Bug #5417
closedsquid "refresh patterns" adding range_offset_limit -1 globally
0%
Description
On "local cache" tab, when you enable any of the hardcoded refresh patterns (windows update, symantec, avira, avast), pfsense will add various "range_offset_limit -1" to squid.conf.
"range_offset_limit -1", (without any added acl name after the -1), means squid will download the WHOLE file even if the user/browser requested only part of it for ANY site. It won't affect only the domains set on the "refresh_pattern"s because the way it's done, it's configuring squid to do that GLOBALLY.
I've set this High priority because this WILL affect bandwidth consumption A LOT! Every single partial file get or Youtube video that's seeked will make squid download the same file from the beginning multiple times until the file get cached.
Multiple seeks on a video = multiple same-file parallel download
A segmented ISO download.. 4 segments = 4 full file parallel downloads
Tip: on our standalone squid box, we did this:
@acl windowsupdate dstdomain -n .ws.microsoft.com .windowsupdate.microsoft.com .update.microsoft.com .windowsupdate.com
acl avs dstdomain -n .avira-update.com .symantecliveupdate.com static.avast.com .emupdate.avast.com .kaspersky.com .kaspersky-labs.com
range_offset_limit none windowsupdate
range_offset_limit none avs
@
To fully download range/partial GET from windows/antiviruses
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|psf|appx|esd) 483840 80% 483840 override-lastmod override-expire ignore-reload ignore-must-revalidate ignore-private ignore-no-store reload-into-ims store-stale
To force storage of windowsupdate.com's content for a year (I think this is the maximum)
hugs
Updated by Kill Bill almost 9 years ago
All predefined refresh_patterns crap will be gone from next version, as already noted on the forums. Meanwhile, simply don't use it and define your own. https://github.com/pfsense/pfsense-packages/pull/1146
Updated by Jim Thompson almost 9 years ago
- Status changed from New to Rejected
refresh_patterns are gone in 2.3