SQUID3 not caching any content



  • Hi all,

    I am running the 2.1-BETA1 (amd64) built on Wed Dec 26 21:26:49 EST 2012 build. I am runing HAVP as parent to transparent Squid and SquidGuard as well. I have been hitting my head against the wall as Squid does not seem to be caching anything… I refresh the same page over and over again, and all I get are TCP_MISS lines in the access log...

    Any help will be greatly appreciated. Thanks in advance!

    Here is my squid.conf

    # This file is automatically generated by pfSense
    # Do not edit manually !
    http_port X.X.X.254:3128
    http_port 127.0.0.1:3128 intercept
    icp_port 7
    dns_v4_first on
    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_default_language en
    icon_directory /usr/pbi/squid-amd64/etc/squid/icons
    visible_hostname pfS.DT.Local
    cache_mgr heavynova@gmail.com
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    sslcrtd_children 0
    logfile_rotate 30
    shutdown_lifetime 3 seconds
    # Allow local network(s) on interface(s)
    acl localnet src  X.X.X.0/24
    uri_whitespace encode
    
    # Break HTTP standard for flash videos. Keep them in cache even if asked not to.
    refresh_pattern -i .flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
    
    # Let the clients favorite video site through with full caching
    acl youtube dstdomain .youtube.com
    cache allow youtube
    
    # Windows Update refresh_pattern
    range_offset_limit -1
    refresh_pattern -i microsoft.com/.*.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
    refresh_pattern -i windowsupdate.com/.*.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
    refresh_pattern -i my.windowsupdate.website.com/.*.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
    cache_mem 4096 MB
    maximum_object_size_in_memory 1024 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    cache_dir ufs /var/squid/cache 160000 64 256
    minimum_object_size 0 KB
    maximum_object_size 2048000 KB
    offline_mode offcache_swap_low 90
    cache_swap_high 95
    
    # Add any of your own refresh_pattern entries above these.
    refresh_pattern ^ftp:    1440  20%  10080
    refresh_pattern ^gopher:  1440  0%  1440
    refresh_pattern -i (/cgi-bin/|?) 0  0%  0
    refresh_pattern .    0  20%  4320
    # No redirector configured
    
    #Remote proxies
    
    # Setup some default acls
    acl allsrc src all
    acl localhost src 127.0.0.1/32
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
    acl sslports port 443 563  
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    
    acl allowed_subnets src 192.168.0.0/16
    acl whitelist dstdom_regex -i '/var/squid/acl/whitelist.acl'
    http_access allow manager localhost
    
    # Allow external cache managers
    acl ext_manager src 127.0.0.1
    acl ext_manager src X.X.X.254
    acl ext_manager src 
    http_access allow manager ext_manager
    
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports
    
    # Always allow localhost connections
    http_access allow localhost
    
    request_body_max_size 0 KB
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow allsrc
    
    # Reverse Proxy settings
    
    # Package Integration
    never_direct allow all
    cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default
    
    redirect_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf
    redirector_bypass off
    url_rewrite_children 5
    
    # Custom options
    acl malware_block_list url_regex -i '/etc/squid/malware_block_list.txt'
    acl malware_aggressive_block_list url_regex -i '/etc/squid/malware_aggressive_block_list.txt'
    
    http_access deny malware_block_list
    http_access deny malware_aggressive_block_list
    
    deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list
    deny_info http://malware.hiperlinks.com.br/denied.shtml malware_aggressive_block_list
    
    #Caching WindowsUpdate files
    #
    refresh_pattern -i .*microsoft.com/.*.(cab|exe|msi|msp) 259200 100% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private;
    refresh_pattern -i .*windowsupdate.com/.*.(cab|exe|msi|msp) 259200 100% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private;
    range_offset_limit 100 MB;
    quick_abort_pct 60;
    
    # Always allow access to whitelist domains
    http_access allow whitelist
    # Setup allowed acls
    # Allow local network(s) on interface(s)
    http_access allow allowed_subnets
    http_access allow localnet
    # Default block all to be sure
    http_access deny allsrc
    
    

    And here is my SquidGuard conf:

    # ============================================================
    # SquidGuard configuration file
    # This file generated automaticly with SquidGuard configurator
    # (C)2006 Serg Dvoriancev
    # email: dv_serg@mail.ru
    # ============================================================
    
    logdir /var/squidGuard/log
    dbhome /var/db/squidGuard
    
    # 
    dest blk_BL_adv {
    	domainlist blk_BL_adv/domains
    	urllist blk_BL_adv/urls
    	redirect http://X.X.X.254:80/sgerror.php?url=blank_img&msg=&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    	log block.log
    }
    
    # 
    dest blk_BL_aggressive {
    	domainlist blk_BL_aggressive/domains
    	urllist blk_BL_aggressive/urls
    	log block.log
    }
    
    # 
    dest blk_BL_alcohol {
    	domainlist blk_BL_alcohol/domains
    	urllist blk_BL_alcohol/urls
    	log block.log
    }
    
    # 
    dest blk_BL_anonvpn {
    	domainlist blk_BL_anonvpn/domains
    	urllist blk_BL_anonvpn/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_bikes {
    	domainlist blk_BL_automobile_bikes/domains
    	urllist blk_BL_automobile_bikes/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_boats {
    	domainlist blk_BL_automobile_boats/domains
    	urllist blk_BL_automobile_boats/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_cars {
    	domainlist blk_BL_automobile_cars/domains
    	urllist blk_BL_automobile_cars/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_planes {
    	domainlist blk_BL_automobile_planes/domains
    	urllist blk_BL_automobile_planes/urls
    	log block.log
    }
    
    # 
    dest blk_BL_chat {
    	domainlist blk_BL_chat/domains
    	urllist blk_BL_chat/urls
    	log block.log
    }
    
    # 
    dest blk_BL_costtraps {
    	domainlist blk_BL_costtraps/domains
    	urllist blk_BL_costtraps/urls
    	log block.log
    }
    
    # 
    dest blk_BL_dating {
    	domainlist blk_BL_dating/domains
    	urllist blk_BL_dating/urls
    	log block.log
    }
    
    # 
    dest blk_BL_downloads {
    	domainlist blk_BL_downloads/domains
    	urllist blk_BL_downloads/urls
    	log block.log
    }
    
    # 
    dest blk_BL_drugs {
    	domainlist blk_BL_drugs/domains
    	urllist blk_BL_drugs/urls
    	log block.log
    }
    
    # 
    dest blk_BL_dynamic {
    	domainlist blk_BL_dynamic/domains
    	urllist blk_BL_dynamic/urls
    	log block.log
    }
    
    # 
    dest blk_BL_education_schools {
    	domainlist blk_BL_education_schools/domains
    	urllist blk_BL_education_schools/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_banking {
    	domainlist blk_BL_finance_banking/domains
    	urllist blk_BL_finance_banking/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_insurance {
    	domainlist blk_BL_finance_insurance/domains
    	urllist blk_BL_finance_insurance/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_moneylending {
    	domainlist blk_BL_finance_moneylending/domains
    	urllist blk_BL_finance_moneylending/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_other {
    	domainlist blk_BL_finance_other/domains
    	urllist blk_BL_finance_other/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_realestate {
    	domainlist blk_BL_finance_realestate/domains
    	urllist blk_BL_finance_realestate/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_trading {
    	domainlist blk_BL_finance_trading/domains
    	urllist blk_BL_finance_trading/urls
    	log block.log
    }
    
    # 
    dest blk_BL_fortunetelling {
    	domainlist blk_BL_fortunetelling/domains
    	urllist blk_BL_fortunetelling/urls
    	log block.log
    }
    
    # 
    dest blk_BL_forum {
    	domainlist blk_BL_forum/domains
    	urllist blk_BL_forum/urls
    	log block.log
    }
    
    # 
    dest blk_BL_gamble {
    	domainlist blk_BL_gamble/domains
    	urllist blk_BL_gamble/urls
    	log block.log
    }
    
    # 
    dest blk_BL_government {
    	domainlist blk_BL_government/domains
    	urllist blk_BL_government/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hacking {
    	domainlist blk_BL_hacking/domains
    	urllist blk_BL_hacking/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_cooking {
    	domainlist blk_BL_hobby_cooking/domains
    	urllist blk_BL_hobby_cooking/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_games-misc {
    	domainlist blk_BL_hobby_games-misc/domains
    	urllist blk_BL_hobby_games-misc/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_games-online {
    	domainlist blk_BL_hobby_games-online/domains
    	urllist blk_BL_hobby_games-online/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_gardening {
    	domainlist blk_BL_hobby_gardening/domains
    	urllist blk_BL_hobby_gardening/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_pets {
    	domainlist blk_BL_hobby_pets/domains
    	urllist blk_BL_hobby_pets/urls
    	log block.log
    }
    
