7.2 Reverse Proxy Cache Configuration

The Cache configuration commands are designed for the administrators to set vital parameters as to what cacheable elements will be housed in the temporary memory of the FortiBalancer appliance. By caching certain elements, the appliance will be able to deliver commonly requested information more expediently without requesting the server frequently, thus reducing the total-download time and server load, and improving overall network performance.

7.2.1 Configuration Guidelines

Table 7-2 General Settings of Reverse Proxy Cache

Operation	Command
Enable cache	cache {on|off} <virtual_service>
View cache status	show cache status
Configure global cache expire time	cache settings expire {hh:mm:ss|seconds}
Configure the maximum size for a cache object	cache settings objectsize <size>
View cache basic settings	show cache settings
View cache statistics	show statistics cache [virtual_service]
Clear cache statistics	clear statistics cache [virtual_service|all]
View contents of cache objects	show cache content <host_name> <url_regex>
Remove all cache cache objects by force	clear cache content
Enable cache filter	cache filter {on|off}
Configure cache filter rule	cache filter rule <host_name> <url> {cache|urlquery|ttl}
View cache filter configuration	show cache filter status
View all cache filters about the specified host name	show cache filter hostname <host_name>
Operation	Command
View all cache filter rules	show cache filter all
View the cache filter rules matching the specified host name and URL	cache filter match <host_name> <url_regex>
Remove specified cache filter rules	no cache filter rule <host_name> <url>
Clear cache filter rules matched with the specified host	clear cache filter hostname <host_name>
Clear all cache filter rules	clear cache filter all
View cache filter statistics	show statistics cachefilter <host_name> <url_regex>
Clear cache filter statistics	clear statistics cachefilter [host_name|all]

7.2.2 Configuration Example via CLI

The Cache function for each virtual service works independently. By default, the Cache function is turned off. When Cache is turned off, no objects are stored in cache and all requests will go to the backend servers through the server load balancing mechanism.

• Step 1 Enable the cache function

To use cache, we need to first enable the Cache function for the specified virtual service.

In this example, we enable the Cache function for the virtual service “virtual_MOSS”.

FortiBalancer(config)#cache on virtual_MOSS

The current status of cache can be viewed by using the “show cache status” command.

FortiBalancer(config)#show cache status reverse proxy cache:               enable per-vs status “virtual_MOSS”:       enable

• Step 2 Configure basic cache settings

We start to define basic cache rules for FortiBalancer appliance to follow. The settings that can be configured include:

• The expiration time of the objects in Cache,
• The maximum size of an object in Cache

The current Cache settings can be viewed by using the “show cache settings” command.

FortiBalancer#show cache settings Cache Configuration: Cache Default Expiration:        82800 seconds Maximum Cacheable Object Size:  5120 KB

The above cache settings are the default values, which are the optimal values. If your application has some special requirements, you can make the above cache settings as your needs determine.

To set the global cache expiration time, we can use the “cache settings expire” command. The default value is 82800 seconds (23 hours). The global default expiration time will be used as the expiration time for an object in cache only if it is impossible to calculate the expiration time using the Expiration Model specified in Section 13.2 of RFC 2616.

FortiBalancer(config)#cache settings expire “43200”

To set the maximum size of an object in cache, the “cache settings objectsize” command should be used. The command takes the size in kilobytes. The default value is 5120 KB. If the size of an object being sent to the client is greater than the configured maximum object size, the object will not be cached even if it is otherwise cacheable.

FortiBalancer(config)#cache settings objectsize 1000

Now we use using the “show cache settings” command to view current cache settings:

FortiBalancer(config)#show cache settings Cache Configuration: Cache Default Expiration:        43200 seconds Maximum Cacheable Object Size:  1000 KB

Ø    Step 3 Configure cache filter

First, enable the cache filter function by using the command “cache filter {on|off} <virtual_service>”. By default, the cache filter function is disabled.

FortiBalancer(config)#cache filter on

Then, define cache filter rules by using the command “cache filter rule <host_name> <url> {cache|urlquery|ttl}”. Cache filter rules conveniently controls whether to cache an object and how long to cache it.

