2.1 with Squid3 - How to reset the config of a deleted package?

marcelloc

Squid package config stays on pfSense config.xml file.

Make a backup (diagnostic s-> backup) and take a look for squid settings.

Be care full while editing XML file to do not mess up the file and break your pfSense.

If you know how Vi and XML config works, you can try a viconfig on console.

TsyMiroro

I uncheck "dynamic content" and can see that "du -h /var/squid/cache" begin to increase. Wait for real use of the network for verify if cache work.

"tail -f /var/squid/logs/access.log" stay empty. Nothing in this log-file.

/cf/conf/config.xml contain configs data but it seems to be mixed in the file, ie, the item in the file is not in the same order in the GUI, it is more complicated for me because the number of lines (3250), I prefer do nothing with this file.

I'm not certain that it works correctly.

TsyMiroro

the ends of lines of /var/squid/logs/cache.log show some errors

[2.1-BETA0][admin@pfSense.tld]/var/squid(7): cat logs/cache.log
2012/11/12 00:00:00| storeDirWriteCleanLogs: Starting...
2012/11/12 00:00:00|   Finished.  Wrote 5657 entries.
2012/11/12 00:00:00|   Took 0.01 seconds (427233.59 entries/sec).
2012/11/12 08:30:13| comm_old_accept: FD 23: (53) Software caused connection abort
2012/11/12 08:30:13| httpAccept: FD 23: accept failure: (53) Software caused connection abort
2012/11/12 08:30:16| comm_old_accept: FD 23: (53) Software caused connection abort
2012/11/12 08:30:16| httpAccept: FD 23: accept failure: (53) Software caused connection abort
2012/11/12 08:30:18| comm_old_accept: FD 23: (53) Software caused connection abort
2012/11/12 08:30:18| httpAccept: FD 23: accept failure: (53) Software caused connection abort
2012/11/12 08:30:20| comm_old_accept: FD 23: (53) Software caused connection abort
2012/11/12 08:30:20| httpAccept: FD 23: accept failure: (53) Software caused connection abort

[2.1-BETA0][admin@pfSense.tld]/var/squid(8): 

I can not interpret these errors.

.

TsyMiroro

I see that squid runs under root. Is it normal?

[2.1-BETA0][admin@pfSense.tld]/var/squid(17): ps ux |grep squid
root 12374  0.0  0.8  9552  3984  ??  Is   Sun11AM   0:00.01 /usr/pbi/squid-i38
root 10230  0.0  0.2  3536  1184   0  S+   11:34AM   0:00.01 grep squid

[2.1-BETA0][admin@pfSense.tld]/var/squid(18): 

[2.1-BETA0][admin@pfSense.tld]/var/squid(19): cat /etc/passwd |grep squid

[2.1-BETA0][admin@pfSense.tld]/var/squid(20): cat /etc/passwd | grep proxy
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin

[2.1-BETA0][admin@pfSense.tld]/var/squid(21): cat /etc/group  | grep squid

[2.1-BETA0][admin@pfSense.tld]/var/squid(22): cat /etc/group | grep proxy
proxy:*:62:

[2.1-BETA0][admin@pfSense.tld]/var/squid(23): 

In /usr/pbi/squid-i386/etc/squid/squid.conf the user and group are proxy

[2.1-BETA0][admin@pfSense.tld]/var/squid(23): cat /usr/pbi/squid-i386/etc/squid/squid.conf
# This file is automatically generated by pfSense
# Do not edit manually !
http_port 172.24.0.1:3128
http_port 127.0.0.1:3128 intercept
icp_port 7
dns_v4_first off
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language fr
icon_directory /usr/pbi/squid-i386/etc/squid/icons
visible_hostname aro-afo
cache_mgr admin@localhost
access_log /dev/null
cache_log /var/squid/logs/cache.log
cache_store_log none
sslcrtd_children 0
logfile_rotate 15
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  172.24.0.0/24
uri_whitespace strip

acl dynamic urlpath_regex cgi-bin \?
cache deny dynamic
cache_mem 256 MB
maximum_object_size_in_memory 128 KB
memory_replacement_policy lru
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 5000 16 256
minimum_object_size 0 KB
maximum_object_size 20000 KB
offline_mode offcache_swap_low 90
cache_swap_high 95

# No redirector configured

#Remote proxies

# Setup some default acls
acl allsrc src all
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
acl sslports port 443 563  
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT

http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
# Throttle extensions matched in the url
acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
delay_access 1 allow throttle_exts
delay_access 1 deny allsrc

# Reverse Proxy settings

# Custom options

# Setup allowed acls
# Allow local network(s) on interface(s)
http_access allow localnet
# Default block all to be sure
http_access deny allsrc

[2.1-BETA0][admin@pfSense.tld]/var/squid(24): 

marcelloc

@TsyMiroro:

"tail -f /var/squid/logs/access.log" stay empty. Nothing in this log-file.

Did you enabled squid logs on gui?

TsyMiroro

Enable logging is enabled.

In this time I do a update from 13 Nov to 17 Nov.
After this if I see some error I report it here.

In this version caching dynamic content work?

TsyMiroro

Now, I have activities into /var/squid/logs/access.log with some HIT

The size given by du -h /var/squid/cache/ increase and decrease (decrease slowly), but is not in the maximum value get in GUI.
In GUI It put 3000Mo, yesterday "du -h" give 780Mo, today it is  757Mo

I can think that it work correctly.

I continue to view this work and install lightsquid in next week, and when it work normally, install squidguard too, but when a problem occurs, it is an other thread.

Thanks for help.

TsyMiroro

How to mark [solved] in subject?

Metu69salemi

Edit your first post in this subject and edit Subject field.. ;)

TsyMiroro

I want to note that in 2.1, squid3 seems not work with "dynamic content" checked.

Thanks for all.