Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid3 - New GUI with sync, normal and reverse proxy

    Scheduled Pinned Locked Moved Cache/Proxy
    428 Posts 104 Posters 485.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      edanpedragosa
      last edited by

      It seems that after the update, the squid real-time monitoring does not work anymore.

      Also, the tweak to allow large downloads in cache also stopped working.

      With that note, I want to revert to see if the issue was with this update or not.

      1 Reply Last reply Reply Quote 0
      • F
        finalcut
        last edited by

        clear old cash
        or
        from console squid -k rotate

        1 Reply Last reply Reply Quote 0
        • S
          stuntshell
          last edited by

          Hi,
          I set it to portuguese pt-br and I receive the following error messages on startup:

          2014/11/10 08:39:29 kid1|  parse error while reading template file: /usr/pbi/squid-amd64/etc/squid/errors/pt-br/error-details.txt
          2014/11/10 08:39:29 kid1| Unable to load default error language files. Reset to backups.
          2014/11/10 08:39:29 kid1|  parse error while reading template file: /usr/pbi/squid-amd64/etc/squid/errors/templates/error-details.txt
          2014/11/10 08:39:29 kid1| WARNING: failed to find or read error text file error-details.txt
          

          Thanks,

          1 Reply Last reply Reply Quote 0
          • E
            edanpedragosa
            last edited by

            I already cleared the cache many times, even uninstalled and reinstalled all the packages with the same effect.

            I'm not pretty sure if rotating logs will make a difference, anyway, I'll try again later.

            SARG can still display the realtime logs but squid realtime is not working.

            I hope the next update will fix it.

            1 Reply Last reply Reply Quote 0
            • E
              edanpedragosa
              last edited by

              It seems that squid does not cache anything at all.

              I only get TCP_MISS/200 in the access log.

              Here's my current squid config settings:

              
              # This file is automatically generated by pfSense
              # Do not edit manually !
              
              http_port 177.7.0.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=64MB cert=/usr/pbi/squid-amd64/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/share/certs/
              
              http_port 172.16.0.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=64MB cert=/usr/pbi/squid-amd64/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/share/certs/
              
              http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=64MB cert=/usr/pbi/squid-amd64/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/share/certs/
              
              https_port 127.0.0.1:3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=64MB cert=/usr/pbi/squid-amd64/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/share/certs/
              
              icp_port 0
              dns_v4_first on
              pid_filename /var/run/squid.pid
              cache_effective_user proxy
              cache_effective_group proxy
              error_default_language en
              icon_directory /usr/pbi/squid-amd64/etc/squid/icons
              visible_hostname AIMSNet_Gateway
              cache_mgr edan@aims.ac.th
              access_log /var/squid/log/access.log
              cache_log /var/squid/log/cache.log
              cache_store_log none
              netdb_filename /var/squid/log/netdb.state
              pinger_enable on
              pinger_program /usr/pbi/squid-amd64/libexec/squid/pinger
              sslcrtd_program /usr/pbi/squid-amd64/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048
              sslcrtd_children 32
              sslproxy_capath /usr/pbi/squid-amd64/share/certs/
              
              logfile_rotate 180
              debug_options rotate=180
              shutdown_lifetime 3 seconds
              # Allow local network(s) on interface(s)
              acl localnet src  177.7.0.0/16 172.16.0.0/16
              forwarded_for off
              via off
              httpd_suppress_version_string on
              uri_whitespace encode
              
              # Break HTTP standard for flash videos. Keep them in cache even if asked not to.
              refresh_pattern -i .flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
              
              # Let the clients favorite video site through with full caching
              acl youtube dstdomain .youtube.com
              cache allow youtube
              
              # Windows Update refresh_pattern
              range_offset_limit -1
              refresh_pattern -i microsoft.com/.*.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
              refresh_pattern -i windowsupdate.com/.*.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
              refresh_pattern -i windows.com/.*.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
              
              # Symantec refresh_pattern
              range_offset_limit -1
              refresh_pattern liveupdate.symantecliveupdate.com/.*.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
              refresh_pattern symantecliveupdate.com/.*.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
              
              # Avast refresh_pattern
              range_offset_limit -1
              refresh_pattern avast.com/.*.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims
              
              # Avira refresh_pattern
              range_offset_limit -1
              refresh_pattern personal.avira-update.com/.*.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims
              
              cache_dir aufs /var/squid/cache 77777 256 256
              cache_mem 15777 MB
              maximum_object_size_in_memory 1024 KB
              memory_replacement_policy heap LFUDA
              cache_replacement_policy heap LFUDA
              minimum_object_size 0 KB
              maximum_object_size 1000000 KB
              offline_mode on
              cache_swap_low 90
              cache_swap_high 95
              cache allow all
              
