Squid3 - New GUI with sync, normal and reverse proxy
-
Getting this error. Did a clean pfSense install. SquidGuard won't start either.. as Squid fails to start.
Apr 16 11:22:56 php: /pkg_mgr_install.php: The command '/usr/local/sbin/squid' returned exit code '1', the output was 'FATAL: Bungled squid.conf line 7: http_port 127.0.0.1:3128 intercept Squid Cache (Version 2.7.STABLE9): Terminated abnormally.'
Apr 16 11:22:56 squid[34066]: Bungled squid.conf line 7: http_port 127.0.0.1:3128 interceptYou running squid is Version 2.7.STABLE9.
What version of pfsense are you using?
Take a look on first posts of this thread to see package install sequence.
att,
Marcello Coutinho -
I'ts a good idea but I have no idea how services tab could identify these two squid processes?
Good point! here is the output of mine… Keep in mind when I have squid.inc, i put the full path for path conf files... if there is a shutdown, reconfigure; i included the full path to the conf in the syantxOk. Let's try to config it.
I did a lot of changes on squid.inc for this package. Can you try to reapply you patch on current config or show me what you did?
i sent you a pm
-
Getting this error. Did a clean pfSense install. SquidGuard won't start either.. as Squid fails to start.
Apr 16 11:22:56 php: /pkg_mgr_install.php: The command '/usr/local/sbin/squid' returned exit code '1', the output was 'FATAL: Bungled squid.conf line 7: http_port 127.0.0.1:3128 intercept Squid Cache (Version 2.7.STABLE9): Terminated abnormally.'
Apr 16 11:22:56 squid[34066]: Bungled squid.conf line 7: http_port 127.0.0.1:3128 interceptYou running squid is Version 2.7.STABLE9.
What version of pfsense are you using?
Take a look on first posts of this thread to see package install sequence.
att,
Marcello CoutinhoI clean installed this version
2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:16:13 EST 2011Then went into packages and installed squid3 first. Same settings I have been using for over a year. Nothing has changed. I reinstalled pfSense again and again tried with your latest package.. same issue.
-
Hi guys,
I'm testing new squid3 package, and after install it, I'm having a lot errors in http connections, squid show me a lot 'TCP_MISS/503'. This happen often in forms posts, so I need re-send form ou press F5.
I tested exhaustively the squid-2.7.9_1 + squidGuard and problem no happen. So I too tested exhaustively the squid3 + SquidGuard, and I give this problem.All squid versions have the same config. And this problem only occurs in 'Transparent Mode'
Somebdoy can please test it and report the results?!
Thanks
Hi,
so I post what I did and while I am doing this it will take more than one minute. (Remember your pm to me).
I installed squid3 package and sent myself personal messages. It took all times very long till they get sent - but that's probably a forum issue. Nothing uncommon in access.log.
After that installed squidguard - it break squid3 and squidguard so I uninstalled squid3 and reinstalled squid3. after that both were running. I created a target in squidguard to block google.de and it is working. Other pages can be visited. Nothing uncommon and not TCP_MISS/503 in access.log
I sent some personal messages myself and no problem.
Now I am writing this post and we will see what happens.
PS: I did not enable any additional options on squid - just basic settings on a VM to test.
–-- EDIT ----
Got the same error as ccesario:
This is after writing the post:1334604903.140 56 192.168.0.112 TCP_MISS/503 4769 POST http://forum.pfsense.org/index.php? - DIRECT/forum.pfsense.org text/html 1334604903.969 659 192.168.0.112 TCP_MISS/200 13148 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/209.169.10.131 image/png
My brwoser showed the attached screenshot.
