Squid2.6反向代理实现Web缓存加速–[小结文档]

1.Squid2.5实现多个WEB缓存加速小结文档

2.Key changes from squid 2.5

3.Changes to squid.conf

主要的改进

1、融合加速和反向功能

Major improvements to the way that Squid handles web proxy, accelerated and transparent proxy requests to make it easier to configure transparent and acceleration functionality. The default behaviour is to function as a standard HTTP proxy on each port that Squid is configured to listen on, but in addition in this release the keywords "accelerated" and "transparent" can be specified after each port to indicate to Squid the functionality that is to be enabled on that port. This means that the old config directives relating to httpd_accel_* are now deprecated.

2、行为分析

Logging enhancements to allow even greater customization of the way Squid logs requests in the access-log or to syslog if required

Support for parsing X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies

Support for Etag and Vary HTTP headers. This further moves Squid towards HTTP/1.1 compliance. The Vary header field is used for improved caching and delivery of customized content to end clients, and the Etag is used similar to an MD5 checksum between client and server to determine if a web page has changed since it was last retrieved.

1、http_port、cache_peer规则使用

由于

httpd_accel_host 被http_port、cache_peer选项替代

httpd_accel_port 由cache_port来定义

httpd_accel_uses_host_header由http_port vhost选项替代

                     ————————-               —————————
ajax.aaa .com请求 | Squid        |        / 127.0.0.1   ajax.aaa.com    80
Sns.xxx.com请求 |                             |          211.100.100 sns.xxx.com     80           
live.yyy.com请求    — |    10.10.10.10/11   |    —- 169.100.100 live.yyy.com 81
tag.zzz.com 请求 / |    /etc/hosts      |        58.100.100 tag.zzz.com 82
                                 ————————-           —————————

http_port 110.10.10.10:80 transparent vhost vport

cache_peer 127.0.0.1 parent 80 0 no-query originserver

cache_peer 211.100.100 parent 80 0 no-query originserver

cache_peer 169.100.100 parent 81 0 no-query originserver

cache_peer 58.100.100 parent 82 0 no-query originserver

2、Log改进

A、Log记录方式更改,可用记录至系统Log或access-log,引入X-Forwarded-For headers功能后,Log可直接通过后台web的log进行分析

B、X-Forwarded-For headers功能使后端被加速web的log更加便于分析,直接分析后端web的log即可分析用户行为,原先版本后端web的log日志全来自前端squid机器,无法从后端直接分析log

Squid2.6反向代理实现多个Web缓存加速–[配置文档]

# NETWORK OPTIONS
# —————————————————————————–

http_port 211.211.211.211:80 transparent vhost vport

#
#cache_peer 211.100.59.59 parent 80 0 no-query originserver
#cache_peer 61.235.170.133 parent 80 3130 no-query no-netdb-exchange proxy-only
#cache_peer 211.101.21.114 parent 80 0 no-query originserver
#cache_peer 211.100.23.242 parent 80 0 no-query originserver
#cache_peer 61.135.120.233 parent 80 0 no-query originserver
#cache_peer 219.246.145.145 parent 80 0 no-query originserver

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# —————————————————————————–

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
collapsed_forwarding on

# OPTIONS WHICH AFFECT THE CACHE SIZE
# —————————————————————————–
cache_mem 256 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 80 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# —————————————————————————–

#cache_dir ufs /Data/apps/squid/var/cache 1024 56 256
cache_dir ufs /Data/apps/squid/cache 4096 56 256
#access_log /Data/apps/squid/var/logs/access.log squid
cache_log /Data/apps/squid/var/logs/cache.log
emulate_httpd_log on
#cache_store_log /Data/apps/squid/var/logs/store.log
# pid_filename /Data/apps/squid/var/logs/squid.pid

# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# —————————————————————————–

dns_children 5
#Recommended minimum configuration per scheme:
#auth_param negotiate program <uncomment and complete this line to activate>
#auth_param negotiate children 5
#auth_param negotiate keep_alive on
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm keep_alive on
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param basic program <uncomment and complete this line>
#auth_param basic children 5

auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

# OPTIONS FOR TUNING THE CACHE
# —————————————————————————–

# request_header_max_size 20 KB
# request_body_max_size 0 KB

refresh_pattern ^ftp:       1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern .       0   20%   4320
quick_abort_min 0 KB
quick_abort_max 0 KB
# quick_abort_pct 95
# read_ahead_gap 16 KB
# negative_ttl 5 minutes
# refresh_stale_hit 0 seconds

# TIMEOUTS
# —————————————————————————–

forward_timeout 20 seconds
connect_timeout 15 seconds
# peer_connect_timeout 30 seconds
read_timeout 3 minutes
request_timeout 1 minutes
persistent_request_timeout 15 seconds
client_lifetime 15 minutes
half_closed_clients off
# pconn_timeout 120 seconds
# ident_timeout 10 seconds
shutdown_lifetime 5 seconds

# ADMINISTRATIVE PARAMETERS
# —————————————————————————–

cache_mgr longrujun@gmail.com
cache_effective_user squid
cache_effective_group squid
# httpd_suppress_version_string off
visible_hostname longrujun.name

# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# —————————————————————————-

# HTTPD-ACCELERATOR OPTIONS
# —————————————————————————–

# httpd_accel_no_pmtu_disc off

# MISCELLANEOUS
# —————————————————————————–

logfile_rotate 0
tcp_recv_bufsize 65535 bytes
# memory_pools on
# memory_pools_limit 5 MB
# via on
# forwarded_for on
# log_icp_queries on
# icp_hit_stale off
# minimum_direct_hops 4
# minimum_direct_rtt 400
# store_avg_object_size 13 KB
# store_objects_per_bucket 20
# client_db on
# netdb_low 900
# netdb_high 1000
# netdb_ping_period 5 minutes
# query_icmp off
# buffered_logs off
# reload_into_ims off
# global_internal_static on
# short_icon_urls off
error_directory /Data/apps/squid/share/errors/Simplify_Chinese
# maximum_single_addr_tries 1
# retry_on_error off

# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# —————————————————————————–

# delay_initial_bucket_level 50
# max_open_disk_fds 0
# offline_mode off
# uri_whitespace strip
# nonhierarchical_direct on
# prefer_direct off
# coredump_dir none
coredump_dir /Data/apps/squid/cache
# redirector_bypass off
# ignore_unknown_nameservers on
# digest_generation on
# digest_bits_per_entry 5
# digest_rebuild_period 1 hour
# digest_swapout_chunk_size 4096 bytes
# digest_rebuild_chunk_percentage 10
client_persistent_connections off
server_persistent_connections on
# persistent_connection_after_error off
# detect_broken_pconn off
# balance_on_multiple_ip on
# pipeline_prefetch off
# request_entities off
# high_response_time_warning 0
# high_page_fault_warning 0
# high_memory_warning 0
# store_dir_select_algorithm least-load
# ie_refresh off
vary_ignore_expire on
# sleep_after_fork 0
# minimum_expiry_time 60 seconds
# relaxed_header_parser on
strip_query_terms on

# ACCESS CONTROLS
#—————————————————

acl OverConnLimit maxconn 20
http_access deny OverConnLimit

#acl AntiGoogle req_header User-Agent Googlespider
#http_access deny AntiGoogle

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255 10.10.10.0/24
acl Srvip   dst 211.100.99.0/24 211.100.100.0/24 61.135.100.0/24 60.195.200.159.0/24
acl Srvdm   dstdomain .longrujun.name .hanlei.name .liuren.com .keso.cn
acl to_localhost dst 127.0.0.0/8 61.135.170.231/255.255.255.255
acl purgehost src   127.0.0.0/8 61.135.170.231/255.255.255.255
acl purgemethod method PURGE   
acl SSL_ports port 443 563
acl Safe_ports port 80          # http  
acl Safe_ports port 81          # http
acl CONNECT method CONNECT     

always_direct allow Srvdm
never_direct allow !Srvdm
http_access allow manager localhost
http_access deny manager
http_access allow purgemethod purgehost
http_access deny !Safe_ports
http_access deny CONNECT all
http_access allow localhost
http_access allow Srvip
http_access allow Srvdm
http_access deny all
http_reply_access allow all
icp_access deny all
icp_port 0

