So I have a PFSense VM running with 2 bridged ports. The only function of the machine is to serve as a transparent proxy/cache. I am having issues with it caching, as I get TCP_MISS a ton, and no TCP_HIT. Here is my config file:
`# This file is automatically generated by pfSense
Do not edit manually !
http_port 10.123.0.1:3128
http_port 127.0.0.1:3128 intercept
icp_port 0
dns_v4_first off
pid_filename /var/run/squid/squid.pid
cache_effective_user squid
cache_effective_group proxy
error_default_language en
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
netdb_filename /var/squid/logs/netdb.state
pinger_enable on
pinger_program /usr/local/libexec/squid/pinger
logfile_rotate 0
debug_options rotate=0
shutdown_lifetime 3 seconds
Allow local network(s) on interface(s)
acl localnet src 10.123.0.0/24
forwarded_for transparent
uri_whitespace strip
acl dynamic urlpath_regex cgi-bin \?
cache deny dynamic
cache_mem 12288 MB
maximum_object_size_in_memory 8192 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
minimum_object_size 0 KB
maximum_object_size 1024 MB
cache_dir aufs /var/squid/cache 76800 64 256
offline_mode off
cache_swap_low 90
cache_swap_high 95
cache allow all
Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
Remote proxies
Setup some default acls
From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
acl localhost src 127.0.0.1/32
acl allsrc src all
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3129 1025-65535
acl sslports port 443 563
From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
Define protocols used for redirects
acl HTTP proto HTTP
acl HTTPS proto HTTPS
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
Always allow localhost connections
From 3.2 further configuration cleanups have been done to make things easier and safer.
The manager, localhost, and to_localhost ACL definitions are now built-in.
http_access allow localhost
request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow allsrc
Reverse Proxy settings
Custom options before auth
Setup allowed ACLs
Allow local network(s) on interface(s)
http_access allow localnet
Default block all to be sure
http_access deny allsrc
1469993630.148 172 10.123.0.2 TCP_MISS/304 334 GET http://wiki.squid-cache.org/wiki/squidtheme/img/icon-info.png - ORIGINAL_DST/77.93.254.178 -
Here is my log file:
1469993630.152 175 10.123.0.2 TCP_REFRESH_MODIFIED/200 764 GET http://wiki.squid-cache.org/wiki/squidtheme/css/projection.css - ORIGINAL_DST/77.93.254.178 text/css
1469993630.152 178 10.123.0.2 TCP_MISS/304 334 GET http://wiki.squid-cache.org/wiki/squidtheme/img/attention.png - ORIGINAL_DST/77.93.254.178 -
1469993630.153 177 10.123.0.2 TCP_REFRESH_MODIFIED/200 974 GET http://wiki.squid-cache.org/wiki/squidtheme/css/print.css - ORIGINAL_DST/77.93.254.178 text/css
1469993630.273 197 10.123.0.2 TCP_MISS/200 372 GET http://wiki.squid-cache.org/action/content/rotate%3DN? - ORIGINAL_DST/77.93.254.178 text/html
1469993630.506 171 10.123.0.2 TCP_CLIENT_REFRESH_MISS/200 1860 GET http://wiki.squid-cache.org/wiki/squid-favicon.ico - ORIGINAL_DST/77.93.254.178 image/vnd.microsoft.icon
1469993692.617 2681 10.123.0.2 TCP_MISS/200 19194 GET http://wiki.squid-cache.org/SquidFaq/SquidLogs - ORIGINAL_DST/77.93.254.178 text/html
1469993692.806 186 10.123.0.2 TCP_REFRESH_MODIFIED/200 2069 GET http://wiki.squid-cache.org/wiki/squidtheme/css/screen.css - ORIGINAL_DST/77.93.254.178 text/css
1469993692.919 342 10.123.0.2 TCP_REFRESH_MODIFIED/200 629 GET http://wiki.squid-cache.org/wiki/squidtheme/js/kutils.js - ORIGINAL_DST/77.93.254.178 application/javascript
1469993692.921 344 10.123.0.2 TCP_REFRESH_MODIFIED/200 2096 GET http://wiki.squid-cache.org/wiki/squidtheme/css/common.css - ORIGINAL_DST/77.93.254.178 text/css
1469993692.923 345 10.123.0.2 TCP_REFRESH_MODIFIED/200 4236 GET http://wiki.squid-cache.org/wiki/common/js/common.js - ORIGINAL_DST/77.93.254.178 application/javascript
1469993692.939 366 10.123.0.2 TCP_REFRESH_MODIFIED/200 916 GET http://wiki.squid-cache.org/wiki/squidtheme/js/niftyCorners.css - ORIGINAL_DST/77.93.254.178 text/css
1469993692.944 369 10.123.0.2 TCP_REFRESH_MODIFIED/200 3343 GET http://wiki.squid-cache.org/wiki/squidtheme/js/niftycube.js - ORIGINAL_DST/77.93.254.178 application/javascript
1469993692.994 185 10.123.0.2 TCP_REFRESH_UNMODIFIED/304 342 GET http://wiki.squid-cache.org/wiki/squidtheme/img/squid-bubbles.png - ORIGINAL_DST/77.93.254.178 -
1469993693.128 172 10.123.0.2 TCP_MISS/304 334 GET http://wiki.squid-cache.org/wiki/squidtheme/img/icon-info.png - ORIGINAL_DST/77.93.254.178 -
1469993693.131 174 10.123.0.2 TCP_REFRESH_MODIFIED/200 974 GET http://wiki.squid-cache.org/wiki/squidtheme/css/print.css - ORIGINAL_DST/77.93.254.178 text/css
1469993693.131 173 10.123.0.2 TCP_REFRESH_MODIFIED/200 764 GET http://wiki.squid-cache.org/wiki/squidtheme/css/projection.css - ORIGINAL_DST/77.93.254.178 text/css
1469993693.132 184 10.123.0.2 TCP_MISS/304 334 GET http://wiki.squid-cache.org/wiki/squidtheme/img/alert.png - ORIGINAL_DST/77.93.254.178 -
1469993693.139 183 10.123.0.2 TCP_MISS/304 334 GET http://wiki.squid-cache.org/wiki/squidtheme/img/attention.png - ORIGINAL_DST/77.93.254.178 -
1469993693.280 216 10.123.0.2 TCP_MISS/200 372 GET http://wiki.squid-cache.org/action/content/rotate%3DN? - ORIGINAL_DST/77.93.254.178 text/html
1469993750.733 133 10.123.0.2 TCP_MISS/200 517 GET http://www.google-analytics.com/__utm.gif? - ORIGINAL_DST/216.58.217.206 image/gif
1469994045.581 10 10.123.0.2 TCP_MISS/200 517 GET http://www.google-analytics.com/__utm.gif? - ORIGINAL_DST/216.58.217.206 image/gif`