After that I pressed F5 and re-sent:
1334605018.876 60599 192.168.0.112 TCP_MISS/302 580 POST http://forum.pfsense.org/index.php? - DIRECT/69.64.6.7 text/html 1334605019.308 428 192.168.0.112 TCP_MISS/200 12060 GET http://forum.pfsense.org/index.php/board,15.0.html - DIRECT/69.64.6.7 text/html 1334605019.409 154 192.168.0.112 TCP_MISS/304 260 GET http://www.google-analytics.com/urchin.js - DIRECT/173.194.35.39 - 1334605019.530 307 192.168.0.112 TCP_MISS/304 323 GET http://forum.pfsense.org/Themes/slickprographite/style.css? - DIRECT/69.64.6.7 - 1334605019.542 158 192.168.0.112 TCP_MISS/304 258 GET http://pagead2.googlesyndication.com/pagead/show_ads.js - DIRECT/209.85.148.157 - 1334605019.546 319 192.168.0.112 TCP_MISS/304 321 GET http://forum.pfsense.org/Themes/default/print.css? - DIRECT/69.64.6.7 - 1334605019.561 332 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/transparency.gif - DIRECT/69.64.6.7 - 1334605019.581 352 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/folder_open.gif - DIRECT/69.64.6.7 - 1334605019.600 370 192.168.0.112 TCP_MISS/304 321 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/linktree_side.gif - DIRECT/69.64.6.7 - 1334605019.612 396 192.168.0.112 TCP_MISS/304 323 GET http://forum.pfsense.org/Themes/default/script.js? - DIRECT/69.64.6.7 - 1334605019.693 162 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/default/xml_board.js - DIRECT/69.64.6.7 - 1334605019.710 162 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/rss.gif - DIRECT/69.64.6.7 - 1334605019.729 166 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/filter.gif - DIRECT/69.64.6.7 - 1334605019.747 163 192.168.0.112 TCP_MISS/304 323 GET http://forum.pfsense.org/pfsense_banner_applianceshop.png - DIRECT/69.64.6.7 - 1334605019.765 163 192.168.0.112 TCP_MISS/304 321 GET http://forum.pfsense.org/Themes/slickprographite/images/sort_down.gif - DIRECT/69.64.6.7 - 1334605019.781 168 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/topic/veryhot_post.gif - DIRECT/69.64.6.7 - 1334605019.858 164 192.168.0.112 TCP_MISS/304 321 GET http://forum.pfsense.org/Themes/slickprographite/images/post/xx.gif - DIRECT/69.64.6.7 - 1334605019.874 163 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/show_sticky.gif - DIRECT/69.64.6.7 - 1334605019.894 163 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/last_post.gif - DIRECT/69.64.6.7 - 1334605019.917 169 192.168.0.112 TCP_MISS/304 321 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/quick_lock.gif - DIRECT/69.64.6.7 - 1334605019.930 164 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/topic/hot_post.gif - DIRECT/69.64.6.7 - 1334605019.947 165 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/topic/normal_post.gif - DIRECT/69.64.6.7 - 1334605019.968 68 192.168.0.112 TCP_MISS/200 500 GET http://www.google-analytics.com/__utm.gif? - DIRECT/173.194.35.39 image/gif 1334605020.024 165 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/post/wink.gif - DIRECT/69.64.6.7 - 1334605020.037 163 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/topic/my_veryhot_post.gif - DIRECT/69.64.6.7 - 1334605020.059 165 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/post/thumbup.gif - DIRECT/69.64.6.7 - 1334605020.086 169 192.168.0.112 TCP_MISS/304 321 GET http://forum.pfsense.org/Themes/slickprographite/images/topic/normal_poll.gif - DIRECT/69.64.6.7 - 1334605020.102 169 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/topic/my_normal_post.gif - DIRECT/69.64.6.7 - 1334605020.115 167 192.168.0.112 TCP_MISS/304 321 GET http://forum.pfsense.org/Themes/slickprographite/images/post/question.gif - DIRECT/69.64.6.7 - 1334605020.191 167 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/quick_sticky.gif - DIRECT/69.64.6.7 - 1334605020.204 167 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/bg_body.gif - DIRECT/69.64.6.7 - 1334605020.225 164 192.168.0.112 TCP_MISS/304 323 GET http://forum.pfsense.org/Themes/slickprographite/images/logo.jpg - DIRECT/69.64.6.7 - 1334605020.251 164 192.168.0.112 TCP_MISS/304 321 GET http://forum.pfsense.org/Themes/slickprographite/images/coltitle_bg.gif - DIRECT/69.64.6.7 - 1334605020.269 166 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/mirrortab_first.gif - DIRECT/69.64.6.7 - 1334605020.357 164 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/mirrortab_last.gif - DIRECT/69.64.6.7 - 1334605020.374 168 192.168.0.112 TCP_MISS/304 323 GET http://forum.pfsense.org/Themes/slickprographite/images/catbg.jpg - DIRECT/69.64.6.7 - 1334605020.389 164 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/maintab_first.gif - DIRECT/69.64.6.7 - 1334605020.417 164 192.168.0.112 TCP_MISS/304 321 GET http://forum.pfsense.org/Themes/slickprographite/images/maintab_back.gif - DIRECT/69.64.6.7 - 1334605020.436 165 192.168.0.112 TCP_MISS/304 322 GET http://forum.pfsense.org/Themes/slickprographite/images/maintab_last.gif - DIRECT/69.64.6.7 - 1334605020.523 164 192.168.0.112 TCP_MISS/304 323 GET http://forum.pfsense.org/Themes/slickprographite/images/titlebg.jpg - DIRECT/69.64.6.7 - 1334605020.553 303 192.168.0.112 TCP_MISS/200 2672 GET http://googleads.g.doubleclick.net/pagead/ads? - DIRECT/209.85.148.155 text/html 1334605020.806 690 192.168.0.112 TCP_MISS/304 321 GET http://forum.pfsense.org/Themes/slickprographite/images/mirrortab_back.gif - DIRECT/69.64.6.7 -
