SQUID3 not caching any content

Pistolero · Dec 29, 2012, 2:39 AM

Hi all,

I am running the 2.1-BETA1 (amd64) built on Wed Dec 26 21:26:49 EST 2012 build. I am runing HAVP as parent to transparent Squid and SquidGuard as well. I have been hitting my head against the wall as Squid does not seem to be caching anything… I refresh the same page over and over again, and all I get are TCP_MISS lines in the access log...

Any help will be greatly appreciated. Thanks in advance!

Here is my squid.conf

# This file is automatically generated by pfSense
# Do not edit manually !
http_port X.X.X.254:3128
http_port 127.0.0.1:3128 intercept
icp_port 7
dns_v4_first on
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language en
icon_directory /usr/pbi/squid-amd64/etc/squid/icons
visible_hostname pfS.DT.Local
cache_mgr heavynova@gmail.com
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
sslcrtd_children 0
logfile_rotate 30
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  X.X.X.0/24
uri_whitespace encode

# Break HTTP standard for flash videos. Keep them in cache even if asked not to.
refresh_pattern -i .flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private

# Let the clients favorite video site through with full caching
acl youtube dstdomain .youtube.com
cache allow youtube

# Windows Update refresh_pattern
range_offset_limit -1
refresh_pattern -i microsoft.com/.*.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/.*.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i my.windowsupdate.website.com/.*.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
cache_mem 4096 MB
maximum_object_size_in_memory 1024 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 160000 64 256
minimum_object_size 0 KB
maximum_object_size 2048000 KB
offline_mode offcache_swap_low 90
cache_swap_high 95

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:    1440  20%  10080
refresh_pattern ^gopher:  1440  0%  1440
refresh_pattern -i (/cgi-bin/|?) 0  0%  0
refresh_pattern .    0  20%  4320
# No redirector configured

#Remote proxies

# Setup some default acls
acl allsrc src all
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
acl sslports port 443 563  
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT

acl allowed_subnets src 192.168.0.0/16
acl whitelist dstdom_regex -i '/var/squid/acl/whitelist.acl'
http_access allow manager localhost

# Allow external cache managers
acl ext_manager src 127.0.0.1
acl ext_manager src X.X.X.254
acl ext_manager src 
http_access allow manager ext_manager

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow allsrc

# Reverse Proxy settings

# Package Integration
never_direct allow all
cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default

redirect_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf
redirector_bypass off
url_rewrite_children 5

# Custom options
acl malware_block_list url_regex -i '/etc/squid/malware_block_list.txt'
acl malware_aggressive_block_list url_regex -i '/etc/squid/malware_aggressive_block_list.txt'

http_access deny malware_block_list
http_access deny malware_aggressive_block_list

deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list
deny_info http://malware.hiperlinks.com.br/denied.shtml malware_aggressive_block_list

#Caching WindowsUpdate files
#
refresh_pattern -i .*microsoft.com/.*.(cab|exe|msi|msp) 259200 100% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private;
refresh_pattern -i .*windowsupdate.com/.*.(cab|exe|msi|msp) 259200 100% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private;
range_offset_limit 100 MB;
quick_abort_pct 60;

# Always allow access to whitelist domains
http_access allow whitelist
# Setup allowed acls
# Allow local network(s) on interface(s)
http_access allow allowed_subnets
http_access allow localnet
# Default block all to be sure
http_access deny allsrc

And here is my SquidGuard conf:

# ============================================================
# SquidGuard configuration file
# This file generated automaticly with SquidGuard configurator
# (C)2006 Serg Dvoriancev
# email: dv_serg@mail.ru
# ============================================================

logdir /var/squidGuard/log
dbhome /var/db/squidGuard

# 
dest blk_BL_adv {
	domainlist blk_BL_adv/domains
	urllist blk_BL_adv/urls
	redirect http://X.X.X.254:80/sgerror.php?url=blank_img&msg=&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
	log block.log
}

