[tproxy] Squid is not caching

Rafael Moraes rafael at bsd.com.br
Tue Sep 15 23:13:51 CEST 2009 

Hello everyone,

I'm using Patch cttproxy-2.6.18-2.0.6 + Squid 2.6-5 + Iptables 3.6.0 +
Kernel 2.6.18-6. + Thundercache 2.1

I've based my experience on
http://web.suffieldacademy.org/ils/netadmin/docs/software/squid/#toc11

The whole thing is working very well, I can cache videos from youtube and
most of the video websites. The clients do everything on the internet with
their own IP adresses.
BUT, my squid cache is not working properly. It caches everything but when
we try to use the cache it doesn't work.

Please, check my squid.conf:

*http_port 3128 tproxy transparent
visible_hostname proxy

cache_mem 20 MB
maximum_object_size_in_memory 5 MB
maximum_object_size 600 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /cache01/squid 2048 16 256
cache_access_log /var/log/squid/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21 80 443 563 70 210 280 488 59 777 901 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

acl redelocal src xxx.xxx.xxx..0/24
acl externo src xxx.xxx.xxx.xxx
http_access allow externo
http_access allow localhost
http_access allow redelocal
http_access deny all
acl local1 src xxx.xxx.xxx.0/24


tcp_outgoing_address ip_squid local1


url_rewrite_children 200
acl store_rewrite_list url_regex -i "/etc/squid/thunder.lst"
url_rewrite_access allow store_rewrite_list
url_rewrite_access deny all
url_rewrite_program /etc/squid/loader.php


#url_rewrite_access allow store_rewrite_list
#url_rewrite_access deny all
#url_rewrite_program /etc/squid/loader.php

#nega cache local, para não haver duplicação
acl localcache dstdomain ip_squid
cache deny localcache

#Bloquear ICP e HTCP - Usado para conversar com outros caches
Hierarquicamente
icp_port 0
htcp_port 0
icp_access deny all
htcp_access deny all
#Desabilitar SNMP
snmp_port 0
snmp_access deny all

cache_effective_user proxy
cache_effective_group proxy

#Extras
detect_broken_pconn on


pipeline_prefetch on
~                             *

--------------------------------------------------------------------------------------------------------------------------------

Iptables Rule:

iptables -t tproxy -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY
--on-port 3128
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20090915/97f9ae83/attachment.htm

More information about the tproxy mailing list