[squid-users] Squid 3 HTTP accelerator not caching content
So, I setup my first Squid 3.0STABLE9 proxy in HTTP accelerator mode over the weekend. Squid 3 is running on the same machine as the web server and here are my HTTP acceleration related config options: http_port 80 accel vhost cache_peer 192.168.1.19 parent 8085 0 no-query originserver login=PASS Here are the cache related options: cache_mem 64 MB maximum_object_size_in_memory 50 KB cache_replacement_policy heap LFUDA cache_dir aufs /mnt/drive3/squid-cache 500 32 256 As described in this mailing list thread: http://www2.gr.squid-cache.org/mail-archive/squid-users/199906/0756.html all of the entries in my store.log have RELEASE as the action: 1223864638.986 RELEASE -1 A1FE29E96A44936155BB873BDC882B12 200 1223864638-1 375007920 text/html 2197/2197 GET http://aaa.bbb.ccc.ddd/locations/ Here is a snipet from the cache.log file: 2008/10/12 21:23:36| Done reading /mnt/drive3/squid-cache swaplog (0 entries) 2008/10/12 21:23:36| Finished rebuilding storage from disk. 2008/10/12 21:23:36| 0 Entries scanned 2008/10/12 21:23:36| 0 Invalid entries. 2008/10/12 21:23:36| 0 With invalid flags. 2008/10/12 21:23:36| 0 Objects loaded. 2008/10/12 21:23:36| 0 Objects expired. 2008/10/12 21:23:36| 0 Objects cancelled. 2008/10/12 21:23:36| 0 Duplicate URLs purged. 2008/10/12 21:23:36| 0 Swapfile clashes avoided. 2008/10/12 21:23:36| Took 0.01 seconds ( 0.00 objects/sec). 2008/10/12 21:23:36| Beginning Validation Procedure 2008/10/12 21:23:36| Completed Validation Procedure 2008/10/12 21:23:36| Validated 25 Entries 2008/10/12 21:23:36| store_swap_size = 0 2008/10/12 21:23:37| storeLateRelease: released 0 objects 2008/10/12 21:24:07| Preparing for shutdown after 2 requests 2008/10/12 21:24:07| Waiting 30 seconds for active connections to finish 2008/10/12 21:24:07| FD 14 Closing HTTP connection 2008/10/12 21:24:38| Shutting down... 2008/10/12 21:24:38| FD 15 Closing ICP connection 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| Closing unlinkd pipe on FD 12 2008/10/12 21:24:38| storeDirWriteCleanLogs: Starting... 2008/10/12 21:24:38| Finished. Wrote 0 entries. 2008/10/12 21:24:38| Took 0.00 seconds ( 0.00 entries/sec). CPU Usage: 0.041 seconds = 0.031 user + 0.010 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): total space in arena:3644 KB Ordinary blocks: 3511 KB 8 blks Small blocks: 0 KB 1 blks Holding blocks: 1784 KB 9 blks Free Small blocks: 0 KB Free Ordinary blocks: 132 KB Total in use:5295 KB 145% Total free: 132 KB 4% 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| Squid Cache (Version 3.0.STABLE9): Exiting normally. I'm running on RedHat EL 5. With Squid running, I can access the website just fine and pages load without problems or issues. It's just nothing is being cached. This is my first time configuring Squid as a HTTP accelerator so I probably missed something when I set it up. Any ideas on what might be wrong? Thanks in advance for your time and assistance! :) Peace... Tom
Re: [squid-users] Squid 3 HTTP accelerator not caching content
> So, I setup my first Squid 3.0STABLE9 proxy in HTTP accelerator mode > over the weekend. Squid 3 is running on the same machine as the web > server and here are my HTTP acceleration related config options: > > http_port 80 accel vhost > cache_peer 192.168.1.19 parent 8085 0 no-query originserver login=PASS > > > Here are the cache related options: > > cache_mem 64 MB > maximum_object_size_in_memory 50 KB > cache_replacement_policy heap LFUDA > cache_dir aufs /mnt/drive3/squid-cache 500 32 256 > > As described in this mailing list thread: > > http://www2.gr.squid-cache.org/mail-archive/squid-users/199906/0756.html > > all of the entries in my store.log have RELEASE as the action: > > 1223864638.986 RELEASE -1 A1FE29E96A44936155BB873BDC882B12 200 > 1223864638-1 375007920 text/html 2197/2197 GET > http://aaa.bbb.ccc.ddd/locations/ > > Here is a snipet from the cache.log file: > > 2008/10/12 21:23:36| Done reading /mnt/drive3/squid-cache swaplog (0 > entries) > 2008/10/12 21:23:36| Finished rebuilding storage from