              # Add any of your own refresh_pattern entries above these.
              refresh_pattern ^ftp:    1440  20%  10080
              refresh_pattern ^gopher:  1440  0%  1440
              refresh_pattern -i (/cgi-bin/|?) 0  0%  0
              refresh_pattern .    0  20%  4320
              
              # No redirector configured
              
              #Remote proxies
              
              # Setup some default acls
              # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
              # acl localhost src 127.0.0.1/32
              acl allsrc src all
              acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3127 1025-65535 
              acl sslports port 443 563  
              
              # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
              #acl manager proto cache_object
              
              acl purge method PURGE
              acl connect method CONNECT
              
              # Define protocols used for redirects
              acl HTTP proto HTTP
              acl HTTPS proto HTTPS
              http_access allow manager localhost
              
              # Allow external cache managers
              acl ext_manager src 172.16.0.1
              acl ext_manager src 177.7.0.1
              http_access allow manager ext_manager
              
              http_access deny manager
              http_access allow purge localhost
              http_access deny purge
              http_access deny !safeports
              http_access deny CONNECT !sslports
              
              # Always allow localhost connections
              # From 3.2 further configuration cleanups have been done to make things easier and safer. 
              # The manager, localhost, and to_localhost ACL definitions are now built-in.
              # http_access allow localhost
              
              quick_abort_min 0 KB
              quick_abort_max 0 KB
              quick_abort_pct 70
              request_body_max_size 0 KB
              delay_pools 1
              delay_class 1 2
              delay_parameters 1 -1/-1 -1/-1
              delay_initial_bucket_level 100
              delay_access 1 allow allsrc
              
              # Reverse Proxy settings
              
              # Package Integration
              url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf
              url_rewrite_bypass off
              url_rewrite_children 5
              
              # Custom options before auth
              always_direct allow all
              ssl_bump server-first all
              
              # Setup allowed acls
              # Allow local network(s) on interface(s)
              http_access allow localnet
              # Default block all to be sure
              http_access deny allsrc
              
              

              What could be wrong with it? Note that it was working fine with squid3-dev 3.3.10 pkg 2.2.6

              Packages installed:
              Cron
              pfBlocker
              Sarg
              squid3-dev
              squidGuard-squid3
              System Patches

              My hardware/software config is:

              Dell PowerEdge T110 II
              Intel Xeon processor E3-1200 V2 product family
              32GB Server RAM
              256GB SSD Drive

              Version 2.1.5-RELEASE (amd64)
              built on Mon Aug 25 07:44:45 EDT 2014
              FreeBSD 8.3-RELEASE-p16

              Platform pfSense
              CPU Type
              Intel(R) Xeon(R) CPU E3-1220 V2 @ 3.10GHz
              4 CPUs: 1 package(s) x 4 core(s)

              DNS server(s)
              208.67.222.222
              208.67.220.220

              State table size
              0% (1367/1777777)

              MBUF Usage
              4% (6292/177778)

              Temperature 29.8°C

              Load average
              0.20, 0.14, 0.15

              CPU usage
              0%

              Memory usage
              7% of 32716 MB

              SWAP usage
              0% of 65536 MB

              Disk usage
              1% of 169G

              1 Reply Last reply Reply Quote 0
              • F
                finalcut
                last edited by

                i made update it work flawless ,, thanks for update

                1 Reply Last reply Reply Quote 0
                • S
                  sunghost
                  last edited by

                  Hello,
                  first you make a very good job. Pfsense as well all package developer. I look since weeks for a solution to use an webproxy with antivirus and contentfilter. First i want to use dansguardian, but the last version is from 2012 - very old. than i wanted to use havp, but this version is from 2010! and it looks like the latest security fix is not included in pfsense havp package. I use always stable version for my production environment so squid whould a good choice, but the version of the package is from 2008-2010! and the squid3 beta is also old 2012!

                  After reading lots of post here in this forum and the most of this over 23 pages in this thread i am not alight with a positiv feeling of using it. The package Info link of squid3 in pfsense leads also to this thread which is a bad overview for information to this package. In my eyes this part must created new with infos over the package and not to a thread with errors and other parts of an information to a package. So in short why are the packages old and what whould be the choice of using a webproxy with antivirus and content filter/security?
                  thx and this is no offense to anybody just my impression.

