Re: [squid-users] Cache facebook, videos, dowloads, or just all files using squid on qnap

From: Elvar Sævarsson <elvarpa_at_icloud.com>
Date: Mon, 31 Mar 2014 23:15:21 +0000

This is version 3.1.16.5 yes i tryed to contact qnap but no answare

> On 31.3.2014, at 23:02, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
>> On 2014-04-01 10:07, Elvar Sævarsson wrote:
>> ? Please
>>> Can any one help me get this working?
>>> I have tryed everything.
>>> I am trying to use squid on qnap to cache all files or at least
>>> Facebook pictures and videos , webpages pictures( that works) videos and
>>> ads.
>>> Dowloads ( all dowloads iphone apps google play apps .exe .pdf or just all)
>
> What version of Squid is this?
> Have you tried getting help from QNAP?
>
> FYI: current release of Squid cache all that content by default quite well.
>
>
>>> This is my config file:
>>> # The user name and group name Squid will operate as
>>> cache_effective_user httpdusr
>>> cache_effective_group everyone
>
> ?? Strange. But not related to the problem.
>
> FYI: We recommend leaving the group directive undefined and adding the effective user account as a member of the group at the OS level.
>
>
>>> #
>>> # Recommended minimum configuration:
>>> #
>>> # Auth Method
>>> #auth_param basic program
>>> /share/MD0_DATA/.qpkg/Squid/opt/libexec/squid/ncsa_auth /etc/shadow
>>> #auth_param basic children 5
>>> #auth_param basic realm Squid proxy-caching web server
>>> #auth_param basic credentialsttl 2 hours
>>> acl manager proto cache_object
>>> acl localhost src 127.0.0.1/32 ::1
>>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
>>> # Example rule allowing access from your local networks.
>>> # Adapt to list your (internal) IP networks from where browsing
>>> # should be allowed
>>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
>>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
>>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>>> acl localnet src fc00::/7 # RFC 4193 local private network range
>>> acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
>>> acl SSL_ports port 443
>>> acl Safe_ports port 80 # http
>>> acl Safe_ports port 21 # ftp
>>> acl Safe_ports port 443 # https
>>> acl Safe_ports port 70 # gopher
>>> acl Safe_ports port 210 # wais
>>> acl Safe_ports port 1025-65535 # unregistered ports
>>> acl Safe_ports port 280 # http-mgmt
>>> acl Safe_ports port 488 # gss-http
>>> acl Safe_ports port 591 # filemaker
>>> acl Safe_ports port 777 # multiling http
>>> acl CONNECT method CONNECT
>>> #acl ncsa_users proxy_auth REQUIRED
>>> #
>>> # Recommended minimum Access Permission configuration:
>>> #
>>> # Only allow cachemgr access from localhost
>>> http_access allow manager localhost
>>> http_access deny manager
>>> # Deny requests to certain unsafe ports
>>> http_access deny !Safe_ports
>>> # Deny CONNECT to other than secure SSL ports
>>> http_access deny CONNECT !SSL_ports
>>> # We strongly recommend the following be uncommented to protect innocent
>>> # web applications running on the proxy server who think the only
>>> # one who can access services on "localhost" is a local user
>>> #http_access deny to_localhost
>>> #
>>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>>> #
>>> # Example rule allowing access from your local networks.
>>> # Adapt localnet in the ACL section to list your (internal) IP networks
>>> # from where browsing should be allowed
>>> http_access allow localnet
>>> #http_access allow ncsa_users
>>> # And finally deny all other access to this proxy
>>> http_access deny all
>>> # Squid normally listens to port 3128
>>> http_port 3128
>>> # We recommend you to use at least the following line.
>>> hierarchy_stoplist cgi-bin ?
>>> # Uncomment and adjust the following to add a disk cache directory.