disk. > 2008/10/12 21:23:36| 0 Entries scanned > 2008/10/12 21:23:36| 0 Invalid entries. > 2008/10/12 21:23:36| 0 With invalid flags. > 2008/10/12 21:23:36| 0 Objects loaded. > 2008/10/12 21:23:36| 0 Objects expired. > 2008/10/12 21:23:36| 0 Objects cancelled. > 2008/10/12 21:23:36| 0 Duplicate URLs purged. > 2008/10/12 21:23:36| 0 Swapfile clashes avoided. > 2008/10/12 21:23:36| Took 0.01 seconds ( 0.00 objects/sec). > 2008/10/12 21:23:36| Beginning Validation Procedure > 2008/10/12 21:23:36| Completed Validation Procedure > 2008/10/12 21:23:36| Validated 25 Entries > 2008/10/12 21:23:36| store_swap_size = 0 > 2008/10/12 21:23:37| storeLateRelease: released 0 objects > 2008/10/12 21:24:07| Preparing for shutdown after 2 requests > 2008/10/12 21:24:07| Waiting 30 seconds for active connections to finish > 2008/10/12 21:24:07| FD 14 Closing HTTP connection > 2008/10/12 21:24:38| Shutting down... > 2008/10/12 21:24:38| FD 15 Closing ICP connection > 2008/10/12 21:24:38| aioSync: flushing pending I/O operations > 2008/10/12 21:24:38| aioSync: done > 2008/10/12 21:24:38| Closing unlinkd pipe on FD 12 > 2008/10/12 21:24:38| storeDirWriteCleanLogs: Starting... > 2008/10/12 21:24:38| Finished. Wrote 0 entries. > 2008/10/12 21:24:38| Took 0.00 seconds ( 0.00 entries/sec). > CPU Usage: 0.041 seconds = 0.031 user + 0.010 sys > Maximum Resident Size: 0 KB > Page faults with physical i/o: 0 > Memory usage for squid via mallinfo(): > total space in arena:3644 KB > Ordinary blocks: 3511 KB 8 blks > Small blocks: 0 KB 1 blks > Holding blocks: 1784 KB 9 blks > Free Small blocks: 0 KB > Free Ordinary blocks: 132 KB > Total in use:5295 KB 145% > Total free: 132 KB 4% > 2008/10/12 21:24:38| aioSync: flushing pending I/O operations > 2008/10/12 21:24:38| aioSync: done > 2008/10/12 21:24:38| aioSync: flushing pending I/O operations > 2008/10/12 21:24:38| aioSync: done > 2008/10/12 21:24:38| Squid Cache (Version 3.0.STABLE9): Exiting normally. > > I'm running on RedHat EL 5. With Squid running, I can access the > website just fine and pages load without problems or issues. It's just > nothing is being cached. > > This is my first time configuring Squid as a HTTP accelerator so I > probably missed something when I set it up. Any ideas on what might be > wrong? > > Thanks in advance for your time and assistance! :) > Q) Do you have any of the routing access controls (http_access, never_direct, cache_peer_access, cache_peer_domain) which make squid pass the accelerated requests back to the web server properly? DNS should be pointing the domain at Squid so its DIRECT access lookups will normally loop back inwards and fail. The resulting error pages may not be cachable. Q) what does your access.log say about the requests? Q) are the test pages you are requesting cachable? This tester should tell you what and for how long it caches http://www.ircache.net/cgi-bin/cacheability.py Amos
Re: [squid-users] Squid 3 HTTP accelerator not caching content
Amos Jeffries wrote: So, I setup my first Squid 3.0STABLE9 proxy in HTTP accelerator mode over the weekend. Squid 3 is running on the same machine as the web server and here are my HTTP acceleration related config options: http_port 80 accel vhost cache_peer 192.168.1.19 parent 8085 0 no-query originserver login=PASS Here are the cache related options: cache_mem 64 MB maximum_object_size_in_memory 50 KB cache_replacement_policy heap LFUDA cache_dir aufs /mnt/drive3/squid-cache 500 32 256 As described in this mailing list thread: http://www2.gr.squid-cache.org/mail-archive/squid-users/199906/0756.html all of the entries in my store.log have RELEASE as the action: 1223864638.986 RELEASE -1 A1FE29E96A44936155BB873BDC882B12 200 1223864638-1 375007920 text/html 2197/2197 GET http://aaa.bbb.ccc.ddd/locations/ Here is a snipet from the cache.log file: 2008/10/12 21:23:36| Done reading /mnt/drive3/squid-cache swaplog (0 entries) 2008/10/12 21:23:36| Finished rebuilding storage from disk. 2008/10/12 21:23:36| 0 Entries scanned 2008/10/12 21:23:36| 0 Invalid entries. 2008/10/12 21:23:36| 0 With invalid flags. 