On 3/1/21 2:07 AM, Majed Zouhairy wrote: > i tried this, but neither the https download bandwidth restriction nor > caching seems to be working as expected
Squid cannot cache HTTP responses without bumping HTTPS traffic. This is a protocol-level limitation, not a bug. There are known delay pools bugs for not-bumped (i.e. tunneled or CONNECT) traffic. IIRC, the pools may work for some tunnels, but the imposed limits may vary significantly from the configured values. HTH, Alex. > acl slower src 10.46.10.78 > acl localnet src 10.46.10.0/24 > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 8080 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > acl blockfiles urlpath_regex -i "/etc/squid/blocks.files.acl" > > # > # Recommended minimum Access Permission configuration: > # > # Deny requests to certain unsafe ports > http_access deny !Safe_ports > > # Deny CONNECT to other than secure SSL ports > http_access deny CONNECT !SSL_ports > > # Only allow cachemgr access from localhost > http_access allow localhost manager > http_access deny manager > > # We strongly recommend the following be uncommented to protect innocent > # web applications running on the proxy server who think the only > # one who can access services on "localhost" is a local user > #http_access deny to_localhost > visible_hostname proxy.lk.sk > > > delay_pools 1 > delay_class 1 3 > delay_access 1 allow slower > delay_access 1 deny all > delay_parameters 1 51200/51200 -1/-1 51200/25600 > > http_access allow localnet > http_access allow localhost > > > > # And finally deny all other access to this proxy > http_access deny all > > # Squid normally listens to port 3128 > http_port 8080 > > # Uncomment and adjust the following to add a disk cache directory. > # Updates: chrome and acrobat > refresh_pattern -i gvt1.com/.*\.(exe|ms[i|u|f|p]|dat|zip|psf) 43200 80% > 129600 reload-into-ims > refresh_pattern -i adobe.com/.*\.(exe|ms[i|u|f|p]|dat|zip|psf) 43200 80% > 129600 reload-into-ims > > > > range_offset_limit 200 MB > maximum_object_size 200 MB > quick_abort_min -1 > > # DONT MODIFY THESE LINES > refresh_pattern \^ftp: 1440 20% 10080 > refresh_pattern \^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 43200 > > cache_dir ufs /var/cache/squid 3000 16 256 > > # Leave coredumps in the first cache dir > coredump_dir /var/cache/squid > > cache_mem 1024 MB > > netdb_filename none > > # > # Add any of your own refresh_pattern entries above these. > # > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > url_rewrite_program /usr/local/ufdbguard/bin/ufdbgclient -m 4 -l > /var/log/squid/ > url_rewrite_children 16 startup=8 idle=2 concurrency=4 > #debug_options ALL,1 33,2 28,9 > > > any help? > > > On 2/26/21 10:22 AM, Majed Zouhairy wrote: >> >> Health be Upon you, >> >> i want to cache certain files, let's say exe, msi... above 20MB and >> below 300MB, limit the cache directory to 3GB >> i have no ssl bump not configured >> version 4.14 >> how to do that? >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users