there was a bug on some old version of squid.
you better use the newest version.
ELiezer
On 06/06/2012 18:01, mrnicholsb wrote:
> Im scratching my head here, Ive got an issue thats driving me bonkers...
>
> 1338994323.846 0 10.10.1.105 TCP_IMS_HIT/304 278 GET
> http://deviant.evil/ - NONE/- text/html
>
> Clearly this local site is being cached, what is frustrating is that I
> have the following meta tag on the page
>
> <meta http-equiv="Cache-control" content="no-cache">
>
> Yet squid is apparently ignoring that directive completely.
>
> Ok, no problem, so we set our conf up to always go direct for localnet
> acl right? No dice, still caching,
>
> Could one of you be so kind as to take a look at my conf and tell me why?
>
>
> ##############################################################
>
> #transparent because ddwrt is forwarding traffic to it
> http_port 3128 transparent
> #parent disabled due to location outside scope of firewall rules
> #cache_peer 192.168.1.205 parent 3128 3129 default
> # no-query no-digest
> never_direct deny all
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
> dns_nameservers 10.10.1.1
> hosts_file /etc/hosts
> cache_swap_low 95
> cache_swap_high 98
> access_log /var/log/squid3/access.log
> cache_mem 320 MB
> memory_pools on
> maximum_object_size_in_memory 512 KB
> maximum_object_size 400 MB
> log_icp_queries off
> half_closed_clients on
> cache_mgr mrnicholsb_at_gmail.com
> cache_dir ufs /mnt/secondary/var/spool/squid3 30000 32 256
> visible_hostname deviant.evil
> shutdown_lifetime 1 second
>
> #icap_enable on
> #icap_send_client_ip on
> #icap_send_client_username on
> #icap_client_username_encode off
> #icap_client_username_header X-Authenticated-User
> #icap_preview_enable on
> #icap_preview_size 1024
> #icap_service service_req reqmod_precache bypass=1
> icap://127.0.0.1:1344/squidclamav
> #adaptation_access service_req allow all
> #icap_service service_resp respmod_precache bypass=1
> icap://127.0.0.1:1344/squidclamav
> #adaptation_access service_resp allow all
>
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
> acl localnet src 10.10.1.0/24
> acl blacklist dstdomain "/mnt/secondary/squid3/squid-block.acl"
>
> acl SSL_ports port 443
> acl Safe_ports port 80
> acl Safe_ports port 21 # http
> acl Safe_ports port 443 # ftp
> acl Safe_ports port 70 # https
> acl Safe_ports port 210 # gopher
> acl Safe_ports port 1025-65535 # wais
> acl Safe_ports port 280 # unregistered ports
> acl Safe_ports port 488 # http-mgmt
> acl Safe_ports port 591 # gss-http
> acl Safe_ports port 777 # filemaker
> acl CONNECT method CONNECT # multiling http
>
> always_direct allow localnet
>
> #icp_access allow localnet
> #icp_access deny all
>
> http_access deny blacklist
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow localnet
> http_access deny all
>
>
> #Thanks heaps in advance. Squid 3.1.6-1.2 Debian Squeeze
>
>
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.ilReceived on Wed Jun 06 2012 - 15:06:19 MDT
This archive was generated by hypermail 2.2.0 : Wed Jun 06 2012 - 12:00:03 MDT