Hi,
I am setting up a transparent proxy that is doing whitelist work, and at the same time, doing the cache work. The whitelist works fine, HTTP cache verifed work cause I see TCP_MEM_HIT using this squid.conf, but don't see any HTTPS MEM HIT related log, every time seems a new connection. For HTTPS traffic, I am getting TCP_TUNNEL/200 all the time, the question is, how can I tell that a HTTPS traffic is actually using cache, or in this case, it's not using cache at all for HTTPS. I am using forward-proxy port in cache_peer. I understand that there is logformat to make access.log show hostname instead of ip, but this should not effect the MEM HIT log, right? Meanwhile, I am also trying to setup the sibling cache cluster, not sure if this related to HTTPS cache, I am also getting TCP_DENIED/403 for squid-internal-dynamic/netdb - HIER_NONE/- text/html. I do see sibling hit for HTTP site. Here is my squid version: Squid Cache: Version 3.5.25 Service Name: squid configure options: '--prefix=/usr' '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/lib/squid3' '--srcdir=.' '--without-libcap' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--enable-inline' '--enable-async-io' '--enable-icmp' '--enable-useragent-log' '--enable-snmp' '--enable-cache-digests' '--enable-follow-x-forwarded-for' '--enable-storeio=aufs' '--enable-removal-policies=heap,lru' '--with-maxfd=16384' '--enable-poll' '--disable-ident-lookups' '--with-openssl' '--enable-ssl-crtd' '--with-default-user=proxy' '--with-swapdir=/var/spool/squid3' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--enable-linux-netfilter' And my squid.conf # Squid normally listens to port 3128 http_port 3130 http_port 3128 intercept acl allowed_http_sites dstdomain "/etc/squid3/whitelist.txt" http_access allow allowed_http_sites https_port 3129 cert=/etc/squid3/squid.crt key=/etc/squid3/squid.key ssl-bump intercept generate-host-certificates=on dynamic_cert_mem_cache_size=4MB acl SSL_port port 443 http_access allow SSL_port acl allowed_https_sites ssl::server_name "/etc/squid3/ssl_sites.txt" #sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_program /lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB acl step1 at_step SslBump1 acl step2 at_step SslBump2 acl step3 at_step SslBump3 ssl_bump peek step1 all ssl_bump peek step2 allowed_https_sites ssl_bump splice step3 allowed_https_sites ssl_bump terminate step2 all acl container_net src 172.18.0.0/24 tcp_outgoing_address 10.0.8.41 container_net udp_outgoing_address 10.0.8.41 container_net http_access allow container_net icp_port 3131 icp_access allow all #never_direct allow all cache_peer 10.0.8.48 sibling 3128 3131 proxy-only #cache_peer_access 10.0.8.48 allow all # Uncomment and adjust the following to add a disk cache directory. hosts_file /etc/hosts cache_replacement_policy heap LFUDA cache_dir aufs /var/spool/squid3 4000 16 256 log_icp_queries off # Leave coredumps in the first cache dir coredump_dir /var/spool/squid3 #refresh_pattern ^https://.*\.raw.githubusercontent\.com/ 120000 100% 43200 refresh_pattern . 12000 90% 43200 http_access deny all Thanks, Lei
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
