Hi, I'm building a simple proxy server and got myself Fedora Core 6.

My intention is to have the server caches some filetypes (e.g. .zip & .exe), and I need those files to be kept as long as no nothing were changed on the files. Other filetypes should not be kept in the cache. And currently no need to have parents or sibling.

Only small number of clients access the proxy, about 25 clients. The activity is quite low in most time, however there're times it arise significantly (e.g. there's new software update for all the clients).

Someone has suggested to use this kind of line:
refresh_pattern -i \.zip$ 10080 90% 20160 override-expire override-lastmod reload-into-ims ignore-reload

I'm still confused on some basic things though.
- Can refresh_pattern filter the incoming files by filetype?
- How do "fresh" and "stale" flag make different in the proxy management?
- Is "10080 90% 20160" the correct number for my purpose?
- Are the options needed?

I include the "squid.conf". If you have any suggestion on the settings, I will gladly hear it.

Thanks in advance before.


http_port 3128
icp_port 3130

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

cache_mem 128 MB # the RAM's only 256 MB
cache_swap_low 90
cache_swap_high 95

maximum_object_size 1024 MB
maximum_object_size_in_memory 512 KB

ipcache_size 2048
ipcache_low 98
ipcache_high 99

cache_dir aufs /cache1 6144 16 256 # each cache has 7 GB
cache_dir aufs /cache2 6144 16 256
cache_dir aufs /cache3 6144 16 256
cache_dir aufs /cache4 6144 16 256

access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log off
mime_table /etc/squid/mime.conf
pid_filename /var/run/squid.pid
log_fqdn off


visible_hostname proxy

refresh_pattern -i \.zip$ 10080 90% 20160 override-expire override-lastmod reload-into-ims ignore-reload

acl all src
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl PURGE method PURGE

acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl local_network src

http_access deny !local_network
http_access allow local_network # does it need to be describe after the line above?

http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow PURGE localhost
http_access deny PURGE
http_access deny to_localhost
http_access allow localhost
http_access deny all
http_reply_access allow all

icp_access deny all

miss_access allow all

cache_effective_user squid
cache_effective_group squid