Squid.conf Changes

ACL Subnet definition

for being able to access squid if it's bound to non-loopback address (pfSense, clusters)

  acl managerAdmin src 12.34.56.78 # The cluster IP if connecting through proxy from localhost!

 

ACL Definition for purge command

This has to be defined or the command will NOT be allowed.

acl purge method PURGE 

 

ACL Setup

This includes the normal ACL for accessing mgr:info

http_access allow localhost manager
  http_access allow ManagerAdmin manager
  http_access deny manager
  http_access allow managerAdmin purge
  http_access deny purge  

 

 

Reload squid

# squid -k reconfigure

 

 

Purging

You can either use squidclient -m PURGE ... URL or you rather use the "purge" utility.

In my case, it had a wrong default for the config file.

Check out purge --help for more info about the P<num> option. P1 was the right to just kill / reload stuff.

# purge -e '\.txz$' -v -p proxy:port -P1 -c /usr/local/etc/squid/squid.conf
[...] 
/home/server-data/squid/cache/00/03/0000037A 200 618694 E7B53CD141ACD024C25962B1BEEC7E98 56c491ca 56c491ca ffffffff 568bbb43 ffff 65535 http://freebsd.xxx/9_3_amd64-2016Q1-xxx_php55/All/cups-client-2.0.3_2.txz
[...]

 

Using -v you get the cache object ID, hashes, stuff, more stuff and remote URL from fetch.

 

 

Longer term fix

The longer term fix is setting finer tuned parameters in squid.conf for this file type (a short refresh interval) and also serving the files with a helpful cache header from the webserver.

I'll write about that once I got them right. Aggressive caching can break your servers.