-
When enabling all cache options (window supdates and so on) the squid.conf is not correctly formatted and needs some new lines before "range offset limit":
range_offset_limit -1 refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-imsrange_offset_limit -1 refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-imsrange_offset_limit -1 refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-imsrange_offset_limit -1 refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-imscache_mem 64 MB maximum_object_size_in_memory 256 KB
Further I would make the other pattern case insensitive, too ( -i )
An what about the subdomains of microsoft.com ? Are they covered with this regex ?
Or better put .* in front like:refresh_pattern -i .*\.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) refresh_pattern -i .*\.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip)
Further I didn't have any luck with a short test on caching youtube.com videos.
access.log shows "x-flv". Perhaps add this format to the config:refresh_pattern -i .*\.(x-flv|flv) 10080 90% 999999 ignore-no-cache override-expire ignore-private
-
Thanks, I'll fix it.
-
On squid -> cache this:
set Maximum download size on 'traffic mgmt' squid tab to a value that fits patters your are applying. Microsoft may need 200Mb and youtube 4GB.
should be probably renamed to:
set Maximum object size on 'cache' squid tab to a value that fits pattern your are applying. Microsoft may need 200Mb and youtube 4GB.
Question:
Could you add an option to change the time an object should be in cache ?
At the moment it is 4320 80% 43200. Perhaps someone likes to increase that.But probably if someone needs this he should create his custom options itself and the "click and save" GUI ist just for people who do not want to do to much work on squid and refresh_pattern :-)
-
On squid -> cache this:
set Maximum download size on 'traffic mgmt' squid tab to a value that fits patters your are applying. Microsoft may need 200Mb and youtube 4GB.
should be probably renamed to:
set Maximum object size on 'cache' squid tab to a value that fits pattern your are applying. Microsoft may need 200Mb and youtube 4GB.
The Maximum download size is on 'traffic mgmt' tab
But probably if someone needs this he should create his custom options itself and the "click and save" GUI ist just for people who do not want to do to much work on squid and refresh_pattern :-)
I think the same way :)
-
The Maximum download size is on 'traffic mgmt' tab
This will limit all downloads through squid or am I completly wrong !?! So if I set 200MB there and will try to download an 3GB ISO it will cut my download, isn't it ?
Damn…squid has so many options it is sometime really hard to understand when to use what ;)
-
Damn…squid has so many options it is sometime really hard to understand when to use what ;)
I second that :)
-
PS: I did not enable any additional options on squid - just basic settings on a VM to test.
My brwoser showed the attached screenshot.
After that I pressed F5 and re-sent:
Hi Nachtfalke, thank you by feedback!
This is the problem that happen! Exactly as your screenshot.
I have this screen in others sites too. I mean to you pfsense forum only to test/reproduce.
But in squid-2.7.9 this not happen.
PS: I too enable basic settings in squid.
Welll…. this can be considered a bug/error ?
-
PS: I did not enable any additional options on squid - just basic settings on a VM to test.
My brwoser showed the attached screenshot.
After that I pressed F5 and re-sent:
Hi Nachtfalke, thank you by feedback!
This is the problem that happen! Exactly as your screenshot.
I have this screen in others sites too. I mean to you pfsense forum only to test/reproduce.
But in squid-2.7.9 this not happen.
PS: I too enable basic settings in squid.
Welll…. this can be considered a bug/error ?
So I am using squid2.7 and squidguard here on work and posting many times on the forum and there is not that "bug". Perhaps some parameters on squid3 which causes this problems. Perhaps POST HEADER size or something like that.
