Thanks a lot Yuri, I made some merge with my config and some of this options, I will see now how HIT rate it goes, my squid run so limited of bandwidth that I need to be as much aggressive as I can caching the content.
Thanks again for sharing, very appreciated Alberto On Fri, Mar 13, 2015 at 4:01 PM, Yuri Voinov <yvoi...@gmail.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This is know-how to himself. ;) > > To be serious, > > you must carefully play with refresh_pattern(s), and some squid.conf > parameters (and also with store ID feature) to get higher HIT ratio. > > Just for example (this is NOT complete config! No responsibility or > any guarantees in case of simple copy-n-pasted into your configs! This > is AS IS example!): > > # Keep swf in cache even if asked not to > refresh_pattern -i \.(swf)(\?|$) 10080 90% 43200 > override-expire > ignore-reload reload-into-ims ignore-private > # .NET cache > refresh_pattern -i \.(as(h|p)x?)(\?|$) 10080 90% 43200 > reload-into-ims > # Updates: Windows, Adobe, Java > refresh_pattern -i > microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip) > 4320 > 80% 43200 reload-into-ims > refresh_pattern -i > windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip) > 4320 80% 43200 reload-into-ims > refresh_pattern -i > my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f|p]|asf|wm[v|a]|dat|zip) > 4320 80% 43200 reload-into-ims > refresh_pattern -i adobe.com/.*\.(zip|exe) 4320 80% 43200 > reload-into-ims > refresh_pattern -i java.com/.*\.(zip|exe) 4320 80% 43200 > reload-into-ims > refresh_pattern -i sun.com/.*\.(zip|exe) 4320 80% 43200 > reload-into-ims > refresh_pattern -i google\.com.*\.(zip|exe) 4320 80% 43200 > reload-into-ims > refresh_pattern -i macromedia\.com.*\.(zip|exe) 4320 80% 43200 > reload-into-ims > # Other long-lived items > refresh_pattern -i > \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|webp|flv|mp4)(\?|$) > 14400 > 99% 518400 ignore-no-store override-expire ignore-reload > reload-into-ims ignore-private ignore-must-revalidate > refresh_pattern -i > \.((m?|x?|s?)htm(l?)|css|js|xml|php|json)(\?|$) 10080 > 90% 86400 > ignore-no-store override-expire override-lastmod reload-into-ims > ignore-private ignore-must-revalidate > # Default patterns > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 10080 override-lastmod > reload-into-ims > > The example above also requires some additional cached-related > parameters to be changed. > > Also, you strictly recommended to research average users activity AND > play around VARY http headers. > > And others. > > Each squid setup is place-specific. And depending your access/deny > lists, security policy, users/network activity etc.etc.etc. > > WBR, Yuri > > PS. Your question has NO simple answer. Beware - copy-n-paste any > foreign config can not guarantee the same results for YOU. > > 14.03.15 1:52, Alberto Perez пишет: > > Can you share more details about "Agressive dynamic content > > caching requires some special tweaks" I am very interested. > > > > Thanks > > > > > > > > On 3/13/15, Yuri Voinov <yvoi...@gmail.com> wrote: > > > > > > 13.03.15 23:33, Amos Jeffries пишет: > >>>> On 14/03/2015 5:47 a.m., Monah Baki wrote: > >>>> > >>>> <snip> > >>>> > >>>>> half_closed_clients off quick_abort_min 0 KB > >>>>> quick_abort_max 0 KB vary_ignore_expire on reload_into_ims > >>>>> on memory_pools off cache_mem 4096 MB visible_hostname > >>>>> isn-phc-cache minimum_object_size 0 bytes > >>>> > >>>>> maximum_object_size 512 MB maximum_object_size 512 KB > >>>> > >>>> KB value overwriting MB value. > >>>> > >>>> > >>>>> ipcache_size 1024 ipcache_low 90 ipcache_high 95 > >>>>> cache_swap_low 98 cache_swap_high 100 fqdncache_size 16384 > >>>>> retry_on_error on offline_mode off logfile_rotate 