|
Home > Archive > Squid > May 2006 > cache_peer problem, works for half the sites I visit
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
cache_peer problem, works for half the sites I visit
|
|
| soregums@gmail.com 2006-05-18, 1:14 am |
| Environment
Squid Setup
win.client
=E2=86=95
win.squid =E2=86=92 gentoo.squid =E2=86=92 internet
So I have squidnt runing on my windows pc, which i then want to connect
to the gentoo squid and then i want that to go get the info from the
internet.
Newtork Path for http/s traffic (this is a bit complicated but it
works, a bit of latency, throughput is fine though)
Browser =E2=86=92 win.squid (127.0.0.1:3128) =E2=86=92 gentoo.squid
(127.0.0.1:8080) =E2=86=92 win.host (192.168.0.24) =E2=86=92 ssh tunnel =E2=
=86=92
gentoo.host (203.x.x.x:443) =E2=86=92 gentoo.squid (127.0.0.1:3128) =E2=86=
=92
Internet (http://www.google.com)
So I have a ssh tunnel between my windows pc and the gentoo box, I have
port 8080 forwarded to 127.0.0.1:3128 & port 8081 forwarded to
127.0.0.1:3130.
This is what i have in my squidnt squid.conf
<<<<<<< begin squid.conf (squidnt) >>>>>>>>>>>>>>>>
cache_peer 127.0.0.1 parent 8080 8081 default
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs c:/squid/var/cache 512 16 256
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
<<<<<<<< end squid.conf (squidnt) >>>>>>>>>>>>>>>>
And this is what I have in my gento.squid squid.conf
<<<<<<< begin squid.conf (gentoo.squid) >>>>>>>>>>>>>>>>
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
forwarded_for off
coredump_dir /var/cache/squid
<<<<<<<< end squid.conf (gentoo.squid) >>>>>>>>>>>>>>>>
This should work shouldn't it?
I've been to http://www.cnn.com and half the site loads under these
conditions, http://www.google.com doesn't load at all.... In the
access.log you see hits/miss's on both boxes.. I have live HTTP Headers
in friefox and both proxy's leave there mark in the headers on requests
that work.....
if i take my squidnt out of the loop and point the browser at
127.0.0.1:8080 as the proxy, everything works fine. I only visit a
handful of sites everyday and I'm trying to reduce the time it takes to
load these sites, some of them have a heap of static images on them for
example. The browser disk cache doesn't help as i have a sync job in
place that syncs my portable firefox config with my desktop at home,
sending this cache is a waste of bandwidth. (When i get a iPod with a
proper harddrive i'll just whack my portable firefox on that, in the
meantime this works great.)
Of course as soon as I get home and configure squidnt to go straight to
the net it works fine, ie taking gentoo.squid out of the cache_peer
arrangement.
the reason i'm doing this is our work firewall/proxy won't let me go to
google.com, works for most users, but there are a few of us that get
blocked, its a stupid block, but it exists, i'm not here to fix that
problem, I'm here to just get a working, unfiltered net connection 
my working solution is a ssh tunnel to gentoo.squid. I want to imporve
this by sticking a squid cache on my laptop to help reduce the
bandwidth & latency costs associated with my current working setup.
Thanks for any assistance ou might be able to offer
| |
| soregums@gmail.com 2006-05-18, 1:14 am |
| Sorry forgot the versions
(squidnt) squid-2.5.STABLE12 (12 Mar 2006)
(gentoo.squid) squid-2.5.12-r1
|
|
|
|
|