>>> cache_dir ufs /share/MD0_DATA/.qpkg/Squid/opt/var/squid/cache 40000 16 256
>>> cache_mem 125 MB
>>> # Leave coredumps in the first cache dir
>>> coredump_dir /share/MD0_DATA/.qpkg/Squid/opt/var/squid/
>>> access_log /share/MD0_DATA/.qpkg/Squid/opt/var/squid/logs/access.log squid
>>> cache_log /share/MD0_DATA/.qpkg/Squid/opt/var/squid/logs/cache.log
>>> cache_store_log /share/MD0_DATA/.qpkg/Squid/opt/var/squid/logs/store.log
>>> # Add logfile rotated mechanism
>>> logfile_rotate 7
>>> debug_options rotate=1
>>> #
>>> mime_table /share/MD0_DATA/.qpkg/Squid/opt/etc/squid/mime.conf
>>> pid_filename /share/MD0_DATA/.qpkg/Squid/opt/var/squid/run/squid.pid
>>> diskd_program /share/MD0_DATA/.qpkg/Squid/opt/libexec/squid/diskd
>>> unlinkd_program /share/MD0_DATA/.qpkg/Squid/opt/libexec/squid/unlinkd
>>> icon_directory /share/MD0_DATA/.qpkg/Squid/opt/share/squid/icons
>>> err_page_stylesheet /share/MD0_DATA/.qpkg/Squid/opt/etc/squid/errorpage.css
>>> error_default_language en-us
>>> error_directory /share/MD0_DATA/.qpkg/Squid/opt/share/squid/errors/en-us
>>> # Add any of your own refresh_pattern entries above these.
>>> refresh_pattern (get_video|videoplayback\?|videodownload|\.flv|\.webm) 0 0%
>>> 0
>
> NP: this will prevent caching whenever ".flv" exists in the URL. Which will prevent several of the .flv patterns below being useful.
>
>>> refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire
>
> ... like this one will never be used.
>
>>> refresh_pattern ^ftp: 40320 20% 40320 override-expire reload-into-ims
>>> store-stale
>>> refresh_pattern ^gopher: 1440 0% 1440
>>> # facebook
>>> refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(png|gif) 5259487
>>> 999999% 5259487 override-expire ignore-reload store-stale
>>> refresh_pattern .fbcdn.net.*\.(jpg|gif|png) 5259487 999999% 5259487
>>> ignore-no-cache override-expire ignore-reload store-stale negative-ttl=0
>>> refresh_pattern -i
>>> .facebook.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar)
>>> 12960 999999% 129600 override-lastmod reload-into-ims ignore-reload
>>> ignore-no-cache ignore-auth store-stale
>
> NP: you already have the pattern facebook.com.*\.(png|gif) with different parameters.
>
> NP: you also already have a pattern for .flv. There are other examples like this one and the below.
>
>>> refresh_pattern -i
>>> .fbcdn.net.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar)
>>> 12960 999999% 129690 ignore-no-cache ignore-no-store reload-into-ims
>>> override-expire ignore-must-revalidate store-stale
>
> NP: you already have the pattern .fbcdn.net.*\.(jpg|gif|png) with different parameters.
>
>
>>> refresh_pattern -i
>>> .zynga.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 12960
>>> 999999% 129609 ignore-no-cache ignore-no-store reload-into-ims
>>> override-expire ignore-must-revalidate store-stale
>>> refresh_pattern -i
>>> .crowdstar.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv)
>>> 12960 999999% 129609 ignore-no-cache ignore-no-store reload-into-ims
>>> override-expire ignore-must-revalidate store-stale
>>> refresh_pattern ^http://static.ak.fbcdn.net*.(jpg|gif...gp|flv|swf|wmv)
>>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
>>> override-expire ignore-must-revalidate store-stale
>>> refresh_pattern
>>> ^http://videoxl.l[0-9].facebook.com/(.*)(3gp|flv|swf|wmv|mp(e?g|a|e|1|2|3|4))
>>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
>>> override-expire ignore-must-revalidate store-stale
>>> refresh_pattern ^http://*.channel.facebook.com/(.*)(j...?g|a|e|1|2|3|4))
>>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
>>> override-expire ignore-must-revalidate store-stale negative-ttl=0
>>> refresh_pattern ^http://video.ak.facebook.com*.(3gp|f...?g|a|e|1|2|3|4))
>>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
>>> override-expire ignore-must-revalidate store-stale
>>> refresh_pattern
>>> ^http://photos-[a-z].ak.fbcdn.net/(.*)(css|swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4))
>>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
>>> override-expire ignore-must-revalidate store-stale
>>> refresh_pattern ^http://profile.ak.fbcdn.net*.(jpg|gif|png) 129600 999999%
>>> 129600 ignore-no-cache ignore-no-store reload-into-ims override-expire
>>> ignore-must-revalidate store-stale
>>> refresh_pattern ^http://platform.ak.fbcdn.net/.* 720 100% 4320
>>> ignore-no-cache ignore-no-store reload-into-ims override-expire
>>> ignore-must-revalidate store-stale
>
> Regex patterns start and end with an implicit ".*" sequence unless anchored with ^ and $. The trailing .* is useless here.