2008/10/12 21:23:36| 0 Objects loaded. 2008/10/12 21:23:36| 0 Objects expired. 2008/10/12 21:23:36| 0 Objects cancelled. 2008/10/12 21:23:36| 0 Duplicate URLs purged. 2008/10/12 21:23:36| 0 Swapfile clashes avoided. 2008/10/12 21:23:36| Took 0.01 seconds ( 0.00 objects/sec). 2008/10/12 21:23:36| Beginning Validation Procedure 2008/10/12 21:23:36| Completed Validation Procedure 2008/10/12 21:23:36| Validated 25 Entries 2008/10/12 21:23:36| store_swap_size = 0 2008/10/12 21:23:37| storeLateRelease: released 0 objects 2008/10/12 21:24:07| Preparing for shutdown after 2 requests 2008/10/12 21:24:07| Waiting 30 seconds for active connections to finish 2008/10/12 21:24:07| FD 14 Closing HTTP connection 2008/10/12 21:24:38| Shutting down... 2008/10/12 21:24:38| FD 15 Closing ICP connection 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| Closing unlinkd pipe on FD 12 2008/10/12 21:24:38| storeDirWriteCleanLogs: Starting... 2008/10/12 21:24:38| Finished. Wrote 0 entries. 2008/10/12 21:24:38| Took 0.00 seconds ( 0.00 entries/sec). CPU Usage: 0.041 seconds = 0.031 user + 0.010 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): total space in arena:3644 KB Ordinary blocks: 3511 KB 8 blks Small blocks: 0 KB 1 blks Holding blocks: 1784 KB 9 blks Free Small blocks: 0 KB Free Ordinary blocks: 132 KB Total in use:5295 KB 145% Total free: 132 KB 4% 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| Squid Cache (Version 3.0.STABLE9): Exiting normally. I'm running on RedHat EL 5. With Squid running, I can access the website just fine and pages load without problems or issues. It's just nothing is being cached. This is my first time configuring Squid as a HTTP accelerator so I probably missed something when I set it up. Any ideas on what might be wrong? Thanks in advance for your time and assistance! :) Q) Do you have any of the routing access controls (http_access, never_direct, cache_peer_access, cache_peer_domain) which make squid pass the accelerated requests back to the web server properly? I have the default http_access options except I have http_access allow all at the end of them: #Recommended minimum configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet # And finally deny all other access to this proxy #http_access deny all http_access allow all I did this mainly to get things working and I plan on refining these options. I do not have never_direct, cache_peer_access, cache_peer_domain explicitly set in the config file. DNS should be pointing the domain at Squid so its DIRECT access lookups will normally loop back inwards and fail. The resulting error pages may not be cachable. I'll be sure t
Re: [squid-users] Squid 3 HTTP accelerator not caching content
Henrik Nordstrom wrote: On mån, 2008-10-13 at 08:49 -0700, Tom Williams wrote: So, I setup my first Squid 3.0STABLE9 proxy in HTTP accelerator mode over the weekend. Squid 3 is running on the same machine as the web server and here are my HTTP acceleration related config options: http_port 80 accel vhost cache_peer 192.168.1.19 parent 8085 0 no-query originserver login=PASS Is authentication required to access the server? If so then the server need to return "Cache-Control: public" on the content which is non-private and should be cached. Keep in mind that such content will be accessible directly from the cache without using authentication. Currently, basic authentication is required to access the site. I wasn't aware of "Cache-Control: public" so I'll see about configuring the server to return this. This is a HTTP header, correct? Thanks! Peace... Tom
Re: [squid-users] Squid 3 HTTP accelerator not caching content
On tis, 2008-10-14 at 09:04 -0700, Tom Williams wrote: > > Is authentication required to access the server? If so then the server > > need to return "Cache-Control: public" on the content which is > > non-private and should be cached. > > > > Keep in mind that such content will be accessible directly from the > > cache without using authentication. > > > Currently, basic authentication is required to access the site. I > wasn't aware of "Cache-Control: public" so I'll see about configuring > the server to return this. This is a HTTP header, correct? It is. Without it authenticated content is considered private, and not cached by shared caches. With "public" the content is considered public for all to access, not really requiring authentication even if the request did include authentication. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Squid 3 HTTP accelerator not caching content
