Squid3 - New GUI with sync, normal and reverse proxy

al_reidy

@Nachtfalke:

@al_reidy

Edit this parameters on GUI (Traffic Mngt) - scroll down the page:

quick_abort_min 102400 KB
quick_abort_max 102400 KB
quick_abort_pct 60

Further try to search for "HIT" or "REFRESH" on access.log

thanks for the suggestions, still no joy.

this is a sample of the access log.:

1334943652.116    165 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/star.gif - DIRECT/69.64.6.7 -
1334943652.160    197 192.168.168.72 TCP_MISS/304 364 GET http://forum.pfsense.org/Themes/slickprographite/images/useron.gif - DIRECT/69.64.6.7 -
1334943652.185     95 192.168.168.72 TCP_MISS/200 527 GET http://googleads.g.doubleclick.net/pagead/adview? - DIRECT/173.194.41.122 text/html
1334943652.200    212 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/profile_sm.gif - DIRECT/69.64.6.7 -
1334943652.209    112 192.168.168.72 TCP_MISS/304 302 GET http://pagead2.googlesyndication.com/pagead/js/r20120411/r20110914/abg.js - DIRECT/173.194.41.109 -
1334943652.244    176 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/email_sm.gif - DIRECT/69.64.6.7 -
1334943652.265    194 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/im_on.gif - DIRECT/69.64.6.7 -
1334943652.302     93 192.168.168.72 TCP_MISS/304 302 GET http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png - DIRECT/173.194.41.109 -
1334943652.319    106 192.168.168.72 TCP_MISS/304 302 GET http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png - DIRECT/173.194.41.109 -
1334943652.339    226 192.168.168.72 TCP_MISS/304 364 GET http://forum.pfsense.org/Themes/slickprographite/images/post/xx.gif - DIRECT/69.64.6.7 -
1334943652.464    203 192.168.168.72 TCP_MISS/200 1270 GET http://googleads.g.doubleclick.net/pagead/ads? - DIRECT/173.194.41.122 text/html
1334943652.480    215 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/buttons/quote.gif - DIRECT/69.64.6.7 -
1334943652.501    231 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/buttons/modify.gif - DIRECT/69.64.6.7 -
1334943652.512    317 192.168.168.72 TCP_MISS/200 1871 GET http://ad2.adfarm1.adition.com/js? - DIRECT/217.79.188.21 application/x-javascript
1334943652.519    224 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/buttons/delete.gif - DIRECT/69.64.6.7 -
1334943652.558    218 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Smileys/default/cry.gif - DIRECT/69.64.6.7 -
1334943652.588    218 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/modify_inline.gif - DIRECT/69.64.6.7 -
1334943652.605    218 192.168.168.72 TCP_MISS/304 384 GET http://imagesrv.adition.com/js/adition.js - DIRECT/217.79.188.11 application/javascript
1334943652.621    174 192.168.168.72 TCP_MISS/304 364 GET http://forum.pfsense.org/Themes/slickprographite/images/ip.gif - DIRECT/69.64.6.7 -
1334943652.626     80 192.168.168.72 TCP_MISS/200 527 GET http://googleads.g.doubleclick.net/pagead/adview? - DIRECT/173.194.41.122 text/html
1334943652.745    192 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Smileys/default/grin.gif - DIRECT/69.64.6.7 -
1334943652.770    209 192.168.168.72 TCP_MISS/304 364 GET http://forum.pfsense.org/Themes/slickprographite/images/useroff.gif - DIRECT/69.64.6.7 -
1334943652.806    187 192.168.168.72 TCP_MISS/200 1882 GET http://ad2.adfarm1.adition.com/js? - DIRECT/217.79.188.21 application/x-javascript
1334943652.820    207 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/im_off.gif - DIRECT/69.64.6.7 -
1334943652.849    189 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/mirrortab_first.gif - DIRECT/69.64.6.7 -
1334943652.866    181 192.168.168.72 TCP_MISS/304 364 GET http://forum.pfsense.org/Themes/slickprographite/images/mirrortab_back.gif - DIRECT/69.64.6.7 -
1334943652.917    191 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/mirrortab_last.gif - DIRECT/69.64.6.7 -
1334943653.009    181 192.168.168.72 TCP_MISS/304 366 GET http://forum.pfsense.org/Themes/slickprographite/images/catbg.jpg - DIRECT/69.64.6.7 -
1334943653.014    180 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/quote_img.gif - DIRECT/69.64.6.7 -
1334943653.027    222 192.168.168.72 TCP_MISS/200 6781 GET http://ad2.adfarm1.adition.com/banner? - DIRECT/217.79.188.21 text/javascript
1334943653.070    188 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/code_img.gif - DIRECT/69.64.6.7 -
1334943653.096    170 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/maintab_first.gif - DIRECT/69.64.6.7 -
1334943653.115    185 192.168.168.72 TCP_MISS/304 364 GET http://forum.pfsense.org/Themes/slickprographite/images/maintab_back.gif - DIRECT/69.64.6.7 -
1334943653.178    196 192.168.168.72 TCP_MISS/304 365 GET http://forum.pfsense.org/Themes/slickprographite/images/maintab_last.gif - DIRECT/69.64.6.7 -
1334943653.300    199 192.168.168.72 TCP_MISS/304 366 GET http://forum.pfsense.org/Themes/slickprographite/images/titlebg.jpg - DIRECT/69.64.6.7 -
1334943653.309    213 192.168.168.72 TCP_MISS/200 6785 GET http://ad2.adfarm1.adition.com/banner? - DIRECT/217.79.188.21 text/javascript

