Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-21 Thread Bryan Seitz
Any ideas as to why Squid will not cache my authenticated origin server replies ? Bryan Seitz On Oct 13, 2024 at 12:42 AM -0400, Amos Jeffries , wrote: > On 12/10/24 12:48, Bryan Seitz wrote: > >    I wanted to note that since these are BMCs they require basic auth > > headers to return their resp

Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-15 Thread Bryan Seitz
It caches the non Auth requests fine. It won’t cache the Auth endpoints. Is there a config I’m missing ? TIA, Bryan Seitz On Oct 13, 2024 at 12:42 AM -0400, Amos Jeffries , wrote: > On 12/10/24 12:48, Bryan Seitz wrote: > >    I wanted to note that since these are BMCs they require basic auth >

Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-14 Thread Bryan Seitz
One of the endpoints on these BMCs does not require auth and Squid is caching that. It will not cache the endpoints that require auth.  I want it to do this, is there a way? (This is literally for metrics, not private data) Bryan Seitz On Oct 14, 2024 at 2:35 PM -0400, Bryan Seitz , wrote: > Sti

Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-14 Thread Bryan Seitz
Still no hits with: refresh_pattern . 0 20% 4320 ignore-private reload-into-ims debug_options 11,2 Cache log: https://p.bsd-unix.net/?32d7b024a87ab761#Bo4xhz1NVZmPffosydDV61Wp533wqTxcW8C4iFT4oaQ Store log: https://p.bsd-unix.net/?884a46ba914bf600#HDqP2Hdt68DmhSyHEDvdxxndJNBioqGM6Fe1fsENWWug If

Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-12 Thread Amos Jeffries
On 12/10/24 12:48, Bryan Seitz wrote:    I wanted to note that since these are BMCs they require basic auth headers to return their response. I noticed that the ignore-auth option was removed awhile ago.  Is my only option to go back to Squid 3.5 ? Squid supports caching of authenticated tr

Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-12 Thread Amos Jeffries
Okay, I am seeing the server response is marked "private" and 7hrs old (25200sec). Replacing the Cache-Control header using "max-age=1800" is not having noticeable effect because 25200sec is already past the 1800sec limit. What you need to do there instead is: 1) remove the config chang

Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-11 Thread Bryan Seitz
   I wanted to note that since these are BMCs they require basic auth headers to return their response. I noticed that the ignore-auth option was removed awhile ago.  Is my only option to go back to Squid 3.5 ? TIA, Bryan Seitz On Oct 11, 2024 at 4:17 AM -0400, Amos Jeffries , wrote: > On 11/10

Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-11 Thread Bryan Seitz
root@squid:~# curl -i --insecure --proxy http://squid:3128/ " https://10.170.31.75/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics " HTTP/1.1 200 Connection established HTTP/1.1 200 OK Link: ; rel=de

Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-11 Thread Alex Rousskov
On 2024-10-10 20:48, Jonathan Lee wrote: miss means it stored items Just to correct a misunderstanding: A cache miss does _not_ imply that Squid stored the response. Alex. On Oct 10, 2024, at 15:27, Bryan Seitz wrote:  I removed the header mods and changed the refresh pattern to: refr

Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-10 Thread Bryan Seitz
I fetched the object 10x all were RELEASE in store.log and a MISS. I even cleared the rock DB file and bounced Squid. Bryan Seitz On Oct 10, 2024 at 8:48 PM -0400, Jonathan Lee , wrote: > Give it time to cache miss means it stored items > Sent from my iPhone > > > On Oct 10, 2024, at 15:27, Brya

Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-10 Thread Amos Jeffries
On 11/10/24 11:08, Bryan Seitz wrote: I removed the header mods and changed the refresh pattern to: refresh_pattern .               15      20%     1800    override-expire ignore-no-cache ignore-no-store ignore-private And I always get TCP_MISS.  Any other thoughts? Ah, I believe it would b

Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-10 Thread Jonathan Lee
Give it time to cache miss means it stored items Sent from my iPhoneOn Oct 10, 2024, at 15:27, Bryan Seitz wrote:I removed the header mods and changed the refresh pattern to:refresh_pattern .               15      20%     1800    override-expire ignore-no-cache ignore-no-store ignore-privateAnd I

Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-10 Thread Bryan Seitz
I removed the header mods and changed the refresh pattern to: refresh_pattern . 15 20% 1800override-expire ignore-no-cache ignore-no-store ignore-private And I always get TCP_MISS. Any other thoughts? Thanks! On Thu, Oct 10, 2024 at 12:35 PM Alex Rousskov < rouss...@

Re: [squid-users] Squid 6.10 SSL-Bump Woes

2024-10-10 Thread Alex Rousskov
On 2024-10-09 15:40, Bryan Seitz wrote: > SSL-Bump Woes AFAICT, the problem you are trying to solve is not caused by SslBump. > reply_header_access Cache-Control deny all > reply_header_add Cache-Control "public, max-age=1800" The above directives are applied to responses that Squid sends to

[squid-users] Squid 6.10 SSL-Bump Woes

2024-10-09 Thread Bryan Seitz
I have the following configuration: http_port 3128 ssl-bump generate-host-certificates=on tls-cert=/etc/squid/ssl/myCA.pem ssl_bump bump all # BMCs return Cache-Control: private reply_header_access Cache-Control deny all reply_header_add Cache-Control "public, max-age=1800" follow_x_forwarded_f