From 1c239941f483b58d9ad08f5d870e9793bb94feed Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sun, 8 Nov 2015 09:24:20 +0100 Subject: Remove broken dynamic caching patterns Avast/Symantec have been completely no-op and useless for years since AV updates for those are streamed to clients hundreds time every day. Suspect same story for Avira. The WU refresh_patterns was broken and don't work reliably anyway. People can define their own patterns if needed without maintenance burden for package maintainers. --- config/squid3/34/squid.inc | 64 ++++++---------------------------------------- 1 file changed, 8 insertions(+), 56 deletions(-) diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index 973bbf05..aee85bcd 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -642,6 +642,10 @@ function squid_upgrade_config() { $settingscache['donotcache'] = base64_encode(implode("\n", explode(",", $settingscache['donotcache']))); $config['installedpackages']['squidcache']['config'][0]['donotcache'] = $settingscache['donotcache']; } + /* unset broken dynamic caching patterns removed since Squid3 package v0.4.3 */ + if (!empty($config['installedpackages']['squidcache']['config']['refresh_patterns'])) { + unset($config['installedpackages']['squidcache']['config']['refresh_patterns']); + } /* migrate nac settings */ if (!empty($settingsnac['allowed_subnets']) && strstr($settingsnac['allowed_subnets'], ",")) { @@ -1303,61 +1307,13 @@ function squid_resync_cache() { if (empty($settings['cache_dynamic_content'])) { $conf .= 'acl dynamic urlpath_regex cgi-bin \?' . "\n"; $conf .= "cache deny dynamic\n"; - } elseif (preg_match('/youtube/', $settings['refresh_patterns'])) { -// Broken (Bug #3847) and not working (http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube#Discussion) -/* $conf .= <<< EOC -# Break HTTP standard for flash videos. Keep them in cache even if asked not to. -refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private - -# Let the clients favorite video site through with full caching -acl youtube dstdomain .youtube.com -cache allow youtube - -EOC; -*/ - } - if (preg_match('/windows/', $settings['refresh_patterns'])) { - $conf .= <<< EOC - -# Windows Update refresh_pattern -range_offset_limit -1 -refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims -refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims -refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims - -EOC; - } - - if (preg_match('/symantec/', $settings['refresh_patterns'])) { - $conf .= <<< EOC - -# Symantec refresh_pattern -range_offset_limit -1 -refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims -refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims - -EOC; - } - if (preg_match('/avast/', $settings['refresh_patterns'])) { - $conf .= <<< EOC - -# Avast refresh_pattern -range_offset_limit -1 -refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims - -EOC; + } else { + if ($settings['custom_refresh_patterns'] != "") { + $conf .= sq_text_area_decode($settings['custom_refresh_patterns']) . "\n"; + } } - if (preg_match('/avira/', $settings['refresh_patterns'])) { - $conf.=<<< EOC -# Avira refresh_pattern -range_offset_limit -1 -refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims - -EOC; - } $refresh_conf = <<< EOC - # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 @@ -1366,10 +1322,6 @@ refresh_pattern . 0 20% 4320 EOC; - if ($settings['custom_refresh_patterns'] != "") { - $conf .= sq_text_area_decode($settings['custom_refresh_patterns']) . "\n"; - } - $conf .= <<< EOD cache_mem {$memory_cache_size} MB -- cgit v1.2.3 From a8a6c9230c6ba8051abddb8444fb93388047840b Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sun, 8 Nov 2015 09:26:29 +0100 Subject: Remove broken dynamic caching patterns Avast/Symantec have been completely no-op and useless for years since AV updates for those are streamed to clients hundreds time every day. Suspect same story for Avira. The WU refresh_patterns was broken and don't work reliably anyway. People can define their own patterns if needed without maintenance burden for package maintainers. --- config/squid3/34/squid_cache.xml | 25 +++---------------------- 1 file changed, 3 insertions(+), 22 deletions(-) diff --git a/config/squid3/34/squid_cache.xml b/config/squid3/34/squid_cache.xml index b4f1aedf..86e5c59f 100755 --- a/config/squid3/34/squid_cache.xml +++ b/config/squid3/34/squid_cache.xml @@ -42,7 +42,7 @@ ]]> squidcache - 0.4.1 + 0.4.3 Proxy Server: Cache Management /usr/local/pkg/squid.inc @@ -361,33 +361,14 @@ enable caching of dynamic content.