Nachtfalke

Hi,

for me it is working. This is my access.log
First downloading a cached pfsense.iso file (100MB)
then went to forum.ofsense.org
Then did a brwser refresh

1334945508.305  10479 192.168.0.112 TCP_HIT/200 102638928 GET http://pfsense.mirror.range-id.it/downloads/pfSense-2.0.1-RELEASE-i386.iso.gz - NONE/- application/x-gzip

1334945530.527    755 192.168.0.112 TCP_MISS/200 11348 GET http://forum.pfsense.org/index.php - DIRECT/69.64.6.7 text/html
1334945530.622    306 192.168.0.112 TCP_MISS/304 323 GET http://forum.pfsense.org/Themes/default/script.js? - DIRECT/69.64.6.7 -
1334945530.635    315 192.168.0.112 TCP_MISS/304 323 GET http://forum.pfsense.org/Themes/slickprographite/style.css? - DIRECT/69.64.6.7 -
1334945530.658    336 192.168.0.112 TCP_MISS/304 321 GET http://forum.pfsense.org/Themes/default/print.css? - DIRECT/69.64.6.7 -
1334945530.675    141 192.168.0.112 TCP_REFRESH_UNMODIFIED/304 256 GET http://pagead2.googlesyndication.com/pagead/show_ads.js - DIRECT/209.85.148.156 -
1334945531.054    167 192.168.0.112 TCP_MISS/200 499 GET http://www.google-analytics.com/__utm.gif? - DIRECT/173.194.67.139 image/gif
1334945531.323     52 192.168.0.112 TCP_REFRESH_UNMODIFIED/304 257 GET http://pagead2.googlesyndication.com/pagead/expansion_embed.js - DIRECT/209.85.148.156 -
1334945531.685     49 192.168.0.112 TCP_REFRESH_UNMODIFIED/304 256 GET http://pagead2.googlesyndication.com/pagead/osd.js - DIRECT/209.85.148.156 -
1334945531.938    324 192.168.0.112 TCP_MISS/200 2016 GET http://googleads.g.doubleclick.net/pagead/ads? - DIRECT/209.85.148.157 text/html
1334945532.028    289 192.168.0.112 TCP_MISS/200 2015 GET http://googleads.g.doubleclick.net/pagead/ads? - DIRECT/209.85.148.157 text/html
1334945532.060    110 192.168.0.112 TCP_MISS/200 484 GET http://googleads.g.doubleclick.net/pagead/adview? - DIRECT/209.85.148.157 text/html
1334945532.151    106 192.168.0.112 TCP_MISS/200 484 GET http://googleads.g.doubleclick.net/pagead/adview? - DIRECT/209.85.148.157 text/html
1334945532.820    678 192.168.0.112 TCP_MISS/200 4692 GET http://ad.turn.com/server/ads.js? - DIRECT/69.194.244.11 text/javascript
1334945532.933    706 192.168.0.112 TCP_MISS/200 4693 GET http://ad.turn.com/server/ads.js? - DIRECT/69.194.244.11 text/javascript
1334945533.293    173 192.168.0.112 TCP_MISS/200 2909 GET http://ads.heias.com/x/heias.TAG.v2.0/? - DIRECT/83.169.59.64 application/x-javascript
1334945533.317    185 192.168.0.112 TCP_MISS/200 2909 GET http://ads.heias.com/x/heias.TAG.v2.0/? - DIRECT/83.169.59.64 application/x-javascript
1334945533.826    303 192.168.0.112 TCP_MISS/200 4707 GET http://ads.heias.com/x/heias.TAG.v2.0/tag.php? - DIRECT/83.169.59.64 application/x-javascript
1334945533.832    417 192.168.0.112 TCP_MISS/200 4712 GET http://ads.heias.com/x/heias.TAG.v2.0/tag.php? - DIRECT/83.169.59.64 application/x-javascript
