Sem hit no cache
-
Boa tarde,
Eu tenho um servidor pfsense com squid3-dev 3.3.10 pkg 2.2.6 e squidguard 3 1.4_4 pkg v.1.9.5, rodando squid como cache e squidgurad fazendo as acls.Eu estava olhando o realtime do squid e notei que esta tento pouco registro de de tcp_hit/200 e esta me retornando muito tcp_miss 200 ou seja não esta fazendo o cache como deveria.
Tem eu queria saber qual o problema com as configurações do cache do squid, para acontecer isso. se puderem me ajudar fico agradecido. Porque eu fiquei sem ideias do que pode ser.This file is automatically generated by pfSense
Do not edit manually !
http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/
http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/
https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/
icp_port 0
dns_v4_first on
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language pt-br
icon_directory /usr/pbi/squid-i386/etc/squid/icons
visible_hostname Fw
cache_mgr marco.moya@ctis.com.br
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
netdb_filename /var/squid/logs/netdb.state
pinger_enable on
pinger_program /usr/pbi/squid-i386/libexec/squid/pinger
sslcrtd_program /usr/pbi/squid-i386/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048
sslcrtd_children 5
sslproxy_capath /usr/pbi/squid-i386/share/certs/
sslproxy_cert_error allow all
sslproxy_cert_adapt setValidBefore alllogfile_rotate 90
debug_options rotate=90
shutdown_lifetime 3 secondsAllow local network(s) on interface(s)
acl localnet src 192.168.1.0/24
httpd_suppress_version_string on
uri_whitespace stripacl dynamic urlpath_regex cgi-bin ?
cache deny dynamiccache_mem 16 MB
maximum_object_size_in_memory 128 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 10240 16 256
minimum_object_size 0 KB
maximum_object_size 7768 KB
offline_mode on
cache_swap_low 90
cache_swap_high 95
cache allow allNo redirector configured
#Remote proxies
Setup some default acls
From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
acl localhost src 127.0.0.1/32
acl allsrc src all
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3127 1025-65535
acl sslports port 443 563From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
#acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECTDefine protocols used for redirects
acl HTTP proto HTTP
acl HTTPS proto HTTPS
acl allowed_subnets src 192.168.1.1/24
http_access allow manager localhosthttp_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslportsAlways allow localhost connections
From 3.2 further configuration cleanups have been done to make things easier and safer.
The manager, localhost, and to_localhost ACL definitions are now built-in.
http_access allow localhost
quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow allsrcReverse Proxy settings
Package Integration
url_rewrite_program /usr/pbi/squidguard-squid3-i386/bin/squidGuard -c /usr/pbi/squidguard-squid3-i386/etc/squidGuard/squidGuard.conf
url_rewrite_bypass off
url_rewrite_children 5Custom options before auth
always_direct allow all
ssl_bump server-first allacl sglog url_regex -i sgr=ACCESSDENIED
http_access deny sglogSetup allowed acls
Allow local network(s) on interface(s)
http_access allow allowed_subnets
http_access allow localnetDefault block all to be sure
http_access deny allsrc