# 
dest blk_BL_aggressive {
	domainlist blk_BL_aggressive/domains
	urllist blk_BL_aggressive/urls
	log block.log
}

# 
dest blk_BL_alcohol {
	domainlist blk_BL_alcohol/domains
	urllist blk_BL_alcohol/urls
	log block.log
}

# 
dest blk_BL_anonvpn {
	domainlist blk_BL_anonvpn/domains
	urllist blk_BL_anonvpn/urls
	log block.log
}

# 
dest blk_BL_automobile_bikes {
	domainlist blk_BL_automobile_bikes/domains
	urllist blk_BL_automobile_bikes/urls
	log block.log
}

# 
dest blk_BL_automobile_boats {
	domainlist blk_BL_automobile_boats/domains
	urllist blk_BL_automobile_boats/urls
	log block.log
}

# 
dest blk_BL_automobile_cars {
	domainlist blk_BL_automobile_cars/domains
	urllist blk_BL_automobile_cars/urls
	log block.log
}

# 
dest blk_BL_automobile_planes {
	domainlist blk_BL_automobile_planes/domains
	urllist blk_BL_automobile_planes/urls
	log block.log
}

# 
dest blk_BL_chat {
	domainlist blk_BL_chat/domains
	urllist blk_BL_chat/urls
	log block.log
}

# 
dest blk_BL_costtraps {
	domainlist blk_BL_costtraps/domains
	urllist blk_BL_costtraps/urls
	log block.log
}

# 
dest blk_BL_dating {
	domainlist blk_BL_dating/domains
	urllist blk_BL_dating/urls
	log block.log
}

# 
dest blk_BL_downloads {
	domainlist blk_BL_downloads/domains
	urllist blk_BL_downloads/urls
	log block.log
}

# 
dest blk_BL_drugs {
	domainlist blk_BL_drugs/domains
	urllist blk_BL_drugs/urls
	log block.log
}

# 
dest blk_BL_dynamic {
	domainlist blk_BL_dynamic/domains
	urllist blk_BL_dynamic/urls
	log block.log
}

# 
dest blk_BL_education_schools {
	domainlist blk_BL_education_schools/domains
	urllist blk_BL_education_schools/urls
	log block.log
}

# 
dest blk_BL_finance_banking {
	domainlist blk_BL_finance_banking/domains
	urllist blk_BL_finance_banking/urls
	log block.log
}

# 
dest blk_BL_finance_insurance {
	domainlist blk_BL_finance_insurance/domains
	urllist blk_BL_finance_insurance/urls
	log block.log
}

# 
dest blk_BL_finance_moneylending {
	domainlist blk_BL_finance_moneylending/domains
	urllist blk_BL_finance_moneylending/urls
	log block.log
}

# 
dest blk_BL_finance_other {
	domainlist blk_BL_finance_other/domains
	urllist blk_BL_finance_other/urls
	log block.log
}

# 
dest blk_BL_finance_realestate {
	domainlist blk_BL_finance_realestate/domains
	urllist blk_BL_finance_realestate/urls
	log block.log
}

# 
dest blk_BL_finance_trading {
	domainlist blk_BL_finance_trading/domains
	urllist blk_BL_finance_trading/urls
	log block.log
}

# 
dest blk_BL_fortunetelling {
	domainlist blk_BL_fortunetelling/domains
	urllist blk_BL_fortunetelling/urls
	log block.log
}

# 
dest blk_BL_forum {
	domainlist blk_BL_forum/domains
	urllist blk_BL_forum/urls
	log block.log
}

# 
dest blk_BL_gamble {
	domainlist blk_BL_gamble/domains
	urllist blk_BL_gamble/urls
	log block.log
}

# 
dest blk_BL_government {
	domainlist blk_BL_government/domains
	urllist blk_BL_government/urls
	log block.log
}

# 
dest blk_BL_hacking {
	domainlist blk_BL_hacking/domains
	urllist blk_BL_hacking/urls
	log block.log
}

# 
dest blk_BL_hobby_cooking {
	domainlist blk_BL_hobby_cooking/domains
	urllist blk_BL_hobby_cooking/urls
	log block.log
}

# 
dest blk_BL_hobby_games-misc {
	domainlist blk_BL_hobby_games-misc/domains
	urllist blk_BL_hobby_games-misc/urls
	log block.log
}

# 
dest blk_BL_hobby_games-online {
	domainlist blk_BL_hobby_games-online/domains
	urllist blk_BL_hobby_games-online/urls
	log block.log
}

