Migrate Squid.conf from Linux to Pfsense 2.2.6

vallum

Hello Everyone,

I want to migrate Squid.conf from linux to pfsense .

now there are various syntax which are not avaliabe in pfsense GUI , how we can define such parameters :-

##############
max_filedesc 65536
##############
acl bypass_domains dstdomain www.example.com
always_direct allow bypass_domains
redirector_access deny bypass_domains
##############

acl impsite url_regex -i example2.com
redirector_access deny impsite
http_access allow impsite

##################

acl StreamingRequest1 req_mime_type -i ^video/x-ms-asf$
acl StreamingRequest2 req_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$
acl StreamingRequest3 req_mime_type -i ^application/x-mms-framed$
acl StreamingRequest4 req_mime_type -i ^audio/x-pn-realaudio$
acl StreamingReply1 rep_mime_type -i ^video/x-ms-asf$
acl StreamingReply2 rep_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$
acl StreamingReply3 rep_mime_type -i ^application/x-mms-framed$
acl StreamingReply4 rep_mime_type -i ^audio/x-pn-realaudio$
redirector_access deny StreamingRequest1
redirector_access deny StreamingRequest2
redirector_access deny StreamingRequest3
redirector_access deny StreamingRequest4
http_access deny StreamingRequest1 all
http_access deny StreamingRequest2 all
http_access deny StreamingRequest3 all
http_access deny StreamingRequest4 all
http_reply_access deny StreamingReply1 all
http_reply_access deny StreamingReply2 all
http_reply_access deny StreamingReply3 all
http_reply_access deny StreamingReply4 all
via off
forwarded_for delete
#############################

KOM

You can put those into the integrations section.  VIA has a checkbox btw.

vallum

@KOM:

You can put those into the integrations section.  VIA has a checkbox btw.

Hello Kom,

After doing the change .
now whenever i restart squid-Guard (General> Save + Apply).  these values are set to default :-

url_rewrite_children 16 startup=8 idle=4 concurrency=0

KOM

Try putting them in Custom ACLS (Before Auth).

vallum

@KOM:

Try putting them in Custom ACLS (Before Auth).

Hey ,

my Integration :-
http_port 192.168.1.200:3128;url_rewrite_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf;url_rewrite_bypass off;url_rewrite_children 300 startup=200 idle=100 concurrency=0

And

Custom ACL before Auth:-

acl bypass_domains dstdomain .office365.com ;always_direct allow bypass_domains;redirector_access deny bypass_domains

Now,  whenever i restart squidguard

url_rewrite_children 300 startup=200 idle=100 concurrency=0  changes to

url_rewrite_children 16 startup=8 idle=4 concurrency=0 (default values)

Am i missing anything?

Thanks

KOM

When you make your changes to squidguard, are you going back to the General settings page and clicking Save then Apply?

vallum

@KOM:

When you make your changes to squidguard, are you going back to the General settings page and clicking Save then Apply?

Hey

Yes I'm doing this way only , is it OK ?

I have various Group ACL and target categories for whitelist/blacklist, (after adding any rule )which only seems to work by doing the above mentioned procedure ,

Thanks.

KOM

Any change you make to any of the squidGuard tabs, you must go back to General settings and click save then Apply.  Always.

vallum

@KOM:

Any change you make to any of the squidGuard tabs, you must go back to General settings and click save then Apply.  Always.

Yes I'm doing this way only .

But After doing the same .  My configured values i.e
url_rewrite_children 300 startup=200 idle=100 concurrency=0

is getting deleted and replaced by :-
url_rewrite_children 16 startup=8 idle=4 concurrency=0

This is really painful . any idea how we can solve this .

KOM

Perhaps your numbers are too big and are being reset to defaults?  Do you really need 300 rewriter threads?  I just changed mine from the default 16/8/4 to 20/10/5 and it sticks.

vallum

@KOM:

Perhaps your numbers are too big and are being reset to defaults?  Do you really need 300 rewriter threads?  I just changed mine from the default 16/8/4 to 20/10/5 and it sticks.

Hey ,

I have around 2000 users using proxy so i need  to increase this value .
I have tested and no  matter what values i set .
It always sets as default whenever squid-guard is restarted .

KOM

What do you mean, 'squidguard is restarted'?  squidguard is not a service.  It's a helper app that is spawned by squid for every URL to be processed.  The thing you're having trouble with is squid not saving this setting.  It should have nothing to do with squidguard.

vallum

@KOM:

What do you mean, 'squidguard is restarted'?  squidguard is not a service.  It's a helper app that is spawned by squid for every URL to be processed.  The thing you're having trouble with is squid not saving this setting.  It should have nothing to do with squidguard.

Ok ,  So can i change this default value , let just say instead of 16 8 4 ,  i want to set  custom values directly on configuration file , from squid reads it .

KOM

You should be able to change it right for the Integrations field just like I did.  Save it and it should stick.

vallum

@KOM:

You should be able to change it right for the Integrations field just like I did.  Save it and it should stick.

Hey Kom,

But in my case it is not sticking . so what i would like to know is that , there must be some file where it is hard-coded that default values are 16 8 4  .

So in my case squid keeps resetting to default values after squidGuard is SAVE + APPLY via general Settings .

So the default values 16 8 4  ,  if we can change it to custom value  not from GUI .

KOM

No idea where that config might hlive, but it will be overwritten at every pfSense upgrade so that's not really the best solution.

vallum

@KOM:

No idea where that config might hlive, but it will be overwritten at every pfSense upgrade so that's not really the best solution.

Hey Kom,

Thanks .

For now i have done changes in /usr/local/pkg/squidguard_configurator.inc

now the value is permanent after, Save + Apply.