Re: [squid-users] Why is squid caching local intranet domains??

From: bnichols <mrnicholsb_at_gmail.com>
Date: Wed, 6 Jun 2012 08:17:12 -0700

One thing that ive noticed is that on machines being forwarded to my
squidbox via my router, all other sites show up in the access.log and
everything functions fine, however, when I try to access the webserver
residing on the squid box there are no logs at all generated for those
requests. I would expect to see DIRECT there.

Equally of note, when I manually enter the proxy config into the
browsers, I get access.log entries for the domain, along with cache
hits of course.

Just find it interesting that there is no log generation when the
webserver is accessed from a machine on the lan being forwarded by my
router.

On Wed, 06 Jun 2012 18:05:49 +0300
Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:

> there was a bug on some old version of squid.
> you better use the newest version.
>
> ELiezer
> On 06/06/2012 18:01, mrnicholsb wrote:
> > Im scratching my head here, Ive got an issue thats driving me
> > bonkers...
> >
> > 1338994323.846 0 10.10.1.105 TCP_IMS_HIT/304 278 GET
> > http://deviant.evil/ - NONE/- text/html
> >
> > Clearly this local site is being cached, what is frustrating is
> > that I have the following meta tag on the page
> >
> > <meta http-equiv="Cache-control" content="no-cache">
> >
> > Yet squid is apparently ignoring that directive completely.
> >
> > Ok, no problem, so we set our conf up to always go direct for
> > localnet acl right? No dice, still caching,
> >
> > Could one of you be so kind as to take a look at my conf and tell
> > me why?
> >
> >
> > ##############################################################
> >
> > #transparent because ddwrt is forwarding traffic to it
> > http_port 3128 transparent
> > #parent disabled due to location outside scope of firewall rules
> > #cache_peer 192.168.1.205 parent 3128 3129 default
> > # no-query no-digest
> > never_direct deny all
> >
> > refresh_pattern ^ftp: 1440 20% 10080
> > refresh_pattern ^gopher: 1440 0% 1440
> > refresh_pattern (/cgi-bin/|\?) 0 0% 0
> > refresh_pattern . 0 20% 4320
> >
> > dns_nameservers 10.10.1.1
> > hosts_file /etc/hosts
> > cache_swap_low 95
> > cache_swap_high 98
> > access_log /var/log/squid3/access.log
> > cache_mem 320 MB
> > memory_pools on
> > maximum_object_size_in_memory 512 KB
> > maximum_object_size 400 MB
> > log_icp_queries off
> > half_closed_clients on
> > cache_mgr mrnicholsb_at_gmail.com
> > cache_dir ufs /mnt/secondary/var/spool/squid3 30000 32 256
> > visible_hostname deviant.evil
> > shutdown_lifetime 1 second
> >
> > #icap_enable on
> > #icap_send_client_ip on
> > #icap_send_client_username on
> > #icap_client_username_encode off
> > #icap_client_username_header X-Authenticated-User
> > #icap_preview_enable on
> > #icap_preview_size 1024
> > #icap_service service_req reqmod_precache bypass=1
> > icap://127.0.0.1:1344/squidclamav
> > #adaptation_access service_req allow all
> > #icap_service service_resp respmod_precache bypass=1
> > icap://127.0.0.1:1344/squidclamav
> > #adaptation_access service_resp allow all
> >
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/32
> > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
> > acl localnet src 10.10.1.0/24
> > acl blacklist dstdomain "/mnt/secondary/squid3/squid-block.acl"
> >
> > acl SSL_ports port 443
> > acl Safe_ports port 80
> > acl Safe_ports port 21 # http
> > acl Safe_ports port 443 # ftp
> > acl Safe_ports port 70 # https
> > acl Safe_ports port 210 # gopher
> > acl Safe_ports port 1025-65535 # wais
> > acl Safe_ports port 280 # unregistered ports
> > acl Safe_ports port 488 # http-mgmt
> > acl Safe_ports port 591 # gss-http
> > acl Safe_ports port 777 # filemaker
> > acl CONNECT method CONNECT # multiling http
> >
> > always_direct allow localnet
> >
> > #icp_access allow localnet
> > #icp_access deny all
> >
> > http_access deny blacklist
> > http_access allow manager localhost
> > http_access deny manager
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > http_access allow localhost
> > http_access allow localnet
> > http_access deny all
> >
> >
> > #Thanks heaps in advance. Squid 3.1.6-1.2 Debian Squeeze
> >
> >
>
>
Received on Wed Jun 06 2012 - 15:17:25 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 06 2012 - 12:00:03 MDT