Questions mostly about squid
-
have a pfsense box with 2 intel nics and built in realtek nic, p4, 512mb ram system, and also installed squid package…been reading forum posts about anything i can on pfsense, squid, just a newbie here, please be gentle...
note:
i am using squid previously on windows before (the acme consulting version) on my file server
version 2.6 STABLE 4, been using it for 5 months now without problems...this is a bit lengthy so please bear with me...
- i have access list lines (acl) in my windows squid (mostly for blocking chat apps)
acl bawal1 url_regex -i webchat
http_access deny bawal1where can i put this line on squid (pfsense)? is it on the SERVICES->PROXY SERVER->PROXY SERVER: GENERAL SETTINGS->CUSTOM OPTIONS? or do i have to edit squid.conf manually (i know, do not edit this file manually)? or do i have to edit another file somewhere else?
-
can i reject a specific object (like a specific jpg, example 'n1.jpg') in squid such that, it will still load
the web page, but just doesnt display n1.jpg? is this possible in squid? how can i specifically do it in squid? or is there any package aside from squid that can do the job? (i know squidguard but i know it
just blocks website urls, not individual objects, correct me if i'm wrong), my objective for this is to
block streaming content (like *.flv files in youtube) or block contents of the EMBED tag that load mp3's, etc. -
in proxy server->cache management->hard disk cache system, 3 options are there ufs, aufs, diskd, in your option, which option gives out the best performance? been using aufs in my windows squid (no diskd)
-
in proxy server->cache management->memory replacement policy/cache replacement policy, some options also are there, lru, heap lfuda, heap gdsf, heap lru, again, which option gives out the best performance? been using aufs in my windows squid...but really want to have the best performance
-
do you have an optimized squid.conf file? one that been used in production that i could look into to study...apply some optimization to my squid on pfsense?
-
been experiencing slowdown in squid but have already the kern.ipc.nmbclusters commented out...but still experience slowdowns, mostly if 10 simultaneous users use the internet, squid slowed down to a crawl,
is there any fix/workaround/optimization for this?
thanks for helping me out...
-
I tried to answer all the questions, though several are just pointing you somewhere else…hope it's of some help to you.
1) Edit /usr/local/pkg/squid.inc - squid.conf is built from this file on system startup. This way, your changes will be saved when you reboot, make changes via the GUI, etc.
2) This is Squid specific, and I don't know the answer. Check the Squid forums/mailing list.
3) I personally don't know, but would assume AUFS is better as it is the default option. Lots of info here http://www.google.com/search?q=aufs+vs+diskd&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
4) Depends on the usage…how many clients...what are they downloading, casual browsing, large files, thousands of image thumbnails, etc. Read the desc. of each setting located there and it should help you to pick one. Keep in mind the larger your memory/disk cache the more bandwidth you're going to save, no matter the replacement policy.
5) Default has been okay for most people here...again, if this is a huge installation you might discuss this in the Squid mailing lists.
6) This is unusual. Are you low on HD space or system memory? We have nearly 30 people on squid day in and out, we still get nearly line speed throughput with cached objects and full WAN bandwidth when the object has not been accessed before. -
thanks mhab12
update: the slowdown i talked about in my first post is i think due to the answer in question #3
i tested squid with diskd earlier, i switched to aufs yesterday and speedy access again to websites…
LOT of difference...consider aufs, i did....thanks for pointing out the config file for squid in question #1, will try to view that file later and will
incorporate my own custom acl list...been using squid for 10 users, 1 server, mostly browsing casual websites, FREQUENT downloading, no
streaming music/videos -
1. If you Intend to configure squid one time. you can edit your squid.inc but if you intend or for the future restore your squid configurations use custom, but dont forget to add ";" every last line might look like
acl bawal1 url_regex -i webchat;http_access deny bawal1;2. For youtube the keyword is get_video and all urlpath that content .flv(we cant use .flv$ because some has .flv?something=something)
acl bawal2 urlpath_regex (get_video\?|videoplayback\?|videodownload\?) \.flv \.mp3 http_access deny bawal2on custom this would look like…
acl bawal2 urlpath_regex (get_video\?|videoplayback\?|videodownload\?) \.flv \.mp3;http_access deny bawal23. COSS is the fastest up to now. COSS for small content and AUFS for large content. but not good on rebuilding cache from startup. If your server doesnt shutdown or restart very often… COSS + AUFS where squid developer(Adrian Chad) recommend.
4. pfsense current configurations of memory/cache replacement are very reasonable. I don't know why squid's default is lru :-.
5. The Fastest squid ever built is the squids default configurations with cache_dir null. Pfsense defaults are optimal.
I'm also a performance enthusiast/addict/greedy-caching ;D thats why im using cacheboy(patched for personal customaztions) instead of squid's old version.
6. If wan is congested because of download large content. You may use delay_body_max_size to throttle only the large files and give priority to html files and small pictures by using tcp_outgoing_tos.
Tested with 10 workstations, 40tabs of pornhub ;D and opened simultinuosly. -
is squid 2.6 pfsense has support delay_body_max_size option ? still newbie on squid thing :)
-
is squid 2.6 pfsense has support delay_body_max_size option ? still newbie on squid thing :)
nope.