# 
dest blk_BL_hobby_gardening {
	domainlist blk_BL_hobby_gardening/domains
	urllist blk_BL_hobby_gardening/urls
	log block.log
}

# 
dest blk_BL_hobby_pets {
	domainlist blk_BL_hobby_pets/domains
	urllist blk_BL_hobby_pets/urls
	log block.log
}

# 
dest blk_BL_homestyle {
	domainlist blk_BL_homestyle/domains
	urllist blk_BL_homestyle/urls
	log block.log
}

# 
dest blk_BL_hospitals {
	domainlist blk_BL_hospitals/domains
	urllist blk_BL_hospitals/urls
	log block.log
}

# 
dest blk_BL_imagehosting {
	domainlist blk_BL_imagehosting/domains
	urllist blk_BL_imagehosting/urls
	log block.log
}

# 
dest blk_BL_isp {
	domainlist blk_BL_isp/domains
	urllist blk_BL_isp/urls
	log block.log
}

# 
dest blk_BL_jobsearch {
	domainlist blk_BL_jobsearch/domains
	urllist blk_BL_jobsearch/urls
	log block.log
}

# 
dest blk_BL_library {
	domainlist blk_BL_library/domains
	urllist blk_BL_library/urls
	log block.log
}

# 
dest blk_BL_military {
	domainlist blk_BL_military/domains
	urllist blk_BL_military/urls
	log block.log
}

# 
dest blk_BL_models {
	domainlist blk_BL_models/domains
	urllist blk_BL_models/urls
	log block.log
}

# 
dest blk_BL_movies {
	domainlist blk_BL_movies/domains
	urllist blk_BL_movies/urls
	log block.log
}

# 
dest blk_BL_music {
	domainlist blk_BL_music/domains
	urllist blk_BL_music/urls
	log block.log
}

# 
dest blk_BL_news {
	domainlist blk_BL_news/domains
	urllist blk_BL_news/urls
	log block.log
}

# 
dest blk_BL_podcasts {
	domainlist blk_BL_podcasts/domains
	urllist blk_BL_podcasts/urls
	log block.log
}

# 
dest blk_BL_politics {
	domainlist blk_BL_politics/domains
	urllist blk_BL_politics/urls
	log block.log
}

# 
dest blk_BL_porn {
	domainlist blk_BL_porn/domains
	urllist blk_BL_porn/urls
	log block.log
}

# 
dest blk_BL_radiotv {
	domainlist blk_BL_radiotv/domains
	urllist blk_BL_radiotv/urls
	log block.log
}

# 
dest blk_BL_recreation_humor {
	domainlist blk_BL_recreation_humor/domains
	urllist blk_BL_recreation_humor/urls
	log block.log
}

# 
dest blk_BL_recreation_martialarts {
	domainlist blk_BL_recreation_martialarts/domains
	urllist blk_BL_recreation_martialarts/urls
	log block.log
}

# 
dest blk_BL_recreation_restaurants {
	domainlist blk_BL_recreation_restaurants/domains
	urllist blk_BL_recreation_restaurants/urls
	log block.log
}

# 
dest blk_BL_recreation_sports {
	domainlist blk_BL_recreation_sports/domains
	urllist blk_BL_recreation_sports/urls
	log block.log
}

# 
dest blk_BL_recreation_travel {
	domainlist blk_BL_recreation_travel/domains
	urllist blk_BL_recreation_travel/urls
	log block.log
}

# 
dest blk_BL_recreation_wellness {
	domainlist blk_BL_recreation_wellness/domains
	urllist blk_BL_recreation_wellness/urls
	log block.log
}

# 
dest blk_BL_redirector {
	domainlist blk_BL_redirector/domains
	urllist blk_BL_redirector/urls
	log block.log
}

# 
dest blk_BL_religion {
	domainlist blk_BL_religion/domains
	urllist blk_BL_religion/urls
	log block.log
}

# 
dest blk_BL_remotecontrol {
	domainlist blk_BL_remotecontrol/domains
	urllist blk_BL_remotecontrol/urls
	log block.log
}

# 
dest blk_BL_ringtones {
	domainlist blk_BL_ringtones/domains
	urllist blk_BL_ringtones/urls
	log block.log
}

# 
dest blk_BL_science_astronomy {
	domainlist blk_BL_science_astronomy/domains
	urllist blk_BL_science_astronomy/urls
	log block.log
}

