Matt Fiddles

Life's so vast, there's just so much to do...

User Tools

Site Tools


Sidebar

"Take time to deliberate, but when the time for action has arrived, stop thinking and go in."
-- Napoleon Bonaparte



Where will you go today?

"Another world, another day, another dawn. "
computers:firewalls:squid

Squid Web Cache and Proxy

Patterns

Patterns are what make it work. The format is

refresh_pattern [-i] regex min percent max [options]

Options include

  • override-expire - Do not obey expire headers
  • override-lastmod
  • reload-into-ims
  • ignore-reload
  • ignore-no-store
  • ignore-must-revalidate
  • ignore-private
  • ignore-auth
  • max-stale=NN
  • refresh-ims
  • store-stale

See refresh_pattern

Examples

An example of trying to get it to cache more files. 1) 2)

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320

A less intensive way 3)

refresh_pattern ^ftp: 144000 20% 1008000
refresh_pattern -i \.(gif|png|jpg|jpeg|ico|bmp)$ 260000 90% 260009 override-expire
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv|mpg|wma|ogg|wmv|asx|asf)$ 260000 90% 260009 override-expire
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf|uxx)$ 260000 90% 260009 override-expire
refresh_pattern -i \.index.(html|htm)$ 1440 90% 40320
refresh_pattern -i \.(html|htm|css|js)$ 1440 90% 40320
refresh_pattern (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4

Dynamic Content

Caching of dynamic contenct can be harder and trickier. But it's still possible, if one must be careful. 4)

On newer versions

refresh_pattern -i example.com/.* 10080 90% 43200 
refresh_pattern (/cgi-bin/|\?) 0 0% 0

Older versions:

# Let a site through 
acl example dstdomain .example.com 
cache allow example 
# do not cache other dynamic content
hierarchy_stoplist cgi-bin ? 
acl QUERY urlpath_regex cgi-bin \? 
cache deny QUERY

Filtering

Tricks

Caching Updates

We can catch the windows updates using the following: 5) 6)

Increase cache to 3G (or more), and object size to 500MB.

Windows Updates

For windows updates use this line

refresh_pattern ([^.]+.|)(download|(windows|)update|).(microsoft.|)com/.*\.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims;
range_offset_limit -1;

If that doesn't work, try

refresh_pattern ([^.]+\.)?(download|(windows)?update)\.(microsoft\.)?com/.*\.(cab|exe|msi|msp|psf) 4320 100% 43200 reload-into-ims;
range_offset_limit -1;

Mac Updates

For Mac updates

refresh_pattern ([^.]+.|)(download|adcdownload).(apple.|)com/.*\.(pkg|dmg) 4320 100% 43200 reload-into-ims;

Other Updates

For AVG and other antivirus updates

refresh_pattern ([^.]+.|)avg.com/.*\.(bin) 4320 100% 43200 reload-into-ims;
refresh_pattern ([^.]+.|)spywareblaster.net/.*\.(dtb) 4320 100% 64800 reload-into-ims;
refresh_pattern ([^.]+.|)symantecliveupdate.com/.*\.(zip|exe) 43200 100% 43200 reload-into-ims
refresh_pattern ([^.]+.|)avast.com/.*\.(vpu|vpaa) 4320 100% 43200 reload-into-ims

Problems

By default Squid will finish downloads even if a user aborts. See here. You prob will want to change this:

range_offset_limit -1;

To:

range_offset_limit 0;

And then make it not finish any download unless it is 70% complete:

quick_abort_min 0 KB;
quick_abort_max 0 KB;
quick_abort_pct 70;

Resources

refresh_pattern man page.

computers/firewalls/squid.txt · Last modified: Dec 5, 2013 (5 years ago) by Matt Bagley