I've setup a squid proxy for caching of install rpms for an entire LAN; I'm not interested in setting up / maintaining a local repo mirror.

The goal is to allow each machine on the LAN to independently exec zypper (up, dup, ref, etc), getting fresh/relevant metadata for its local state, and, at .rpm install, to check/use the central, squid cache for rpm source 1st, then check/dl from network as required.

Each machine has its own mix of repos -- official distribution, official updates, 3rd party (devel, home:, local).

.rpm DLs are large, !.rpm (meta)data are small. Some sources are static (release/distro), and some are dynamic & frequently changing.

Different sources have different URL naming conventions, and, afaict, there's no consistent indication that a source is dynamic, or not.

To maximize both caching and data freshness, I've configured the following cache policy in /etc/squid/squid.conf:


Code:
    acl zypp url_regex repodata/.*\.xml
    acl zypp url_regex repodata/.*\.xml\.asc
    acl zypp url_regex repodata/.*\.xml\.key
    acl zypp url_regex setup/descr/packages.*\.gz
    cache deny zypp

    refresh_pattern -i (/cgi-bin/|\?)     0      0%        0
    refresh_pattern .                     0     20%     4320
With that simple policy in place, and staring at logs for awhile, I _think_ I successfully

Code:
    (1) cache static metadata
    (2) never cache dynamic metadata
    (3) cache RPMs
Given the range of sources in d.o.o & packman, does that policy appear correct, and not overly aggressive, missing needed updates?

To keep zypper effective "through" this LAN cache, is there additional/different config that's recommended?