1334945534.118    193 192.168.0.112 TCP_MISS/200 1319 GET http://bs.serving-sys.com/BurstingPipe/adServer.bs? - DIRECT/80.252.91.41 image/gif
1334945535.162    191 192.168.0.112 TCP_MISS/302 752 GET http://ads.heias.com/x/heias_image.php? - DIRECT/83.169.59.64 application/x-shockwave-flash
1334945535.188    218 192.168.0.112 TCP_MISS/200 3641 GET http://cdn.turn.com/server/ddc.htm? - DIRECT/80.239.230.163 text/html
1334945535.192    223 192.168.0.112 TCP_MISS/200 1319 GET http://bs.serving-sys.com/BurstingPipe/adServer.bs? - DIRECT/80.252.91.41 image/gif
1334945535.195    225 192.168.0.112 TCP_MISS/302 752 GET http://ads.heias.com/x/heias_image.php? - DIRECT/83.169.59.64 application/x-shockwave-flash
1334945535.207    189 192.168.0.112 TCP_MISS/200 3641 GET http://cdn.turn.com/server/ddc.htm? - DIRECT/80.239.230.163 text/html
1334945535.313    147 192.168.0.112 TCP_MISS/304 206 GET http://ads.heias.com/images/tmp/11409/20282/heias_7_20282_160586.swf? - DIRECT/83.169.59.64 -
1334945535.775     89 192.168.0.112 TCP_MISS/304 206 GET http://ads.heias.com/x/heias.xml.template/ret_xml_1.0.12.swf - DIRECT/83.169.59.64 -
1334945535.946    102 192.168.0.112 TCP_MISS/200 812 GET http://ads.heias.com/x/heias.xml.template/? - DIRECT/83.169.59.64 text/xml
1334945535.959    107 192.168.0.112 TCP_MISS/200 812 GET http://ads.heias.com/x/heias.xml.template/? - DIRECT/83.169.59.64 text/xml
1334945541.188     60 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 5299 GET http://pagead2.googlesyndication.com/pagead/show_ads.js - DIRECT/209.85.148.156 text/javascript
1334945541.201     73 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 7347 GET http://www.google-analytics.com/urchin.js - DIRECT/173.194.67.139 text/javascript
1334945541.301    667 192.168.0.112 TCP_MISS/200 11348 GET http://forum.pfsense.org/index.php - DIRECT/69.64.6.7 text/html
1334945541.407    304 192.168.0.112 TCP_MISS/200 483 GET http://forum.pfsense.org/Themes/default/print.css? - DIRECT/69.64.6.7 text/css
1334945541.463    331 192.168.0.112 TCP_MISS/200 4149 GET http://forum.pfsense.org/Themes/default/fader.js - DIRECT/69.64.6.7 application/javascript
1334945541.679    608 192.168.0.112 TCP_MISS/200 13948 GET http://forum.pfsense.org/Themes/default/script.js? - DIRECT/69.64.6.7 application/javascript
1334945541.690    618 192.168.0.112 TCP_MISS/200 13280 GET http://forum.pfsense.org/Themes/slickprographite/style.css? - DIRECT/69.64.6.7 text/css
1334945542.031    169 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 1595 GET http://forum.pfsense.org/Themes/slickprographite/images/bg_body.gif - DIRECT/69.64.6.7 image/gif
1334945542.098    165 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 751 GET http://forum.pfsense.org/Themes/slickprographite/images/transparency.gif - DIRECT/69.64.6.7 image/gif
1334945542.134    182 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 1029 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/folder_open.gif - DIRECT/69.64.6.7 image/gif