Do you have an URL where we can "spam" posts to test this ? Probably it is not the best to do with pfsense forum ;o)
-
So I am using squid2.7 and squidguard here on work and posting many times on the forum and there is not that "bug". Perhaps some parameters on squid3 which causes this problems. Perhaps POST HEADER size or something like that.
Do you have an URL where we can "spam" posts to test this ? Probably it is not the best to do with pfsense forum ;o)
Hehehehh no, I don't have URL to can "spam" posts. But using pfsense forum its possible.
Edit your posts and save-it :) … I my tests I usage this to reproduce many times the error :)
Thanks
-
So I am using squid2.7 and squidguard here on work and posting many times on the forum and there is not that "bug". Perhaps some parameters on squid3 which causes this problems. Perhaps POST HEADER size or something like that.
Do you have an URL where we can "spam" posts to test this ? Probably it is not the best to do with pfsense forum ;o)
Hehehehh no, I don't have URL to can "spam" posts. But using pfsense forum its possible.
Edit your posts and save-it :) … I my tests I usage this to reproduce many times the error :)
Thanks
Will do this perhaps this afternoon/night when I am at home. Perhaps we can tweak something if it's not a bug. :-)
-
Will do this perhaps this afternoon/night when I am at home. Perhaps we can tweak something if it's not a bug. :-)
Maybe a compile option like 'Be strictly HTTP compliant'
-
So I am using squid2.7 and squidguard here on work and posting many times on the forum and there is not that "bug". Perhaps some parameters on squid3 which causes this problems. Perhaps POST HEADER size or something like that.
Do you have an URL where we can "spam" posts to test this ? Probably it is not the best to do with pfsense forum ;o)
Hehehehh no, I don't have URL to can "spam" posts. But using pfsense forum its possible.
Edit your posts and save-it :) … I my tests I usage this to reproduce many times the error :)
Thanks
Will do this perhaps this afternoon/night when I am at home. Perhaps we can tweak something if it's not a bug. :-)
Thanks…. if possible report your tests!
-
Hmm, no luck till now.
tried with different browsers (IE8 and FF11)
tried with (re)moving some refresh_patterns
tried with different DNS servers for squid (8.8.8.8 and 127.0.0.1)
added this to custom options to get more information from access.logstrip_query_terms off
This is a difference I found on squid access.log
540 192.168.0.112 TCP_MISS/302 601 POST http://forum.pfsense.org/index.php?action=post2;start=45;msg=255851;sesc=b98e34206a1c8d9eb69521c441186ad3;board=15 - DIRECT/69.64.6.7 text/html 71 192.168.0.112 TCP_MISS/503 5000 POST http://forum.pfsense.org/index.php?action=post2;start=45;msg=255851;sesc=b98e34206a1c8d9eb69521c441186ad3;board=15 - DIRECT/forum.pfsense.org text/html
The 503 line uses DNS and the 302 uses an IP address…
If I click on the URL posted in the error page I get returned to the post edit page and got an error message from pfsense forum:
Your session timed out while posting. Please try to re-submit your message. No subject was filled in. The message body was left empty.
hmmm…
-
Marcello and others,
I've still got problems configuring Squid 3 as a reverse proxy. Somehow I can't manage it to work properly.
As you illustrated in the forst postings I did exactly the same and added NAT and Firewall rules. I'm using port 8080 and 8443.How come…?!?!
Thanks a lot,
Canefield -
This is a difference I found on squid access.log
540 192.168.0.112 TCP_MISS/302 601 POST http://forum.pfsense.org/index.php?action=post2;start=45;msg=255851;sesc=b98e34206a1c8d9eb69521c441186ad3;board=15 - DIRECT/69.64.6.7 text/html 71 192.168.0.112 TCP_MISS/503 5000 POST http://forum.pfsense.org/index.php?action=post2;start=45;msg=255851;sesc=b98e34206a1c8d9eb69521c441186ad3;board=15 - DIRECT/forum.pfsense.org text/html
The 503 line uses DNS and the 302 uses an IP address…
Hmmmm this can be a hint.. O_o
-
Marcello and others,
I've still got problems configuring Squid 3 as a reverse proxy. Somehow I can't manage it to work properly.
As you illustrated in the forst postings I did exactly the same and added NAT and Firewall rules. I'm using port 8080 and 8443.How come…?!?!
