Enable Squid3 '–enable-http-violations' build option - $100

Brak · Aug 17, 2014, 5:38 PM

I'm looking to manipulate web traffic on a much higher level of granularity to deal with pushing the possibility of ~4gbps of apple updates come iOS 8's release.

Currently, Squid3 is not built with http violations, so configurations like the one below ignore almost all of the ignore/override flags.

refresh_pattern -i appldnld\.apple\.com 43200 100% 43200 ignore-reload ignore-no-store override-expire ignore-reload  override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private;

$100 to whoever can solve this for me and push through the pull-request so I can use the pfSense boxes to cache this.

Thanks! :D

marcelloc · Aug 19, 2014, 12:55 AM

I`ll do it soon. Sorry for the long delay on answering you.

It seems to be default on squid compilation on freebsd ports. Do you have any log message alert that indicates missing compile arg?

Brak · Aug 19, 2014, 3:18 AM

@marcelloc:

I`ll do it soon. Sorry for the long delay on answering you.

It seems to be default on squid compilation on freebsd ports. Do you have any log message alert that indicates missing compile arg?

I don't have the system nor my VPN access with me, so I will need to get that to you tomorrow.

But if you add the line that I have in my code block above, you'll get the "ignored argument" warnings in the system log.

Thanks again for working on this, and no worries about the delay.

marcelloc · Aug 19, 2014, 3:24 AM

Squid Cache: Version 3.3.11
configure options:  '--with-default-user=squid' '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/squid/cache/squid' '--enable-auth' '--enable-build-info' '--enable-loadable-modules' '--enable-removal-policies=lru heap' '--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-translation' '--enable-auth-basic=DB MSNT MSNT-multi-domain NCSA PAM POP3 RADIUS  fake getpwnam LDAP SMB NIS' '--enable-auth-digest=file' '--enable-external-acl-helpers=file_userip time_quota unix_group LDAP_group wbinfo_group' '--enable-auth-negotiate=none' '--enable-auth-ntlm=fake smb_lm' '--enable-storeio=diskd rock ufs aufs' '--enable-disk-io=AIO Blocking DiskDaemon IpcIo Mmapped DiskThreads' '--enable-log-daemon-helpers=file' '--enable-url-rewrite-helpers=fake' '--enable-delay-pools' '--enable-ssl' '--with-openssl=/usr' '--enable-ssl-crtd' '--enable-icmp' '--enable-htcp' '--disable-forw-via-db' '--enable-cache-digests' '--enable-wccp' '--enable-wccpv2' '--enable-http-violations' '--enable-eui' '--disable-ipfw-transparent' '--enable-pf-transparent' '--disable-ipf-transparent' '--enable-follow-x-forwarded-for' '--enable-ecap' '--enable-icap-client' '--disable-esi' '--enable-kqueue' '--with-large-files' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd8.4' 'build_alias=amd64-portbld-freebsd8.4' 'CC=cc' 'CFLAGS=-O2 -pipe -I/usr/local/include -I/usr/include -I/usr/local/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'LDFLAGS= -L/usr/local/lib -pthread -Wl,-rpath,/usr/lib:/usr/local/lib -L/usr/lib -L/usr/local/lib' 'LIBS=' 'CPPFLAGS=' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -I/usr/local/include -I/usr/include -I/usr/local/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'CPP=cpp' 'PKG_CONFIG=pkgconf'

If you have a 2.0.3 amd64 to test de binary, you can download it
Pbi may take a while if it works as it needs changes on freebsd ports before push to pfsense repo.

Brak · Aug 20, 2014, 3:09 AM

redreshAddToList: Unknown option 'appldnld\.apple\.com': ignore-private; 2014/08/19 23:06:51| redreshAddToList: Unknown option '\.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll)': override-lastmod;

Those are some of the errors I see. It doesn't recognize any of the options that would have been part of the http violations group.

I have this system running 2.1.4, can I run that binary on it?

marcelloc · Aug 20, 2014, 10:33 AM

You will need to create some symbolic links as 2.1 uses /usr/pbi dirs.

Brak · Aug 26, 2014, 4:54 PM

Any update on this?

I didn't get a chance to try that binary, as I don't have much of a window to play with things since production traffic is flowing. I can set up a lab system if you think I need to verify it.

Thanks,

marcelloc · Aug 26, 2014, 8:42 PM

If you could verify on lab, it will help a lot as you can test your config options.

Brak · Aug 27, 2014, 8:46 PM

@marcelloc:

If you could verify on lab, it will help a lot as you can test your config options.

Okay, what symlinks are going to be needed for a 2.1.4 box?

marcelloc · Jan 8, 2015, 12:23 AM

squid3.4 package for pfsense 2.2 has this compile option.