ACL Subnet definition
for being able to access squid if it's bound to non-loopback address (pfSense, clusters)
ACL Definition for purge command
This has to be defined or the command will NOT be allowed.
This includes the normal ACL for accessing mgr:info
You can either use squidclient -m PURGE ... URL or you rather use the "purge" utility.
In my case, it had a wrong default for the config file.
Check out purge --help for more info about the P<num> option. P1 was the right to just kill / reload stuff.
Using -v you get the cache object ID, hashes, stuff, more stuff and remote URL from fetch.
Longer term fix
The longer term fix is setting finer tuned parameters in squid.conf for this file type (a short refresh interval) and also serving the files with a helpful cache header from the webserver.
I'll write about that once I got them right. Aggressive caching can break your servers.