Thanks a lot,
CanefieldStill the same issue from TMG post? Did you removed the Nat?
-
Another bugs found on system log when I use revers proxy.
Apr 18 08:41:51
php: : The command '/usr/local/sbin/squid -k reconfigure' returned exit code '1', the output was '2012/04/18 08:41:51| redreshAddToList: Unknown option 'my.windowsupdate.website.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip)': reload-into-imsrange_offset_limit 2012/04/18 08:41:51| redreshAddToList: Unknown option 'my.windowsupdate.website.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip)': -1 2012/04/18 08:41:51| redreshAddToList: Unknown option 'symantecliveupdate.com/..(cab|exe|dll|msi)': reload-into-imsrange_offset_limit 2012/04/18 08:41:51| redreshAddToList: Unknown option 'symantecliveupdate.com/..(cab|exe|dll|msi)': -1 2012/04/18 08:41:51| redreshAddToList: Unknown option 'avast.com/..(vpu|cab|stamp|exe)': reload-into-imscache_mem 2012/04/18 08:41:51| redreshAddToList: Unknown option 'avast.com/..(vpu|cab|stamp|exe)': 1024 2012/04/18 08:41:51| redreshAddToList: Unknown option 'avast.com/.*.(vpu|cab|stamp|exe)': MB 2012/04/18 08:41:51| Warning: empty ACL: acl throttle_exts urlSolved! I found this problem because at dansquardian has banned "extension files". After I disable banned at extension tab, the error has gone.
-
Donny,
Check if does not happen if you uncheck dynamic content options on squid cache tab. -
Donny,
Check if does not happen if you uncheck dynamic content options on squid cache tab.Now, If I check or uncheck dynamic content options. The error is disappear.
-
i can't seem to get this package to cache files at all… no errors and whatismyip.com detects the proxy is working just it always downloads files without looking at the cache store... anyone else got this problem?
-
i can't seem to get this package to cache files at all… no errors and whatismyip.com detects the proxy is working just it always downloads files without looking at the cache store... anyone else got this problem?
If you know how to handle squid.conf files, can you check if your squid.conf file is ok?
-
i can't seem to get this package to cache files at all… no errors and whatismyip.com detects the proxy is working just it always downloads files without looking at the cache store... anyone else got this problem?
If you know how to handle squid.conf files, can you check if your squid.conf file is ok?
# This file is automatically generated by pfSense # Do not edit manually ! http_port 192.168.168.150:3128 http_port 127.0.0.1:3128 intercept icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/local/etc/squid/errors/en icon_directory /usr/local/etc/squid/icons visible_hostname hostname.org cache_mgr user@domain.org access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none sslcrtd_children 0 logfile_rotate 1 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 192.168.168.0/24 forwarded_for off uri_whitespace strip # Break HTTP standard for flash videos. Keep them in cache even if asked not to. refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private # Let the clients favorite video site through with full caching acl youtube dstdomain .youtube.com cache allow youtube cache_mem 1024 MB maximum_object_size_in_memory 5000 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir diskd /var/squid/cache 429000 16 256 minimum_object_size 0 KB maximum_object_size 5242880 KB offline_mode offcache_swap_low 90 cache_swap_high 95 # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # No redirector configured # Setup some default acls acl allsrc src all acl localhost src 127.0.0.1/32 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535 acl sslports port 443 563 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost quick_abort_min 0 KB quick_abort_max 0 KB request_body_max_size 0 KB delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 # Throttle extensions matched in the url acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl" delay_access 1 allow throttle_exts delay_access 1 deny allsrc # Reverse Proxy settings deny_info TCP_RESET allsrc # Package Integration # Custom options # Setup allowed acls # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny allsrc
-
The cache info is there…
Can you grep for TCP_CACHE your squid access_log file?
-
The cache info is there…
Can you grep for TCP_CACHE your squid access_log file?
returns nothing back :'(
it does have TCP_MISS…. / DIRECT every line...
-
Squid 3.1.19 pkg 2.0.3
2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:43:51 EST 2011
FreeBSD 8.1-RELEASE-p6Entering PEM intermediate CA certificate in the Reverse Proxy General screen: "intermediate CA certificate (if needed)" field.
