Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid - Purge Cache fails

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 3 Posters 6.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      asiTechsupport
      last edited by

      PF 1.2.3
      Squid 2.7.9_4

      I'm attempting to remove a website from our cache after adding rules to keep it from getting cached further.

      So I tried:

      squidclient -m purge http://website.to.exclude/

      which resulted in:

      client: ERROR: Cannot connect to localhost:3128: Operation timed out

      What am I missing?

      Here's my squid.conf:

      Do not edit manually !

      http_port 10.4.1.254:3128
      icp_port 0

      pid_filename /var/run/squid.pid
      cache_effective_user proxy
      cache_effective_group proxy
      error_directory /usr/local/etc/squid/errors/English
      icon_directory /usr/local/etc/squid/icons
      visible_hostname gateway.agrisolutions.com
      cache_mgr techsupport@agrisolutions.com
      access_log /var/squid/log/access.log
      cache_log /var/squid/log/cache.log
      cache_store_log none
      logfile_rotate 30
      shutdown_lifetime 3 seconds

      Allow local network(s) on interface(s)

      acl localnet src  10.4.0.0/255.255.0.0
      uri_whitespace strip

      cache_mem 64 MB
      maximum_object_size_in_memory 32 KB
      memory_replacement_policy heap GDSF
      cache_replacement_policy heap LFUDA
      cache_dir aufs /var/squid/cache 10000 16 256
      minimum_object_size 0 KB
      maximum_object_size 256000 KB
      offline_mode off
      cache_swap_low 90
      cache_swap_high 95

      No redirector configured

      Setup some default acls

      acl all src 0.0.0.0/0.0.0.0
      acl localhost src 127.0.0.1/255.255.255.255
      acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 1443 3128 1025-65535
      acl sslports port 443 563 1443
      acl manager proto cache_object
      acl purge method PURGE
      acl connect method CONNECT
      acl dynamic urlpath_regex cgi-bin ?
      cache deny dynamic
      http_access allow manager localhost

      Allow external cache managers

      acl ext_manager_1 src 10.4.1.254
      http_access allow manager ext_manager_1

      http_access deny manager
      http_access allow purge localhost
      http_access deny purge
      http_access deny !safeports
      http_access deny CONNECT !sslports

      Always allow localhost connections

      http_access allow localhost

      quick_abort_min -1 KB
      quick_abort_max 20000 KB
      request_body_max_size 0 KB
      reply_body_max_size 0 allow all
      delay_pools 1
      delay_class 1 2
      delay_parameters 1 1228800/1228800 -1/-1
      delay_initial_bucket_level 100

      Throttle extensions matched in the url

      acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
      delay_access 1 allow throttle_exts
      delay_access 1 deny all

      Setup allowed acls

      Allow local network(s) on interface(s)

      http_access allow localnet

      Custom options

      refresh_pattern windowsupdate.com/..(cab|exe) 4320 100% 43200 reload-into-ims
      refresh_pattern download.microsoft.com/.
      .(cab|exe) 4320 100% 43200 reload-into-ims
      refresh_pattern au.download.windowsupdate.com/.*.(cab|exe) 4320 100% 43200 reload-into-ims

      Default block all to be sure

      http_access deny all

      1 Reply Last reply Reply Quote 0
      • B
        brcisna
        last edited by

        asiTechsupport,

        pfSense-1.2.3-RELEASE
        squid 2781
        squidGuard 1303

        I needed to remove one squid cached entry same as you, As I modified one of our webserver's mainpage ,and needed to have the client machines see the new changes.
        Bottom line I am running into the exact same error as you are getting. I even designated port number and still get timed out.
        Sidenote:  With a few different extra parameters added to squidclient ,one time it appeared squidclient was trying to actually remove the web page on the actual server (not squid cache) ?…:(.

        squidclient -m PURGE -p 8080 http://my.web.address

        " Could not connect to localhost:8080 Operation timed out...

        This is ssh'd into the pfSense machine.

        Take Care,
        Barry

        1 Reply Last reply Reply Quote 0
        • W
          wagonza
          last edited by

          @asiTechsupport:

          Do not edit manually !

          http_port 10.4.1.254:3128
          icp_port 0

          Your squid isn't listening on localhost but only 10.4.1.254, so try squidclient -h 10.4.1.254 -m purge http://website.to.exclude/

          Follow me on twitter http://twitter.com/wagonza
          http://www.thepackethub.co.za

          1 Reply Last reply Reply Quote 0
          • B
            brcisna
            last edited by

            wagonza,

            I tried you suggestion. It appears squidclient at least now is going to try and delete/purge the cached object.
            I now get 405 access denied.
            I think i need to add an acl to squid of ip.ad.dress in the acl section,along with the already existing 127.0.0.1 entry.

            Thanks,
            Barry

            1 Reply Last reply Reply Quote 0
            • W
              wagonza
              last edited by

              Correct - you need to setup a Cache Manager password and the relevant ACL's.

              Have a look at http://wiki.squid-cache.org/SquidFaq/CacheManager#Cache_manager_access_from_squidclient for details on how to setup the Cache Manager ACLs.

              Follow me on twitter http://twitter.com/wagonza
              http://www.thepackethub.co.za

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.