7.2 Reverse Proxy Cache Configuration
The Cache configuration commands are designed for the administrators to set vital parameters as to what cacheable elements will be housed in the temporary memory of the FortiBalancer appliance. By caching certain elements, the appliance will be able to deliver commonly requested information more expediently without requesting the server frequently, thus reducing the total-download time and server load, and improving overall network performance.
7.2.1 Configuration Guidelines
Table 7-2 General Settings of Reverse Proxy Cache
| Operation | Command |
| Enable cache | cache {on|off} <virtual_service> |
| View cache status | show cache status |
| Configure global cache expire time | cache settings expire {hh:mm:ss|seconds} |
| Configure the maximum size for a cache object | cache settings objectsize <size> |
| View cache basic settings | show cache settings |
| View cache statistics | show statistics cache [virtual_service] |
| Clear cache statistics | clear statistics cache [virtual_service|all] |
| View contents of cache objects | show cache content <host_name> <url_regex> |
| Remove all cache cache objects by force | clear cache content |
| Enable cache filter | cache filter {on|off} |
| Configure cache
filter rule |
cache filter rule <host_name> <url> {cache|urlquery|ttl} |
| View cache filter configuration | show cache filter status |
| View all cache filters about the specified host name | show cache filter hostname <host_name> |
| Operation | Command |
| View all cache filter rules | show cache filter all |
| View the cache filter rules matching the
specified host name and URL |
cache filter match <host_name> <url_regex> |
| Remove specified cache filter rules | no cache filter rule <host_name> <url> |
| Clear cache filter rules matched with the specified host | clear cache filter hostname <host_name> |
| Clear all cache filter rules | clear cache filter all |
| View cache filter statistics | show statistics cachefilter <host_name> <url_regex> |
| Clear cache filter statistics | clear statistics cachefilter [host_name|all] |
7.2.2 Configuration Example via CLI
The Cache function for each virtual service works independently. By default, the Cache function is turned off. When Cache is turned off, no objects are stored in cache and all requests will go to the backend servers through the server load balancing mechanism.
- Step 1 Enable the cache function
To use cache, we need to first enable the Cache function for the specified virtual service.
In this example, we enable the Cache function for the virtual service “virtual_MOSS”.
FortiBalancer(config)#cache on virtual_MOSS
The current status of cache can be viewed by using the “show cache status” command.
FortiBalancer(config)#show cache status reverse proxy cache: enable per-vs status “virtual_MOSS”: enable
- Step 2 Configure basic cache settings
We start to define basic cache rules for FortiBalancer appliance to follow. The settings that can be configured include:
- The expiration time of the objects in Cache,
- The maximum size of an object in Cache
The current Cache settings can be viewed by using the “show cache settings” command.
| FortiBalancer#show cache settings Cache Configuration:
Cache Default Expiration: 82800 seconds Maximum Cacheable Object Size: 5120 KB |
The above cache settings are the default values, which are the optimal values. If your application has some special requirements, you can make the above cache settings as your needs determine.
To set the global cache expiration time, we can use the “cache settings expire” command. The default value is 82800 seconds (23 hours). The global default expiration time will be used as the expiration time for an object in cache only if it is impossible to calculate the expiration time using the Expiration Model specified in Section 13.2 of RFC 2616.
FortiBalancer(config)#cache settings expire “43200”
To set the maximum size of an object in cache, the “cache settings objectsize” command should be used. The command takes the size in kilobytes. The default value is 5120 KB. If the size of an object being sent to the client is greater than the configured maximum object size, the object will not be cached even if it is otherwise cacheable.
FortiBalancer(config)#cache settings objectsize 1000
Now we use using the “show cache settings” command to view current cache settings:
| FortiBalancer(config)#show cache settings Cache Configuration:
Cache Default Expiration: 43200 seconds Maximum Cacheable Object Size: 1000 KB |
Ø Step 3 Configure cache filter
First, enable the cache filter function by using the command “cache filter {on|off} <virtual_service>”. By default, the cache filter function is disabled.
FortiBalancer(config)#cache filter on
Then, define cache filter rules by using the command “cache filter rule <host_name> <url> {cache|urlquery|ttl}”. Cache filter rules conveniently controls whether to cache an object and how long to cache it.
