Re: [squid-users] Don't serve cached content for some acl

From: Nuno Fernandes <npf-mlists_at_eurotux.com>
Date: Fri, 3 Jun 2011 09:26:51 +0100

On Friday 03 June 2011, Amos Jeffries wrote:
> On 03/06/11 10:46, E.S. Rosenberg wrote:
> > If you want them to have a direct connection to the internet you could
> > use always_direct (or never_direct) (which also exists in squid 2.x).
> > Something like this:
> > acl servers src [ips/fqdns]
> > acl direct_sites {dst|dstdomain} {ips/fqdns|fqdns/domains}
> > always_direct allow servers direct_sites
>
> This is not relevant. always/never_direct only determin if cache_peer is
> used. It has no effect on bypassing Squid as implied above OR cached
> content being served up as originally asked.
>
> > Regards,
> > Eli
> >
> > 2011/6/2 Nuno Fernandes:
> >> Hello,
> >>
> >> Is it possible with squid 3.1 to have some kind of acl so that cached
> >> content doen't get served so some client machines.
>
> If the client wishes to use the slow route to the origin, replacing all
> cached content along the way, it sends "Cache-Control: no-cache" in its
> request headers.
>
> Please explain why you want to force some clients to use the slowest
> most inefficient and wasteful source for data? All the possible reasons
> I'm aware of have far better ways to achieve.

Ok.. let me explain..
In the scenario squid -> dansguardian -> squid (cache), the second squid
instance only does caching while the first does all the acl and auth work.

I want to remove the second instance of squid and send the dansguardian
requests back to the first instance for internet fetching and caching.

But if a content is deemed inproper (virus/content) by dansguardian, it's
already cached in the first squid and the following requests get served to
clients from cache and whithout going through dansguardian.

Hope it clears why in want that network clients that they don't get content
fron cache and only requests fron 127.0.0.1 (dansguardian) get the content
from cache.

Thanks,
Nuno Fernandes

>
> Note that cached content is checked for validity and freshness before
> sending to any client. Unless of course you willfully violate HTTP
> validation with refresh_pattern overrides.
>
> Amos
Received on Fri Jun 03 2011 - 08:26:54 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 04 2011 - 12:00:01 MDT