/08/26 00:25:08 kid1| Adding nameserver 8.8.4.4 from squid.conf
2014/08/26 00:25:08 kid1| helperOpenServers: Starting 5/5 'ssl_crtd'
processes
2014/08/26 00:25:08 kid1| Logfile: opening log /var/log/squid/access.log
2014/08/26 00:25:08 kid1| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2014/08/26 00:25:08 kid1| Store logging disabled
2014/08/26 00:25:08 kid1| Swap maxSize 307200000 + 6144000 KB, estimated
24103384 objects
2014/08/26 00:25:08 kid1| Target number of buckets: 1205169
2014/08/26 00:25:08 kid1| Using 2097152 Store buckets
2014/08/26 00:25:08 kid1| Max Mem� size: 6144000 KB
2014/08/26 00:25:08 kid1| Max Swap size: 307200000 KB
2014/08/26 00:25:08 kid1| Rebuilding storage in /cache1 (clean log)
2014/08/26 00:25:08 kid1| Using Least Load store dir selection
2014/08/26 00:25:08 kid1| Set Current Directory to /cache1
2014/08/26 00:25:08 kid1| Loaded Icons.
2014/08/26 00:25:08 kid1| HTCP Disabled.
2014/08/26 00:25:08 kid1| Sending SNMP messages from [::]:3401
2014/08/26 00:25:08 kid1| Squid plugin modules loaded: 0
2014/08/26 00:25:08 kid1| Adaptation support is off.
2014/08/26 00:25:08 kid1| Accepting HTTP Socket connections at
local=[::]:8080 remote=[::] FD 22 flags=9
2014/08/26 00:25:08 kid1| Accepting NAT intercepted HTTP Socket connections
at local=0.0.0.0:8082 remote=[::] FD 23 flags=41
2014/08/26 00:25:08 kid1| Accepting NAT intercepted SSL bumped HTTPS Socket
connections at local=0.0.0.0:8081 remote=[::] FD 24 flags=41
2014/08/26 00:25:08 kid1| Accepting SNMP messages on [::]:3401
2014/08/26 00:25:08 kid1| Done reading /cache1 swaplog (198 entries)
2014/08/26 00:25:08 kid1| Finished rebuilding storage from disk.
2014/08/26 00:25:08 kid1|����� �198 Entries scanned
2014/08/26 00:25:08 kid1|�������� 0 Invalid entries.
2014/08/26 00:25:08 kid1|�������� 0 With invalid flags.
2014/08/26 00:25:08 kid1|������ 198 Objects loaded.
2014/08/26 00:25:08 kid1|�������� 0 Objects expired.
2014/08/26 00:25:08 kid1|�������� 0 Objects cancelled.
2014/08/26 00:25:08 kid1|�������� 0 Duplicate URLs purged.
2014/08/26 00:25:08 kid1|�������� 0 Swapfile clashes avoided.
2014/08/26 00:25:08 kid1|�� Took 0.02 seconds (8174.05 objects/sec).
2014/08/26 00:25:08 kid1| Beginning Validation Procedure
2014/08/26 00:25:08 kid1|�� Completed Validation Procedure
2014/08/26 00:25:08 kid1|�� Validated 198 Entries
2014/08/26 00:25:08 kid1|�� store_swap_size = 11304.00 KB
2014/08/26 00:25:09 kid1| storeLateRelease: released 0 objects

Sincerely,

Ragheb Rustom
Smart Telecom S.A.R.L
Sin el fil Highway
Mirna Chalouhi Center - 8th Floor
Beirut, Lebanon
Telefax: +961-1-491582
Mobile: +961-3-286282
Email: ragheb_at_smartelecom.org
Received on Tue Aug 26 2014 - 00:12:08 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 26 2014 - 12:00:09 MDT