Re: [squid-users] Help needed with Squid 3.0-STABLE12 reverse proxy messages in cache.log

From: Tom Williams <tomdkat_at_comcast.net>
Date: Fri, 23 Jan 2009 19:22:41 -0800

Chris Robertson wrote:
> Tom Williams wrote:
>> Amos Jeffries wrote:
>>> Tom Williams wrote:
>>>> I've got Squid 3.0-STABLE12 configured as a reverse proxy on RedHat
>>>> Enterprise Linux 5.
>>>>
>>>> We have pages for logged-in users we DO NOT want cached and pages
>>>> for anonymous users (not logged into the site) that we do want cached.
>>>>
>>>> We found this article which describes how to this:
>>>>
>>>> http://www.howtoforge.com/how-to-set-up-a-caching-reverse-proxy-with-squid-2.6-on-debian-etch-p2
>>>>
>>>>
>>>> Section 5 entitled "Different Content For Different Users"
>>>> describes what we want to do.
>>>>
>>>> Per that article, I've added these lines to my squid config file:
>>>>
>>>> acl set_logged_in_user_cookie rep_header Set-Cookie LOGGED_IN=Y
>>>> cache deny set_logged_in_user_cookie
>>>> acl clear_logged_in_user_cookie rep_header Cookie LOGGED_IN=Y
>>>> cache deny clear_logged_in_user_cookie
>>>> acl logged_in_user_cookie req_header Cookie LOGGED_IN=Y
>>>> cache deny logged_in_user_cookie
>>>>
>>>> During testing, I see a bunch of messages like this in my cache.log
>>>> file:
>>>>
>>>> 2009/01/22 23:52:35| ACL::checklistMatches WARNING:
>>>> 'set_logged_in_user_cookie' ACL is used but there is no HTTP reply
>>>> -- not matching.
>>>> 2009/01/22 23:52:35| ACL::checklistMatches WARNING:
>>>> 'clear_logged_in_user_cookie' ACL is used but there is no HTTP
>>>> reply -- not matching.
>>>>
>>>> What do these warning messages mean? Does this mean Squid didn't
>>>> see a HTTP header with "Set-Cookie LOGGED_IN=Y"?
>>>>
>>>> Peace...
>>>>
>>>> Tom
>>>>
>>>
>>> Squid checks to see whether something is allowed to be cached at the
>>> time it is requested. Not when the reply is already coming back.
>>> Seems daft yes, but thats the way its currently done.
>>>
>>> Which means until someone gets time or money to clean that up, you
>>> can only use request or connection information in the cache ACLs.
>>>
>>> Amos
>> Ok. If I'm understanding your correctly, the above acls won't work
>> because they are looking for a HTTP header that won't exist?
>
> Close. You are using rep_header, when you need to use req_header.
> Also any match for "cache deny" will remove the data from the cache.
> You might be better off seeing if you can add something to the URL of
> logged in users (a GET query term, or an added directory that gets
> mapped out on the back end) so you can use refresh_patterns. Even
> better, of course is using Cache-Control headers so other web caches
> know what data to cache, and what not to...

Thanks for the info! I believe the "LOGGED_IN=Y" is what we're trying
to key off of but your mentioning adding something to the URL raises
another issue we're having and that I'll save for another thread. :)

I'll look into refresh_patterns as well.

What do "rep_header" and "req_header" actually do? The squid.conf file
just says they do regular expression matching and that's about it.

We're also working out Cache-Control headers. :)

Thanks!

Peace...

Tom
Received on Sat Jan 24 2009 - 03:22:49 MST

This archive was generated by hypermail 2.2.0 : Sat Jan 24 2009 - 12:00:03 MST