Squid2.6反向代理实现多个Web缓存加速[安装文档]

Squid2.6反向代理实现多个Web缓存加速–Config More Web Cache Acceleration with Squid Transparent Proxy[安装文档]

Squid反向代理实现Web缓存加速

–Config Web Cache Acceleration with Squid Transparent Proxy

Step I – Downloading and compiling Squid

wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE3-20060823.tar.gz

[root@localhost software]# tar zxvf squid-2.6.STABLE3-20060823.tar.gz

[root@localhost software]# cd squid-2.6.STABLE3-20060823

[root@localhost squid-2.6.STABLE3-20060823]# vi config.sh

写入内容如下:

代码:

#!/bin/bash

SQUID_ROOT="/Data/apps/squid"

./configure –prefix=$SQUID_ROOT

–enable-useragent-log

–enable-referer-log

–enable-default-err-language=Simplify_Chinese

–enable-err-languages="Simplify_Chinese English"

–disable-internal-dns

–enable-dlmalloc

–with-pthreads

–enable-poll

–enable-stacktrace

–enable-removal-policies="heap,lru"

–enable-delay-pools

–enable-storeio="aufs,coss,diskd,ufs"

[root@localhost squid-2.6.STABLE3-20060823]# sh config.sh

[root@localhost squid-2.6.STABLE3-20060823]# make

[root@localhost squid-2.6.STABLE3-20060823]# make install

Step II – Basic Configuration

[root@localhost squid-2.6.STABLE3-20060823]# cd /Data/apps/squid/

[root@localhost squid-2.6.STABLE3-20060823]# mkdir cache

[root@localhost squid-2.6.STABLE3-20060823]# chown squid.squid *

在/etc/hosts中:加入内部的DNS解析,比如:

211.100.99.100 longrujun.name

211.100.100.101 blog.hanlei.name

61.135.100.100 www.liuren.com

60.195.200.159 www.keso.cn

B、vi /Data/apps/squid/etc/squid.conf

squid.conf

Step III – Starting Squid

A、创建缓存目录

[root@redhatas4 sbin]# ./squid –z

B、测试Squid运行状况

[root@redhatas4 sbin]# ./squid –NCd1

成功后将出现"Ready to serve requests".否则请检查配置文件

C、

启动Squid

/Data/apps/squid/sbin/squid

停止 Squid

/Data/apps/squid/sbin/squid –k shutdown
启用新配置:
/Data/apps/squid/sbin/squid -k reconfig
通过crontab每天0点截断/轮循日志:
0 0 * * * (/Data/apps/squid/sbin/squid -k rotate)

Squid反向代理N个后台WEB实现说明[小结文档]

1. Squid反向代理单个后台WEB服务器

A、如果WEB服务器和反向代理服务器是两台单独的机器(一般的反向代理应该有两块网卡分别连接了内外部网络)。那么,应该修改下面的内容来设置反向代理服务。

http_port 80 # squid监听的端口

httpd_accel_host 192.168.0.100 # 内部WEB服务器的IP地址

httpd_accel_port 80 # WEB服务器的IP地址

httpd_accel_single_host on # 转发为缓冲的请求到一台单独的机器

httpd_accel_with_proxy on #

httpd_accel_uses_host_header off

       B、如果WEB服务器和反向代理服务器是同一台机器。那么,应该设置WEB服务器的监听端口为非80端口(比如:81端口)。要修改的内容如下:

