Documentation #14842
openUpdate Squid troubleshooting
0%
Description
The area where the update is needed:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/squid.html#sites-not-loading-with-splice-error-409-in-access-log
Supporting forum conversations:
https://forum.netgate.com/topic/181796/infamous-409-issue/17?_=1696515335663
Supporting Redmine:
https://redmine.pfsense.org/issues/14390
The update to the documentation just needs to point out that the way the modern Internet works today with CDNs especially, low TTL values for domain names will impact connectivity when using Squid. /409 errors are generated because clients for whatever reason (they may hold on to dns cache values longer) will use an IP to connect to a resource that the Proxy has a different resolved IP for.
Just having all clients point to pfsense is not a fix for this.
There are fixes to this but it has yet to be investigated when I checked the redmine today. Adding a note in the documentation will help admins that still use proxies in this way and can help those same admins identify why sites wont load or stop working suddenly.