Receiving the following error:
Fatal error: Call to undefined function sq_text_area_decodedecode() in /usr/local/pkg/squid_reverse.inc on line 61
Thank you
-
Fatal error: Call to undefined function sq_text_area_decodedecode() in /usr/local/pkg/squid_reverse.inc on line 61
typo, I'll fix it. :)
-
Version 2.0.4 is out with
-
bug and typo fixes
-
Upstream tab is now remote cache to enable multiple peer/sibling cache config
-
New compilation to avoid refresh_pattern and transparent mode errors
Thanks for all feedback specially to ccesario.
I recommend a package uninstall/install instead of reinstall to be sure old squid3 binaries are removed.
att,
Marcello Coutinho -
-
Version 2.0.4 is out with
-
bug and typo fixes
-
Upstream tab is now remote cache to enable multiple peer/sibling cache config
-
New compilation to avoid refresh_pattern and transparent mode errors
Thanks for all feedback specially to ccesario.
I recommend a package uninstall/install instead of reinstall to be sure old squid3 binaries are removed.
att,
Marcello Coutinhoi appreciate all your time on this, it is however broken still. i have done a fresh install also…
2012/04/20 07:51:25| WARNING: dnsserver #1 (FD 11) exited 2012/04/20 07:51:25| ipcacheParse: Got <null>reply 2012/04/20 07:51:25| WARNING: dnsserver #2 (FD 13) exited 2012/04/20 07:51:25| ipcacheParse: Got <null>reply 2012/04/20 07:51:25| WARNING: dnsserver #3 (FD 15) exited 2012/04/20 07:51:25| ipcacheParse: Got <null>reply 2012/04/20 07:51:25| WARNING: dnsserver #4 (FD 17) exited 2012/04/20 07:51:25| Too few dnsserver processes are running 2012/04/20 07:51:25| storeDirWriteCleanLogs: Starting... 2012/04/20 07:51:25| Finished. Wrote 222 entries. 2012/04/20 07:51:25| Took 0.01 seconds (29264.43 entries/sec). FATAL: The dnsserver helpers are crashing too rapidly, need help! Squid Cache (Version 3.1.19): Terminated abnormally. CPU Usage: 0.242 seconds = 0.195 user + 0.047 sys Maximum Resident Size: 22836 KB Page faults with physical i/o: 0</null></null></null>
transparent mode : which leaves nothing able to get DNS :'(
-
-
al_reidy,
I'll recompile it and test.
thanks for your feedback.
-
transparent mode : which leaves nothing able to get DNS :'(
please uninstall and reinstall the package and see if dns problems are gone.
-
Squid 3.1.19 pkg 2.0.4
2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:43:51 EST 2011
FreeBSD 8.1-RELEASE-p6No other packages installed. After installing 3.1.19 the service does not start. The error is:
php: /pkg_mgr_install.php: The command '/usr/local/sbin/squid -k reconfigure' returned exit code '1', the output was '2012/04/20 10:11:10| ERROR: Error Directory /usr/local/etc/squid/errors/English: (2) No such file or directory FATAL: Error Directory /usr/local/etc/squid/errors/English: (2) No such file or directory Squid Cache (Version 3.1.19): Terminated abnormally. CPU Usage: 0.006 seconds = 0.006 user + 0.000 sys Maximum Resident Size: 4488 KB Page faults with physical i/o: 0'
Thank you
-
change report language on squid gui, then save config.
-
transparent mode : which leaves nothing able to get DNS :'(
please uninstall and reinstall the package and see if dns problems are gone.
