PfSense + Squid + Squidguard



  • Hello to all!
    My name is Fábio and I've been using pfSense for the last weeks so I can use it as router/firewall and in the middle started to think about URL filtering with SQUID and Squidguard.

    After putting it working, with 400 users, and URL filtering on, I started to have this erros:

    squid[2132]: Too many queued url_rewriter requests (465 on 16)

    I looked about it, changed some values, but after that my CPU and RAM sky rocket and I uninstalled the packages so I can have stable routing. Mu qyestion is regarding this errors.

    Are they related to the proxy caching content? Or the redirection for the blocked content?
    I would like to have URL filtering but without caching anything. Only cheking the URLs againts the ACL and then allow/deny. The top usage was going to be aprox. 1000 users.

    My server is:
    Intel(R) Xeon(TM) CPU 3.06GHz
    4 CPUs: 2 package(s) x 1 core(s) x 2 HTT threads
    3Gb RAM
    SCSI Disks on RAID 5

    I know it's not a lot, so I'm asking if I can make the URL filtering with the lowest possible weight, because it was working perfect, jsut dying after some time, over and over again.

    Thank you!



  • Are they related to the proxy caching content? Or the redirection for the blocked content?

    You have more requests than you have child processes to handle them all.  The default is 16 children, but you need a lot more than that.  In Services - Proxy Server - General - Custom Settings, you could try playing with the url_rewrite_children setting.

    http://www.squid-cache.org/Doc/config/url_rewrite_children/

    I would like to have URL filtering but without caching anything.

    In Services - Proxy Server - Local Cache, set your Hard disk cache size to 0 or 1.  Set Hard disk cache system to Null.  Set Maximum object size to 0 or 1.



  • Thank you for your answers. I tried as big as 1000 and then the CPU just went to 100% (doing it on the config files directly as I saw in another thread). Maybe my hardware is not enough for this. But can you explain me what are these url_rewrite_children? I must use them for URL filtering?

    As for the cache, thank you! I asked about it thinking it could be related to this problem.



  • But can you explain me what are these url_rewrite_children?

    The page I linked to pretty much explains it.  It is how many squidGuard processes are created to handle URL rewrites from squid.  If you only have 16 defined (the default), and you have a thousand users all web-browsing, it will queue them and be very slow.  If you have a lot of children, then you will need a powerful CPU and more RAM.