Squid_ The Definitive Guide - Duane Wessels [155]
Sibling : pa.us.ircache.net/3128/4827
Flags : htcp
Address[0] : 192.6.19.203
Status : Up
AVG RTT : 14 msec
OPEN CONNS : 19
LAST QUERY : 4 seconds ago
LAST REPLY : 4 seconds ago
PINGS SENT : 9119
PINGS ACKED: 9115 100%
FETCHES : 109 1%
IGNORED : 9114 100%
Histogram of PINGS ACKED:
Misses 9114 100%
Hits 1 0%
keep-alive ratio: 100%
Type
The first line shows the neighbor type (parent, sibling, or multicast group), followed by the hostname and port numbers. The first port number is for HTTP requests, while the second is for ICP or HTCP.
Flags
Here you'll see any of the cache_peer options that you may have specified, such as no-query, closest-only, and more. See Section 10.3.1 for the complete list.
Address[ ]
This line displays the IP address(es) associated with the hostname. The number in brackets is the number of addresses. Squid stores up to 10 addresses for each neighbor.
Status
The status line indicates whether Squid thinks the neighbor is Up or Down. See Section 10.3.2.
AVG RTT
This is the running average RTT for ICP/HTCP queries to the neighbor.
OPEN CONNS
This is the number of HTTP connections currently open to the neighbor.
LAST QUERY
This indicates the amount of time since Squid last sent an ICP/HTCP query to the neighbor.
LAST REPLY
This indicates the amount of time since Squid last received an ICP/HTCP reply from the neighbor.
PINGS SENT
The number of ICP/HTCP queries sent to the neighbor.
PINGS ACKED
The number of ICP/HTCP replies received back from the neighbor.
FETCHES
The number of HTTP requests sent to the neighbor. The percentage is based on the PINGS ACKED number. Unfortunately, the FETCHES number counts requests forwarded for any reason (ICP, HTCP, Cache Digests, default parent, etc.). Thus, the percentage doesn't always make sense and may be higher than 100%.
IGNORED
The number of ICP/HTCP replies ignored. The most common reason that Squid ignores an ICP/HTCP reply is that it is too late.
Histogram of PINGS ACKED
Here you'll see a breakdown of ICP/HTCP results. For ICP neighbors, Squid prints the ICP status codes (ICP_HIT, ICP_MISS, etc.). For HTCP neighbors, the only categories are Hits and Misses.
keep-alive ratio
This shows the percentage of times that Squid wanted an HTTP connection to be persistent, and the neighbor agreed. Note, this doesn't indicate anything about whether the connection was actually reused, only that both sides agreed that it could be.
non_peers: List of Unknown Sites Sending ICP messages
This page shows a list of clients that send unauthorized ICP (but not HTCP) queries. The list is the same format as the Cache Client List page.
Cache Manager Access Controls
The cache manager interface provides a lot of information. Much of it is sensitive and should be kept private. For example, the Cache Client List reveals the IP addresses of users, the Process Filedescriptor Allocation page shows URIs currently being requested, and the Current Squid Configuration displays the values from squid.conf, including passwords and access control rules. To keep unwanted visitors from browsing the cache manager pages, you must carefully configure access to it.
http_access
All cache manager requests use the pseudo-protocol scheme cache_object. The best way to protect the cache manager is restrict the IP addresses allowed to make cache_object requests. The default squid.conf contains these lines:
acl Manager proto cache_object
acl Localhost src 127.0.0.1/255.255.255.255
http_access allow Manager Localhost
http_access deny Manager
Thus, cache manager requests from the local host (127.0.0.1) are allowed, but all others are denied. If you have additional trusted hosts, you may want to add them to the access rules also. Make sure these lines are at the top of your http_access rules.
cachemgr_passwd
You may also want to modify the default cachemgr_passwd settings. Some of the cache manager pages require a password, so you won't be able to view those until you add one. For example, if you want