10 > >>>>> dns_nameservers 8.8.8.8 41.78.211.30 > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> access.log: > >>>>> > >>>>> 1426267535.210 198 10.0.0.23 TCP_MISS/200 412 GET > >>>>> http://jadserve.postrelease.com/trk.gif? - > >>>>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.211 > >>>>> 198 10.0.0.23 TCP_MISS/200 412 GET > >>>>> http://jadserve.postrelease.com/trk.gif? - > >>>>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.211 > >>>>> 198 10.0.0.23 TCP_MISS/200 412 GET > >>>>> http://jadserve.postrelease.com/trk.gif? - > >>>>> ORIGINAL_DST/54.225.133.227 image/gif 1426267535.223 > >>>>> 301 10.0.0.23 TCP_MISS/200 222 GET > >>>>> http://rma-api.gravity.com/v1/beacons/log? - > >>>>> ORIGINAL_DST/80.239.148.18 text/html 1426267535.244 195 > >>>>> 10.0.0.23 TCP_MISS/200 412 GET > >>>>> http://jadserve.postrelease.com/trk.gif? - > >>>>> ORIGINAL_DST/54.225.133.227 image/gif > >>>> > >>>> > >>>> Lots of Akamai hosted requests. Akamai play tricks with DNS > >>>> responses. > > In my installation I've used local Unbound DNS cache and, before > > it, forced DNS interception to him with Cisco. :) > > > > So, I don't care about any hosts DNS quirks. ;) > > > >>>> > >>>> Check your cache.log for security warnings; > >>>> <http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery> > >>>> > >>>> > >>>> > Note that objects failing the Host validation are not cacheable. > >>>> > >>>> > >>>>> 1426267535.333 423 10.0.0.23 TCP_MISS/200 1420 GET > >>>>> http://hpr.outbrain.com/utils/get? - > >>>>> ORIGINAL_DST/50.31.185.42 text/x-json 1426267535.345 412 > >>>>> 10.0.0.23 TCP_MISS/200 11179 GET > >>>>> http://p.visualrevenue.com/? - ORIGINAL_DST/50.31.185.40 > >>>>> text/javascript 1426267535.346 411 10.0.0.23 > >>>>> TCP_MISS/200 423 GET http://t1.visualrevenue.com/? - > >>>>> ORIGINAL_DST/64.74.232.44 image/gif > >>>> > >>>> Not sure about them. Maybe genuine MISS, maybe not. > > > > Agressive dynamic content caching requires some special tweaks. ;) > > > >>>> > >>>> It could also be the issues Antony pointed out, with the > >>>> objects just naturally not being cacheable. > >>>> > >>>> > >>>>> 1426267535.363 128 10.0.0.23 TCP_REFRESH_UNMODIFIED/304 > >>>>> 327 GET > >>>>> > http://z.cdn.turner.com/cnn/.element/widget/video/videoapi/api/js/vendor/jquery.ba-bbq.js > >>>>> > >>>>> > > > >>>>> > - - ORIGINAL_DST/80.239.152.153 application/x-javascript > >>>> > >>>> There is a hit. > >>>> > >>>> I guess you are new to Squid-3 ? Squid is HTTP/1.1 compliant > >>>> now and the caching rules are slightly different from > >>>> requirements on HTTP/1.0 software. A lot of content that > >>>> previously could not be stored now can (authenticated, > >>>> private, no-cache, etc.). But being sensitive info also > >>>> requires revalidation in order to be used, so they show up > >>>> like the above. > >>>> > >>>> Amos > >>>> > >>>> _______________________________________________ squid-users > >>>> mailing list squid-users@lists.squid-cache.org > >>>> http://lists.squid-cache.org/listinfo/squid-users > >>>> > >> _______________________________________________ squid-users > >> mailing list squid-users@lists.squid-cache.org > >> http://lists.squid-cache.org/listinfo/squid-users > >> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBAgAGBQJVA0InAAoJENNXIZxhPexG6JAIALq2tAxa9Vawr1/Rkojl0UFj > HQF9p/4mk0ZHPnL4zkV6h/Ctg/s+AgK+O/H38ncn+2JS4eyiZfSHLOxmxkmrKi11 > av/yjG++JGnhQkic/3y7ETOSkvaDuAbDP+Iwrtuc+kBpJz54No9Pu37oVlIOdMLZ > uv/8Bpk9uQEc3kE5FCgCmM2nIr2tuxr6opK6T5DZ2TvcqnQin752P60R91iS7unF > XHX3tsGsFvrKflEEC7w1xDRn3u3kSGrx+gPpktA0dv6vT8ATXqPEV5+anIEZVfLZ > NKDIwoeSNHYMMknlK7QTUlcNjuq+UXmfcO3mp+eraUQbGRkxwqTPxRwvIqp/43U= > =VW9B > -----END PGP SIGNATURE----- >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