    # 
    dest blk_BL_homestyle {
    	domainlist blk_BL_homestyle/domains
    	urllist blk_BL_homestyle/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hospitals {
    	domainlist blk_BL_hospitals/domains
    	urllist blk_BL_hospitals/urls
    	log block.log
    }
    
    # 
    dest blk_BL_imagehosting {
    	domainlist blk_BL_imagehosting/domains
    	urllist blk_BL_imagehosting/urls
    	log block.log
    }
    
    # 
    dest blk_BL_isp {
    	domainlist blk_BL_isp/domains
    	urllist blk_BL_isp/urls
    	log block.log
    }
    
    # 
    dest blk_BL_jobsearch {
    	domainlist blk_BL_jobsearch/domains
    	urllist blk_BL_jobsearch/urls
    	log block.log
    }
    
    # 
    dest blk_BL_library {
    	domainlist blk_BL_library/domains
    	urllist blk_BL_library/urls
    	log block.log
    }
    
    # 
    dest blk_BL_military {
    	domainlist blk_BL_military/domains
    	urllist blk_BL_military/urls
    	log block.log
    }
    
    # 
    dest blk_BL_models {
    	domainlist blk_BL_models/domains
    	urllist blk_BL_models/urls
    	log block.log
    }
    
    # 
    dest blk_BL_movies {
    	domainlist blk_BL_movies/domains
    	urllist blk_BL_movies/urls
    	log block.log
    }
    
    # 
    dest blk_BL_music {
    	domainlist blk_BL_music/domains
    	urllist blk_BL_music/urls
    	log block.log
    }
    
    # 
    dest blk_BL_news {
    	domainlist blk_BL_news/domains
    	urllist blk_BL_news/urls
    	log block.log
    }
    
    # 
    dest blk_BL_podcasts {
    	domainlist blk_BL_podcasts/domains
    	urllist blk_BL_podcasts/urls
    	log block.log
    }
    
    # 
    dest blk_BL_politics {
    	domainlist blk_BL_politics/domains
    	urllist blk_BL_politics/urls
    	log block.log
    }
    
    # 
    dest blk_BL_porn {
    	domainlist blk_BL_porn/domains
    	urllist blk_BL_porn/urls
    	log block.log
    }
    
    # 
    dest blk_BL_radiotv {
    	domainlist blk_BL_radiotv/domains
    	urllist blk_BL_radiotv/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_humor {
    	domainlist blk_BL_recreation_humor/domains
    	urllist blk_BL_recreation_humor/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_martialarts {
    	domainlist blk_BL_recreation_martialarts/domains
    	urllist blk_BL_recreation_martialarts/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_restaurants {
    	domainlist blk_BL_recreation_restaurants/domains
    	urllist blk_BL_recreation_restaurants/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_sports {
    	domainlist blk_BL_recreation_sports/domains
    	urllist blk_BL_recreation_sports/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_travel {
    	domainlist blk_BL_recreation_travel/domains
    	urllist blk_BL_recreation_travel/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_wellness {
    	domainlist blk_BL_recreation_wellness/domains
    	urllist blk_BL_recreation_wellness/urls
    	log block.log
    }
    
    # 
    dest blk_BL_redirector {
    	domainlist blk_BL_redirector/domains
    	urllist blk_BL_redirector/urls
    	log block.log
    }
    
    # 
    dest blk_BL_religion {
    	domainlist blk_BL_religion/domains
    	urllist blk_BL_religion/urls
    	log block.log
    }
    
    # 
    dest blk_BL_remotecontrol {
    	domainlist blk_BL_remotecontrol/domains
    	urllist blk_BL_remotecontrol/urls
    	log block.log
    }
    
    # 
    dest blk_BL_ringtones {
    	domainlist blk_BL_ringtones/domains
    	urllist blk_BL_ringtones/urls
    	log block.log
    }
    
