Couple of questions about squid3-dev

Taker418

hi, guys i have a couple of question requarding squid3-dev 3.3.10 pkg 2.2.6 2.1.4-RELEASE (i386)built on Fri Jun 20 12:59:29 EDT 2014
FreeBSD 8.3-RELEASE-p16. i followed this https://forum.pfsense.org/index.php/topic,47856.0.html

i have finally got it to cache the sites and im looking at the log and i see a lot of TCP_MISS squid_monitor_data.php i was wondering if there was a way to block squid from trying to cache it.

second question is all of the ip addresses are the same is there anyway to change this its not a big deal just curious next youtube videos and other .mp4 vids are not being cached i have the dynamic caching checked is there any other settings i need to add for it to cache videos

lastly download speeds are extremely slow 20kb/s when i have a 120mb line with a fresh pfsense setup i get the full bandwidth.

i attached a screenshot so you guys can see what im talking about.

any help would be greatly appreciated.

Untitled.jpg_thumb

Taker418

i did some searching and was wondering if this would work

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i .(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i .(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i .(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i .index.(html|htm)$ 0 40% 10080
refresh_pattern -i .(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320

Taker418

anyone?

Tikimotel

Where is "squid_monitor_log.php" file served from?
Because if squid is configured with "Bypass proxy for Private Address destination" turned on, it should not be trying to cache when it is served from a private address space (10.x.x.x; 172.x.x.x.; 192.168.x.x ).
But it seems it is served via 215.x.x.x, and that is not private address space.

You could try and use a proxy script in the browsers. (proxy.pac or wpad.dat)

function FindProxyForURL(url, host) {

  url = url.toLowerCase();
  host = host.toLowerCase();
  isHttp = (url.substring(0,5) == "http:");
  isHttps = (url.substring(0,6) == "https:")

	// If the requested website is hosted within the internal network, send direct.
    	if (isPlainHostName(host) ||
           shExpMatch(host, "*.home") ||
           shExpMatch(host, "*.local") ||
           isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
           isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
           isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
           isInNet(dnsResolve(host), "169.254.0.0",  "255.255.0.0") ||
           isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
	{ return "DIRECT"; }

	// Forward non-http(s) and some hosts to forward proxy (or DIRECT)
	if((!isHttp && !isHttps) // Skip all non http(s)
	   || dnsDomainIs(host, "microsoft.com")
	   || dnsDomainIs(host, "windowsupdate.com")
	   || dnsDomainIs(host, "eset.com")
	   || dnsDomainIs(host, "mcafee.com") // McAfee
	   || dnsDomainIs(host, "siteadvisor.com") // McAfee
	   || dnsDomainIs(host, "hackerwatch.com") // McAfee
	   || dnsDomainIs(host, "hackerwatch.org") // McAfee
	   || dnsDomainIs(host, "avg.com")
	   || dnsDomainIs(host, "grisoft.cz")
	   || dnsDomainIs(host, "avgfree.com")
	   || dnsDomainIs(host, "avg.cz")
	   || dnsDomainIs(host, "symantecliveupdate.com")
	   || dnsDomainIs(host, "thawte.com"))
	{ return "DIRECT"; }

	if (isHttps)
	   // Skip HTTPS
	{ return "DIRECT"; }

	// Otherwise, go through our proxy or if it fails, through bypass
	return "PROXY 192.168.0.1:3128; DIRECT";
}