Cheers for the recompile the dns issues are fixed now. its very odd and like I'm doing something wrong…
transparent proxy is working according to whatismyip.com, however its still not caching anything. i have scanned the access.log and there is nothing with TCP_CACHE , the cache.log says this :2012/04/20 16:27:24| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0) 2012/04/20 16:27:24| Starting Authentication on port 127.0.0.1:3128 2012/04/20 16:27:24| Disabling Authentication on port 127.0.0.1:3128 (interception enabled) 2012/04/20 16:27:24| Disabling IPv6 on port 127.0.0.1:3128 (interception enabled) 2012/04/20 16:27:24| WARNING: refresh_pattern maximum age too high. Cropped back to 1 year. 2012/04/20 16:27:24| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP 2012/04/20 16:27:24| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP 2012/04/20 16:27:24| WARNING: use of 'ignore-no-cache' in 'refresh_pattern' violates HTTP 2012/04/20 16:27:24| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP 2012/04/20 16:27:24| Initializing https proxy context 2012/04/20 16:27:24| Store logging disabled 2012/04/20 16:27:24| User-Agent logging is disabled. 2012/04/20 16:27:24| Referer logging is disabled. 2012/04/20 16:27:24| DNS Socket created at [::], FD 13 2012/04/20 16:27:24| DNS Socket created at 0.0.0.0, FD 14 2012/04/20 16:27:24| Adding domain ********** from /etc/resolv.conf 2012/04/20 16:27:24| Adding nameserver 192.168.168.1 from /etc/resolv.conf 2012/04/20 16:27:24| Adding nameserver 208.67.222.222 from /etc/resolv.conf 2012/04/20 16:27:24| Adding nameserver 208.67.220.220 from /etc/resolv.conf 2012/04/20 16:27:24| helperOpenServers: Starting 0/0 'ssl_crtd' processes 2012/04/20 16:27:24| helperOpenServers: No 'ssl_crtd' processes needed. 2012/04/20 16:27:24| Accepting HTTP connections at 192.168.168.150:3128, FD 16. 2012/04/20 16:27:24| Accepting intercepted HTTP connections at 127.0.0.1:3128, FD 17. 2012/04/20 16:27:24| Accepting ICP messages at [::]:7, FD 21. 2012/04/20 16:27:24| HTCP Disabled. 2012/04/20 16:27:24| Loaded Icons. 2012/04/20 16:27:24| Ready to serve requests.
my squid.conf is :
# This file is automatically generated by pfSense # Do not edit manually ! http_port 192.168.168.150:3128 http_port 127.0.0.1:3128 intercept icp_port 7 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/local/etc/squid/errors/en icon_directory /usr/local/etc/squid/icons visible_hostname bernard.domain.org cache_mgr bob@example.com access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none sslcrtd_children 0 logfile_rotate 1 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 192.168.168.0/24 forwarded_for off uri_whitespace strip # Break HTTP standard for flash videos. Keep them in cache even if asked not to. refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private # Let the clients favorite video site through with full caching acl youtube dstdomain .youtube.com cache allow youtube # Windows Update refresh_pattern range_offset_limit -1 refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims # Symantec refresh_pattern range_offset_limit -1 refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims # Avast refresh_pattern range_offset_limit -1 refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims # Avira refresh_pattern range_offset_limit -1 refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims cache_mem 1024 MB maximum_object_size_in_memory 5000 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir aufs /var/squid/cache 429000 16 256 minimum_object_size 0 KB maximum_object_size 5242880 KB offline_mode offcache_swap_low 90 cache_swap_high 95 # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # No redirector configured #Remote proxies # Setup some default acls acl allsrc src all acl localhost src 127.0.0.1/32 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535 acl sslports port 443 563 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost quick_abort_min -1 KB quick_abort_max 0 KB request_body_max_size 0 KB delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow allsrc # Reverse Proxy settings deny_info TCP_RESET allsrc # Package Integration # Custom options # Setup allowed acls # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny allsrc
can anyone suggest something else to try? i have reinstalled again and restored from backup with the same results.
-
al_reidy,
I reverted the binaries, I'll rebuild my compile machine as squid3 is getting segmentation fault on dns module.
att,
Marcello Coutinho -
Edit this parameters on GUI (Traffic Mngt) - scroll down the page:
quick_abort_min 102400 KB quick_abort_max 102400 KB quick_abort_pct 60
Further try to search for "HIT" or "REFRESH" on access.log
-
Edit this parameters on GUI (Traffic Mngt) - scroll down the page:
quick_abort_min 102400 KB quick_abort_max 102400 KB quick_abort_pct 60
Further try to search for "HIT" or "REFRESH" on access.log
thanks for the suggestions, still no joy.