    # 
    dest blk_BL_science_astronomy {
    	domainlist blk_BL_science_astronomy/domains
    	urllist blk_BL_science_astronomy/urls
    	log block.log
    }
    
    # 
    dest blk_BL_science_chemistry {
    	domainlist blk_BL_science_chemistry/domains
    	urllist blk_BL_science_chemistry/urls
    	log block.log
    }
    
    # 
    dest blk_BL_searchengines {
    	domainlist blk_BL_searchengines/domains
    	urllist blk_BL_searchengines/urls
    	log block.log
    }
    
    # 
    dest blk_BL_sex_education {
    	domainlist blk_BL_sex_education/domains
    	urllist blk_BL_sex_education/urls
    	log block.log
    }
    
    # 
    dest blk_BL_sex_lingerie {
    	domainlist blk_BL_sex_lingerie/domains
    	urllist blk_BL_sex_lingerie/urls
    	log block.log
    }
    
    # 
    dest blk_BL_shopping {
    	domainlist blk_BL_shopping/domains
    	urllist blk_BL_shopping/urls
    	log block.log
    }
    
    # 
    dest blk_BL_socialnet {
    	domainlist blk_BL_socialnet/domains
    	urllist blk_BL_socialnet/urls
    	log block.log
    }
    
    # 
    dest blk_BL_spyware {
    	domainlist blk_BL_spyware/domains
    	urllist blk_BL_spyware/urls
    	log block.log
    }
    
    # 
    dest blk_BL_tracker {
    	domainlist blk_BL_tracker/domains
    	urllist blk_BL_tracker/urls
    	log block.log
    }
    
    # 
    dest blk_BL_updatesites {
    	domainlist blk_BL_updatesites/domains
    	urllist blk_BL_updatesites/urls
    	log block.log
    }
    
    # 
    dest blk_BL_urlshortener {
    	domainlist blk_BL_urlshortener/domains
    	urllist blk_BL_urlshortener/urls
    	log block.log
    }
    
    # 
    dest blk_BL_violence {
    	domainlist blk_BL_violence/domains
    	urllist blk_BL_violence/urls
    	log block.log
    }
    
    # 
    dest blk_BL_warez {
    	domainlist blk_BL_warez/domains
    	urllist blk_BL_warez/urls
    	log block.log
    }
    
    # 
    dest blk_BL_weapons {
    	domainlist blk_BL_weapons/domains
    	urllist blk_BL_weapons/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webmail {
    	domainlist blk_BL_webmail/domains
    	urllist blk_BL_webmail/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webphone {
    	domainlist blk_BL_webphone/domains
    	urllist blk_BL_webphone/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webradio {
    	domainlist blk_BL_webradio/domains
    	urllist blk_BL_webradio/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webtv {
    	domainlist blk_BL_webtv/domains
    	urllist blk_BL_webtv/urls
    	log block.log
    }
    
    # Blocked Sites
    dest BlockedSites {
    	domainlist BlockedSites/domains
    	expressionlist BlockedSites/expressions
    	urllist BlockedSites/urls
    	redirect http://cowantractors.com/images/BaseBlankPage2_r3_c2.jpg&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    	log block.log
    }
    
    # 
    rew safesearch {
    	s@(google..*/search?.*q=.*)@&safe=active@i
    	s@(google..*/images.*q=.*)@&safe=active@i
    	s@(google..*/groups.*q=.*)@&safe=active@i
    	s@(google..*/news.*q=.*)@&safe=active@i
    	s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i
    	s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i
    	s@(search.live..*/.*q=.*)@&adlt=strict@i
    	s@(search.msn..*/.*q=.*)@&adlt=strict@i
    	s@(.bing..*/.*q=.*)@&adlt=strict@i
    	log block.log
    }
    
    # 
    acl  {
    	# 
    	default  {
    		pass !BlockedSites !blk_BL_adv !blk_BL_aggressive !blk_BL_alcohol !blk_BL_anonvpn !blk_BL_costtraps !blk_BL_fortunetelling !blk_BL_gamble !blk_BL_religion !blk_BL_ringtones !blk_BL_spyware !blk_BL_tracker !blk_BL_violence all
    		redirect http://cowantractors.com/images/BaseBlankPage2_r3_c2.jpg&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    		log block.log
    	}
    }
    
    


  • Squid 3 is a Beta package and I believe I read here that turning on dynamic caching can cause some issues but I cannot find the thread.

