Re: [squid-users] small objects memory caching issue ?
On 05/12/10 06:59, vincent.blon...@ing.be wrote: After some memory upgrade to 4GB RAM, I am trying to optimize my squid caches to maintain as most as little objects in memory without storing them on disk. Big objects are not kept in memory but stored on disk. these are my config parameters ... cache_mem 600 MB memory_replacement_policy heap GDSF maximum_object_size_in_memory 16 KB cache_replacement_policy heap LFUDA minimum_object_size 16 KB maximum_object_size 100 KB cache_swap_low 95 cache_swap_high 95 acl QUERY urlpath_regex cgi-bin \? cache deny QUERY The above lines are no longer recommended. Dynamic content can be and is emitted with suitable headers for caching. many thks for your help, my cache is really behaving like a charm now ... Instead of this we recommend a new refresh_pattern added directly above the "." pattern one: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 can you give me some clarification on this because not so sure to understand everything ?? There is an RFC 2616 clause outlining the conditions under which dynamic content can be cached. The refresh pattern above parameterizes the cache freshness algorithm to obey that clause: adding 0 seconds to the past age, effectively removing non-cacheable dynamic content immediately. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3
Re: [squid-users] authentication problems
On 05/12/10 09:45, ant2ne wrote: I want to use squid and dansguardign to filter by groups. It is working, sort of. Problem 1, after launching the web browser it takes a very long time (a minute or 2) before the authentication dialog pops up. This needs to be instant. What am I doing wrong? Once it does finally pop up, I can authenticate and dansguardian does assign the proper filtering groups. The config below does not contain any reason for this slowness. Unless you have an abnormally large NCSA users file to be checked the problem is outside of Squid. Problem 2, I would like anyone who fails to authenticate to be assigned a user creditials; default-user. How would I do this? No reasonably secure browser sends credentials by default. Anyone who fails to authenticate is requested to send credentials. Problem 3, Can I edit the text of the authentication dialog box? Only the realm string. There are security attacks which can be done by sending dialog box text and modern browsers are closing even that limited ability down. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3
[squid-users] Re: authentication problems
Also, Is it possible to permit certain sites (automatic updates and anti-virus) with out any authentications? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/authentication-problems-tp3072735p3072745.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] authentication problems
I want to use squid and dansguardign to filter by groups. It is working, sort of. Problem 1, after launching the web browser it takes a very long time (a minute or 2) before the authentication dialog pops up. This needs to be instant. What am I doing wrong? Once it does finally pop up, I can authenticate and dansguardian does assign the proper filtering groups. Problem 2, I would like anyone who fails to authenticate to be assigned a user creditials; default-user. How would I do this? Problem 3, Can I edit the text of the authentication dialog box? Below this point is my squid.conf file... http_port 3128 # acl QUERY urlpath_regex cgi-bin \? #Removed by Amos, suggested to speed up web sites using media #cache_mem 512 MB# May need to set lower if I run low on RAM #maximum_object_size_in_memory 4096 KB #Increased by Amos, suggested to speed up web sites using media #maximum_object_size 1 GB #cache_dir aufs /cache 50 256 256 redirect_rewrites_host_header off cache_replacement_policy lru #auth_param basic program /usr/lib/squid/getpwnam_auth /etc/passwd # above may require this at the end -> /etc/passwd auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm blocker auth_param basic credentialsttl 12 hours auth_param basic casesensitive off #auth_param basic max_challenge_lifetime 2 minutes # above line fails acl ncsa_users proxy_auth REQUIRED acl all src all acl localnet src 192.168.0.0/255.255.0.0 acl localhost src 127.0.0.1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/8 acl Safe_ports port 80 81 443 210 119 70 21 1025-65535 acl SSL_Ports port 443 acl AUTH_users proxy_auth ant2ne xbox mandi #acl internalSite1 dstdomain eaplus.altonschools.org #acl internalSite2 dstdomain reports.altonschools.org acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_Ports http_access allow ncsa_users http_access allow AUTH_users #http_access allow reports_Printing #http_access allow internalSite1 #http_access allow internalSite2 http_access allow localnet http_access allow localhost http_access deny all icp_port 0 refresh_pattern \.jpg$ 3600 50% 60 refresh_pattern \.gif$ 3600 50% 60 refresh_pattern \.css$ 3600 50% 60 refresh_pattern \.js$ 3600 50% 60 refresh_pattern \.html$ 300 50% 10 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 #access_log /var/log/squid/access.log squid visible_hostname BLOCKER -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/authentication-problems-tp3072735p3072735.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: squid cache not updating?
Do I rebuild the cache? -- From: "J Webster" Sent: Friday, December 03, 2010 8:03 AM To: Subject: squid cache not updating? I have my cache mounted on a drive at /var/spool/squid. The other day I tied to mount a new folder also on the same drive, which is apparently not the best thing to do. Since then, I am not sure if my squid cache is updating or not. It seems to be stuck at 35Gb use and 16% capacity. Is there anyway to check if the cache is updating?
RE: [squid-users] small objects memory caching issue ?
