@aGeekhere They just release Squid 7 and it is stable if you want to check it out

"The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-7.1 release!

This release is, we believe, stable enough for general production use.
We encourage all users of any previous major version of Squid to upgrade to it,
as well as users of beta version 7.0.X.

It can be downloaded from GitHub, at
https://github.com/squid-cache/squid/releases/tag/SQUID_7_1

Since version 6, Squid offers:

better support for overlapping IP ranges and wildcard domains in acl countless security, portability, and documentation fixes

Since version 6, some previously deprecated features have been removed:

Edge Side Includes (ESI) access to the cache manager using the cache_object:// scheme - use
http instead the squdclient tool - use curl
http://<squid-address>/squid-internal-mgr/menu instead the cachemgr.cgi tool the purge tool - use the http PURGE method instead Ident protocol support basic_smb_lm_auth and ntlm_smb_lm_auth helpers - use Samba's
ntlm_auth instead

Further details can be found in the release notes and in the changelog

Please remember to run "squid -k parse" when testing the upgrade to a new
version of Squid. It will audit your configuration files and report
any identifiable issues the new release will have in your installation
before you "press go".

If you encounter any issues with this release please file a bug report at
https://bugs.squid-cache.org/

--
Francesco Chemolli

squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users"

I am having issues with this right now

"I got as far as this with the make clean install no matter what I do I can’t get this package installed. I have tried pkg install heimdal same error after install and pkg install krb5 and pkg install krb5-devel. I don’t know what I am doing wrong it does the make clean for a while and crashes for the bootstrap version the other one I could get going

ERROR: checking whether S5L_CTX_sess_set_get_cb() callback accepts a const ID argument" ... yes checking "whether X509_get0_signature() accepts const parameters" ... yes checking whether the TXT_DB use OPENSSL_PSTRING data member... yes checking whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_V alue should used... no checking whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used ... yes configure: OpenSSL library support: yes -lcrypto -lss1 configure "Library -Kit-kros" support: no (auto) /configure: LIBHEIMDAL_KRB5_PATH+=-L/usr/lib: not found /configure: LIBHEIMDAL_KRB5_CFLAGS+=-1/usr/include: not found checking for LIBHEIMDAL_KRB5... no configure: error: Required library 'heimdal-krb5' not found ニニニン Script "configure" failed unexpectedly. Please report the problem to timp87@gmail.com maintainerl and attach the '/usr/ports/uuu/squid/uork/squid-7.1/config.log" including the output of the failure of your make command. Also, it might be a good idea to provide an overview of all packages installed on your system te.g. a /usr/local/sbin/pkg-static into -g -tal. *** Error code 1 Stop. makel1]: stopped in /usr/ports/www/squid *** Error code 1 Stop. make: stopped in /usr/ports/www/squid root@free:/usr/ports/www/squid #"

it gets so far along and fails with this error.

@JonathanLee said in UNOFFICIAL GUIDE: Have Package Logs Record to a secondary SSD drive Snort Syslog Squid and or Squid cache system:

ln -s -F /nvme/LOGS_Optane/snort /var/log/snort

Also you can do this with suricata.

/var/log/suricata remove this mkdir /nvme/LOGS_Optane/suricata ln -s -F /nvme/LOGS_Optane/suricata /var/log/suricata