http_port 80 # squid监听的端口

httpd_accel_host localhost # 内部WEB服务器的IP地址

httpd_accel_port 81 # WEB服务器的IP地址

httpd_accel_single_host on # 转发为缓冲的请求到一台单独的机器

httpd_accel_with_proxy on #

httpd_accel_uses_host_header off

下面解释一下配置指令。

http_port 80

选项 http_port 指定squid监听HTTP请求的端口,一般都设置成80端口,这样使用户感觉不到反向代理的存在,就像访问真正的WEB服务器一样。

httpd_accel_host 192.168.0.100httpd_accel_port 80

选项httpd_accel_host 和 httpd_accel_port 指定WEB服务器的IP地址和端口号,可以根据自己的WEB服务器的实际情况而定。

httpd_accel_single_host on

选项httpd_accel_single_host 为on 时,squid被设置成仅对单一的web服务器作反向代理。不考虑HTTP头信息,Squid转发所有的为被缓冲的页面请求到这个web服务器。如果squid需要做多个web服务器反向代理,必须将此选项设置为off,并且使用转向器或者DNS去映射请求到合适的后台WEB服务器。

httpd_accel_with_proxy on

如果希望squid既作反向代理服务器又作本地机器的上网代理,需要将httpd_accel_with_proxy 改为 on,默认情况下是off

httpd_accel_uses_host_header off

在HTTP协议1.1中,HTTP请求包括一个主机头信息,指定URL的主机名或者主机的IP地址。这个选项可以用来完成多个后台WEB服务器的反向代理功能。

2.    Squid反向代理多个后台WEB服务器

我们可以用Squid反向代理多个后台WEB服务器。例如:我们可以配置squid同时反向代理www.xxx.com, www.yyy.com, www.zzz.com三个后台WEB服务器,     

Squid的配置如下:

httpd_accel_host virtual

httpd_accel_port 80

httpd_accel_single_host off

httpd_accel_uses_host_header on

注意:编译Squid时需激活Internal DNS选项: –disable-internal-dns

然后设置设置反响代理需要的域名解析(加入hosts)如下:

www.xxx.com 111.222.333.444

www.yyy.com 111.222.333.444

www.zzz.com 111.222.333.444

使三个域名都指向反向代理服务器的IP地址111.222.333.444。

下面设置反向代理所需要的DNS入口信息(即设置内部DNS,仅仅是squid在内部使用,Internet用户不可见)。有两种方法可以设置内部DNS,使用内部DNS服务器来解析或者使用/etc/hosts文件来实现。

使用内部DNS服务器的资源记录如下:

www.xxx.com IN A 192.168.0.101

www.yyy.com IN A 192.168.0.102

www.zzz.com IN A 192.168.0.103

如果使用/etc/hosts文件来实现内部DNS(编译时应使用disable internal dns选项),编辑/etc/hosts文件添加如下条目:

192.168.0.101 www.xxx.com

192.168.0.102 www.yyy.com

192.168.0.103 www.zzz.com

基于Squid的反向加速多个WEB服务器[配置文档]

