Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Proposed changes to squid package: url_rewrite_children value

    Cache/Proxy
    2
    4
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Valeriy
      last edited by

      Once squidGuard is enabled it passes the following settings to squid package:

      url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;url_rewrite_bypass off;url_rewrite_children 16 startup=8 idle=4 concurrency=0

      The problem is its not suitable for medium/large networks (more than 50ish users)

      Of course that could be adjusted manually under Squid–>General-->Advanced Features--->Integrations, if you know what to do and where to find it.
      Also, after squid / SquidGuard reinstall or SquidGuard configurations changes, your manual changes are overwritten.

      I suggest to add few fields in squidGuard GUI:

      • Maximum URL rewrite children

      • Startup URL rewrite children

      • Idle URL rewrite children

      • maybe Concurrency  I don't really know what effect it makes and if what kind of setup needs changing that value.

      So those values will be passed accordingly to squid.conf instead of defaults 16/8/4/0 accordingly.

      My setup:
      url_rewrite_children 200 startup=20 idle=20 concurrency=0
      On rough average I have 60 squidGuard processes running for 1500 users.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        As stated on another thread - pull requests go to GitHub. After you've read the wonderful code, I think you'll quickly understand why noone's maintaining the package, let alone adding features to it.

        Note: In case you decide to code something there – that SquidGuard heap of mess directly touching any code in the Squid package is absolutely not desired...  Keep that thing 1/4 of statute mile away from Squid code.

        1 Reply Last reply Reply Quote 0
        • V
          Valeriy
          last edited by

          @doktornotor:

          As stated on another thread - pull requests go to GitHub. After you've read the wonderful code, I think you'll quickly understand why noone's maintaining the package, let alone adding features to it.

          Note: In case you decide to code something there – that SquidGuard heap of mess directly touching any code in the Squid package is absolutely not desired...  Keep that thing 1/4 of statute mile away from Squid code.

          Well, with all 4 changes proposed today, I can only say that before they will be implemented I'd have to keep customized copy of squid.conf file and copy it over every time when pfsense decides to overwrite it (when squid or squidGuard package changes/saves/refresh its configuration).

          And anybody who has more than one 24bit subnet address space or/and more than 100 concurrent users will face same issue with pfSense, once Traffic Mgmt/SquidGuard features are required to be utilized.

          Just saying.. :)

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Yeah, looks like that. There are bugs in the SquidGuard code rotting for years (see https://redmine.pfsense.org/projects/pfsense-packages/issues) – simply because noone can keep reading the code for more than a couple of minutes before developing a severe headache. The changes suggested here are a blatant waste of resources for most users, and adding options to the mess is not viable.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.