Squid proxy halting program installation
-
pfSense 2.3-RELEASE (amd64)
squid 0.4.16_2
squidGuard 1.14_2My kids like to play a game called Roblox. It's a simple browser game with a local install component. When I have squidGuard (transparent) enabled the download of a *.zip file fails and the installation kicks an error and stops. The installer is trying to get a *.zip from:
http://setup.roblox.com/version-ea1ccffcfea48fc-content-terrain.zip (see attached image)The squid access table (image attached) shows that the various *.zip files the installer is trying to get are not cached (TCP_MISS/200) so it's reaching out to an IP to get them 54.231.49.140. If I add the domain "setup.roblox.com" and the IP 54.231.49.140 to the box "Bypass Proxy for These Destination IPs" with the Transparent Settings area nothing happens - meaning it still fails.
Update: Looks like when I download files I am getting:
The request or reply is too largethanks.
squid.conf below:
# This file is automatically generated by pfSense # Do not edit manually ! http_port 10.1.1.254:3128 http_port 127.0.0.1:3128 intercept icp_port 0 dns_v4_first off pid_filename /var/run/squid/squid.pid cache_effective_user squid cache_effective_group proxy error_default_language en icon_directory /usr/local/etc/squid/icons visible_hostname localhost cache_mgr <my email="" address="">access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none netdb_filename /var/squid/logs/netdb.state pinger_enable on pinger_program /usr/local/libexec/squid/pinger logfile_rotate 15 debug_options rotate=15 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 10.1.1.0/24 forwarded_for on uri_whitespace strip acl dynamic urlpath_regex cgi-bin \? cache deny dynamic cache_mem 64 MB maximum_object_size_in_memory 256 KB memory_replacement_policy lru cache_replacement_policy heap LFUDA minimum_object_size 0 KB maximum_object_size 500 MB cache_dir ufs /cache 10000 16 256 offline_mode off cache_swap_low 90 cache_swap_high 95 acl donotcache dstdomain "/var/squid/acl/donotcache.acl" cache deny donotcache cache allow all # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 #Remote proxies # Setup some default acls # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. # acl localhost src 127.0.0.1/32 acl allsrc src all acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 1942 3128 3129 1025-65535 acl sslports port 443 563 1942 # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. #acl manager proto cache_object acl purge method PURGE acl connect method CONNECT # Define protocols used for redirects acl HTTP proto HTTP acl HTTPS proto HTTPS acl unrestricted_hosts src "/var/squid/acl/unrestricted_hosts.acl" acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl" acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl" http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections # From 3.2 further configuration cleanups have been done to make things easier and safer. # The manager, localhost, and to_localhost ACL definitions are now built-in. # http_access allow localhost quick_abort_min -1 KB quick_abort_max 0 KB request_body_max_size 0 KB reply_body_max_size 2048 KB allsrc delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow allsrc # Reverse Proxy settings # Package Integration url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf url_rewrite_bypass off url_rewrite_children 16 startup=8 idle=4 concurrency=0 # Custom options before auth # These hosts do not have any restrictions http_access allow unrestricted_hosts # Always allow access to whitelist domains http_access allow whitelist # Block access to blacklist domains http_access deny blacklist acl sglog url_regex -i sgr=ACCESSDENIED http_access deny sglog # Setup allowed ACLs # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny allsrc icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_encode off icap_client_username_header X-Authenticated-User icap_preview_enable on icap_preview_size 1024 icap_service service_avi_req reqmod_precache icap://127.0.0.1:1344/squid_clamav bypass=off adaptation_access service_avi_req allow all icap_service service_avi_resp respmod_precache icap://127.0.0.1:1344/squid_clamav bypass=on adaptation_access service_avi_resp allow all</my> ```![Capture.PNG](/public/_imported_attachments_/1/Capture.PNG) ![Capture.PNG_thumb](/public/_imported_attachments_/1/Capture.PNG_thumb) ![Capture2.PNG](/public/_imported_attachments_/1/Capture2.PNG) ![Capture2.PNG_thumb](/public/_imported_attachments_/1/Capture2.PNG_thumb)
-
You have got to be kidding me…
Package | Proxy Server Traffic Management | Traffic Mgmt
"Maximum Download Size" was set to 2048
?!Set to "0" and all is fine.