On mån, 2008-10-13 at 08:49 -0700, Tom Williams wrote: > So, I setup my first Squid 3.0STABLE9 proxy in HTTP accelerator mode > over the weekend. Squid 3 is running on the same machine as the web > server and here are my HTTP acceleration related config options: > > http_port 80 accel vhost > cache_peer 192.168.1.19 parent 8085 0 no-query originserver login=PASS Is authentication required to access the server? If so then the server need to return "Cache-Control: public" on the content which is non-private and should be cached. Keep in mind that such content will be accessible directly from the cache without using authentication. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Squid 3 HTTP accelerator not caching content
Tom Williams wrote: Amos Jeffries wrote: So, I setup my first Squid 3.0STABLE9 proxy in HTTP accelerator mode over the weekend. Squid 3 is running on the same machine as the web server and here are my HTTP acceleration related config options: http_port 80 accel vhost cache_peer 192.168.1.19 parent 8085 0 no-query originserver login=PASS Here are the cache related options: cache_mem 64 MB maximum_object_size_in_memory 50 KB cache_replacement_policy heap LFUDA cache_dir aufs /mnt/drive3/squid-cache 500 32 256 As described in this mailing list thread: http://www2.gr.squid-cache.org/mail-archive/squid-users/199906/0756.html all of the entries in my store.log have RELEASE as the action: 1223864638.986 RELEASE -1 A1FE29E96A44936155BB873BDC882B12 200 1223864638-1 375007920 text/html 2197/2197 GET http://aaa.bbb.ccc.ddd/locations/ Here is a snipet from the cache.log file: 2008/10/12 21:23:36| Done reading /mnt/drive3/squid-cache swaplog (0 entries) 2008/10/12 21:23:36| Finished rebuilding storage from disk. 2008/10/12 21:23:36| 0 Entries scanned 2008/10/12 21:23:36| 0 Invalid entries. 2008/10/12 21:23:36| 0 With invalid flags. 2008/10/12 21:23:36| 0 Objects loaded. 2008/10/12 21:23:36| 0 Objects expired. 2008/10/12 21:23:36| 0 Objects cancelled. 2008/10/12 21:23:36| 0 Duplicate URLs purged. 2008/10/12 21:23:36| 0 Swapfile clashes avoided. 2008/10/12 21:23:36| Took 0.01 seconds ( 0.00 objects/sec). 2008/10/12 21:23:36| Beginning Validation Procedure 2008/10/12 21:23:36| Completed Validation Procedure 2008/10/12 21:23:36| Validated 25 Entries 2008/10/12 21:23:36| store_swap_size = 0 2008/10/12 21:23:37| storeLateRelease: released 0 objects 2008/10/12 21:24:07| Preparing for shutdown after 2 requests 2008/10/12 21:24:07| Waiting 30 seconds for active connections to finish 2008/10/12 21:24:07| FD 14 Closing HTTP connection 2008/10/12 21:24:38| Shutting down... 2008/10/12 21:24:38| FD 15 Closing ICP connection 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| Closing unlinkd pipe on FD 12 2008/10/12 21:24:38| storeDirWriteCleanLogs: Starting... 2008/10/12 21:24:38| Finished. Wrote 0 entries. 2008/10/12 21:24:38| Took 0.00 seconds ( 0.00 entries/sec). CPU Usage: 0.041 seconds = 0.031 user + 0.010 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): total space in arena:3644 KB Ordinary blocks: 3511 KB 8 blks Small blocks: 0 KB 1 blks Holding blocks: 1784 KB 9 blks Free Small blocks: 0 KB Free Ordinary blocks: 132 KB Total in use:5295 KB 145% Total free: 132 KB 4% 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| Squid Cache (Version 3.0.STABLE9): Exiting normally. I'm running on RedHat EL 5. With Squid running, I can access the website just fine and pages load without problems or issues. It's just nothing is being cached. This is my first time configuring Squid as a HTTP accelerator so I probably missed something when I set it up. Any ideas on what might be wrong? Thanks