This is a better WPAD file

server.modules = ( "mod_access", "mod_staticfile", "mod_expire", "mod_setenv" ) server.document-root = "/var/www/html" server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 server.bind = "192.168.1.6" server.tag = "" server.range-requests = "disable" server.max-connections = 10 connect-timeout = 2 server.max-keep-alive-idle = 2 server.max-keep-alive-requests = 1 server.max-read-idle = 2 server.max-write-idle = 2 dir-listing = "disable" $HTTP["request-method"] =~ "^(TRACE|TRACK)$" { url.access-deny = ( "" ) } # Cache WPAD and proxy PAC files for 1 day (good practice) expire.url = ( "/wpad.dat" => "access plus 1 day", "/proxy.pac" => "access plus 1 day" ) # Disable access logs to reduce SD card wear (optional) accesslog = "" $HTTP["url"] =~ "^/(wpad\.dat|proxy\.pac)$" { setenv.add-response-header = ( "X-Content-Type-Options" => "nosniff", "X-Frame-Options" => "DENY", "Content-Security-Policy" => "default-src 'none';", "Cache-Control" => "public, max-age=86400", "Referrer-Policy" => "no-referrer", "X-Download-Options" => "noopen", "X-Permitted-Cross-Domain-Policies" => "none" ) # Allow only GET and HEAD methods $HTTP["request-method"] !~ "^(GET|HEAD)$" { url.access-deny = ( "" ) } # Restrict access by IP subnets $HTTP["remoteip"] == "192.168.1.0/27" { } else $HTTP["remoteip"] == "2001:470:8052:a::/64" { } else { url.access-deny = ( "" ) } } # Deny all other URL requests $HTTP["url"] !~ "^/(wpad\.dat|proxy\.pac)$" { url.access-deny = ( "" ) } # Strict URL parsing for security and consistency server.http-parseopts = ( "header-strict" => "enable", "host-strict" => "enable", "host-normalize" => "enable", "url-normalize-unreserved"=> "enable", "url-normalize-required" => "enable", "url-ctrls-reject" => "enable", "url-path-2f-decode" => "disable", "url-path-2f-reject" => "enable", "url-path-dotseg-remove" => "disable", "url-path-dotseg-reject" => "enable", ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) # Add WPAD MIME type for correct browser handling mimetype.assign = ( ".dat" => "application/x-ns-proxy-autoconfig", ".pac" => "application/x-ns-proxy-autoconfig" )

@brcuewayne DiagnosticsCommand Prompt
Shell Output - ls -l /usr/local/sbin/dhcpleases6
ls: /usr/local/sbin/dhcpleases6: No such file or directory
Execute Shell Command

@brcuewayne can you provide more details about error(s) you get when you try to start squid?

@viragomann

Damn i completely forgot that i could use the current LAN CARP i have..!! Yeah that works for me !! Thank you very much !!!

Hi, just in case someone has the same issue still in 2025. I'm using pfsense 2.8 and haproxy 0.63_10 and I got the same problem: changing the backend port, is not taking effect unless you delete the haproxy_server_state ans reload haproxy (at least this worked for me). It would be good if this process could be automated anytime your reload/restart haproxy. Or itmight be thatI'm missing something.

@pradeep-sl
Check if the backend is shown up as online on the FS stats page.

@aGeekhere said in Unofficial Squid Custom Refresh Patterns:

https://github.com/mmd123/squid-cache-dynamic_refresh-list

I added them thanks.

@viragomann

"Host Matches" in my Case works only when also setting to "use defaults"

I was able to solve the issue by shifting the redirect rules for phpmyadmin to the frontend instead of trying to path it out on the backend. This resolved the issue for me.

Front End
e80ffba8-07fd-4520-8b54-abf5e3bdff8e-image.png

dd4aa560-b111-4f7a-8489-ef46975a5039-image.png

Since the pathing now happens in the front end, I was able to clean up the backend and it's just a simple passthrough in the case of phpmyadmin.

Hopefully, this helps someone else out too. There's probably a more elegant way to solve this, but it did the trick for me.

@jonny190 said in ACL with multi Action:

in to one rule, i can get the first line in just not the seccond

So add a second one.
The original config has also two rule for what you want.

BTW: the original rule looks a bit different than yours. It seems, to also replace the last octet of the IP.

@anemacuore 2.8.0 is work (update)

Hi, a few weeks ago the same problem, HAProxy was working fine about 3 years ago.

I try pfsense version 2.6, 2.7, 2.8beta and now 2.8. Haproxy and haproxy-devel. no success.

Its like a cache, when request the first acl rule, the next use the same rule.