Is squid actually caching? Logs look strange.

  • Morning chaps,

    Just been looking through squid logs, as i have it setup in transparent for caching, and from what i can gather, all trafic is being routed through it but looking at the cache logs nothing is being cached or requested from the cache? Or am i taking this all wrong?


  • Banned

    No, Squid won't cache dynamic content such as streaming AV defs update from Avast.

  • @doktornotor:

    No, Squid won't cache dynamic content such as streaming AV defs update from Avast.

    Hi doktornotor,

    So is my proxy server caching or not? watched the logs for 3 hours ish on and off and nothing seems to show in the cache logs on this page? Just wondering is it caching or have i mis configured something?

    Many thanks,


  • Can anyone please confirm if my transparent proxy is caching or not?


  • From your screenshot, squid is working but did not find any of those 10 elements in its cache.  That's all anyone can tell from that.

  • Hi KOM,

    Every single time i have monitored squid, it has always looked very similar with nothing showing in the squid cache table, thats why i have always been concerned that squid isn't caching.

    Could you tell me a way i can paste my config for you to see?



    Heres the conf i found at /usr/local/etc/squid/squid.conf

    Can anyone see anything here which would stop swuid from caching?

    [2.3.4-RELEASE][admin@pfSense.hardinghome]/usr/local/etc/squid: cat squid.conf

    This file is automatically generated by pfSense

    Do not edit manually !

    http_port intercept
    icp_port 0
    digest_generation off
    dns_v4_first off
    pid_filename /var/run/squid/
    cache_effective_user squid
    cache_effective_group proxy
    error_default_language en
    icon_directory /usr/local/etc/squid/icons
    visible_hostname Squid
    cache_mgr nick@**************
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    netdb_filename /var/squid/logs/netdb.state
    pinger_enable on
    pinger_program /usr/local/libexec/squid/pinger

    logfile_rotate 2
    debug_options rotate=2
    shutdown_lifetime 3 seconds

    Allow local network(s) on interface(s)

    acl localnet src
    forwarded_for on
    uri_whitespace strip

    acl dynamic urlpath_regex cgi-bin ?
    cache deny dynamic

    cache_mem 4000 MB
    maximum_object_size_in_memory 1500 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap GDSF
    minimum_object_size 0 KB
    maximum_object_size 10 MB
    cache_dir ufs /var/squid/cache 10000 16 256
    offline_mode off
    cache_swap_low 90
    cache_swap_high 95
    acl donotcache dstdomain "/var/squid/acl/donotcache.acl"
    cache deny donotcache
    cache allow all

    Add any of your own refresh_pattern entries above these.

    refresh_pattern ^ftp:    1440  20%  10080
    refresh_pattern ^gopher:  1440  0%  1440
    refresh_pattern -i (/cgi-bin/|?) 0  0%  0
    refresh_pattern .    0  20%  4320

    #Remote proxies

    Setup some default acls

    ACLs all, manager, localhost, and to_localhost are predefined.

    acl allsrc src all
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 8080 3128 3129 1025-65535
    acl sslports port 443 563 8080

    acl purge method PURGE
    acl connect method CONNECT

    Define protocols used for redirects

    acl HTTP proto HTTP
    acl HTTPS proto HTTPS
    http_access allow manager localhost

    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports

    Always allow localhost connections

    http_access allow localhost

    request_body_max_size 0 KB
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow allsrc

    Reverse Proxy settings

    Custom options before auth

    Setup allowed ACLs

    Allow local network(s) on interface(s)

    http_access allow localnet

    Default block all to be sure

    http_access deny allsrc

  • You need to understand that caching with Squid isn't just some simple flick of a switch.  It is a complex subject that requires a deep knowledge of HTTP/S.  There is no one-size-fits-all, and nobody is going to wade through your config to give you a perfect one.  I myself stopped using Squid for caching since my hit rate was so poor and instead I use it for URL filtering only.

    If you really want to tackle this, start by reading all of the Squid site:

    Pay special attention to the subject of dynamic caching & refresh patterns, since this is what you are going to be playing with.

    Lastly, this guy seems to have some working config for some sites and he keeps it fairly up to date:

  • Thanks for your input KOM,

    Much appreciated!

    If anyone else can shed some light that would be fantastic!