in advance for your time and assistance! :) Q) Do you have any of the routing access controls (http_access, never_direct, cache_peer_access, cache_peer_domain) which make squid pass the accelerated requests back to the web server properly? I have the default http_access options except I have http_access allow all at the end of them: Ouch. You have a semi-open proxy. If anyone identifies your public IP they can point a domain DNS at your IP and have it accelerated. Or even configure port 80 as their proxy IP and browse through it. A firewall or NAT layer cannot prevent this happening. You should at the very least be limiting requests to the domains you are serving. I prefer a config like the one listed: http://wiki.squid-cache.org/SquidFaq/ReverseProxy#head-7fa129a6528d9a5c914f8dd5671668173e39e341 #Recommended minimum configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where bro
Re: [squid-users] Squid 3 HTTP accelerator not caching content
Henrik Nordstrom wrote: On ons, 2008-10-15 at 16:16 +1300, Amos Jeffries wrote: If anyone identifies your public IP they can point a domain DNS at your IP and have it accelerated. Or even configure port 80 as their proxy IP and browse through it. A firewall or NAT layer cannot prevent this happening. Only if always_direct is also used.. without always_direct in effect accelerated requests is not allowed to go direct and only allowed to be forwarded to known servers (cache_peer). This is just to make sure it's not too easy to make this kind of bad configuration you talk about. Regards Henrik Sigh. Can anyone tell me why I can't get my head to remember that? Henrik has told me several times. And every time he does I understand the truth of it and the code well enough. Amos -- Please use Squid 2.7.STABLE4 or 3.0.STABLE9
Re: [squid-users] Squid 3 HTTP accelerator not caching content
On ons, 2008-10-15 at 23:25 +1300, Amos Jeffries wrote: > Sigh. Can anyone tell me why I can't get my head to remember that? Because you normally work in forward proxy environment, not so much with reverse proxy setups? Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Squid 3 HTTP accelerator not caching content
On ons, 2008-10-15 at 16:16 +1300, Amos Jeffries wrote: > If anyone identifies your public IP they can point a domain DNS at your > IP and have it accelerated. Or even configure port 80 as their proxy IP > and browse through it. A firewall or NAT layer cannot prevent this > happening. Only if always_direct is also used.. without always_direct in effect accelerated requests is not allowed to go direct and only allowed to be forwarded to known servers (cache_peer). This is just to make sure it's not too easy to make this kind of bad configuration you talk about. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Squid 3 HTTP accelerator not caching content
Henrik Nordstrom wrote: On tis, 2008-10-14 at 09:04 -0700, Tom Williams wrote: Is authentication required to access the server? If so then the server need to return "Cache-Control: public" on the content which is non-private and should be cached. Keep in mind that such content will be accessible directly from the cache without using authentication. Currently, basic authentication is required to access the site. I wasn't aware of "Cache-Control: public" so I'll see about configuring the server to return this. This is a HTTP header, correct? It is. Without it authenticated content is considered private, and not cached by shared caches. With "public" the content is considered public for all to access, not really requiring authentication even if the request did include authentication. Regards Henrik Ok, I was able to conduct a test using a public page (authentication is NOT required) and I started seeing SWAPOUT and RELEASE entries in store.log. So, this confirms it was the authentication that was causing my problem. I haven't made the HTTP header change yet but that will happen at some point. :) Thanks! Peace... Tom
Re: [squid-users] Squid 3 HTTP accelerator not caching content
