I have the following configuration: http_port 3128 ssl-bump generate-host-certificates=on tls-cert=/etc/squid/ssl/myCA.pem ssl_bump bump all
# BMCs return Cache-Control: private reply_header_access Cache-Control deny all reply_header_add Cache-Control "public, max-age=1800" follow_x_forwarded_for allow all http_access allow all include /etc/squid/conf.d/*.conf host_verify_strict off tls_outgoing_options min-version=1.0 flags=DONT_VERIFY_PEER,DONT_VERIFY_DOMAIN sslproxy_cert_error allow all sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/spool/squid/ssl_db -M 4MB sslcrtd_children 5 cache_mem 8192 MB cache_dir rock /cm/squid/squid 8192 buffered_logs on access_log daemon:/var/log/squid/access.log logformat=squid logfile_daemon /usr/lib/squid/log_file_daemon cache_store_log daemon:/var/log/squid/store.log log_mime_hdrs on coredump_dir /var/spool/squid shutdown_lifetime 2 seconds max_filedesc 4096 workers 4 A curl will note the resource is stale (with new host), but I never get a cache hit on subsequent retries: Store log: 1728502393.992 RELEASE -1 FFFFFFFF 02000000000000003A632F0003000000 200 1728502382 -1 -1 application/json 1182/1182 GET https://10.170.31.77/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics 1728502395.674 RELEASE -1 FFFFFFFF 02000000000000003B632F0002000000 200 1728502384 -1 -1 application/json 1182/1182 GET https://10.170.31.77/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics 1728502408.317 RELEASE 00 00056924 04000000000000003C632F0001000000 200 1728420588 -1 1728422388 application/json 1189/1189 GET https://10.170.31.81/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics 1728502408.318 RELEASE -1 FFFFFFFF 03000000000000003C632F0001000000 200 1728502404 -1 -1 application/json 1179/1179 GET https://10.170.31.81/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics 1728502417.161 RELEASE -1 FFFFFFFF 05000000000000003C632F0001000000 200 1728502413 -1 -1 application/json 1179/1179 GET https://10.170.31.81/redfish/v1/Oem/Supermicro/HGX_H100/Systems/HGX_Baseboard_0/Processors/GPU_SXM_4/ProcessorMetrics Response headers: HTTP/1.1 200 Connection established HTTP/1.1 200 OK Link: <http://redfish.dmtf.org/schemas/v1/Z.v1_5_2.json>; rel=describedby Allow: GET Content-Length: 1179 Content-Type: application/json; charset=UTF-8 Strict-Transport-Security: max-age=31536000; includeSubdomains X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self';connect-src 'self' ws: wss:;frame-src 'self';img-src 'self' data:;object-src 'self';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';worker-src 'self' blob:; X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff OData-Version: 4.0 Date: Wed, 09 Oct 2024 19:35:50 GMT Cache-Status: squid;detail=mismatch Via: 1.1 squid (squid/6.10) Connection: keep-alive Cache-Control: public, max-age=1800 If I use a cache peer with MITMPROXY, squid will cache the results however this is inefficient and slow. -- Bryan Seitz seit...@gmail.com
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
