Squid3 on 2.1



  • It feels like 2.1 is even more reliable than 2.0.1. Il looks that it even has now more compatibility running in virtualbox VM.

    But with squid packages i could not access to the proxy server settings GUI. I hope it's fixed for good.

    The latest Squid3 package has problems accessing https pages but i still need to figure out if it depents on the 2.1 being beta or the latest squid or both that still have problems working togheter.

    It would be great if you guys could make pfsense from 2.1 on, having squid3 being able to work with maximum object size in RAM bigger than 512 KB.

    In servers with lots of Gigs of RAM it's all get wasted if maximum object size in RAM is something small such as 128 KB.


  • Rebel Alliance Developer Netgate

    I moved this to its own thread because it really didn't belong in the other thread.

    Those are all issues with just the squid3 package on its own, not specific to 2.1. The package version is not tied to the pfSense version for squid.



  • Thanks for moving the post, as long as it is useful for a better development and improvement of pfsense.

    The thing here is that it looks like Squid3 is acting weird on Pfsense 2.1 and it worked with no problems in 2.0.1.

    Someone told me to add this custom option to avoid problems with https access: dns_v4_first on;

    I tested it and it made squid work properly with that option but only for some time.
    Then i reinstalled a newer snapshot and now i'm back with the same issuen.

    Now, no matter if i have dns_v4_first on or off, https doesn't work any more.

    Also, maybe it's some config i´m using, but if i make pfsense dial a pppoe connection i don´t get internet connection if i have squid installed.
    If i don't install squid, pppoe works perfectly.

    So what i did is create 2 virtual machines, one pfsense that just dials the pppoe connection and a second one that has squid for web caching.

    I really don't like having 2 machines, but they do work like that. If i could solve the https issue forever in squid, i could live with 2 VM.



  • HI. Using of the the latest snapshots i'm getting some security and browsing issues with the latest pfsense snapshots and squid3 package.

    I have to say that latest pfSense snapshots look and work even better than pfSense 2.0.1 so i'm using the latest snapshots for production environment even if tons of people want to suggest me not to.

    The only issue i'm having is with Squid3 installed from pfSense packages.
    No matter what setting i put i always have issues logging into facebook. Sometimes it does logs in but then it doesn't work properly. Sometimes even shows me other clients facebook walls but soon it requires me to log in.
    That means that i can actually have a preview of other facebook walls that belong to other people without logging into theirs.

    Sometimes it just tries to log in but then facebook tells me i have cookies turned off!

    Below this i pasted the squid setting i have been using for several months and worked always good.

    A nice gentleman in this forum told me to set dns_v4_first on; (default is off) to make sure https works fine in IPv4 networks but no matter if dns_v4_first is on or off the facebook login issue is still there.

    GMAIL, HOTMAIL and other HTTPS websites didn't work at all until november 2012 when somebody fixed the latest squid package. Now it works with GMAIL, Hotmail and stuff but with facebook there are still issues. Maybe there are problems with other https websites as well but i could not test squid3 as much to find out more.

    This is my squid configuration setting: please tell me if there is something that could affect HTTPS compatibility and caching efficiency.
    Note that this is the most aggressive caching config i could set for squid.
    It always worked fine until i used the latest squid3 packages.
    It also works fine with squid 2.7 and Lusca cache.

    refresh_pattern -i .$ 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://
    99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://- 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://-.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://-.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://. 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.-* 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.-.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://
    .-.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..* 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..- 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..-.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..-.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://... 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://...-* 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://...-.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://
    ...-.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://....* 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://....- 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://....com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://....net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://...com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://
    ...net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..co.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..org 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.co.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://
    .com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.gg.in.th 99999 999999% 99999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://
    .in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://
    .org 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www.....com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www.....net 99999 999999% 99999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www....com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www.
    ...net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www...co.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www...com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www...in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www...net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www...org 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www..co.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www.
    .com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www..in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www.
    .net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www..org 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^https://
    .com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^https://.in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^https://www.
    .com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^https://www.*.in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(3g2|3gp|asf|asx|avi|divx|flv|iff|ifo|m3u|m4a|m4v|mov|mpa|mpeg|mpe|qt|qtm|viv|mpg|ogg|rm|rmvb|scr|swf|vob|wmv|x-flv|xvid)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate override-lastmod store-stale;
    refresh_pattern -i .(aif|aiff|amr|cda|mid|wav|wma|midi|au|ram|ra|snd|mp2|mp3|mp4)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(3dm|ai|ani|art|bmp|cdr|cdt|cmf|cur|drw|dwg|dxf|eps|eps2|gif|icl|icm|ico|indd|jpeg|jpg|jpe|max|pct|pcx|png)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(ps|psd|psp|qxd|qxp|rels|svg|tga|thm|tif|tiff|wmf|wrl|xbm|xcf|xif|yuv|pnm|pbm|pgm|ppm|rgb|xpm|xwd|pic|pict)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(accdb|bfc|cbr|chm|csv|db|dbf|doc|docx|dot|hlp|kml|Kmz|lab|log|mdb|msg|odt|ost|pages|pdb|pdf|pps|txt|ppt|pptx|pst|pub|rtf|wpd|wps|wri|xlr|xls|xlsx|xlt)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(app|bat|cmd|com|exe|gadget|msi|pif|vb|wsf|torrent)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(8bi|bin|cat|cpl|dbx|dll|drv|gam|hex|hqx|lnk|nes|plugin|reg|rom|sav|sys|xll)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(arj|sit|zip|rar|rgz|psf|lzh|lha|cab|tar|tgz|gz|Z|wp|wp5|7z|pkg|rpm|sea|sitx|tar.gz|zipx|prn|srf|tex|latax|gpf|upd|jar|bz2|gzip|ace|kf|a[0-9][0-9]|r[0-9][0-9])$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(fnt|fon|otf|ttf)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(dmg|iso|toast|vcd)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(api|bas|c|cbl|class|cpp|cs|dtd|fla|java|m|pl|py|vbx)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(bak|bup|cdl|cfg|dat|deb|dss|dvf|efx|emf|eml|gho|gpx|ini|key|keychain|m4b|m4p|mcd|mim|mswmm|ori|prf|ptb|qbb|qbw|raw|sdf|ses|sql|ss|tmp|uue|uxx|vcf|xml|xsl|xtm)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(ht|htm|html|shtml|xhtml|css|js|jsp|asp|cer|cgi|csr|part|php|phtml|rss)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern ^gopher: 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern ^ftp: 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern . 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i (/cgi-bin/|?)$ 0 0% 0;
    tcp_outgoing_address 127.0.0.1;
    max_filedescriptors 65536;
    quick_abort_min 0 KB;
    quick_abort_max 0 KB;
    quick_abort_pct 0;
    ie_refresh off;
    client_db off;
    range_offset_limit 0;
    reload_into_ims on;
    retry_on_error on;
    via off;
    refresh_all_ims on;
    half_closed_clients off;
    vary_ignore_expire on;
    strip_query_terms on;
    server_persistent_connections on;
    ipcache_size 16384;
    fqdncache_size 16384;
    log_fqdn off;
    positive_dns_ttl 999 hours;
    negative_dns_ttl 999 hours;
    negative_ttl 999 hours;
    dns_v4_first on;
    pipeline_prefetch on;
    maximum_object_size_in_memory 384 KB;


Locked