>
> Also, facebook in recent times have become very cache friendly (apart from the HTTPS usage). It will mostly likely start to cache better when you remove these HTTP protocol violation options that are causing your Squid to ignore caching parameters.
>
>
>>> refresh_pattern ^http://creative.ak.fbcdn.net/.* 720 100% 4320
>>> ignore-no-cache ignore-no-store reload-into-ims override-expire
>>> ignore-must-revalidate store-stale
>
> Multiple lines differing only in domain name prefix can be collapsed down to one refresh_pattern to shorten the config and make it clearer what you are doing.
>
>
>>> refresh_pattern ^http://apps.facebook.com/.* 1200 100% 4320 ignore-no-cache
>>> ignore-no-store reload-into-ims override-expire ignore-must-revalidate
>>> store-stale
>>> refresh_pattern ^http://static.ak.fbcdn.net*.(js|css|jpg|gif|png) 129600
>>> 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
>>> override-expire ignore-must-revalidate store-stale
>>> refresh_pattern ^http://statics.poker.static.zynga.co...?g|a|e|1|2|3|4))
>>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
>>> override-expire ignore-must-revalidate store-stale
>>> refresh_pattern ^http://statics.poker.static.zynga.com/.* 720 100% 4320
>>> ignore-no-cache ignore-no-store reload-into-ims override-expire
>>> ignore-must-revalidate store-stale
>>> refresh_pattern ^http://*.zynga.com*.(swf|jpg|gif|png...?g|a|e|1|2|3|4))
>>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
>>> override-expire ignore-must-revalidate store-stale
>>> refresh_pattern
>>> ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bst
>>> ats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.goog
>>> lesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.co
>>> m|syndication\.com|media.fastclick.net).* 5259487 70% 5259487
>>> ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload
>>> ignore-auth ignore-must-revalidate store-stale negative-ttl=40320
>>> max-stale=1440
>>> refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9]) 129600 100%
>>> 129600 ignore-no-cache ignore-no-store reload-into-ims override-expire
>>> ignore-must-revalidate store-stale
>>> #antivirus
>>> refresh_pattern avast.com.*\.vpx 40320 50% 161280 store-stale
>>> reload-into-ims
>>> refresh_pattern (avgate|avira).*\.(idx|gz)$ 21900 90% 21900 ignore-reload
>>> ignore-no-cache ignore-no-store store-stale ignore-must-revalidate
>>> reload-into-ims
>>> refresh_pattern kaspersky.*\.avc$ 5259487 999999% 5259487 ignore-reload
>>> store-stale
>>> refresh_pattern kaspersky 31900 80% 161280 ignore-no-cache store-stale
>>> refresh_pattern mbamupdates.com.*\.ref 1440 50% 161280 reload-into-ims
>>> store-stale
>>> #situs lainnya
>>> refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280
>>> ignore-reload store-stale
>>> refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?|webm)
>>> 5259487 99999999% 5259487 override-expire ignore-reload store-stale
>>> ignore-private negative-ttl=0
>
> NP: this pattern is nearly a duplicate of the one at the top of the list, but with different parameters. All it does is apply these parameters to URL with:
> * the string "webm" but not with a '.' preceeding (eg ".webm"),
> * the string ".fl" but not with a 'v' on the end (eg ".flv"),
>
>
>>> refresh_pattern \.(ico|video-stats) 5259487 999999% 5259487 override-expire
>>> ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth
>>> override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale
>
> * ignore-auth does not do what you think. It *prevents* Squid from caching any authenticated responses. HTTP/1.1 permits caching authenticated responses provided strict revalidation is performed.
>
> * override-lastmod pretty much makes Squid drop the caching heuristics depending on Last-Modified header. Again *reducing* caching for objects which depend on it.
