Couple of questions about squid3-dev



  • hi, guys i have a couple of question requarding squid3-dev 3.3.10 pkg 2.2.6 2.1.4-RELEASE (i386)built on Fri Jun 20 12:59:29 EDT 2014
    FreeBSD 8.3-RELEASE-p16. i followed this https://forum.pfsense.org/index.php/topic,47856.0.html

    i have finally got it to cache the sites and im looking at the log and i see a lot of TCP_MISS squid_monitor_data.php i was wondering if there was a way to block squid from trying to cache it.

    second question is all of the ip addresses are the same is there anyway to change this its not a big deal just curious next youtube videos and other .mp4 vids are not being cached i have the dynamic caching checked is there any other settings i need to add for it to cache videos

    lastly download speeds are extremely slow 20kb/s when i have a 120mb line with a fresh pfsense setup i get the full bandwidth.

    i attached a screenshot so you guys can see what im talking about.

    any help would be greatly appreciated.



  • i did some searching and was wondering if this would work

    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i .(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
    refresh_pattern -i .(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
    refresh_pattern -i .(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
    refresh_pattern -i .index.(html|htm)$ 0 40% 10080
    refresh_pattern -i .(html|htm|css|js)$ 1440 40% 40320
    refresh_pattern . 0 40% 40320



  • anyone?



  • Where is "squid_monitor_log.php" file served from?
    Because if squid is configured with "Bypass proxy for Private Address destination" turned on, it should not be trying to cache when it is served from a private address space (10.x.x.x; 172.x.x.x.; 192.168.x.x ).
    But it seems it is served via 215.x.x.x, and that is not private address space.

    You could try and use a proxy script in the browsers. (proxy.pac or wpad.dat)

    function FindProxyForURL(url, host) {
    
      url = url.toLowerCase();
      host = host.toLowerCase();
      isHttp = (url.substring(0,5) == "http:");
      isHttps = (url.substring(0,6) == "https:")
    
    	// If the requested website is hosted within the internal network, send direct.
        	if (isPlainHostName(host) ||
               shExpMatch(host, "*.home") ||
               shExpMatch(host, "*.local") ||
               isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
               isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
               isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
               isInNet(dnsResolve(host), "169.254.0.0",  "255.255.0.0") ||
               isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
    	{ return "DIRECT"; }
    
    	// Forward non-http(s) and some hosts to forward proxy (or DIRECT)
    	if((!isHttp && !isHttps) // Skip all non http(s)
    	   || dnsDomainIs(host, "microsoft.com")
    	   || dnsDomainIs(host, "windowsupdate.com")
    	   || dnsDomainIs(host, "eset.com")
    	   || dnsDomainIs(host, "mcafee.com") // McAfee
    	   || dnsDomainIs(host, "siteadvisor.com") // McAfee
    	   || dnsDomainIs(host, "hackerwatch.com") // McAfee
    	   || dnsDomainIs(host, "hackerwatch.org") // McAfee
    	   || dnsDomainIs(host, "avg.com")
    	   || dnsDomainIs(host, "grisoft.cz")
    	   || dnsDomainIs(host, "avgfree.com")
    	   || dnsDomainIs(host, "avg.cz")
    	   || dnsDomainIs(host, "symantecliveupdate.com")
    	   || dnsDomainIs(host, "thawte.com"))
    	{ return "DIRECT"; }
    
    	if (isHttps)
    	   // Skip HTTPS
    	{ return "DIRECT"; }
    
    	// Otherwise, go through our proxy or if it fails, through bypass
    	return "PROXY 192.168.0.1:3128; DIRECT";
    }