On 11/09/10 00:16, DjinnS wrote:
> Le 10/09/2010 12:58, Amos Jeffries a écrit :
>> The recent data attached hints that IMS requests are likely to return
>> a completely new object when a refresh check is performed. This may
>> wipe out any stored record of age on every request.
>
> Here the rest of the config file:
>
> ### ACLs
> acl all src all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl xXxXxXx src xXxXxXx
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 81 # http bis
> acl Safe_ports port 82 # http bis
> acl CONNECT method CONNECT
>
> acl xXxXxXx dstdomain xXxXxXx
> acl xXxXxXx dstdomain xXxXxXx
> acl xXxXxXx dstdomain xXxXxXx
> acl xXxXxXx dstdomain xXxXxXx
> acl xXxXxXx dstdomain xXxXxXx
> acl xXxXxXx dstdomain xXxXxXx
> acl xXxXxXx dstdomain xXxXxXx
> acl xXxXxXx dstdomain xXxXxXx
>
> # exclude from cache
> acl excludeURL url_regex \/imgs\/newsletter\/
> acl excludeURL url_regex \/sitemap_news\.xml$
> acl excludeURL url_regex \/membre\/
>
> # - PURGE
> acl PURGE method PURGE
> http_access allow PURGE localhost
> http_access deny PURGE
>
> http_access allow manager xXxXxXx
> http_access allow manager localhost
> http_access deny manager
> http_access deny SSL_ports
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow all
> icp_access deny all
> htcp_access deny all
>
> ### MODE
> http_port 80 accel vhost
Ah, all your strange http_access rules start to make some sense.
Running an accelerator you can dump most of the default http_access.
They are designed for forward proxies. CONNECT is not valid and rejected
on arrival. SSL_Ports and Safe_Ports should be irrelevant since clients
are connection to your 80 as the destination.
A normal accel config is much simpler with just a list the domains being
served through the proxy and permitting access to only them:
acl localDomains dstdomain .example.com
http_access allow localDomains
http_access deny all
Any other access config blocking public access to site areas is sugar on
the top.
<snip>
>
> no_cache deny excludeURL
If the excludeURL test matches this files URL it will not be stored.
The "no_" bit there has been an obsolete name for this option for many
versions.
<snip>
> ### DIVERS
> hierarchy_stoplist cgi-bin ?
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern (cgi-bin|\?) 0 0% 0
These three above should be last, right before the "." pattern. It may
be that the \? pattern matches your json file URL (and others from the
below list) and reduces the storage calculation to discard after 0 seconds.
Also, we have revised the pattern a bit these days:
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>
> # oxalide - cache static
> refresh_pattern -i \.gif$ 240 20% 240
> refresh_pattern -i \.png$ 240 20% 240
> refresh_pattern -i \.jpg$ 240 20% 240
> refresh_pattern -i \.jpeg$ 240 20% 240
> refresh_pattern -i \.ico$ 240 20% 240
> refresh_pattern -i \.js$ 240 20% 240
> refresh_pattern -i \.swf$ 240 20% 240
> refresh_pattern -i \.xml$ 240 20% 240
> refresh_pattern -i \.css$ 240 20% 240
>
> refresh_pattern . 0 20% 4320
<snip>
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2Received on Fri Sep 10 2010 - 13:41:27 MDT
This archive was generated by hypermail 2.2.0 : Fri Sep 10 2010 - 12:00:04 MDT