I'm trying to setup squid in front of apache, but sometimes it caches error pages like 404, 403, and if apache is too busy at a time, squid can't get a page from it, it will cache an access denied error, have to refresh many times to get rid of the cache, how to setup rules to have squid not to cache these kind of error pages?
i'm using squid 2.6.
thanks for help.
Full Version: squid caches error pages
It's been a while (a long while) since I did anything with Squid, but what do you have negative_ttl set to in the config file? (Set it to 0...)
Will
Will
Thanks for your reply Will.
I don't have negative_ttl set on my squid.conf
May I ask what does it do?
I don't have negative_ttl set on my squid.conf
May I ask what does it do?
It tells Squid how long to cache an error response, such as the 404s and 403s you're reporting...I can't remember the default (like I said, it's been a while), but if I recall correctly, it's not 0. Try setting it to 0 and see if that solves your problem. (But realize that setting it to 0 will significantly increase the load on Apache if a popular link actually does result in an error...)
Also, make sure your browser's cache isn't getting in the way ("shift-refresh" generally deals with that).
Good luck!
Will
Also, make sure your browser's cache isn't getting in the way ("shift-refresh" generally deals with that).
Good luck!
Will
Default is 5 minutes I think. I have set it to 0, will keep monitoring hopefully solved the problem.
Thanks again.
Thanks again.
Hello Will,
I probably need more help, the error pages are still being cached. I tried to set negative_ttl 0 minute and negative_ttl 2 seconds, both don't work, error page still being cached.
Edit: nvm, seems the error page is because squid somehow crashed...
I probably need more help, the error pages are still being cached. I tried to set negative_ttl 0 minute and negative_ttl 2 seconds, both don't work, error page still being cached.
Edit: nvm, seems the error page is because squid somehow crashed...
Did you figure out why Squid crashed? I doubt it had anything to do with the negative_ttl setting...Did it leave a core?
Will
Will
I'm not sure why it crashed, i will monitor closely, probably have nothing to do with negative_ttl. I'm facing a new question now, so if I put squid on front of apache, the users will go to squid then to apache, the apache log the server ip instead of the user's ip, it's like they are using squid as a anonymous proxy, how do i set it to transparent?
I have squid on port 81
and apache on port 80
and use
iptables -t nat -A PREROUTING -i eth0 -d ! 192.168.1.0/16 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 81
to redirect the traffic. anything I'm missing here?
Thanks
I have squid on port 81
and apache on port 80
and use
iptables -t nat -A PREROUTING -i eth0 -d ! 192.168.1.0/16 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 81
to redirect the traffic. anything I'm missing here?
Thanks
seems it has to do with squid setting.
my conf file looks like this:
my conf file looks like this:
CODE
http_port 69.46.37.28:81 transparent vhost vport
acl OverConnLimit maxconn 32
http_access deny OverConnLimit
acl myip dst 69.46.37.28
http_access deny !myip
acl Manager proto cache_object
acl Localhost src 127.0.0.1 192.168.1.1
http_access allow Manager Localhost
http_access deny Manager
acl all src 0.0.0.0/0.0.0.0
acl Safe_ports port 81 # http
http_access deny !Safe_ports
http_access allow all
visible_hostname mask.net
cache_mgr webmaster@mask.net
cache_effective_user squid
cache_effective_group squid
tcp_recv_bufsize 65535 bytes
cache_peer 69.46.37.28 parent 80 0 no-query originserver
icp_port 0
negative_ttl 0 minute
acl OverConnLimit maxconn 32
http_access deny OverConnLimit
acl myip dst 69.46.37.28
http_access deny !myip
acl Manager proto cache_object
acl Localhost src 127.0.0.1 192.168.1.1
http_access allow Manager Localhost
http_access deny Manager
acl all src 0.0.0.0/0.0.0.0
acl Safe_ports port 81 # http
http_access deny !Safe_ports
http_access allow all
visible_hostname mask.net
cache_mgr webmaster@mask.net
cache_effective_user squid
cache_effective_group squid
tcp_recv_bufsize 65535 bytes
cache_peer 69.46.37.28 parent 80 0 no-query originserver
icp_port 0
negative_ttl 0 minute
"transparent" doesn't have anything to do with the IP address seen by Apache. It merely means that Squid is configured to look like an origin server suitable to listen on port 80, rather than a proxy cache which uses a somewhat different syntax. That doesn't make it truly transparent...
Squid does its own logging...Like I said, it's been a while, but those logs have the source IPs you're looking for. With Squid acting transparently in front of your server, you have to depend on its logs to see what's really happening with your site, since the whole point is to offload traffic from your origin server...
So did the crash leave a core or any audit log, etc.?
Will
Squid does its own logging...Like I said, it's been a while, but those logs have the source IPs you're looking for. With Squid acting transparently in front of your server, you have to depend on its logs to see what's really happening with your site, since the whole point is to offload traffic from your origin server...
So did the crash leave a core or any audit log, etc.?
Will
Hello Will,
I didn't setup log for it, so didn't know why it crashed. I will have it logged next time.
How do I set it up to make it true transparent? So apache can log the real IP?
Thanks!
I didn't setup log for it, so didn't know why it crashed. I will have it logged next time.
How do I set it up to make it true transparent? So apache can log the real IP?
Thanks!
Disclaimer: It's been four years since I did anything in this area of any significance...
Doing what you're talking about completely transparently would require help in the kernel...At the application level, Squid can't do it.
Do you know about the X-Forwarded-For header? You may able to arrange to log that...
(Anyone more current than I on this thread?)
Will
Doing what you're talking about completely transparently would require help in the kernel...At the application level, Squid can't do it.
Do you know about the X-Forwarded-For header? You may able to arrange to log that...
(Anyone more current than I on this thread?)
Will
Hello Will,
Yes, I know X-Forwarded-For header, but i was hoping able to config squid so apache can log the real ip, I guess squid is not good at that.
Thank you for all your help.
Best,
Jack
Yes, I know X-Forwarded-For header, but i was hoping able to config squid so apache can log the real ip, I guess squid is not good at that.
Thank you for all your help.
Best,
Jack
No cache at the purely application level, without kernel stack support, could be completely transparent in the way you want. Doing what you want requires intercepting and rewriting packets...I wouldn't be surprised if someone's come up with a solution, though. "Back in the day," I was considering writing a kernel-level Web cache, but I never got around to it...Hmmm...there's always tomorrow! :-)
You're welcome, glad I could be of some help!
Will
You're welcome, glad I could be of some help!
Will
Hello,
I'm setting up squid in front of apache as accelerator, but i'm running into some problems with it's caching ability. How do I set squid not to cache any index page? such as when I have a website www.domain.com with index.html, I visit www.domain.com, squid will cache index.html, if I delete it and put in a index.php, squid will still show index.html instead of showing index.php, how do I set it not to cache that?
Another problem is how do I set squid to update it's cache immediately when the file is modified? I think it can be done with refresh_pattern, but don't know how.
i'm using squid 2.6.
Thanks for help
I'm setting up squid in front of apache as accelerator, but i'm running into some problems with it's caching ability. How do I set squid not to cache any index page? such as when I have a website www.domain.com with index.html, I visit www.domain.com, squid will cache index.html, if I delete it and put in a index.php, squid will still show index.html instead of showing index.php, how do I set it not to cache that?
Another problem is how do I set squid to update it's cache immediately when the file is modified? I think it can be done with refresh_pattern, but don't know how.
i'm using squid 2.6.
Thanks for help
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.