1334945542.142    169 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 1124 GET http://forum.pfsense.org/Themes/slickprographite/images/rss.gif - DIRECT/69.64.6.7 image/gif
1334945542.175     69 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 5299 GET http://pagead2.googlesyndication.com/pagead/show_ads.js - DIRECT/209.85.148.156 text/javascript
1334945542.176     70 192.168.0.112 TCP_MISS/200 499 GET http://www.google-analytics.com/__utm.gif? - DIRECT/173.194.67.139 image/gif
1334945542.219    165 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 763 GET http://forum.pfsense.org/Themes/slickprographite/images/filter.gif - DIRECT/69.64.6.7 image/gif
1334945542.309    200 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 489 GET http://forum.pfsense.org/Themes/slickprographite/images/coltitle_bg.gif - DIRECT/69.64.6.7 image/gif
1334945542.329    194 192.168.0.112 TCP_MISS/200 950 GET http://forum.pfsense.org/Themes/slickprographite/images/subforum_off.gif - DIRECT/69.64.6.7 image/gif
1334945542.347    205 192.168.0.112 TCP_MISS/200 1221 GET http://forum.pfsense.org/Themes/slickprographite/images/new_some.gif - DIRECT/69.64.6.7 image/gif
1334945542.390    169 192.168.0.112 TCP_MISS/200 1752 GET http://forum.pfsense.org/Themes/slickprographite/images/new_none.gif - DIRECT/69.64.6.7 image/gif
1334945542.480    370 192.168.0.112 TCP_MISS/200 942 GET http://forum.pfsense.org/Themes/slickprographite/images/cat_unread.gif - DIRECT/69.64.6.7 image/gif
1334945542.499    188 192.168.0.112 TCP_MISS/200 2594 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/info.gif - DIRECT/69.64.6.7 image/gif
1334945542.516    404 192.168.0.112 TCP_MISS/200 2293 GET http://forum.pfsense.org/Themes/slickprographite/images/off.gif - DIRECT/69.64.6.7 image/gif
1334945542.520    409 192.168.0.112 TCP_MISS/200 1045 GET http://forum.pfsense.org/Themes/slickprographite/images/collapse.gif - DIRECT/69.64.6.7 image/gif
1334945542.543    431 192.168.0.112 TCP_MISS/200 2171 GET http://forum.pfsense.org/Themes/slickprographite/images/on.gif - DIRECT/69.64.6.7 image/gif
1334945542.553    222 192.168.0.112 TCP_MISS/200 2310 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/online.gif - DIRECT/69.64.6.7 image/gif
1334945542.649    168 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 854 GET http://forum.pfsense.org/Themes/slickprographite/images/maintab_first.gif - DIRECT/69.64.6.7 image/gif
1334945542.667    166 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 664 GET http://forum.pfsense.org/Themes/slickprographite/images/maintab_back.gif - DIRECT/69.64.6.7 image/gif
1334945542.686    165 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 713 GET http://forum.pfsense.org/Themes/slickprographite/images/maintab_last.gif - DIRECT/69.64.6.7 image/gif
1334945542.918    526 192.168.0.112 TCP_MISS/200 21960 GET http://forum.pfsense.org/Themes/slickprographite/images/catbg2.jpg - DIRECT/69.64.6.7 image/jpeg