> >> >> After some memory upgrade to 4GB RAM, I am trying to optimize my squid >> caches to maintain as most as little objects in memory without storing them >> on disk. Big objects are not kept in memory but stored on disk. >> >> these are my config parameters ... >> >> cache_mem 600 MB >> memory_replacement_policy heap GDSF >> maximum_object_size_in_memory 16 KB >> cache_replacement_policy heap LFUDA >> minimum_object_size 16 KB >> maximum_object_size 100 KB >> cache_swap_low 95 >> cache_swap_high 95 >> >> acl QUERY urlpath_regex cgi-bin \? >> cache deny QUERY > >The above lines are no longer recommended. Dynamic content can be and is >emitted with suitable headers for caching. > many thks for your help, my cache is really behaving like a charm now ... >Instead of this we recommend a new refresh_pattern added directly above >the "." pattern one: > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > can you give me some clarification on this because not so sure to understand everything ?? >> cache allow all >> >> I notice not all small objects are kept in memory but we are well speaking >> about objects ... >> >> * not containing ? in the query >> * smaller than 16KB >> * containing some explicit 'Content-Length' http header >> * not containing any 'pragma no-cache' header >> >> so my questions are ... >> >> Is 'squidclient mgr:vm_objects |egrep 'GET|POST'' really the command to get >> all objects in memory (or is there another command) and is this command >> real-time (or do we have to expect some delay ) ?? > >Yes it is. It is real-time as of the point at which squid started >processing that cachemgr request. > >> Is the instruction 'cache' applicable for all kind of caching (memory and >> disk) or this only for disabling disk caching ?? > >Yes this is a global control on cached objects. > >minimum_object_size and maximum_object_size are also global limits. > >By specifying "minimum_object_size 16KB" you are preventing caching of >those objects smaller. > >Since you have Squid 2.7 you have the min-size parameter available on >your cache_dir which prevents known smaller objects being stored there. > >I recommend a COSS directory for overflow of small objects from the RAM >cache. COSS is optimized for small object storage with disk-backing a >section of memory. The example COSS configs have all the settings you >need to play with for splitting by object size regardless of whether you >use COSS. > yes indeed it is foreseen but will be implemented in a next release because I first have to upgrade my package and integrating COSS in it .. not the case today. >Amos >-- >Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.9 > Beta testers wanted for 3.2.0.3 > - ATTENTION: This e-mail is intended for the exclusive use of the recipient(s). This e-mail and its attachments, if any, contain confidential information and/or information protected by intellectual property rights or other rights. This e-mail does not constitute any commitment for ING Belgium except when expressly otherwise agreed in a written agreement between the intended recipient and ING Belgium. If you receive this message by mistake, please, notify the sender with the "reply" option and delete immediately this e-mail from your system, and destroy all copies of it. You may not, directly or indirectly, use this e-mail or any part of it if you are not the intended recipient. Messages and attachments are scanned for all viruses known. If this message contains password-protected attachments, the files have NOT been scanned for viruses by the ING mail domain. Always scan attachments before opening them. - ING Belgium SA/NV - Bank/Lender - Avenue Marnix 24, B-1000 Brussels, Belgium - Brussels RPM/RPR - VAT BE 0403.200.393 - BIC (SWIFT) : BBRUBEBB - Account: 310-9156027-89 (IBAN BE45 3109 1560 2789). An insurance broker, registered with the Banking, Finance and Insurance Commission under the code number 12381A. ING Belgique SA - Banque/Preteur, Avenue Marnix 24, B-1000 Bruxelles - RPM Bruxelles - TVA BE 0403 200 393 - BIC (SWIFT) : BBRUBEBB - Compte: 310-9156027-89 (IBAN: BE45 3109 1560 2789). Courtier d'assurances inscrit a la CBFA sous le numero 12381A. ING Belgie NV - Bank/Kredietgever - Marnixlaan 24, B-1000 Brussel - RPR Brussel - BTW BE 0403.200.393 - BIC (SWIFT) : BBRUBEBB - Rekening: 310-9156027-89 (IBAN: BE45 3109 1560 2789). Verzekeringsmakelaar ingeschreven bij de CBFA onder het nr. 12381A. -
Re: [squid-users] Squid Help
On 04/12/10 22:25, benjamin fernandis wrote: Hi Friends, I installed Squid Cache: Version 3.1.8 on centos 5.5.And i configured basic setup in squid.After that when i do squid -k parse i m getting [r...@localhost ~]# squid -k parse 2010/12/04 15:08:52| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2010/12/04 15:08:52| Initializing https proxy context [r...@localhost ~]# What is the meaning of this message.? It means Squid is starting HTTPS components. Looks like a message appearing at the wrong output level. Beyond that nothing to worry about. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3
[squid-users] Squid Help
Hi Friends, I installed Squid Cache: Version 3.1.8 on centos 5.5.And i configured basic setup in squid.After that when i do squid -k parse i m getting [r...@localhost ~]# squid -k parse 2010/12/04 15:08:52| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2010/12/04 15:08:52| Initializing https proxy context [r...@localhost ~]# What is the meaning of this message.? I m able to do squid service start and stop. Thanks, Benjo
