Squid3 and SquidGuard speeds web navigation?
-
Hi,
So I have somewhat a dilemma. I am running pfSense 2.2.2 with squid3 (0.2.9) and SquidGuard (1.9.14) everything is working well. Now I have also installed a unifi AP and wanted to put a bandwidth limit on the the wifi though UNIFI. So If my internet speeds are 12down/2up I would limit the some users to 6down/2up (because theres some p2p hogs). But heres the funny thing once i put the limit on UNIFI the squid proxy wont even let me navigate. So im debating to leave squid3 with squidGuard but I was wondering does having a squid proxy make navigating faster?Thank you
-
does having a squid proxy make navigating faster?
Not really. The nature of the dynamic web means that very little actually gets cached anymore. Your mileage may vary, naturally. My tests show that squid will cache somewhere in the area of 4-7% of web requests. You can aggressively play with the various directives, but everyone wants to cache Windows Updates and squid can no longer do that. I currently use squid exclusively as a method for squidguard to filter URLs.
-
but everyone wants to cache Windows Updates and squid can no longer do that.
Are you sure squid cannot cache Windows Updates? seems to be working for me the last time I checked, will run some tests the next time I get some windows updates.
-
well i guess what was happening is that transparent proxy does not go along with limiter :(
-
Are you sure squid cannot cache Windows Updates?
Doktornotor, who has been cleaning up squid and others bits, linked to an article where a guy gave a breakdown as to exactly why squid can no longer cache Windows Updates. It's in here somewhere.
-
Regarding WU… use WSUS. It's made for this purpose. Problem solved.
http://wiki.squid-cache.org/SquidFaq/WindowsUpdate
https://support.microsoft.com/en-us/kb/900935Note: The refresh_pattern stuff is being done automatically when you tick WU in the Squid GUi. Don't add it again.
-
Note: The refresh_pattern stuff is being done automatically when you tick WU in the Squid GUi. Don't add it again.
That is correct.
Just ran some windows updates and squid is caching the updates and I am getting HITs when other pcs download the same update.
So it seems that squid is still able to cache windows updates.
-
Interesting. A year or so ago I was able to do it but then afterwards they refused to cache. I also had the segment issue where it would download the entire file for every segment requested, so a 100MB download turned into more than 1GB. Fiddling with various refresh pattern and other directives failed to solve the problem. If you are able to have it working with default settings then that's good. Maybe I'll look at it again. Are you running the current package? Any extra config lines?
-
I also had the segment issue where it would download the entire file for every segment requested, so a 100MB download turned into more than 1GB
Not sure if this is still the case,have not really noticed it.
Any extra config lines?
using the current package using the defaults,
though i added in Proxy server: Traffic ManagementFinish transfer if more than x % finished set to 95%Have a play with it and see how you go.
-
Maybe I will when 2.2.5 appears. I tried to upgrade squid when I went to 2.2.4 but everything died a horrible death, so I had to rollback and continue with 0.2.8 since I didn't have the time to properly debug and fix it.
-
I was bored so I installed the latest Squid3 from 2.2.4. I configured it with defaults other than Finish transfer if more than x % finished set to 95%.
Windows 7 updates do not cache. Windows 10 updates cache perfectly. The Windows 7 stuff is all based on CABs, with a dynamic ? symbol at the end of every URL. The Windows 10 updates are all PSF files without the ? in the URL.
I also saw some weird behaviour. I configured a 20GB cache and had 2 Windows 10 VMs that I installed from base media. One was a clone of the other so I know they were identical other than hostname and IP address. I powered on the first and grabbed all of its updates. Once that was done, I powered on the second and updated it. It grabbed all of the updates from the cache with the exception of one single update that it had a cache miss for and downloaded:
03.11.2015 14:58:26 10.10.10.136 TCP_MISS/206 http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/secu/2015/10/windows10.0-kb3105216-x64_dd21e4483963c9fd9b1d3afd81a865be1a027ec3.psf
I'm not sure as to why it had to grab this file instead of serving it from cache. If I get even more bored, I'll take a look at access.log and see if it was ever fetched in the first place.
-
Hmmm, W10 – I guess it's a whole lot more cache-friendly since they attempt to (ab)use P2P distribution for WU.
http://windows.microsoft.com/en-us/windows-10/windows-update-delivery-optimization-faq
-
Windows 7 updates do not cache.
Strange, because i am using windows 7 (with 5 other lan pcs all using windows 7) and have found that the cache has been working (been times where it pulled over 500MB of updates from the cache). Just the other day I updated my VM (which has not been on for a long time) and it pulled about 400MB from the cache and had to download another 200MB.
Just got a few hits here
04.11.2015 11:59:17 192.168.1.244 TCP_MEM_HIT/200 http://au.download.windowsupdate.com/c/msdownload/update/software/defu/2015/11/mpas-d_bd_1.209.968.0_7b065166832fbb0e19306ebc639e5e543a256a85.exe - - 04.11.2015 11:59:17 192.168.1.244 TCP_MEM_HIT/200 http://au.download.windowsupdate.com/c/msdownload/update/software/defu/2015/11/mpas-d_bd_1.209.968.0_7b065166832fbb0e19306ebc639e5e543a256a85.exe - - 04.11.2015 11:59:17 192.168.1.244 TCP_MEM_HIT/206 http://au.download.windowsupdate.com/c/msdownload/update/software/defu/2015/11/mpas-d_bd_1.209.968.0_7b065166832fbb0e19306ebc639e5e543a256a85.exe -Windows 10 updates cache perfectly
Well that is good to here when\if i upgrade to windows 10 (I like 7 too much, with also my headless ubuntu server and RP2).
-
I don't know what to tell you. It didn't work for me with 7 but did with 10. Nothing about squid was changed between tests.
-
Lets call it weird then.
