Solved: Squid #Custom options

  • Hello Everybody,

    I am new to pfSence and I am testing it already a few days. But only on a virtual machine. I like it but there is one thing can not get work. And that is Squid Custom options.
    I am trying to put there some commands to get the headers replaced. But without success. When I have tried it on ipcop then I could change the user-agent to "something", but with pfSence - no chance.

    So what I did is: Installed pfsense on a virtual machine with two network cards. Just started it and did the initial configuration. After that installed the Squid package. Putted some commands (one or several) to custom options and tried to test it. It never worked. I did reinstall pfsence maybe 15 times… but I stil can not find a solution.

    Here is my squid.conf. I confirm that squid is working because I configured the  browser to connect via proxy server and Internet is working normally there.

    Any help is apreciated.

    I forgot: I have tested both versions: 1.2.2 and 1.2.3 RC1.

    Thanks in advance.

    # Do not edit manually !
    http_port transparent
    icp_port 0
    pid_filename /var/run/
    cache_effective_user proxy
    cache_effective_group proxy
    error_directory /usr/local/etc/squid/errors/English
    icon_directory /usr/local/etc/squid/icons
    visible_hostname localhost
    cache_mgr admin@localhost
    access_log /dev/null
    cache_log /var/squid/log/cache.log
    cache_store_log none
    shutdown_lifetime 3 seconds
    # Allow local network(s) on interface(s)
    acl localnet src
    forwarded_for off
    via off
    uri_whitespace strip
    cache_dir aufs /var/squid/cache 100 16 256
    cache_mem 8 MB
    maximum_object_size 10 KB
    minimum_object_size 0 KB
    cache_replacement_policy heap LFUDA
    memory_replacement_policy heap GDSF
    offline_mode off
    dns_children 32
    # No redirector configured
    # Setup some default acls
    acl all src
    acl localhost src
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
    acl sslports port 443 563 
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    acl dynamic urlpath_regex cgi-bin \?
    cache deny dynamic
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports
    # Always allow localhost connections
    http_access allow localhost
    request_body_max_size 0 KB
    reply_body_max_size 0 allow all
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow all
    # Allow local network(s) on interface(s)
    http_access allow localnet
    # Custom options
    header_replace User-Agent Googlebot 3.0
    # Default block all to be sure
    http_access deny all

  • O.K. I have found the error myself.
    The respecting header must be denied first, only then it can be replaced.

    I hope it helps somebody.

  • Please post your solutions. Thanks

Log in to reply