Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid 2.6.21 package (1.2.1 RC1 aug 15) Bugs and fixes!

    pfSense Packages
    2
    10
    8.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Tikimotel
      last edited by

      Two BUGS I fixed!!!

      Fix Squid Icons, FTP webfolder browsing.
      open "/usr/local/pkg/squid.inc" and add and change lines.

      function squid_resync_nac() {
      	global $config, $valid_acls;
      ##############################################
      # ----- added -----
      #
             $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128);
      #
      # ----- added -----
      ##############################################
      	$settings = $config['installedpackages']['squidnac']['config'][0];
      	$webgui_port = $config['system']['webgui']['port'];
      
      	$conf = << <eod<br># Setup some default acls
      acl all src 0.0.0.0/0.0.0.0
      acl localhost src 127.0.0.1/255.255.255.255
      ##############################################
      # ----- changed ----- added $port for Squid Icons!!!
      #
      acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 $port $webgui_port 1025-65535
      #
      # ----- changed -----
      ##############################################
      acl sslports port 443 563 $webgui_port
      acl manager proto cache_object
      acl purge method PURGE
      acl connect method CONNECT
      acl dynamic urlpath_regex cgi-bin \?
      
      EOD;</eod<br> 
      

      press "save" in the webconfigurator to generate fixed "squid.conf" and reload squid.
      test page to see if Squid shows icons: (open in webbrowser)
      ftp://ftp.tex.ac.uk/tex-archive/tools/zip/info-zip

      Type-o-bug in XML
      open "/usr/local/pkg/squid_cache.xml" and add and change lines.

      		 <field><fielddescr>Memory replacement policy</fielddescr>
      ##############################################
      # memory_replacement != memory_replacement_policy in "squid.inc" that is why it didn't stick in "squid.conf"!!!
      			<fieldname>memory_replacement_policy</fieldname>
      ###############################################
      			<description>The memory replacement policy determines which objects are purged from memory when space is needed.  The default policy for memory replacement is GDSF.  <p> <b> LRU: Last Recently Used Policy </b> - The LRU policies keep recently referenced objects.  i.e., it replaces the object that has not been accessed for the longest time. <p> <b> Heap GDSF: Greedy-Dual Size Frequency </b> - The Heap GDSF policy optimizes object-hit rate by keeping smaller, popular objects in cache.  It achieves a lower byte hit rate than LFUDA though, since it evicts larger (possibly popular) objects.  <p> <b> Heap LFUDA: Least Frequently Used with Dynamic Aging </b> - The Heap LFUDA policy keeps popular objects in cache regardless of their size and thus optimizes byte hit rate at the expense of hit rate since one large, popular object will prevent many smaller, slightly less popular objects from being cached.  <p> <b> Heap LRU: Last Recently Used </b> - Works like LRU, but uses a heap instead. <p> Note: If using the LFUDA replacement policy, the value of Maximum Object Size should be increased above its default of 12KB to maximize the potential byte hit rate improvement of LFUDA.</description>
      			<type>select</type>
      			<default_value>heap GDSF</default_value>
      			 <options><option><name>LRU</name><value>lru</value></option>
      				<option><name>Heap LFUDA</name><value>heap LFUDA</value></option>
      				<option><name>Heap GDSF</name><value>heap GDSF</value></option>
      				<option><name>Heap LRU</name><value>heap LRU</value></option></options></field> 
      		 <field><fielddescr>Cache replacement policy</fielddescr>
      ##############################################
      # cache_replacement != cache_replacement_policy in "squid.inc" that is why it didn't stick too!!! 
      			<fieldname>cache_replacement_policy</fieldname>
      ##############################################
      			<description>The cache replacement policy decides which objects will remain in cache and which objects are replaced to create space for the new objects.  The default policy for cache replacement is LFUDA.  Please see the type descriptions specified in the memory replacement policy for additional detail.</description>
      			<type>select</type>
      			<default_value>heap LFUDA</default_value>
      			 <options><option><name>LRU</name><value>lru</value></option>
      				<option><name>Heap LFUDA</name><value>heap LFUDA</value></option>
      				<option><name>Heap GDSF</name><value>heap GDSF</value></option>
      				<option><name>Heap LRU</name><value>heap LRU</value></option></options></field> 
      
      

      press "save" in the webconfigurator to generate fixed "squid.conf" and reload squid.

      I hope this gets updated into the package, so not everyone needs to edit these files by hand.  ;)

      1 Reply Last reply Reply Quote 0
      • T
        trendchiller
        last edited by

        fixed … thanks !

        1 Reply Last reply Reply Quote 0
        • T
          trendchiller
          last edited by

          but i do not see any changes with ftp-browsing…
          and although i'm familiar with squid i cannot get the point why to add the squid port 3128 th the safe-ports list ?

          1 Reply Last reply Reply Quote 0
          • T
            Tikimotel
            last edited by

            Without the squid's own port, you would see empty image boxes.
            With the port you are able to download and see the anthony-*.gif icons (but they're text-like in this release.)

            1 Reply Last reply Reply Quote 0
            • T
              trendchiller
              last edited by

              ok, thanks…

              1 Reply Last reply Reply Quote 0
              • T
                Tikimotel
                last edited by

                Ok you might want to fix the default icon directory too.  :-[
                I named it inside the squid.conf too, eventhough it's the same as with default for squid. (using squid.inc, below "error_directory")
                "icon_directory /usr/local/etc/squid/icons"

                ( other configs say default is "/usr/local/squid/icons" )
                It only works with FF, IE doesn't know what to do with a "localhost:3128" link.

                FTP_squid-icon_FF.JPG
                FTP_squid-icon_FF.JPG_thumb
                FTP_squid-icon_IE.JPG
                FTP_squid-icon_IE.JPG_thumb

                1 Reply Last reply Reply Quote 0
                • T
                  Tikimotel
                  last edited by

                  Ok, I've now got IE and FF working with squid icons!!!
                  previous pic of FF was direct, no proxy… sorry.

                  Set "Visible hostname" to your router's name, in my case this is "pfsense".

                  FTP_squid-icon_FF_correct_Hostname.JPG
                  FTP_squid-icon_FF_correct_Hostname.JPG_thumb
                  FTP_squid-icon_IE_correct_Hostname.JPG
                  FTP_squid-icon_IE_correct_Hostname.JPG_thumb

                  1 Reply Last reply Reply Quote 0
                  • T
                    trendchiller
                    last edited by

                    the icons directory is already fixed…

                    still no changes to see for me  :-[

                    visible hostname is a dns-alias...

                    here it does not show the icons you put in the screenshot, neither in ie7 nor in FF :-(

                    1 Reply Last reply Reply Quote 0
                    • T
                      Tikimotel
                      last edited by

                      hmm, I had to empty the local IE and FF caches to get it to work as in the uploaded pics.

                      If I set hostname back to localhost, my clients with FF and IE won't load the pics.
                      They can't find it on localhost…(is the clients own machine)
                      pfsense is what I choose on install as my firewall machinename and it resides in the /etc/hosts file on my firewall.
                      Furthermore I have dnsmasq (a.k.a DNS forwarder) add leases to the dns forwarder and the static mappings too.

                      1 Reply Last reply Reply Quote 0
                      • T
                        trendchiller
                        last edited by

                        ok,i got it… BUT: if I remove the squid-port from the safe-ports list, it shows me the icons, too...
                        even after deleting the local cache...
                        and every manual i looked up never told me to add the squid-port to the safe-port-list...

                        so i guess i'll removing it... for security reasons...

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.