1334945543.057    709 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 21959 GET http://forum.pfsense.org/Themes/slickprographite/images/catbg.jpg - DIRECT/69.64.6.7 image/jpeg
1334945543.060    255 192.168.0.112 TCP_MISS/200 3621 GET http://googleads.g.doubleclick.net/pagead/ads? - DIRECT/209.85.148.157 text/html
1334945543.092    984 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 58783 GET http://forum.pfsense.org/Themes/slickprographite/images/logo.jpg - DIRECT/69.64.6.7 image/jpeg
1334945543.124    175 192.168.0.112 TCP_MISS/200 2827 GET http://googleads.g.doubleclick.net/pagead/ads? - DIRECT/209.85.148.157 text/html
1334945543.155     63 192.168.0.112 TCP_REFRESH_UNMODIFIED/304 257 GET http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png - DIRECT/209.85.148.156 -
1334945543.168    615 192.168.0.112 TCP_CLIENT_REFRESH_MISS/200 21941 GET http://forum.pfsense.org/Themes/slickprographite/images/titlebg.jpg - DIRECT/69.64.6.7 image/jpeg
1334945543.214    110 192.168.0.112 TCP_REFRESH_UNMODIFIED/304 257 GET http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png - DIRECT/209.85.148.156 -
1334945543.244     67 192.168.0.112 TCP_MISS/200 561 GET http://googleads.g.doubleclick.net/pagead/drt/s? - DIRECT/209.85.148.157 text/html
1334945543.395    165 192.168.0.112 TCP_MISS/200 24850 GET http://pagead2.googlesyndication.com/simgad/8603368683143355801 - DIRECT/209.85.148.156 image/png
1334945543.433    249 192.168.0.112 TCP_REFRESH_MODIFIED/200 56755 GET http://pagead2.googlesyndication.com/pagead/TemplateContainer.swf - DIRECT/209.85.148.156 application/x-shockwave-flash
1334945543.621    112 192.168.0.112 TCP_MISS/302 806 GET http://google.com/pagead/drt/ui - DIRECT/173.194.70.139 text/html
1334945543.675     46 192.168.0.112 TCP_MISS/302 806 GET http://google.com/pagead/drt/ui - DIRECT/173.194.70.139 text/html
1334945543.684     54 192.168.0.112 TCP_REFRESH_UNMODIFIED/304 257 GET http://pagead2.googlesyndication.com/pagead/gadgets/all_V15/all_V15_spec_728_90.swf - DIRECT/209.85.148.156 -
1334945543.691     59 192.168.0.112 TCP_REFRESH_UNMODIFIED/304 257 GET http://pagead2.googlesyndication.com/pagead/gadgets/all_V15/all_V15_spec_728_90.xml - DIRECT/209.85.148.156 -
1334945543.834     54 192.168.0.112 TCP_MISS/200 6914 GET http://pagead2.googlesyndication.com/pagead/imgad? - DIRECT/209.85.148.156 application/x-shockwave-flash
1334945547.398    311 192.168.0.112 TCP_MISS/200 54180 GET http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY4YMFIICFBSoHbkIBAP__BzIW4UEBAP______________________Hw - DIRECT/173.194.67.139 application/vnd.google.safebrowsing-chunk
1334945549.094    158 192.168.0.112 TCP_REFRESH_MODIFIED/200 56758 GET http://pagead2.googlesyndication.com/pagead/TemplateContainer_latest.swf - DIRECT/209.85.148.156 application/x-shockwave-flash
^C
[2.0.1-RELEASE][admin@pfsense.localdomain]/var/log/squid(66):