                  1 Reply Last reply Reply Quote 0
                  • F
                    finalcut
                    last edited by

                    then push $$$$upport to programmer for those updates
                    i try to send him donation for his great job but my country is blocked

                    1 Reply Last reply Reply Quote 0
                    • T
                      Tikimotel
                      last edited by

                      @finalcut:

                      then push $$$$upport to programmer for those updates
                      i try to send him donation for his great job but my country is blocked

                      My country wasn't blocked, so I donated today!

                      1 Reply Last reply Reply Quote 0
                      • F
                        finalcut
                        last edited by

                        i am not kidding
                        also it happen with pfsense i try to buy two stickers (as simple first  donation) and they send the money back to me

                        any way i try to encourage my company to get pfsense support , they can buy any thing from anywhere

                        1 Reply Last reply Reply Quote 0
                        • S
                          sunghost
                          last edited by

                          You are right, donation for the developer and the project is always good. Thats not the question. i think its not good to use package which are older than 1 or 2 or more years. or packages which seems not longer develop. you know? All things getting faster, the development the bad guys and also the features of some packages which we cant use, while our older than 1 year. i also think its not in any case good to use the latest version, but one which is older than 6 month?! not good if the features or fixes alot. i think a security solution must be up to date. But the product pfsense and the idea behind it is great. dont misunderstand me.

                          1 Reply Last reply Reply Quote 0
                          • E
                            edanpedragosa
                            last edited by

                            @finalcut:

                            i made update it work flawless ,, thanks for update

                            Are you on a 32-bit or 64-bit version?

                            Caching does not seem to work right now… I only get TCP_MISS....

                            Can you share us your configuration and settings for squid?

                            Thank you in advance!

                            1 Reply Last reply Reply Quote 0
                            • F
                              finalcut
                              last edited by

                              64-bit
                              do you have tcp_swapfail ?

                              1 Reply Last reply Reply Quote 0
                              • E
                                edanpedragosa
                                last edited by

                                No, I don't have TCP_SWAPFAIL_MISS, only TCP_MISS/200. What I'm waiting to see in the logs is the HIT but I don't see TCP_HIT.

                                1 Reply Last reply Reply Quote 0
                                • E
                                  edanpedragosa
                                  last edited by

                                  Now I'm getting a HIT by setting the Minimum object size to 0.

                                  It's just the large downloads that don't get cached.

                                  Hope this will get sorted out again in the next update….

                                  1 Reply Last reply Reply Quote 0
                                  • E
                                    Escorpiom
                                    last edited by

                                    Perhaps someone can help a confused n00b on PfSense 2.2 Beta…

                                    I have at the moment Squid "3.3.11_1 pkg 2.2.8" installed, that was a dev package from some weeks ago.
                                    But looking at the available packages list, there now is a "beta 3.4.9 pkg 0.1".

                                    To me this seems to be an update, is this correct?
                                    And is it possible to update from 3.3.11 dev to 3.4.9 beta? Should I uninstall the 3.3.11 dev package first?

                                    Cheers.

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      dig1234
                                      last edited by

                                      That would be very exciting news but I'm still only seeing  3.3.10 pkg 2.2.8.
                                      I've actually been experimenting with compiling from source on a freebsd 8.3 machine so this would really save me some hassle.

                                      @Escorpiom:

                                      Perhaps someone can help a confused n00b on PfSense 2.2 Beta…

                                      I have at the moment Squid "3.3.11_1 pkg 2.2.8" installed, that was a dev package from some weeks ago.
                                      But looking at the available packages list, there now is a "beta 3.4.9 pkg 0.1".

                                      To me this seems to be an update, is this correct?
                                      And is it possible to update from 3.3.11 dev to 3.4.9 beta? Should I uninstall the 3.3.11 dev package first?

                                      Cheers.

                                      1 Reply Last reply Reply Quote 0
                                      • E
                                        Escorpiom
                                        last edited by

                                        Probably your not on 2.2 beta. The package wouldn't be compatible.

                                        Cheers.

                                        1 Reply Last reply Reply Quote 0
                                        • D
                                          dig1234
                                          last edited by

                                          ah indeed you are correct. That makes sense as 2.2 is using FreeBSD 10.1…

                                          1 Reply Last reply Reply Quote 0
                                          • E
                                            Escorpiom
                                            last edited by

                                            Please can anybody outline the correct procedure and confirm Squid was updated for PfSense 2.2 beta?

                                            Cheers.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.