Amos Jeffries wrote: Tom Williams wrote: Amos Jeffries wrote: So, I setup my first Squid 3.0STABLE9 proxy in HTTP accelerator mode over the weekend. Squid 3 is running on the same machine as the web server and here are my HTTP acceleration related config options: http_port 80 accel vhost cache_peer 192.168.1.19 parent 8085 0 no-query originserver login=PASS Here are the cache related options: cache_mem 64 MB maximum_object_size_in_memory 50 KB cache_replacement_policy heap LFUDA cache_dir aufs /mnt/drive3/squid-cache 500 32 256 As described in this mailing list thread: http://www2.gr.squid-cache.org/mail-archive/squid-users/199906/0756.html all of the entries in my store.log have RELEASE as the action: 1223864638.986 RELEASE -1 A1FE29E96A44936155BB873BDC882B12 200 1223864638-1 375007920 text/html 2197/2197 GET http://aaa.bbb.ccc.ddd/locations/ Here is a snipet from the cache.log file: 2008/10/12 21:23:36| Done reading /mnt/drive3/squid-cache swaplog (0 entries) 2008/10/12 21:23:36| Finished rebuilding storage from disk. 2008/10/12 21:23:36| 0 Entries scanned 2008/10/12 21:23:36| 0 Invalid entries. 2008/10/12 21:23:36| 0 With invalid flags. 2008/10/12 21:23:36| 0 Objects loaded. 2008/10/12 21:23:36| 0 Objects expired. 2008/10/12 21:23:36| 0 Objects cancelled. 2008/10/12 21:23:36| 0 Duplicate URLs purged. 2008/10/12 21:23:36| 0 Swapfile clashes avoided. 2008/10/12 21:23:36| Took 0.01 seconds ( 0.00 objects/sec). 2008/10/12 21:23:36| Beginning Validation Procedure 2008/10/12 21:23:36| Completed Validation Procedure 2008/10/12 21:23:36| Validated 25 Entries 2008/10/12 21:23:36| store_swap_size = 0 2008/10/12 21:23:37| storeLateRelease: released 0 objects 2008/10/12 21:24:07| Preparing for shutdown after 2 requests 2008/10/12 21:24:07| Waiting 30 seconds for active connections to finish 2008/10/12 21:24:07| FD 14 Closing HTTP connection 2008/10/12 21:24:38| Shutting down... 2008/10/12 21:24:38| FD 15 Closing ICP connection 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| Closing unlinkd pipe on FD 12 2008/10/12 21:24:38| storeDirWriteCleanLogs: Starting... 2008/10/12 21:24:38| Finished. Wrote 0 entries. 2008/10/12 21:24:38| Took 0.00 seconds ( 0.00 entries/sec). CPU Usage: 0.041 seconds = 0.031 user + 0.010 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): total space in arena:3644 KB Ordinary blocks: 3511 KB 8 blks Small blocks: 0 KB 1 blks Holding blocks: 1784 KB 9 blks Free Small blocks: 0 KB Free Ordinary blocks: 132 KB Total in use:5295 KB 145% Total free: 132 KB 4% 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| Squid Cache (Version 3.0.STABLE9): Exiting normally. I'm running on RedHat EL 5. With Squid running, I can access the website just fine and pages load without problems or issues. It's just nothing is being cached. This is my first time configuring Squid as a HTTP accelerator so I probably missed something when I set it up. Any ideas on what might be wrong? Thanks in advance for your time and assistance! :) Q) Do you have any of the routing access controls (http_access, never_direct, cache_peer_access, cache_peer_domain) which make squid pass the accelerated requests back to the web server properly? I have the default http_access options except I have http_access allow all at the end of them: Ouch. You have a semi-open proxy. If anyone identifies your public IP they can point a domain DNS at your IP and have it accelerated. Or even configure port 80 as their proxy IP and browse through it. A firewall or NAT layer cannot prevent this happening. You should at the very least be limiting requests to the domains you are serving. I prefer a config like the one listed: http://wiki.squid-cache.org/SquidFaq/ReverseProxy#head-7fa129a6528d9a5c914f8dd5671668173e39e341 Thanks for this information. I knew my configuration wasn't secure but at this point, I don't leave the proxy running except for when I'm working on it. I'll review the config above and will use it as my test config from here on out. :) Thanks! Peace... Tom
Re: [squid-users] Squid 3 HTTP accelerator not caching content
