On Mon, 13 Dec 2004, Daniel Graupner wrote:
See Squid FAQ on how to use Squid inside a firewall.
I did, but in my testing environment there is no firewall at all. Between cache, peer and hosts is no firewall. Please give me more hints.
So your Squid which reported "Network unreachable" should be able to reach www.ibm.com without using any peer?
Then this error indicates you have a basic network problem of some kind which prevents this Squid server from reaching the Internet proper. Quite likely missing routing.
I read in the handbook that squid only goes direct when the peer is assumed to be down. This should not happen with "default no-query" in the cache peer directive.
This is ONE case where Squid goes direct, the other is when using peers does not make sense in terms of hit ratio, and then there is also some other cases.
And even with the above options Squid is fully capable of determining that the peer is down, if it is..
If your Squid is inside a firewall and not permitted to go direct you MUST tell this to Squid as per the instructions in the Squid FAQ.
Please be more specific. I have no idea why questionmarks should be a problem, other proxies don't care about it. The client sends the complete URL to the cache and squid drops something...that behaviour is not clear to me.
Squid does not drop anything.
Squid goes direct on URLs with ? in then as it is instructed these URLs is not cacheable in the squid.conf shipped with Squid. See the no_cache directive, but note that it is more or less REQUIRED by the HTTP RFC to handle such URLs as uncacheable.
Squid does not log the query terms for security reasons, but it is only in the log where these are "missing". If you really want the query terms logged then see squid.conf.
As already said in this thread Squid bypasses peers on a number of different classes of requests unless told that it is inside a firewall where going direct is not an option. This to optimize the performance and hit ratio of a cache mesh.
What differs Squid from many other proxies is that just giving Squid a parent does not force Squid to always use the parent, it just tells Squid that there is a parent proxy which Squid MAY use if Squid feels it is a good idea.
If your Squid is not permitted to go direct then this must also be told, if not it assumes it is permitted to go direct when this would be "optimal" (in Squids opinion).
Regards Henrik
