Project

General

Profile

Actions

Bug #5417

closed

squid "refresh patterns" adding range_offset_limit -1 globally

Added by Heiler Bemerguy about 6 years ago. Updated over 5 years ago.

Status:
Rejected
Priority:
High
Assignee:
-
Category:
Squid
Target version:
-
Start date:
11/11/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.2.5
Affected Plus Version:
Affected Architecture:
All

Description

On "local cache" tab, when you enable any of the hardcoded refresh patterns (windows update, symantec, avira, avast), pfsense will add various "range_offset_limit -1" to squid.conf.

"range_offset_limit -1", (without any added acl name after the -1), means squid will download the WHOLE file even if the user/browser requested only part of it for ANY site. It won't affect only the domains set on the "refresh_pattern"s because the way it's done, it's configuring squid to do that GLOBALLY.

I've set this High priority because this WILL affect bandwidth consumption A LOT! Every single partial file get or Youtube video that's seeked will make squid download the same file from the beginning multiple times until the file get cached.

Multiple seeks on a video = multiple same-file parallel download
A segmented ISO download.. 4 segments = 4 full file parallel downloads

Tip: on our standalone squid box, we did this:

@acl windowsupdate dstdomain -n .ws.microsoft.com .windowsupdate.microsoft.com .update.microsoft.com .windowsupdate.com
acl avs dstdomain -n .avira-update.com .symantecliveupdate.com static.avast.com .emupdate.avast.com .kaspersky.com .kaspersky-labs.com

range_offset_limit none windowsupdate
range_offset_limit none avs
@

To fully download range/partial GET from windows/antiviruses


refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|psf|appx|esd) 483840 80% 483840 override-lastmod override-expire ignore-reload ignore-must-revalidate ignore-private ignore-no-store reload-into-ims store-stale

To force storage of windowsupdate.com's content for a year (I think this is the maximum)

hugs

Actions #1

Updated by Kill Bill about 6 years ago

All predefined refresh_patterns crap will be gone from next version, as already noted on the forums. Meanwhile, simply don't use it and define your own. https://github.com/pfsense/pfsense-packages/pull/1146

Actions #2

Updated by Jim Thompson about 6 years ago

  • Status changed from New to Rejected

refresh_patterns are gone in 2.3

Actions #3

Updated by Chris Buechler over 5 years ago

  • Target version deleted (2.3)
Actions

Also available in: Atom PDF