Matt Fiddles

Life's so vast, there's just so much to do...

User Tools

Site Tools


Sidebar

"Ah, " said Arthur, "this is obviously some strange usage of the word safe that I wasn't previously aware of. "



Where will you go today?

"`The first ten million years were the worst,' said Marvin,
`and the second ten million, they were the worst too. The third ten million I didn't enjoy at all. After that I went into a bit of a decline.'"

- Marvin reflecting back on his 576,000,003,579 year career as Milliways' car park attendent.
computers:firewalls:squid

Squid Web Cache and Proxy

Patterns

Patterns are what make it work. The format is

refresh_pattern [-i] regex min percent max [options]

Options include

  • override-expire - Do not obey expire headers
  • override-lastmod
  • reload-into-ims
  • ignore-reload
  • ignore-no-store
  • ignore-must-revalidate
  • ignore-private
  • ignore-auth
  • max-stale=NN
  • refresh-ims
  • store-stale

See refresh_pattern

Examples

An example of trying to get it to cache more files. 1) 2)

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320

A less intensive way 3)

refresh_pattern ^ftp: 144000 20% 1008000
refresh_pattern -i \.(gif|png|jpg|jpeg|ico|bmp)$ 260000 90% 260009 override-expire
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv|mpg|wma|ogg|wmv|asx|asf)$ 260000 90% 260009 override-expire
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf|uxx)$ 260000 90% 260009 override-expire
refresh_pattern -i \.index.(html|htm)$ 1440 90% 40320
refresh_pattern -i \.(html|htm|css|js)$ 1440 90% 40320
refresh_pattern (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4

Dynamic Content

Caching of dynamic contenct can be harder and trickier. But it's still possible, if one must be careful. 4)

On newer versions

refresh_pattern -i example.com/.* 10080 90% 43200 
refresh_pattern (/cgi-bin/|\?) 0 0% 0

Older versions:

# Let a site through 
acl example dstdomain .example.com 
cache allow example 
# do not cache other dynamic content
hierarchy_stoplist cgi-bin ? 
acl QUERY urlpath_regex cgi-bin \? 
cache deny QUERY

Filtering

Tricks

Caching Updates

We can catch the windows updates using the following: 5) 6)

Increase cache to 3G (or more), and object size to 500MB.

Windows Updates

For windows updates use this line

refresh_pattern ([^.]+.|)(download|(windows|)update|).(microsoft.|)com/.*\.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims;
range_offset_limit -1;

If that doesn't work, try

refresh_pattern ([^.]+\.)?(download|(windows)?update)\.(microsoft\.)?com/.*\.(cab|exe|msi|msp|psf) 4320 100% 43200 reload-into-ims;
range_offset_limit -1;

Mac Updates

For Mac updates

refresh_pattern ([^.]+.|)(download|adcdownload).(apple.|)com/.*\.(pkg|dmg) 4320 100% 43200 reload-into-ims;

Other Updates

For AVG and other antivirus updates

refresh_pattern ([^.]+.|)avg.com/.*\.(bin) 4320 100% 43200 reload-into-ims;
refresh_pattern ([^.]+.|)spywareblaster.net/.*\.(dtb) 4320 100% 64800 reload-into-ims;
refresh_pattern ([^.]+.|)symantecliveupdate.com/.*\.(zip|exe) 43200 100% 43200 reload-into-ims
refresh_pattern ([^.]+.|)avast.com/.*\.(vpu|vpaa) 4320 100% 43200 reload-into-ims

Problems

By default Squid will finish downloads even if a user aborts. See here. You prob will want to change this:

range_offset_limit -1;

To:

range_offset_limit 0;

And then make it not finish any download unless it is 70% complete:

quick_abort_min 0 KB;
quick_abort_max 0 KB;
quick_abort_pct 70;

Resources

refresh_pattern man page.

computers/firewalls/squid.txt · Last modified: Dec 5, 2013 (5 years ago) by Matt Bagley