In our example, cache all “.jpg” objects from the host “www.xyz.com” and set the TTL to be 200,000 seconds:
FortiBalancer(config)#cache filter rule www.xyz.com “.*\.jpg” “cache=yes” “urlquery=yes” ttl=200000
To view all cache filter rules we have configured.We can execute the command “show cache filter all”.
FortiBalancer(config)#show cache filter all
cache filter rule “www.xyz.com” “./*.jpg ” “cache=yes” “urlquery=yes” “ttl=200000” cache filter rule “www.xyz.com” “.*\.bmp” “cache=yes” “urlquery=yes” “ttl=200000” cache filter rule “www.xyz.com” “.*\.gif” “cache=yes” “urlquery=yes” “ttl=200000” cache filter rule “www.test.com” “example” “cache=yes” “urlquery=yes” “ttl=150000” cache filter rule “www.test.com” “.*\.jpg” “cache=yes” “urlquery=yes” “ttl=200000”
Ø Step4 Show cache statistics
Once you’ve configured your cache functions, the OS will allow you to view the running status of the appliance as it pertains to the caching requirements you’ve configured.
| FortiBalancer(config)#show statis cache Reverse Proxy Cache Global Statistics:
Basic Statistics: Requests received: 3601254 Requests with GET method: 3601254 Requests with HEAD method: 0 Requests with PURGE method: 0 Requests with POST method: 0 Number of open client connections: 115 Number of open server connections: 115 |
| Requests redirected to HTTPS: 0
Requests redirected based on regex match: 0 Requests forwarded with rewritten url: 0 Locations rewritten to HTTPS: 0 Locations rewritten based on regex match: 0 Cache skip, cache o : 3601254 Cache hit, reply using cache: 0 Cache hit, reply with “Not Modified”: 0 Cache hit, reply with “Precondition Failed”: 0 Cache hit, revalidate: 0 Cache miss, noncacheable requests: 3601254 Cache miss, create new entry: 0 Cache miss, create new entry, resp noncacheable: 0 Hit ratio: 0.00%
(Notice: the real server’s time should be in sync with this machine. Otherwise, the time difference could expire the cachable objects resulting in low cache hit ratio.)
Advanced Statistics: Number of cache objects: 0 Number of cache frames: 0 Successful cache probes: 0
Why were certain requests sent to the server? a) We had to revalidate the cached object due to: Request with “no-cache”: 0 Requset with “maxage=0”: 0 Cached object had “no-cache”: 0 Cache object expired: 0
b) We had to bypass cache for some requests because: Cache was filling when request was made: 0 Revalidation failed due to IMS mismatched: 0 Client has newer copy, cannot send from cache: 0 Object in cache is chunked, cannot give to 1.0 client: 0 Network memory utilization was too high: 0
c) Request cannnot be served from cache because: Cache filter denied caching: 0 Requests with “no-store”: 0 Requests with “authorization”: 0 Requests with cookies: 0 Requests with range: 0 Requests non GET, non HEAD: 0 Requests URL too long: 0 Requests host too long: 0
d) Error occured while doing cache lookup Network memory shortage when cache hit (200, 304): 0 Cache was not accessible: 0 Fail to send cache lookup to cache: 0 Fail to find url and host: 0 Fail to parse cache specific http request headers: 0 Fail to create a new cache object: 0 Noncacheble requests due to other errors: 3601254
|
Why were certain responses not stored in cache?
- HTTP directive in response told us not to cache
HTTP response code not 200 , 300o r 301: 0
Response had a “no-store”: 0 Response had a “private”: 0
Response had a “set-cookie”: 0
Response had a “vary”: 0
- The response did not meet our guidelines for cacheability
Response noncacheable too big: 0
- Error occured when trying to cache response
Cache storage limit exceeded based on header data: 0
Cache storage limit exceeded based on payload: 0
Network memory shortage when storing response body: 0
Cache object was deleted before response arrived: 0
Fail to parse cache specific http response headers: 0
Fail to store response headers in cache: 0
Fail to store response body in cache: 0
Cache object was aborted due to connection reset: 0
Noncacheble responses due to other errors: 0
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!