In our example, cache all “.jpg” objects from the host “www.xyz.com” and set the TTL to be 200,000 seconds:

FortiBalancer(config)#cache filter rule www.xyz.com “.*\.jpg” “cache=yes” “urlquery=yes” ttl=200000

To view all cache filter rules we have configured.We can execute the command “show cache filter all”.

FortiBalancer(config)#show cache filter all

cache filter rule “www.xyz.com” “./*.jpg ” “cache=yes” “urlquery=yes” “ttl=200000” cache filter rule “www.xyz.com” “.*\.bmp” “cache=yes” “urlquery=yes” “ttl=200000” cache filter rule “www.xyz.com” “.*\.gif” “cache=yes” “urlquery=yes” “ttl=200000” cache filter rule “www.test.com” “example” “cache=yes” “urlquery=yes” “ttl=150000” cache filter rule “www.test.com” “.*\.jpg” “cache=yes” “urlquery=yes” “ttl=200000”

Ø    Step4 Show cache statistics

Once you’ve configured your cache functions, the OS will allow you to view the running status of the appliance as it pertains to the caching requirements you’ve configured.

FortiBalancer(config)#show statis cache Reverse Proxy Cache Global Statistics: Basic Statistics: Requests received:                               3601254 Requests with GET method:                        3601254 Requests with HEAD method:                       0 Requests with PURGE method:                      0 Requests with POST method:                       0 Number of open client connections:               115 Number of open server connections:               115

 

Requests redirected to HTTPS:                    0 Requests redirected based on regex match:        0 Requests forwarded with rewritten url:           0 Locations rewritten to HTTPS:                    0 Locations rewritten based on regex match:        0 Cache skip, cache o :                           3601254 Cache hit, reply using cache:                    0 Cache hit, reply with “Not Modified”:            0 Cache hit, reply with “Precondition Failed”:     0 Cache hit, revalidate:                           0 Cache miss, noncacheable requests:               3601254 Cache miss, create new entry:                    0 Cache miss, create new entry, resp noncacheable: 0 Hit ratio:                                       0.00%   (Notice: the real server’s time should be in sync with this machine. Otherwise, the time difference could expire the cachable objects              resulting in low cache hit ratio.)   Advanced Statistics: Number of cache objects:                                  0 Number of cache frames:                                   0     Successful cache probes:                                  0   Why were certain requests sent to the server? a)  We had to revalidate the cached object due to: Request with “no-cache”:                               0 Requset with “maxage=0”:                               0 Cached object had “no-cache”:                          0 Cache object expired:                                  0   b)  We had to bypass cache for some requests because: Cache was filling when request was made:               0 Revalidation failed due to IMS mismatched:             0 Client has newer copy, cannot send from cache:         0 Object in cache is chunked, cannot give to 1.0 client: 0 Network memory utilization was too high:               0   c)  Request cannnot be served from cache because: Cache filter denied caching:                           0 Requests with “no-store”:                              0 Requests with “authorization”:                         0 Requests with cookies:                                 0 Requests with range:                                   0 Requests non GET, non HEAD:                            0 Requests URL too long:                                 0        Requests host too long:                                0   d)  Error occured while doing cache lookup Network memory shortage when cache hit (200, 304):     0 Cache was not accessible:                              0 Fail to send cache lookup to cache:                    0 Fail to find url and host:                             0 Fail to parse cache specific http request headers:     0 Fail to create a new cache object:                     0 Noncacheble requests due to other errors:              3601254

Why were certain responses not stored in cache?

1. HTTP directive in response told us not to cache

HTTP response code not 200 , 300o r 301:                0

Response had a “no-store”:                             0        Response had a “private”:                              0

Response had a “set-cookie”:                           0

Response had a “vary”:                                 0

 

1. The response did not meet our guidelines for cacheability

Response noncacheable too big:                         0

 

1. Error occured when trying to cache response

Cache storage limit exceeded based on header data:     0

Cache storage limit exceeded based on payload:         0

Network memory shortage when storing response body:    0

Cache object was deleted before response arrived:      0

Fail to parse cache specific http response headers:    0

Fail to store response headers in cache:               0

Fail to store response body in cache:                  0

Cache object was aborted due to connection reset:      0

Noncacheble responses due to other errors:             0