Squid.conf Changes

ACL Subnet definition

for being able to access squid if it's bound to non-loopback address (pfSense, clusters)

  acl managerAdmin src # The cluster IP if connecting through proxy from localhost!


ACL Definition for purge command

This has to be defined or the command will NOT be allowed.

acl purge method PURGE 


ACL Setup

This includes the normal ACL for accessing mgr:info

http_access allow localhost manager
  http_access allow ManagerAdmin manager
  http_access deny manager
  http_access allow managerAdmin purge
  http_access deny purge  



Reload squid

# squid -k reconfigure




You can either use squidclient -m PURGE ... URL or you rather use the "purge" utility.

In my case, it had a wrong default for the config file.

Check out purge --help for more info about the P<num> option. P1 was the right to just kill / reload stuff.

# purge -e '\.txz$' -v -p proxy:port -P1 -c /usr/local/etc/squid/squid.conf
/home/server-data/squid/cache/00/03/0000037A 200 618694 E7B53CD141ACD024C25962B1BEEC7E98 56c491ca 56c491ca ffffffff 568bbb43 ffff 65535 http://freebsd.xxx/9_3_amd64-2016Q1-xxx_php55/All/cups-client-2.0.3_2.txz


Using -v you get the cache object ID, hashes, stuff, more stuff and remote URL from fetch.



Longer term fix

The longer term fix is setting finer tuned parameters in squid.conf for this file type (a short refresh interval) and also serving the files with a helpful cache header from the webserver.

I'll write about that once I got them right. Aggressive caching can break your servers.