squid.conf

# This file is automatically generated by pfSense
# Do not edit manually !
http_port 192.168.0.22:3128
http_port 127.0.0.1:3128 intercept
icp_port 7

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/de-de
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
sslcrtd_children 0
logfile_rotate 2
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  192.168.0.0/24
httpd_suppress_version_string on
uri_whitespace strip
dns_nameservers 127.0.0.1
acl dynamic urlpath_regex cgi-bin \?
cache deny dynamic
cache_mem 64 MB
maximum_object_size_in_memory 256 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 1000 16 256
minimum_object_size 0 KB
maximum_object_size 204800 KB
offline_mode offcache_swap_low 90
cache_swap_high 95

# No redirector configured

#Remote proxies

# Setup some default acls
acl allsrc src all
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT

http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

quick_abort_min -1 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
# Throttle extensions matched in the url
acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
delay_access 1 allow throttle_exts
delay_access 1 deny allsrc

# Reverse Proxy settings

# Package Integration
redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 3

# Custom options

# Setup allowed acls
# Allow local network(s) on interface(s)
http_access allow localnet
# Default block all to be sure
http_access deny allsrc

This is just a test installation.

marcelloc

version 2.0.5 is out with:

• new binaries again to fix transparent proxy

• new option to patch captive portal to work together with non transparent use

As I'm including new features to this package, the status is back to beta until improvements and tests are done.

att,
Marcello Coutinho

al_reidy

@marcelloc:

version 2.0.5 is out with:

• new binaries again to fix transparent proxy

• new option to patch captive portal to work together with non transparent use

As I'm including new features to this package, the status is back to beta until improvements and tests are done.

att,
Marcello Coutinho

dude, legend it works now. i uninstalled the package then installed.
it didn't work right away though i had to stop the package, altered the config to 32 directories to store the cache.ran squid -z, then  chmod -R 777 the cache directory then rebooted.
perhaps on a fresh install that won't be needed.
thanks for your time on this. :-D

Donny

Hello all,

I have tested between Squid3 with LDAP (Windows Server 2008). I can use domain users to authentication login to web browser and successes.

pfSense configuration detail

System > General setup > DNS Servers :
172.31.21.10       (Internal DNS, DHCP Windows Sever 2008 )
208.67.222.222    (OpenDNS)
208.67.220.220    (OpenDNS)

Sevices > DNS forwarders : Enable DNS forwarders has checked.

On Windows Server 2008

At DNS forwarder tab I forward to
172.31.21.1        pfSense
208.67.222.222   OpenDNS
208.67.220.220   OpenDNS
also I have made pfsense record name on DNS server.

After domain users  successes login with web browser (Firefox, IE,Opera and Chrome). At system log I got DNS-rebind attack as the detail below.

Apr 22 13:13:31 	dnsmasq[30943]: possible DNS-rebind attack detected: ForestDnsZones.xxxx.dsns
Apr 22 13:13:31 	dnsmasq[30943]: possible DNS-rebind attack detected: ForestDnsZones.xxxx.dsns
Apr 22 13:13:31 	dnsmasq[30943]: possible DNS-rebind attack detected: DomainDnsZones.xxxx.dsns
Apr 22 13:13:31 	dnsmasq[30943]: possible DNS-rebind attack detected: DomainDnsZones.xxxx.dsns
Apr 22 13:13:31 	dnsmasq[30943]: possible DNS-rebind attack detected: xxxx.dsns
Apr 22 13:13:31 	dnsmasq[30943]: possible DNS-rebind attack detected: xxxx.dsns

I tried to find another solution by google search and some pfsense forum but can not solve this problem. Also I tried to "disable DNS Rebinding Checks" or "Alternate Hostnames" or
"Browser HTTP_REFERER enforcement" at System > Advanced and domain overrides but when I do this I can not login with domain users to web browser. finally reboot pfSense and it does not help.

Any suggestion !

Donny

Hello Marcelloc,

I just would like to inform you that Squid3 authentication with LDAP Windows Server 2008 does not work very well with OpenDNS. When I only use OpenDNS 208.67.222.222 and 208.67.220.220 at System > General Setup > DNS Servers, and I try to login via web browser with domain users name, the web browser still hang up only "loading" and take too long before the web page is coming up.

The way I solved this problem is :

1. Use DNS Server from ISP : 67.xx.xxx.xx and 203.xx.xxx.xx or Use DNS Server from google : 8.8.8.8 and 8.8.4.4
2. At System > General Setup > DNS Servers. I take off IP address from internal DNS Server Windows 2008 because it will cause "DNS-rebind attack detected" If I still use internal dns ip address.

