Squid Proxy on pfSense for Home Web Cache and Security

porplague70

Squid Proxy on pfSense for Home Web Cache and Security

About my setup

I have a pfSense box running 2.2.5-RELEASE (amd64), Squid 3.4 branch, and SquidGuard.

To customize the refresh rules, go to Services menu, select Squid proxy. Select the Local cache tab.

2015-12-09_11-32-58

At the bottom, enter the custom code in the”Custom refresh_patterns” box.

Download config

psynaps-pfsense-squid3-example.txt

Config

(updated 12-09-15)

# 1 year = 525600 mins, 1 month = 43800 mins, 1 week = 10080 min, 1 day = 1440 min

#Optional: dont cache wordpress admin panel
refresh_pattern (wp-admin)  0 0% 0

# specific cache
# live_user: twitch preview thumbs
refresh_pattern -i (live_user) 30 60% 300 override-lastmod reload-into-ims
# for malwarebytes update checking
refresh_pattern -i (mbamupdates.com) 1440 60% 10080 override-lastmod reload-into-ims

#All File
refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|rpm|divx|dvr-ms)(\?|$) 43800 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(rar|jar|gz|tgz|tar|bz2|iso)(\?|$)                         43800 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(m1v|m2(v|p)|mo(d|v)|(x-|)flv)(\?|$)                       43800 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf)(\?|$)           43800 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p))(\?|$)              43800 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav)(\?|$)             43800 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t))(\?|$)          43800 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(woff|txt|exe|dmg|webm)(\?|$)                              43800 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(css)(\?|$)                                                10080  60% 43800  ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(js)(\?|$)                                                 10080  60% 10080  ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload

refresh_pattern -i \.(html|htm)(\?|$) 1440  60% 10080 ignore-no-cache ignore-no-store ignore-private override-expire reload-into-ims
refresh_pattern -i \.(doc|pdf)(\?|$)  10080 90% 43200 ignore-no-cache ignore-no-store ignore-private override-expire reload-into-ims

refresh_pattern -i \.(cdn) 10800 100% 43800 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private
refresh_pattern -i (cdn)   10800 100% 43800 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private

refresh_pattern \.ytimg\? 10800 90% 10800 override-expire ignore-reload ignore-no-cache
refresh_pattern ^http://*.facebook.com/* 720 100% 4320
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^http://*.google.*/.* 720 100% 4320
refresh_pattern ^http://*.kaskus.*/.* 720 100% 4320
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320

#catch all
refresh_pattern . 360 90% 1440 override-lastmod reload-into-ims

More details

To make the cache more aggressive, i used (\?|$). by adding /?, this caches objects when the URL ends in ? (example abc.css?). Typically a ? is used to indicate dynamic content, and is also used to instruct caches to NOT cache those objects, so be careful using this. However, I found it is OK to ignore the ? after objects like jpgs and css, and many times js. These objects are static content, and most of the time they do not change and can be cached for long periods of time. Caching these kinds of objects is great, because it reduces the number of requests you make to the web. I also use the $ option above. This means its the end of the string, so \.jpg$ just matches an object with .jpg at the end of the URL.

I use a catch all. The function of this rule is to match any requests that have not already matched the rules above. Be careful here, because this rule can/will cache dynamic content. The default pfsense Squid catchall exists in the default config already, however, the built-in config is not editable (as far as I understand). It will always revert to default (let me know if you know how to change that). Thus, to work-around I can simply add and customize the catch all at the bottom of my “Custom refresh_patterns”.

Sobre o Autor

plague70 administrator

Deixe uma resposta