# 
dest blk_BL_science_chemistry {
	domainlist blk_BL_science_chemistry/domains
	urllist blk_BL_science_chemistry/urls
	log block.log
}

# 
dest blk_BL_searchengines {
	domainlist blk_BL_searchengines/domains
	urllist blk_BL_searchengines/urls
	log block.log
}

# 
dest blk_BL_sex_education {
	domainlist blk_BL_sex_education/domains
	urllist blk_BL_sex_education/urls
	log block.log
}

# 
dest blk_BL_sex_lingerie {
	domainlist blk_BL_sex_lingerie/domains
	urllist blk_BL_sex_lingerie/urls
	log block.log
}

# 
dest blk_BL_shopping {
	domainlist blk_BL_shopping/domains
	urllist blk_BL_shopping/urls
	log block.log
}

# 
dest blk_BL_socialnet {
	domainlist blk_BL_socialnet/domains
	urllist blk_BL_socialnet/urls
	log block.log
}

# 
dest blk_BL_spyware {
	domainlist blk_BL_spyware/domains
	urllist blk_BL_spyware/urls
	log block.log
}

# 
dest blk_BL_tracker {
	domainlist blk_BL_tracker/domains
	urllist blk_BL_tracker/urls
	log block.log
}

# 
dest blk_BL_updatesites {
	domainlist blk_BL_updatesites/domains
	urllist blk_BL_updatesites/urls
	log block.log
}

# 
dest blk_BL_urlshortener {
	domainlist blk_BL_urlshortener/domains
	urllist blk_BL_urlshortener/urls
	log block.log
}

# 
dest blk_BL_violence {
	domainlist blk_BL_violence/domains
	urllist blk_BL_violence/urls
	log block.log
}

# 
dest blk_BL_warez {
	domainlist blk_BL_warez/domains
	urllist blk_BL_warez/urls
	log block.log
}

# 
dest blk_BL_weapons {
	domainlist blk_BL_weapons/domains
	urllist blk_BL_weapons/urls
	log block.log
}

# 
dest blk_BL_webmail {
	domainlist blk_BL_webmail/domains
	urllist blk_BL_webmail/urls
	log block.log
}

# 
dest blk_BL_webphone {
	domainlist blk_BL_webphone/domains
	urllist blk_BL_webphone/urls
	log block.log
}

# 
dest blk_BL_webradio {
	domainlist blk_BL_webradio/domains
	urllist blk_BL_webradio/urls
	log block.log
}

# 
dest blk_BL_webtv {
	domainlist blk_BL_webtv/domains
	urllist blk_BL_webtv/urls
	log block.log
}

# Blocked Sites
dest BlockedSites {
	domainlist BlockedSites/domains
	expressionlist BlockedSites/expressions
	urllist BlockedSites/urls
	redirect http://cowantractors.com/images/BaseBlankPage2_r3_c2.jpg&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
	log block.log
}

# 
rew safesearch {
	s@(google..*/search?.*q=.*)@&safe=active@i
	s@(google..*/images.*q=.*)@&safe=active@i
	s@(google..*/groups.*q=.*)@&safe=active@i
	s@(google..*/news.*q=.*)@&safe=active@i
	s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i
	s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i
	s@(search.live..*/.*q=.*)@&adlt=strict@i
	s@(search.msn..*/.*q=.*)@&adlt=strict@i
	s@(.bing..*/.*q=.*)@&adlt=strict@i
	log block.log
}

# 
acl  {
	# 
	default  {
		pass !BlockedSites !blk_BL_adv !blk_BL_aggressive !blk_BL_alcohol !blk_BL_anonvpn !blk_BL_costtraps !blk_BL_fortunetelling !blk_BL_gamble !blk_BL_religion !blk_BL_ringtones !blk_BL_spyware !blk_BL_tracker !blk_BL_violence all
		redirect http://cowantractors.com/images/BaseBlankPage2_r3_c2.jpg&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
		log block.log
	}
}

mromero · Dec 30, 2012, 3:30 PM

Squid 3 is a Beta package and I believe I read here that turning on dynamic caching can cause some issues but I cannot find the thread.