this is a sample of the access log.:
1334943652.116 165 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/star.gif - DIRECT/69.64.6.7 - 1334943652.160 197 192.168.168.72 TCP_MISS/304 364 GET http://forum.pfsense.org/Themes/slickprographite/images/useron.gif - DIRECT/69.64.6.7 - 1334943652.185 95 192.168.168.72 TCP_MISS/200 527 GET http://googleads.g.doubleclick.net/pagead/adview? - DIRECT/173.194.41.122 text/html 1334943652.200 212 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/profile_sm.gif - DIRECT/69.64.6.7 - 1334943652.209 112 192.168.168.72 TCP_MISS/304 302 GET http://pagead2.googlesyndication.com/pagead/js/r20120411/r20110914/abg.js - DIRECT/173.194.41.109 - 1334943652.244 176 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/email_sm.gif - DIRECT/69.64.6.7 - 1334943652.265 194 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/im_on.gif - DIRECT/69.64.6.7 - 1334943652.302 93 192.168.168.72 TCP_MISS/304 302 GET http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png - DIRECT/173.194.41.109 - 1334943652.319 106 192.168.168.72 TCP_MISS/304 302 GET http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png - DIRECT/173.194.41.109 - 1334943652.339 226 192.168.168.72 TCP_MISS/304 364 GET http://forum.pfsense.org/Themes/slickprographite/images/post/xx.gif - DIRECT/69.64.6.7 - 1334943652.464 203 192.168.168.72 TCP_MISS/200 1270 GET http://googleads.g.doubleclick.net/pagead/ads? - DIRECT/173.194.41.122 text/html 1334943652.480 215 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/buttons/quote.gif - DIRECT/69.64.6.7 - 1334943652.501 231 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/buttons/modify.gif - DIRECT/69.64.6.7 - 1334943652.512 317 192.168.168.72 TCP_MISS/200 1871 GET http://ad2.adfarm1.adition.com/js? - DIRECT/217.79.188.21 application/x-javascript 1334943652.519 224 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/buttons/delete.gif - DIRECT/69.64.6.7 - 1334943652.558 218 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Smileys/default/cry.gif - DIRECT/69.64.6.7 - 1334943652.588 218 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/modify_inline.gif - DIRECT/69.64.6.7 - 1334943652.605 218 192.168.168.72 TCP_MISS/304 384 GET http://imagesrv.adition.com/js/adition.js - DIRECT/217.79.188.11 application/javascript 1334943652.621 174 192.168.168.72 TCP_MISS/304 364 GET http://forum.pfsense.org/Themes/slickprographite/images/ip.gif - DIRECT/69.64.6.7 - 1334943652.626 80 192.168.168.72 TCP_MISS/200 527 GET http://googleads.g.doubleclick.net/pagead/adview? - DIRECT/173.194.41.122 text/html 1334943652.745 192 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Smileys/default/grin.gif - DIRECT/69.64.6.7 - 1334943652.770 209 192.168.168.72 TCP_MISS/304 364 GET http://forum.pfsense.org/Themes/slickprographite/images/useroff.gif - DIRECT/69.64.6.7 - 1334943652.806 187 192.168.168.72 TCP_MISS/200 1882 GET http://ad2.adfarm1.adition.com/js? - DIRECT/217.79.188.21 application/x-javascript 1334943652.820 207 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/im_off.gif - DIRECT/69.64.6.7 - 1334943652.849 189 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/mirrortab_first.gif - DIRECT/69.64.6.7 - 1334943652.866 181 192.168.168.72 TCP_MISS/304 364 GET http://forum.pfsense.org/Themes/slickprographite/images/mirrortab_back.gif - DIRECT/69.64.6.7 - 1334943652.917 191 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/mirrortab_last.gif - DIRECT/69.64.6.7 - 1334943653.009 181 192.168.168.72 TCP_MISS/304 366 GET http://forum.pfsense.org/Themes/slickprographite/images/catbg.jpg - DIRECT/69.64.6.7 - 1334943653.014 180 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/quote_img.gif - DIRECT/69.64.6.7 - 1334943653.027 222 192.168.168.72 TCP_MISS/200 6781 GET http://ad2.adfarm1.adition.com/banner? - DIRECT/217.79.188.21 text/javascript 1334943653.070 188 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/code_img.gif - DIRECT/69.64.6.7 - 1334943653.096 170 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/maintab_first.gif - DIRECT/69.64.6.7 - 1334943653.115 185 192.168.168.72 TCP_MISS/304 364 GET http://forum.pfsense.org/Themes/slickprographite/images/maintab_back.gif - DIRECT/69.64.6.7 - 1334943653.178 196 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/maintab_last.gif - DIRECT/69.64.6.7 - 1334943653.300 199 192.168.168.72 TCP_MISS/304 366 GET http://forum.pfsense.org/Themes/slickprographite/images/titlebg.jpg - DIRECT/69.64.6.7 - 1334943653.309 213 192.168.168.72 TCP_MISS/200 6785 GET http://ad2.adfarm1.adition.com/banner? - DIRECT/217.79.188.21 text/javascript