pfSense » pfSense Packages

On "local cache" tab, when you enable any of the hardcoded refresh patterns (windows update, symantec, avira, avast), pfsense will add various "range_offset_limit -1" to squid.conf.

"range_offset_limit -1", (without any added acl name after the -1), means squid will download the WHOLE file even if the user/browser requested only part of it for ANY site. It won't affect only the domains set on the "refresh_pattern"s because the way it's done, it's configuring squid to do that GLOBALLY.

I've set this High priority because this WILL affect bandwidth consumption A LOT! Every single partial file get or Youtube video that's seeked will make squid download the same file from the beginning multiple times until the file get cached.

Multiple seeks on a video = multiple same-file parallel download
A segmented ISO download.. 4 segments = 4 full file parallel downloads

Tip: on our standalone squid box, we did this:

@acl windowsupdate dstdomain -n .ws.microsoft.com .windowsupdate.microsoft.com .update.microsoft.com .windowsupdate.com
acl avs dstdomain -n .avira-update.com .symantecliveupdate.com static.avast.com .emupdate.avast.com .kaspersky.com .kaspersky-labs.com

range_offset_limit none windowsupdate
range_offset_limit none avs
@

To fully download range/partial GET from windows/antiviruses


refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|psf|appx|esd) 483840 80% 483840 override-lastmod override-expire ignore-reload ignore-must-revalidate ignore-private ignore-no-store reload-into-ims store-stale


To force storage of windowsupdate.com's content for a year (I think this is the maximum)

hugs