PfSense 2.2.3 - Internet is very slow via Squid3

KOM

Did you try my much earlier suggestion of running squidclient and then checking the numbers for outliers?

deajan

This might be a bit of a "basic" answer, but to me squid3 was painfully slow when using c-icap antivirus integration.
The clam process just ate my cpu and the sites took ages to load.

In clam's defense my system runs on a VIA C7 1,5Ghz + 512MB ram… getting too old for all of this.

KOM

squid3 was painfully slow when using c-icap antivirus integration.

Of course the addition of either ClamAV or HAVP is going to cause a lot of overhead and will slow down everything.  I've always recommended using a client-based AV instead of having it on the firewall.

aGeekhere

Hmm, When I ran

squidclient -h 192.168.1.1 -p 3128 mgr:info

I got

Sending HTTP request ... done.
HTTP/1.1 403 Forbidden
Server: squid/3.4.10
Mime-Version: 1.0
Date: Sat, 19 Sep 2015 00:23:59 GMT
Content-Type: text/html
Content-Length: 3094
X-Squid-Error: ERR_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from localhost
X-Cache-Lookup: NONE from localhost:3128
Via: 1.1 localhost (squid/3.4.10)
Connection: close

<title>ERROR: The requested URL could not be retrieved</title>

# ERROR

## The requested URL could not be retrieved

* * *

The following error was encountered while trying to retrieve the URL: [cache_obj                                            ect://192.168.1.1/info](cache_object://192.168.1.1/info)

> **Access Denied.**

Access control configuration prevents your request from being allowed at this time. Please contact your service provider                                             if you feel this is incorrect.

Your cache administrator is [admin@localhost](mailto:admin@localhost?subject=CacheErrorInfo%20-%20ERR_ACCESS_DENIED&body=Cache                                            Host%3A%20localhost%0D%0AErrPage%3A%20ERR_ACCESS_DENIED%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Sat,%2019%20Sep%202015%                                            2000%3A23%3A59%20GMT%0D%0A%0D%0AClientIP%3A%20192.168.1.1%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2Finfo%20HTTP%2F1.0%0AHos                                            t%3A%20192.168.1.1%0D%0AUser-Agent%3A%20squidclient%2F3.4.10%0D%0AAccept%3A%20*%2F*%0D%0AConnection%3A%20close%0D%0A%0D%0A%0                                            D%0A).

* * *

Generated Sat, 19 Sep 2015 00:23:59 GMT by localhost (squid/3.4.10)

birarda

I setup squid today and I believe I am experiencing this issue as well. I'll try that fstab thing. I did notice that using "links" in shell on pfSense seemed to have the same slow download speed that I have when going through squid, in case that helps any.

KOM

aGeekHere, are you sure you got it right?  You get that HTML spew when there is an error.

aGeekhere

aGeekHere, are you sure you got it right?  You get that HTML spew when there is an error.

Oh no, Well I ssh in and ran

squidclient -h 192.168.1.1 -p 3128 mgr:info

In the root folder.

Ok trouble shooting time, where do I start?

KOM

On Squid's config page, look for External cache-managers and set it to 127.0.0.1, 192.168.1.1.  Save and try again.

aGeekhere

When I add 127.0.0.1;192.168.1.1 to External cache-managers I now get.

Sending HTTP request ... done.
HTTP/1.1 403 Forbidden
Expires: Thu, 24 Sep 2015 02:14:08 GMT
Cache-Control: max-age=180000
Content-Type: text/html
Date: Tue, 22 Sep 2015 00:14:08 GMT
Server: lighttpd/1.4.35
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.1 localhost (squid/3.4.10)
Connection: close

### Request denied by pfSense proxy: 403 Forbidden

 **Reason:** 

* * *

 **Client address:** 192.168.1.1 

 **Client name:** pfsense.mydomain.local 

 **Client group:** default 

 **Target group:** in-addr 

 **URL:** cache_object://192.168.1.1/info192.168.1.1/pfsense.mydomain.local-GET 

* * *

KOM

Weird.  Check your System logs and squid logs.  I haven't seen that error before.

aGeekhere

Ok some logs

When I stop and start squid I get

Sep 22 10:27:31	squid[22754]: Squid Parent: (squid-1) process 23039 started
Sep 22 10:27:31	squid[22754]: Squid Parent: will start 1 kids
Sep 22 10:27:22	php-fpm[84775]: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2015/09/22 10:27:17| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl" squid: No running copy'
Sep 22 10:26:48	php-fpm[67812]: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2015/09/22 10:26:42| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"

In squid real time if I do squidclient -h 192.168.1.1 -p 3128 mgr:info
I get

22.09.2015 10:33:03	192.168.1.244	TCP_DENIED/403	127.0.0.1:59243	-	-
22.09.2015 10:32:12	192.168.1.244	TCP_DENIED/403	127.0.0.1:59243	-	-
22.09.2015 10:32:01	192.168.1.1	TCP_MISS/403	cache_object://192.168.1.1/info	-	192.168.1.1
22.09.2015 10:31:46	192.168.1.1	TCP_MISS/403	cache_object://192.168.1.1/info	-	192.168.1.1
22.09.2015 10:31:43	192.168.1.1	TCP_MISS/403	cache_object://192.168.1.1/info	-	192.168.1.1
22.09.2015 10:31:40	192.168.1.1	TCP_MISS/403	cache_object://192.168.1.1/info	-	192.168.1.1
22.09.2015 10:31:22	192.168.1.1	TCP_MISS/403	cache_object://192.168.1.1/info	-	192.168.1.1
22.09.2015 10:29:59	192.168.1.244	TCP_DENIED/403	127.0.0.1:59243	-	-
22.09.2015 10:26:28	192.168.1.244	TCP_DENIED/403	127.0.0.1:59243	-	-