ISPPlanet Cache Review Series - CacheFlow 545

Controlling Cache Services

For those times when cache bypass is necessary, CacheFlow provides a really nice Bypass List feature (left). A central list, maintained by CacheFlow, identifies known problem hosts: registration servers that limit users per IP per day, self-hosting and on-line gaming servers that require client IPs, a site using port 80 for non-HTTP traffic, etc.The central list can be installed manually or updated automatically, with email change notification. There is also a local list, decoupling maintenance of local and central lists.

Unfortunately, we could not test the Bypass List because it only applies to transparent mode. CacheFlow recommends PAC files for proxy mode bypass. Although PAC files can be centrally-defined, they clearly don't offer the same flexibility as this Bypass List.

We successfully tested the Filter List, another method of addressing interoperability problems. Again, a central list is maintained by CacheFlow, augmented by a local list. But entries in the Filter List are defined by URL prefix or regular expression, apply to all traffic, and control whether site access is blocked, whether requests or hit reports should be forwarded to the origin server, if objects should be cached or refreshed, and whether the entry overrides subscription-based content filters. This feature is powerful.

Subscription filters were added in the last release; this may be why WebSense and SmartFilter services are configured with the CLI. We installed the CacheOS 2.2 release (below, left), then used CLI commands (below, right) to select and enable WebSense.
To configure, just enter a license key and "get-now" to initiate database download. All categories are blocked by default; refine policy using "block" and "unblock" commands on individual categories or "all". The database can be automatically updated by day-of-week and time-of-day. We had no trouble with updates, but had to retry initial download due to latency between our site and WebSense. (Ongoing service was not impacted by the retry.) We saw filters enforced in accordance with configured policy, except when a blocked page had previously been cached. Error Pages returned for blocked sites, and other error codes, can be customized using the Maintenance GUI.

Additional compatibility tweaks are available through the CLI, hidden unless you enter the incantation "reveal http". For example, a work-around to detect Internet Explorer reload requests can be disabled with the "http substitute" command.