Re: [squid-users] no-cache , no-store

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 19 Mar 2011 12:27:02 +1300

On 19/03/11 02:44, N3O wrote:
> Hi amos
>
> Thanks for your reply.
>
> By turning setting session.cache_limiter off in php.ini would i be
> able to cache these php generated pages??

You would yes, provided the PHP scripts generating them do not deny it.

> Do you think my squid.conf is correct to cache the pages?? i only get
> a lot of TCP MISS in my access.log :(

So what headers are being sent around now?

  If you are testing with the refresh button be aware that it often
forces no-cache or at best revalidate to happen. Which results in an
IMS_MISS.
  Pressing enter in the address bar is the best test of normal traffic
HIT/MISS behaviour.

>
> This is my squid.conf:
> ------------------------------------------------------------------------------------------------------------
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32 ::1
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
>
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access deny manager
>
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports !Safe_ports
> http_access allow localnet
> http_access allow localhost
> http_access allow all
> http_access deny all
>
> visible_hostname www.xxx.com
>
> http_port 80 accel defaultsite=www.xxx.com
> http_port 80 accel ignore-cc
> cache_peer x.x.x.x parent 80 0 no-query originserver
> emulate_httpd_log on
> redirect_rewrites_host_header off
> forwarded_for on
>
> cache_dir ufs /usr/local/squid/var/cache 1000 16 256
> cache_mem 256 MB
> maximum_object_size_in_memory 128 KB
> coredump_dir /usr/local/squid/var/cache
>
> logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st
> "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
>
> access_log /var/log/squid/access.log combined
>
> logfile_rotate 10
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320

All these following refresh_patten do not work. The "." pattern above
catches *everything*.

> refresh_pattern -i \.(html|htm|css|js)$ 1440 50% 40320
> refresh_pattern -i \.php$ 1440 100% 40320 override-expire
> override-lastmod reload-into-ims
> refresh_pattern -i php\? 1440 100% 40320 override-expire
> override-lastmod reload-into-ims
> refresh_pattern -i \.xml$ 15 100% 20 override-expire override-lastmod
> reload-into-ims
> refresh_pattern . 1440 40% 40320
>
>
>
>
> On Thu, Mar 17, 2011 at 11:26 PM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
>> On 18/03/11 16:08, N3O wrote:
>>>
>>> Hello
>>> i'm using squid 3.1.11 as a reverse proxy.
>>> Is it possible to cache pages that show the no-cache, no-store
>>> directives in their http headers?
>>
>> "no-cache" do get cached. It only means that existing cached copies are not
>> to be sent to the requestor.
>>
>> "no-store" is set on pages which are absolutely not allowed to be stored to
>> any long-term media. ie cached.
>>
>>> Server: Apache/2.0.52 (Red Hat)
>>> Set-Cookie: PHPSESSID=de2721c82ebc2be4b9a388d2e6e3d66c; path=/
>>> Expires: Thu, 19 Nov 1981 08:52:00 GMT
>>> Cache-Control: private, no-cache, no-store, proxy-revalidate,
>>> no-transform
>>
>> In this case private indicates that the object contains some private
>> information. Caching this on a reverse-proxy will result in the cached copy
>> and thus the private information to be sent to all visitors. Major personal
>> info leakage usually resulting.
>>
>> Are you fighting with PHP defaults? the php.ini setting
>> session.cache_limiter can be turned to not add things. The app NEEDS to be
>> setting its own correctly with that off, may off-the-shelf seem to rely on
>> the defaults.
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE9 or 3.1.11
>> Beta testers wanted for 3.2.0.5
>>

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.11
   Beta testers wanted for 3.2.0.5
Received on Fri Mar 18 2011 - 23:27:07 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 22 2011 - 12:00:02 MDT