So, at System > General Setup > DNS Servers, I only use DNS Server from my ISP (67.xx.xxx.xx and 203.xx.xxx.xx) or use Google DNS Server 8.8.8.8 and 8.8.4.4. that's it.
Now I can use domain users to authenticate login via web browser and I don't get any DNS-rebind attack detected anymore. Every users from the domain that I tested, it's succeses.

SARG report at "View Report and Realtime tab", I have success to use a real user name from domain users (Windows Server 2008).

See screenshot.

Thank u very much Marcelloc

Donny

Hello Marcello,

When I reboot pfSense. At the console I saw some warning: Invalid argument supplied for foreach() in /usr/local/pkg/squid.inc on line 946.
This is squid.inc code and **this is a line 946>**foreach ($config['installedpackages']['squidremote']['config'] as $settings)

function squid_resync_upstream() {
   global $config;
   $conf = "\n#Remote proxies\n";
foreach ($config['installedpackages']['squidremote']['config'] as $settings){
      if ($settings['enable'] == 'on') {
         $conf .= "cache_peer {$settings['proxyaddr']} {$settings['hierarchy']} {$settings['proxyport']} ";
         if ($settings['icpport'] == '7')
              $conf .= "{$settings['icpport']} {$settings['icpoptions']} {$settings['peermethod']} {$settings['allowmiss']} ";
          else
               $conf .= "{$settings['icpport']} ";
            #auth settings
         if (!empty($settings['username']) && !empty($settings['password'])){
            $conf .= " login={$settings['username']}:{$settings['password']}";
            }
         else{
            $conf .= "{$settings['authoption']} ";
         }
         #other options settings
         if (!empty($settings['weight']))
            $conf .= "weight={$settings['weight']} ";
         if (!empty($settings['basetime']))
            $conf .= "basetime={$settings['basetime']} ";
         if (!empty($settings['ttl']))
            $conf .= "ttl={$settings['ttl']} ";
         if (!empty($settings['nodelay']))
            $conf .= "no-delay";
      }
      $conf .= "\n";
    }
   return $conf;
}

marcelloc

Donny,

I've pushed a fix for these array right now, wait 15 minutes, reinstall the package, and check if it stops the bootup error.

Donny

@marcelloc:

Donny,

I've pushed a fix for these array right now, wait 15 minutes, reinstall the package, and check if it stops the bootup error.

Hello Marcelloc,

After reinstall Squid3 and reboot system, the bootup error problem has solved.

Thank u

tester_02

I am getting the following error after installing squid 3.  I've looked at the folder and there is no mime.conf file.

I had squid 2 + squidguard.  I installed squid 3, then uninstalled squid 2 and this started happening (had originally thought 3 would overwrite 2, but both were shown in the packages).    I've even tried installing 3 again, but the same error happens.  I would have stayed with 2, but I've always had trouble with ncix.com and some youtube videos (preview window plays video and then it runs another preview in the preview)

Apr 24 22:00:06 squid: MIME Config Table /usr/local/etc/squid/mime.conf: (2) No such file or directory
Apr 24 21:59:32 php: : SQUID is installed but not started. Not installing "filter" rules.
Apr 24 21:59:32 php: : SQUID is installed but not started. Not installing "pfearly" rules.
Apr 24 21:59:32 php: : SQUID is installed but not started. Not installing "nat" rules.
Apr 24 21:59:26 check_reload_status: Reloading filter
Apr 24 21:59:18 php: : SQUID is installed but not started. Not installing "filter" rules.
Apr 24 21:59:17 php: : SQUID is installed but not started. Not installing "pfearly" rules.
Apr 24 21:59:17 php: : SQUID is installed but not started. Not installing "nat" rules.
Apr 24 21:59:16 php: /pkg_edit.php: The command '/usr/local/sbin/squid' returned exit code '1', the output was '2012/04/24 21:59:16| ERROR: MIME Config Table /usr/local/etc/squid/mime.conf: (2) No such file or directory FATAL: MIME Config Table /usr/local/etc/squid/mime.conf: (2) No such file or directory Squid Cache (Version 3.1.19): Terminated abnormally. CPU Usage: 0.007 seconds = 0.007 user + 0.000 sys Maximum Resident Size: 5744 KB Page faults with physical i/o: 0'
Apr 24 21:59:16 squid: MIME Config Table /usr/local/etc/squid/mime.conf: (2) No such file or directory

So I manually created a blank mime.conf file.  That error went away and I then I in turn got a missing "icons" folder in the same location.  I created that, and no squid works, but squidguard fails to work..

squid[58395]: Squid Parent: child process 58727 exited due to signal 6 with status 0

Closer, but not quite working at this stage for me…
hints anyone?

tester_02

Update:
Saved all screens in squid and squidguard for luck, and now it's up.  I was scared to reinstall squidguard as I had read that squidguard would reinstall squid 2 again.