    To keep it as simple as possible I use Squid 3 (transparent) only on Pfsense 2.1 - no dynamic caching and no addons such as HAPV, Squidguard, Dansguardian, Lightsquid etc.

    Works for me….



  • Thanks for the input, sir. I do need the filtering functionality of SquidGuard (since Dansguardian does not work on 2.1 after a reboot) and HAVP. And I am stuck with 2.1 as my firewall PC's NIC only works under the latest FreeBSD…

    Any help from a Dev would be greatly appreciated...

    @mromero:

    Squid 3 is a Beta package and I believe I read here that turning on dynamic caching can cause some issues but I cannot find the thread.

    To keep it as simple as possible I use Squid 3 (transparent) only on Pfsense 2.1 - no dynamic caching and no addons such as HAPV, Squidguard, Dansguardian, Lightsquid etc.

    Works for me….



  • If you have problems with squid3 - did you try with squid2 ?

    Further you have two times an entry for caching windows updates. Are you sure that this is correct. I assume it is wrong.
    Further try to disable "cache dynamic content" on GUI. This could cause problems if I remember correct some forum posts.

    But in general squid3 is working on pfsense 2.1 and is caching. Probably something worng with your config or you use a website which does not allow caching.



  • Dude! I owe you a beer!

    Taking out the Windows Update bits and turning off cachign of dynamic content did the trick! Check it out!

    1357092130.999    553 10.0.0.12 TCP_MEM_HIT/200 1130 GET http://forum.pfsense.org/Themes/slickprographite/images/rss.gif - NONE/- image/gif
    1357092131.729  1110 10.0.0.12 TCP_MEM_HIT/200 1549 GET http://forum.pfsense.org/Themes/slickprographite/images/topic/normal_post.gif - NONE/- image/gif
    1357092131.729  1110 10.0.0.12 TCP_MEM_HIT/200 769 GET http://forum.pfsense.org/Themes/slickprographite/images/filter.gif - NONE/- image/gif
    1357092132.460  1461 10.0.0.12 TCP_MEM_HIT/200 814 GET http://forum.pfsense.org/Themes/slickprographite/images/email_sm.gif - NONE/- image/gif
    1357092132.460  1461 10.0.0.12 TCP_MEM_HIT/200 1007 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/profile_sm.gif - NONE/- image/gif
    1357092132.460  1461 10.0.0.12 TCP_MEM_HIT/200 498 GET http://forum.pfsense.org/Themes/slickprographite/images/useron.gif - NONE/- image/gif
    1357092132.460  1461 10.0.0.12 TCP_MEM_HIT/200 1013 GET http://forum.pfsense.org/Themes/slickprographite/images/star.gif - NONE/- image/gif
    1357092132.461    732 10.0.0.12 TCP_MEM_HIT/200 772 GET http://forum.pfsense.org/Themes/slickprographite/images/post/exclamation.gif - NONE/- image/gif
    1357092133.189  1086 10.0.0.12 TCP_IMS_HIT/304 285 GET http://forum.pfsense.org/Themes/slickprographite/images/ip.gif - NONE/- image/gif
    1357092133.189  1086 10.0.0.12 TCP_MEM_HIT/200 1114 GET http://forum.pfsense.org/Themes/slickprographite/images/buttons/quote.gif - NONE/- image/gif
    1357092133.189  1460 10.0.0.12 TCP_MEM_HIT/200 1054 GET http://forum.pfsense.org/Themes/slickprographite/images/im_on.gif - NONE/- image/gif
    1357092133.909  1447 10.0.0.12 TCP_IMS_HIT/304 285 GET http://forum.pfsense.org/Themes/slickprographite/images/useroff.gif - NONE/- image/gif

    Thanks, man!

    @Nachtfalke:

    If you have problems with squid3 - did you try with squid2 ?

    Further you have two times an entry for caching windows updates. Are you sure that this is correct. I assume it is wrong.
    Further try to disable "cache dynamic content" on GUI. This could cause problems if I remember correct some forum posts.

    But in general squid3 is working on pfsense 2.1 and is caching. Probably something worng with your config or you use a website which does not allow caching.


Locked