Amos Jeffries wrote: Tom Williams wrote: Amos Jeffries wrote: So, I setup my first Squid 3.0STABLE9 proxy in HTTP accelerator mode over the weekend. Squid 3 is running on the same machine as the web server and here are my HTTP acceleration related config options: http_port 80 accel vhost cache_peer 192.168.1.19 parent 8085 0 no-query originserver login=PASS Here are the cache related options: cache_mem 64 MB maximum_object_size_in_memory 50 KB cache_replacement_policy heap LFUDA cache_dir aufs /mnt/drive3/squid-cache 500 32 256 As described in this mailing list thread: http://www2.gr.squid-cache.org/mail-archive/squid-users/199906/0756.html all of the entries in my store.log have RELEASE as the action: 1223864638.986 RELEASE -1 A1FE29E96A44936155BB873BDC882B12 200 1223864638-1 375007920 text/html 2197/2197 GET http://aaa.bbb.ccc.ddd/locations/ Here is a snipet from the cache.log file: 2008/10/12 21:23:36| Done reading /mnt/drive3/squid-cache swaplog (0 entries) 2008/10/12 21:23:36| Finished rebuilding storage from disk. 2008/10/12 21:23:36| 0 Entries scanned 2008/10/12 21:23:36| 0 Invalid entries. 2008/10/12 21:23:36| 0 With invalid flags. 2008/10/12 21:23:36| 0 Objects loaded. 2008/10/12 21:23:36| 0 Objects expired. 2008/10/12 21:23:36| 0 Objects cancelled. 2008/10/12 21:23:36| 0 Duplicate URLs purged. 2008/10/12 21:23:36| 0 Swapfile clashes avoided. 2008/10/12 21:23:36| Took 0.01 seconds ( 0.00 objects/sec). 2008/10/12 21:23:36| Beginning Validation Procedure 2008/10/12 21:23:36| Completed Validation Procedure 2008/10/12 21:23:36| Validated 25 Entries 2008/10/12 21:23:36| store_swap_size = 0 2008/10/12 21:23:37| storeLateRelease: released 0 objects 2008/10/12 21:24:07| Preparing for shutdown after 2 requests 2008/10/12 21:24:07| Waiting 30 seconds for active connections to finish 2008/10/12 21:24:07| FD 14 Closing HTTP connection 2008/10/12 21:24:38| Shutting down... 2008/10/12 21:24:38| FD 15 Closing ICP connection 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| Closing unlinkd pipe on FD 12 2008/10/12 21:24:38| storeDirWriteCleanLogs: Starting... 2008/10/12 21:24:38| Finished. Wrote 0 entries. 2008/10/12 21:24:38| Took 0.00 seconds ( 0.00 entries/sec). CPU Usage: 0.041 seconds = 0.031 user + 0.010 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): total space in arena:3644 KB Ordinary blocks: 3511 KB 8 blks Small blocks: 0 KB 1 blks Holding blocks: 1784 KB 9 blks Free Small blocks: 0 KB Free Ordinary blocks: 132 KB Total in use:5295 KB 145% Total free: 132 KB 4% 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| aioSync: flushing pending I/O operations 2008/10/12 21:24:38| aioSync: done 2008/10/12 21:24:38| Squid Cache (Version 3.0.STABLE9): Exiting normally. I'm running on RedHat EL 5. With Squid running, I can access the website just fine and pages load without problems or issues. It's just nothing is being cached. This is my first time configuring Squid as a HTTP accelerator so I probably missed something when I set it up. Any ideas on what might be wrong? Thanks in advance for your time and assistance! :) Q) Do you have any of the routing access controls (http_access, never_direct, cache_peer_access, cache_peer_domain) which make squid pass the accelerated requests back to the web server properly? I have the default http_access options except I have http_access allow all at the end of them: Ouch. You have a semi-open proxy. If anyone identifies your public IP they can point a domain DNS at your IP and have it accelerated. Or even configure port 80 as their proxy IP and browse through it. A firewall or NAT layer cannot prevent this happening. You should at the very least be limiting requests to the domains you are serving. I prefer a config like the one listed: http://wiki.squid-cache.org/SquidFaq/ReverseProxy#head-7fa129a6528d9a5c914f8dd5671668173e39e341 Thanks again for the tip. I've got a configuration similar to the one described in that article setup and it's working well. :) I still need to setup the HTTP headers accordingly but at least now I've got a better test bed. :) #Recommended minimum configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access service