To keep it as simple as possible I use Squid 3 (transparent) only on Pfsense 2.1 - no dynamic caching and no addons such as HAPV, Squidguard, Dansguardian, Lightsquid etc.

Works for me….

Pistolero · Jan 1, 2013, 9:43 PM

Thanks for the input, sir. I do need the filtering functionality of SquidGuard (since Dansguardian does not work on 2.1 after a reboot) and HAVP. And I am stuck with 2.1 as my firewall PC's NIC only works under the latest FreeBSD…

Any help from a Dev would be greatly appreciated...

@mromero:

Squid 3 is a Beta package and I believe I read here that turning on dynamic caching can cause some issues but I cannot find the thread.

To keep it as simple as possible I use Squid 3 (transparent) only on Pfsense 2.1 - no dynamic caching and no addons such as HAPV, Squidguard, Dansguardian, Lightsquid etc.

Works for me….

Nachtfalke · Jan 1, 2013, 10:36 PM

If you have problems with squid3 - did you try with squid2 ?

Further you have two times an entry for caching windows updates. Are you sure that this is correct. I assume it is wrong.
Further try to disable "cache dynamic content" on GUI. This could cause problems if I remember correct some forum posts.

But in general squid3 is working on pfsense 2.1 and is caching. Probably something worng with your config or you use a website which does not allow caching.

Pistolero · Jan 2, 2013, 1:58 AM

Dude! I owe you a beer!

Taking out the Windows Update bits and turning off cachign of dynamic content did the trick! Check it out!

1357092130.999 553 10.0.0.12 TCP_MEM_HIT/200 1130 GET http://forum.pfsense.org/Themes/slickprographite/images/rss.gif - NONE/- image/gif
1357092131.729 1110 10.0.0.12 TCP_MEM_HIT/200 1549 GET http://forum.pfsense.org/Themes/slickprographite/images/topic/normal_post.gif - NONE/- image/gif
1357092131.729 1110 10.0.0.12 TCP_MEM_HIT/200 769 GET http://forum.pfsense.org/Themes/slickprographite/images/filter.gif - NONE/- image/gif
1357092132.460 1461 10.0.0.12 TCP_MEM_HIT/200 814 GET http://forum.pfsense.org/Themes/slickprographite/images/email_sm.gif - NONE/- image/gif
1357092132.460 1461 10.0.0.12 TCP_MEM_HIT/200 1007 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/profile_sm.gif - NONE/- image/gif
1357092132.460 1461 10.0.0.12 TCP_MEM_HIT/200 498 GET http://forum.pfsense.org/Themes/slickprographite/images/useron.gif - NONE/- image/gif
1357092132.460 1461 10.0.0.12 TCP_MEM_HIT/200 1013 GET http://forum.pfsense.org/Themes/slickprographite/images/star.gif - NONE/- image/gif
1357092132.461 732 10.0.0.12 TCP_MEM_HIT/200 772 GET http://forum.pfsense.org/Themes/slickprographite/images/post/exclamation.gif - NONE/- image/gif
1357092133.189 1086 10.0.0.12 TCP_IMS_HIT/304 285 GET http://forum.pfsense.org/Themes/slickprographite/images/ip.gif - NONE/- image/gif
1357092133.189 1086 10.0.0.12 TCP_MEM_HIT/200 1114 GET http://forum.pfsense.org/Themes/slickprographite/images/buttons/quote.gif - NONE/- image/gif
1357092133.189 1460 10.0.0.12 TCP_MEM_HIT/200 1054 GET http://forum.pfsense.org/Themes/slickprographite/images/im_on.gif - NONE/- image/gif
1357092133.909 1447 10.0.0.12 TCP_IMS_HIT/304 285 GET http://forum.pfsense.org/Themes/slickprographite/images/useroff.gif - NONE/- image/gif

Thanks, man!

@Nachtfalke:

If you have problems with squid3 - did you try with squid2 ?

Further you have two times an entry for caching windows updates. Are you sure that this is correct. I assume it is wrong.
Further try to disable "cache dynamic content" on GUI. This could cause problems if I remember correct some forum posts.

But in general squid3 is working on pfsense 2.1 and is caching. Probably something worng with your config or you use a website which does not allow caching.