So finally squid 3 + squidguard working good.  ncix.com even works!  now to just watch some youtube videos and see if the problem comes up again.

installer still does need a fix for the missing file and missing folder.

Also getting error 22 invalid argument if I try to edit the message above this.

phil.davis

When you are able to make PBIs for installing Squid3 on 2.1-DEVELOPMENT I am happy to test it. No rush - I see that you already have plenty of work just now!

marcelloc

@phil.davis:

When you are able to make PBIs for installing Squid3 on 2.1-DEVELOPMENT I am happy to test it. No rush - I see that you already have plenty of work just now!

On 2.1, install package gui and then go to console to pkg_add -r binaries until I find time to build and test pbi

IGIdeus

Hi,

I looked at throttle_exts.acl generated with "Throttle multimedia files" option checked. IMHO it lacks of extensions: wma, wav, mka, mkv, ogg, oga, ogm, ogv, rmvb.

Best regards
IGIdeus

pizetta

Hi,
At "Proxy server: Traffic management" we can manage a single delay pool with the options: Per-host throttling / Overall bandwidth throttling / Maximum upload size.
I need to manage many groups of delay pools and set to different networks/Ips. This is very usefull, are you going to implement this?

Thanks in advance.

marcelloc

@pizetta:

I need to manage many groups of delay pools and set to different networks/Ips. This is very usefull, are you going to implement this?

No plans for this feature yet. But if you need it, you can post a bountry or make a donation  for that  ;)

Do you have any config sample for this?

pizetta

Something like this…

delay_pools 3                                     ######3 delay pools
delay_class 1 2
delay_parameters 1 -1/-1 12800/12800
delay_access 1 allow client_100k           ######limited clients 100kbps

delay_class 2 2
delay_parameters 2 -1/-1 25600/25600
delay_access 2 allow clientes_200k       ######limited clients 200kbps

delay_class 3 2
delay_parameters 3 -1/-1 38400/38400
delay_access 3 allow clientes_300k      ######limited clients 300kbps

I wish to manage as many pools as I can, grouping users to limit the use of internet. I'll take a look at bounties.
Best regards!

yosu

Hi,

I am using package squid3 version 3.1.19 pkg 2.0.5_2.

In /usr/local/pkg/squid.inc I think this line:

http_access deny CONNECT !sslports

should be:

http_access deny connect !sslports

Also in reverse proxy web gui I need to set port 443 in order to https work. If I left blank reverse HTTPS port, it doesn't open port 443.

Also the reverse proxy HTTPS always redirect to the reverse HTTPS default site. Don't mind what mappings you use.

HTTP reverse proxy works fine.

Best regards.

nutt318

When using the Reverse Proxy in theory will it redirect the traffic based upon the URL?

I've got 2 internal webservers with one public IP, should I be able to route the traffic based upon server1.mydomain.com to 192.168.1.50 and say server2.mydomain.com to 192.168.1.51 ?

It seems I've configured the reverse proxy properly and added a rule to allow http traffic to each private address but i'm not having any luck.

Anyone have any ideas or a detailed instructions?

marcelloc

@nutt318:

When using the Reverse Proxy in theory will it redirect the traffic based upon the URL?

I've got 2 internal webservers with one public IP, should I be able to route the traffic based upon server1.mydomain.com to 192.168.1.50 and say server2.mydomain.com to 192.168.1.51 ?

yes,

@nutt318:

It seems I've configured the reverse proxy properly and added a rule to allow http traffic to each private address but i'm not having any luck.

what you got on squid access log?