#Support for External functions

##############
# Auth
############

auth_param basic children 5

auth_param basic realm Squid proxy-caching web server

auth_param basic credentialsttl 2 hours

auth_param basic casesensitive off

#Tuning the Squid Cache

###############

#refresh_pattern

#控制对象的超时时间

################

refresh_pattern ^ftp:          1440      20%       10080

refresh_pattern ^gopher:   1440      0% 1440

refresh_pattern .         0     20%       4320

refresh_pattern -i .gif$   10    1000%     10      ignore-reload

refresh_pattern -i .jpg$   10    1000%     10      ignore-reload

refresh_pattern -i .png$   10    1000%     10      ignore-reload

refresh_pattern -i .bmp$   10    1000%     10      ignore-reload

refresh_pattern -i .css$        10      50%     60       reload-into-ims

refresh_pattern -i .js$         10      50%     60       reload-into-ims

refresh_pattern -i .htm$        5      50%     10       reload-into-ims

refresh_pattern -i .shtm$        5      50%     10       reload-into-ims

refresh_pattern -i .html$       5      50%     10       reload-into-ims

#refresh_pattern -i .aspx$       5      50%     10       reload-into-ims

quick_abort_min 0 KB

quick_abort_max 0 KB

range_offset_limit -1 KB

###negative_ttl 30 seconds

# Timeouts

# forward_timeout 4 minutes

forward_timeout 20 seconds

# connect_timeout 1 minute

connect_timeout 15 seconds

# read_timeout 15 minutes

read_timeout 3 minutes

# request_timeout 5 minutes

request_timeout 1 minutes

# persistent_request_timeout 1 minute

persistent_request_timeout 15 seconds

# client_lifetime 1 day

client_lifetime 15 minutes

# pconn_timeout 120 seconds

# shutdown_lifetime 30 seconds

shutdown_lifetime 5 seconds

# Administrative parameters

#设置管理信息

visible_hostname cache.dm.net

#cachemgr_passwd admin all

#设置运行时的用户和组权限

cache_effective_user squid

cache_effective_group squid

# Peer cache servers and Squid hierarchy

#hierarchy_stoplist cgi-bin ?

###acl QUERY urlpath_regex cgi-bin ?

#acl QUERY urlpath_regex ?

#no_cache deny QUERY

#Cache size

#设置squid用户hot object的物理内存的大小以及设置cache目录

cache_mem 512 MB

maximum_object_size 32768 KB

maximum_object_size_in_memory 512 KB

#Swap性能微调

half_closed_clients off

cache_swap_high 95%

cache_swap_low 80%

maximum_object_size 1024 KB

###cache_replacement_policy heap GDSF

###memory_replacement_policy heap GDSF

#Log file path names and cache directories

cache_dir ufs /Data/apps/squid/cache 40960 56 256

###cache_dir null /Data/apps/squid/cache

coredump_dir /Data/apps/squid/cache

#对日志文件和pid文件位置进行设置

#cache_access_log /Data/apps/squid/var/logs/access.log

###cache_access_log none

cache_log /Data/apps/squid/var/logs/cache.log

###cache_log /dev/null

###useragent_log /opt/itc/squid/logs/useragent.log

cache_store_log none

emulate_httpd_log on

# logfile_rotate 10

logfile_rotate 0

#pid_filename /Data/apps/squid/var/logs/squid.pid

# TAG: relaxed_header_parser   on|off|warn

# relaxed_header_parser on

# Delaypool parameters (all require delay_pools compilation options)

#####

#Tag Name strip_query_terms

#Usage strip_query_terms on|off

#Description

#Squid by default does not log query parameters.

#These parameters are however forwarded to the server verbatim.

#If we want to enable logging of query parameters, the strip_query_terms

#directive can be used .

#By default, Squid strips query terms from requested URLs before logging.

#This protects your user’s privacy

#Default strip_query_terms on

strip_query_terms off

client_persistent_connections off

# if need "long" connection set it to on

server_persistent_connections on

# Tag Name dns_children

#Usage dns_children number (1 to 32)

#Description

#The number of processes spawn to service DNS name lookups are specified here.

#For heavily loaded caches on large servers, There is probably need to increase

#this value to at least 10. The maximum is 32. The default is 5. This option is

#only available if Squid is rebuilt with the –disable-internal-dns option. The

#number of processes increases, the performance of DNS lookups also increases.

#It is recommended to use maximum child processes (32).

#

dns_children 5

#dns_nameservers 202.99.8.1

####

# Network

http_port 80

# Access controls

####

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl Srvip   dst 211.100.23.0/24 61.135.131.0/24 202.108.33.32/24 202.108.9.0/24 202.108.12.0/24

