Re: [squid-users] Interception Caching Problems

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 26 Sep 2008 14:10:08 +1200 (NZST)

> Thanks all for the help. Amos, the following worked like a charm and
> thanks so much:
>
> Once thats working you can then go on to catch other common web server
> evasion ports (81, 87, 88, 8000, 8080, 8081, 8181, 8888, 3128, 1080, 2080)
>
> Redirectding just port 80 wasnn't accomplishing anything. Are there any
> other well used ports to cover, or are the ones above what you would stick
> with? I'm definately hitting now, though. We racked up 3 gigs in the cache
> in a couple of weeks.

Nice. Those ports are the ones I've confirmed as widely used. There are
likely others I have not found yet. And people can set their own custom
ones completely randomly.

The next thing to look at is whether you can have any type of L7 (HTTP)
protocol auto-detect at L3 (firewall) then you might want to set a snooper
going to locate more ports and divert specific src-IP:dst-port pairs as
they are found.
I've seen this being experimented on P2P traffic, but nothing yet for HTTP.

>
> The only outstanding issue I have is that cache.log reports everyting as a
> miss. I have the zph kernel patch applied. I can definately tell the
> difference in speed between hits and misses, but everything in the log
> says "Preserving TOS on miss". This isn't a huge issue now that we are
> hitting, but it would be beneficial to have the log accurately reflect
> hits and misses. Version is 3.0 stable 8.

From the fact its logging I assume you have the initial and the followup
patches applied.

Squid-3 should be logging 'ZPH Local hit' on HITS. Mayhap you need to
contact ZPH about a bug if it still exists there. They are still
maintaining the testing and use of their patch.

Amos
Received on Fri Sep 26 2008 - 02:10:16 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 26 2008 - 12:00:03 MDT