Migrate Squid.conf from Linux to Pfsense 2.2.6



  • Hello Everyone,

    I want to migrate Squid.conf from linux to pfsense .

    now there are various syntax which are not avaliabe in pfsense GUI , how we can define such parameters :-

    ##############
    max_filedesc 65536
    ##############
    acl bypass_domains dstdomain www.example.com
    always_direct allow bypass_domains
    redirector_access deny bypass_domains
    ##############

    acl impsite url_regex -i example2.com
    redirector_access deny impsite
    http_access allow impsite

    ##################

    acl StreamingRequest1 req_mime_type -i ^video/x-ms-asf$
    acl StreamingRequest2 req_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$
    acl StreamingRequest3 req_mime_type -i ^application/x-mms-framed$
    acl StreamingRequest4 req_mime_type -i ^audio/x-pn-realaudio$
    acl StreamingReply1 rep_mime_type -i ^video/x-ms-asf$
    acl StreamingReply2 rep_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$
    acl StreamingReply3 rep_mime_type -i ^application/x-mms-framed$
    acl StreamingReply4 rep_mime_type -i ^audio/x-pn-realaudio$
    redirector_access deny StreamingRequest1
    redirector_access deny StreamingRequest2
    redirector_access deny StreamingRequest3
    redirector_access deny StreamingRequest4
    http_access deny StreamingRequest1 all
    http_access deny StreamingRequest2 all
    http_access deny StreamingRequest3 all
    http_access deny StreamingRequest4 all
    http_reply_access deny StreamingReply1 all
    http_reply_access deny StreamingReply2 all
    http_reply_access deny StreamingReply3 all
    http_reply_access deny StreamingReply4 all
    via off
    forwarded_for delete
    #############################



  • You can put those into the integrations section.  VIA has a checkbox btw.



  • @KOM:

    You can put those into the integrations section.  VIA has a checkbox btw.

    Hello Kom,

    After doing the change .
    now whenever i restart squid-Guard (General> Save + Apply).  these values are set to default :-

    url_rewrite_children 16 startup=8 idle=4 concurrency=0



  • Try putting them in Custom ACLS (Before Auth).



  • @KOM:

    Try putting them in Custom ACLS (Before Auth).

    Hey ,

    my Integration :-
    http_port 192.168.1.200:3128;url_rewrite_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf;url_rewrite_bypass off;url_rewrite_children 300 startup=200 idle=100 concurrency=0

    And

    Custom ACL before Auth:-

    acl bypass_domains dstdomain .office365.com ;always_direct allow bypass_domains;redirector_access deny bypass_domains

    Now,  whenever i restart squidguard

    url_rewrite_children 300 startup=200 idle=100 concurrency=0  changes to

    url_rewrite_children 16 startup=8 idle=4 concurrency=0 (default values)

    Am i missing anything?

    Thanks



  • When you make your changes to squidguard, are you going back to the General settings page and clicking Save then Apply?



  • @KOM:

    When you make your changes to squidguard, are you going back to the General settings page and clicking Save then Apply?

    Hey

    Yes I'm doing this way only , is it OK ?

    I have various Group ACL and target categories for whitelist/blacklist, (after adding any rule )which only seems to work by doing the above mentioned procedure ,

    Thanks.



  • Any change you make to any of the squidGuard tabs, you must go back to General settings and click save then Apply.  Always.



  • @KOM:

    Any change you make to any of the squidGuard tabs, you must go back to General settings and click save then Apply.  Always.

    Yes I'm doing this way only .

    But After doing the same .  My configured values i.e
    url_rewrite_children 300 startup=200 idle=100 concurrency=0

    is getting deleted and replaced by :-
    url_rewrite_children 16 startup=8 idle=4 concurrency=0

    This is really painful . any idea how we can solve this .



  • Perhaps your numbers are too big and are being reset to defaults?  Do you really need 300 rewriter threads?  I just changed mine from the default 16/8/4 to 20/10/5 and it sticks.



  • @KOM:

    Perhaps your numbers are too big and are being reset to defaults?  Do you really need 300 rewriter threads?  I just changed mine from the default 16/8/4 to 20/10/5 and it sticks.

    Hey ,

    I have around 2000 users using proxy so i need  to increase this value .
    I have tested and no  matter what values i set .
    It always sets as default whenever squid-guard is restarted .



  • What do you mean, 'squidguard is restarted'?  squidguard is not a service.  It's a helper app that is spawned by squid for every URL to be processed.  The thing you're having trouble with is squid not saving this setting.  It should have nothing to do with squidguard.



  • @KOM:

    What do you mean, 'squidguard is restarted'?  squidguard is not a service.  It's a helper app that is spawned by squid for every URL to be processed.  The thing you're having trouble with is squid not saving this setting.  It should have nothing to do with squidguard.

    Ok ,  So can i change this default value , let just say instead of 16 8 4 ,  i want to set  custom values directly on configuration file , from squid reads it .



  • You should be able to change it right for the Integrations field just like I did.  Save it and it should stick.



  • @KOM:

    You should be able to change it right for the Integrations field just like I did.  Save it and it should stick.

    Hey Kom,

    But in my case it is not sticking . so what i would like to know is that , there must be some file where it is hard-coded that default values are 16 8 4  .

    So in my case squid keeps resetting to default values after squidGuard is SAVE + APPLY via general Settings .

    So the default values 16 8 4  ,  if we can change it to custom value  not from GUI .



  • No idea where that config might hlive, but it will be overwritten at every pfSense upgrade so that's not really the best solution.



  • @KOM:

    No idea where that config might hlive, but it will be overwritten at every pfSense upgrade so that's not really the best solution.

    Hey Kom,

    Thanks .

    For now i have done changes in /usr/local/pkg/squidguard_configurator.inc

    now the value is permanent after, Save + Apply.


Log in to reply