- ]]> -
- checkbox - 10 - - - Refresh Patterns - refresh_patterns - - Windows Updates

Notes:
- Squid wiki suggests setting 'Finish transfer if less than x KB remaining' on 'Traffic Mgmt' tab to -1 (but you can apply your own values to control cache).
- Set 'Maximum Download Size' on 'Traffic Mgmt' tab to a value that fits patterns your are applying. ]]>
- select - none - - - - - - - - - 05 + checkbox + 10
Custom refresh_patterns -- cgit v1.2.3 From 8cb34af4e79847fd5bd1d214cb3c549c05555463 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sun, 8 Nov 2015 09:27:14 +0100 Subject: Bump squid3 package version --- pkg_config.10.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg_config.10.xml b/pkg_config.10.xml index fe424b4e..f48fcb2b 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -1091,7 +1091,7 @@ https://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Services - 0.4.2 + 0.4.3 BETA 2.2 marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org -- cgit v1.2.3 From fe0caa0901b6e8210b3b47d3beb789b519368b29 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 12 Nov 2015 09:37:35 +0100 Subject: Syslog messages cosmetics --- config/squid3/34/squid_cache.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/squid3/34/squid_cache.xml b/config/squid3/34/squid_cache.xml index 86e5c59f..ecb88d26 100755 --- a/config/squid3/34/squid_cache.xml +++ b/config/squid3/34/squid_cache.xml @@ -405,7 +405,7 @@ if ($cachedir_changed) { // only delete directories under sane paths automatically if (substr($oldcachedir, 0, 11) === "/var/squid/") { - log_error("Deleting Squid cache dir '{$oldcachedir}' since 'Hard Disk Cache Location' changed to '{$_POST['harddisk_cache_location']}'."); + log_error("[squid] Deleting Squid cache dir '{$oldcachedir}' since 'Hard Disk Cache Location' changed to '{$_POST['harddisk_cache_location']}'."); // cannot nuke disk cache while Squid is running squid_stop_monitor(); if (is_service_running('squid')) { @@ -416,8 +416,8 @@ // new cachedir will be created on squid_resync() below which calls squid_dash_z() // also the services will get restarted there } else { - log_error("'Hard Disk Cache Location' changed to '{$_POST['harddisk_cache_location']}'."); - log_error("Will NOT delete Squid cache dir '{$oldcachedir}' since it is not located under /var/squid. Delete manually if required."); + log_error("[squid] 'Hard Disk Cache Location' changed to '{$_POST['harddisk_cache_location']}'."); + log_error("[squid] Will NOT delete Squid cache dir '{$oldcachedir}' since it is not located under /var/squid. Delete manually if required."); } } squid_resync(); -- cgit v1.2.3 From c1143d27f42759aa6096a69fb52d9154b9eedc00 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 12 Nov 2015 10:59:15 +0100 Subject: Update pkginfolink for Squid3 --- pkg_config.10.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg_config.10.xml b/pkg_config.10.xml index f48fcb2b..2eded164 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -1088,7 +1088,7 @@ WARNING! This package bundles ClamAV that conflicts with 'Dansguardian', 'Mailscanner' and 'HAVP antivirus' packages! Installing these will result in a broken state. ]]> - https://forum.pfsense.org/index.php/topic,48347.0.html + https://forum.pfsense.org/index.php?topic=100167.0 http://www.squid-cache.org/ Services 0.4.3 -- cgit v1.2.3