>
>>> refresh_pattern \.etology\? 5259487 999999% 5259487 override-expire
>>> ignore-reload ignore-no-cache store-stale
>>> refresh_pattern galleries\.video(\?|sz) 5259487 999999% 5259487
>>> override-expire ignore-reload ignore-no-cache store-stale
>>> refresh_pattern brazzers\? 5259487 999999% 5259487 override-expire
>>> ignore-reload ignore-no-cache store-stale
>>> refresh_pattern \.adtology\? 5259487 999999% 5259487 override-expire
>>> ignore-reload ignore-no-cache store-stale
>>> refresh_pattern ^.*safebrowsing.*google 5259487 999999% 5259487
>>> override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private
>>> ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale
>>> refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.id) 5259487
>>> 999999% 5259487 override-expire ignore-reload store-stale ignore-private
>>> negative-ttl=10080
>>> refresh_pattern ytimg\.com.*\.(jpg|png) 5259487 999999% 5259487
>>> override-expire ignore-reload store-stale
>>> refresh_pattern images\.friendster\.com.*\.(png|gif) 5259487 999999% 5259487
>>> override-expire ignore-reload store-stale
>>> refresh_pattern garena\.com 5259487 999999% 5259487 override-expire
>>> reload-into-ims store-stale
>>> refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487
>>> 999999% 5259487 override-expire ignore-reload store-stale
>>> refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 5259487 999999% 5259487
>>> ignore-no-cache override-expire override-lastmod store-stale
>>> refresh_pattern ^http:\/\/images|openx|pics|thumbs[0-9]\. 5259487 999999%
>>> 5259487 ignore-no-cache ignore-no-store ignore-reload override-expire
>>> store-stale
>>> refresh_pattern ^http:\/\/www.onemanga.com.*\/ 5259487 999999% 5259487
>>> reload-into-ims override-expire store-stale
>>> refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)
>>> 5259487 999999% 5259487 reload-into-ims override-expire ignore-private
>>> store-stale
>
> NP: you do not have to escape '/' characters in patterns.
>
>
>>> refresh_pattern speedtest.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png|swf|txt|js)
>>> 43800 90% 43800 store-stale negative-ttl=0
>>> refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487
>>> ignore-no-cache ignore-no-store reload-into-ims override-expire
>>> ignore-must-revalidate store-stale
>>> refresh_pattern \.(z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|vpu)
>>> 5259487 100% 5259487 override-expire reload-into-ims
>>> refresh_pattern \.(mp3|wav|og(g|a)|flac|midi?|rm|aac|wma|mka|ape) 5259487
>>> 100% 5259487 override-expire reload-into-ims ignore-reload
>>> refresh_pattern \.(exe|msi|dmg|bin|xpi|iso|swf|mar|psf|cab) 5259487 999999%%
>>> 5259487 override-expire reload-into-ims ignore-no-cache
>>> ignore-must-revalidate
>>> refresh_pattern
>>> \.(mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|wmv|m\dv|rv|vob|asx|ogm|flv|3gp|on2|webm)
>>> 5259487 100% 5259487 override-expire reload-into-ims
>>> refresh_pattern -i (cgi-bin) 0 0% 0
>
> This is incorrect. The pattern tuned for safety is:
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>
>>> refresh_pattern \.(php|jsp|cgi|asx)\? 1900 30% 1800
>>> refresh_pattern -i (pull) 21400 70% 21400 reload-into-ims ignore-no-cache
>>> ignore-must-revalidate store-stale negative-ttl=10080
>
> ( and ) around a pattern like this are useless.
>
>>> refresh_pattern . 0 50% 161280 store-stale
>
> All refresh_pattern lines following one with the '.' pattern will have no effect at all. These directives are order-dependent, only the first matching pattern is applied and '.' matches everything that reaches it.
>
> Also, a lot of these google and facebook patterns will never match because of HTTPS traffic. Unless you are decrypting the HTTPS traffic the path?query portion of URLs is unavailable, and if you are then the URL will contain either "https://" and/or port ":443" parts which are not handled in most of the above patterns.
>
> HTH
> Amos
Received on Mon Mar 31 2014 - 23:15:37 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 01 2014 - 12:00:05 MDT