Howto: enabling cachemgr with squid
-
I found out how I can use the cachemgr.cgi with squid:
In the following howto the hostname of my pfsense is 'pfsense' and the IP is 10.0.0.1 (use your settings here):
1. set the following link under '/usr/local/www':
cd /usr/local/www
ln -s /usr/local/libexec/squid/cachemgr.cgi cachemgr.cgi2. change '/usr/local/etc/squid/cachemgr.conf'
# This file controls which servers may be managed by # the cachemgr.cgi script # # The file consists of one server per line on the format # hostname:port description # # Specifying :port is optional. If not specified then # the default proxy port is assumed. :* or :any matches # any port on the target server. # # hostname is matched using shell filename matching, allowing # * and other shell wildcards. pfsense3. change /usr/local/pkg/squid.inc
Setup some default acls
acl localhost src 127.0.0.1/255.255.255.255 to acl localhost src 10.0.0.1/255.255.255.255
cachemgr_passwd disable offline_toggle reconfigure shutdown
cachemgr_passwd none allthat's it!
To activate the new settings go to 'Services/Proxy-Services' press 'save' and a new squid.conf is written and also squid is reconfigured (you can also restart your pfsense ;-) )the cachemgr is reached with 'http://pfsense/cachemgr.cgi'
By the way - to make squid more anonymous, you can also put in the follwing statements to 'squid.inc':
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
request_header_access From deny all
request_header_access Referer deny all
request_header_access Server deny all
request_header_access WWW-Authenticate deny all
request_header_access Link deny allThis gives you following results (checked by http://checker.samair.ru/):
Proxy checking Report With your current IP/proxy settings any host can get following info about you: IP detected: 91.67.81.116 Country: Click here to find out what country your proxy belongs to Resume: You are using high-anonymous (elite) proxy (if you are using proxy). Tired of nonworking and slow proxies? Try Paid Proxy Free Trial accounts! Main anonymous proxy test variables (all must be "none") HTTP_FORWARDED: (none) HTTP_X_FORWARDED_FOR: (none) HTTP_CLIENT_IP: (none) Additional proxy variables HTTP_VIA: (none) HTTP_XROXY_CONNECTION: (none) HTTP_PROXY_CONNECTION: (none) Other interesting info about you HTTP_USERAGENT_VIA: (none) HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 HTTP_ACCEPT_LANGUAGE: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 REMOTE_HOST: (none) HTTP_CONNECTION: keep-alive SERVER_PROTOCOL: HTTP/1.0 HTTP_REFERER: (none) HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 HTTP_CACHE_CONTROL: max-age=259200 HTTP_CACHE_INFO: (none) Anonymity types Anonymous - HTTP Proxy server does not send HTTP_X_FORWARDED_FOR variable to host, this improves privacy since your IP address can not be logged. High-anonymous (elite proxy) - HTTP Servers of this type do not send HTTP_X_FORWARDED_FOR, HTTP_VIA and HTTP_PROXY_CONNECTION variables. Host doesn't even know you are using proxy server an of course it doesn't know your IP address. -
Hmm the first part worked like a champ I can look through the cache now but the second part doesn't change my result on that proxy checked, not anonymouse. :(
oh btw I'm running the pfS 2.0 alpha and squid 3
-
Put the statements in front of the delay_pool parms of squid.inc:
... $conf .= <<<eod<br>... request_header_access Via deny all request_header_access X-Forwarded-For deny all request_header_access From deny all request_header_access Referer deny all request_header_access Server deny all request_header_access WWW-Authenticate deny all request_header_access Link deny all ... delay_pools 1 delay_class 1 2 delay_parameters 1 $overall/$overall $perhost/$perhost delay_initial_bucket_level 100</eod<br>