acl Srvdm   dstdomain .sina.com .sohu.com .163.com .tom.com

acl to_localhost dst 127.0.0.0/8 61.135.170.231/255.255.255.255

acl purgehost src 127.0.0.0/8 61.135.170.231/255.255.255.255

acl purgemethod method PURGE    

acl SSL_ports port 443 563

acl Safe_ports port 80          # http   

acl Safe_ports port 81          # http  

acl CONNECT method CONNECT      

###always_direct allow Srvdm

###never_direct allow !Srvdm

http_access allow manager localhost

http_access deny manager

http_access allow purgemethod purgehost

http_access deny !Safe_ports

http_access deny CONNECT all

http_access allow localhost

http_access allow Srvip

http_access allow Srvdm

http_access deny all

# http_reply_access allow all

icp_access deny all

#透明代理设置

httpd_accel_port 80

httpd_accel_host virtual

httpd_accel_single_host off

httpd_accel_with_proxy on

httpd_accel_uses_host_header on

# Miscellaneous

tcp_recv_bufsize 4096 bytes

client_db off

# reload_into_ims off

基于Squid的反向加速多个WEB服务器[安装文档]

Step I – Downloading and compiling Squid

Wget http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE13.tar.gz

[root@redhatas4 squid-2.5.STABLE13]# tar zxvf squid-2.5.STABLE13.tar.gz

[root@redhatas4 squid-2.5.STABLE13]# cd squid-2.5.STABLE13

[root@redhatas4 squid-2.5.STABLE13]# vi config.sh

写入内容如下:

代码:

#!/bin/bash

SQUID_ROOT="/Data/apps/squid"

./configure –prefix=$SQUID_ROOT

–enable-useragent-log

–enable-referer-log

–enable-default-err-language=Simplify_Chinese

–enable-err-languages="Simplify_Chinese English"

–disable-internal-dns

[root@redhatas4 squid-2.5.STABLE13]# sh config.sh

[root@redhatas4 squid-2.5.STABLE13]# make

[root@redhatas4 squid-2.5.STABLE13]# make install

Step II – Basic Configuration

[root@redhatas4 squid]# cd /Data/apps/squid/

[root@redhatas4 squid]# mkdir cache

[root@redhatas4 squid]# chown squid.squid *

A、 在/etc/hosts中:加入内部的DNS解析,比如:
61.135.132.176 www.sohu.com
202.108.33.32 www.sina.com
202.108.9.16 www.163.com

      202.108.12.68 www.tom.com

B、vi /Data/apps/squid/etc/squid.conf

详见附件,重点都在这里了

Step III – Starting Squid

A、创建缓存目录

[root@redhatas4 sbin]# ./squid –z

B、测试Squid运行状况

[root@redhatas4 sbin]# ./ squid –NCd1

成功后将出现"Ready to serve requests".否则请检查配置文件

C、建立Squid启动脚本

# cd /etc/rc.local

#vi squid.sh

代码:

#!/bin/sh

# if ! PREFIX=$(expr $0 : "(/.*)/etc/rc.d/$(basename $0)$"); then

#   echo "$0: Cannot determine the PREFIX" >&2

#   exit 1

# fi

case "$1" in

start)

  if [ -x /Data/apps/squid/sbin/squid -a -f /Data/apps/squid/etc/squid.conf ]; then

  (cd /Data/apps/squid/var/logs; /Data/apps/squid/sbin/squid >/dev/null 2>&1 &) ; echo -n ‘ squid’

  fi

  ;;

stop)

    /Data/apps/squid/sbin/squid -k shutdown 2>&1

    # Uncomment this if you’d like the system to (attempt to

    # wait for) squid to shut down cleanly

    #echo "Sleeping for 45 seconds to allow squid to shutdown.."

    #sleep 45

  ;;

*)

  echo "Usage: `basename $0` {start|stop}" >&2

  ;;

esac

exit 0

启动squid
/etc/rc.local/squid.sh start 启动squid

/etc/rc.d/squid.sh stop 停止squid

启用新配置:
/Data/apps/squid/sbin/squid -k reconfig
通过crontab每天0点截断/轮循日志:
0 0 * * * (/Data/apps/squid/sbin/squid -k rotate)

停止squid:

停止squid: Published 2006年8月16日 7:52 by admin Filed under: