Cache management

Back to proxy main page

Next configuration section

Getting the right cache configuration for your IPFire system is very important as it determines the efficiency of the web proxy. If some configuration settings are too small, such as "Memory cache size", your proxy may respond quickly, but won't efficiently cache web pages for clients. However, if some configuration settings are too large, including "Memory cache size", "Harddisk cache size" or "Number of level-1 subdirectories" (for example) your proxy may be very slow and significantly slow down the speed clients can browse the web.


Activate cachemanager

This checkbox enables the Squid Cachemanger. The cache manager is a WUI utility for the management of the cache. It displays statistics and can be used for an overview of the memory usage of the current proxy process.

  • If the Cache Manager is configured, the "Cache administrator password" field should also be configured

Cache administrator e-mail

cache_mgr - This field is shown on error pages displayed by the proxy. It can provide a helpful link for users to contact the administrator.

Cache administrator password

cachemgr_passwd - If the cachemanager is enabled, a password for administration should be entered here.

Password use here is broken, see Bug 12451 - IPFire Core 145 Cache Management Password Setting Causes Failure to Authenticate

  • The cache manager interface can be reached at the following address:

You can leave the name field blank.


(tbd: Where is the Manager name configured?)


Amount of filedescriptors

max_filedescriptors - In environments with a large amount of clients, or high/unusual traffic, the proxy may reach a limit where it is not permitted to open any more cache files. When this problem occurs the logs will contain the message:
WARNING! Your cache is running out of filedescriptors

If this occurs you should increase this field by 1024, or more. If you are not seeing this problem it is best not to increase this limit as a high file descriptor limit could use more memory.

Memory cache size (MB)

cache_mem - This field defines the amount of memory allocated by Squid. "in-transit objects" (transition objects have the highest priority), Hot Objects (constantly requested objects) and Negative-Cached objects (non-cacheable objects such as 'Log HTTP' status messages) are cached by Squid. It will be stored in 4 KB blocks, so this value should be a multiple of 4KB ( which is assured by the unit MB). Note that under high load, Squid can also override this value so this is not a fixed memory limit.

This value does not determine the total memory footprint of the cache. This is only an additional memory value for the objects mentioned above. The actual memory requirements can be significantly higher. Ideally no more than 50% of installed RAM should be used.

Min object size (KB):

minimum_object_size = Smaller objects as the here defined value (in kilobytes) are not stored on the hard disk cache. A setting of "0" KB means there is no limit.

Max object size (KB):

maximum_object_size - Objects, which are larger than the specified value here (also in KB), are no longer stored on the hard disk cache. With these configuration items, you can save more bandwidth, as a higher value allows larger objects. With a lower value, the speed can be increased. The default is 4 MB.

If the 'Cache replacement policy' "heap LFUDA" is used, the maximum_object_size should be increased to maximize the byte hit rate.

Harddisk cache size (MB):

cache_dir = This directive determines the size of the cache on the hard disk.

Avoid setting a very high harddisk cache size as doing so can result in very high memory usage. You should avoid squid causing IPFire to run out of ram and begin swapping to disk as it will dramatically reduce performance.
For each 1 GB of RAM, 10-20 MB hard disk space can be used used for cache_mem. So, a 20 GB disk cache would increase the cache_mem (memory cache size (MB) :) to 200-400 MB. For 512 MB this value grows up to 712-912 MB

The directive "cache_dir" is composed of multiple values . The syntax is as follows:

Syntax example:

cache_dir aufs /var/log/cache 100 16 256
  • aufs = Is by default the memory type for Squid on IPFire. "aufs" uses the same storage format as "ufs" but using POSIX-threads which can prevent the blocking of Squid processes on disk I/O.
  • /var/log/cache = Defines the cache directory.
  • 100 = The first value is the "cache size on the hard drive (MB):". If this option is used, there must be at least 100 MB of free disk space. Under full load, the real value can be significantly above it.
  • 16 = Is the "number of level-1 subdirectories" and can be controlled via the WUI.
  • 256 = Is the "number of Level 2 sub-directories". These can not be regulated over the WUI (default 256).

It is also possible to create multiple cache_dir lines /var/ipfire/proxy/advanced/acls/include.acl ,if you want to distribute the cache on multiple partitions or file systems. In here is a description of how to edit the squid.conf manually.

Also it should be referred to the Squid documentation --> .

The cache can also be switched off with the value 0, which is a good idea especially for CompactFlash cards to increase their life span. 10 MB is the minimum value.

Number of level-1 subdirectories

Number of level-1 subdirectories: = (cache_dir) Squid creates its objects in a certain order, which accommodates to the file management system of Linux. Each level-1 directory contains 256 subdirectories by default. The default setting is 16 level-1 subdirectories so in this situation there are 4096 Level-2 subdirectories.

The default value of 16 should only be increased when necessary

Memory and cache replacement policy

These two fields define the method used to decide which objects in memory [memory_replacement_policy] or in disk cache (*cache_replacement_policy will be removed so that there is space for new objects to be saved.

The policies available include one designed to increase object hit rate (so Squid is more likely to cache objects which are needed more often - speed) or byte hit rate (so that Squid is more likely to cache objects which will reduce the need for data being downloaded in future - bandwidth)

Both policies are configured with drop-down boxes and the memory replacement policy can differ from the cache replacement policy. They can have the following values:

  • LRU (least recently used) Cache most recently requested objects, regardless of their size and age.
    • This is the original list-based policy used by Squid and is usually less efficient than "heap LRU" or the newer two methods below.
  • heap LFUDA (Least Frequently Used with Dynamic Aging) Byte-hit rate (saving bandwidth) is increased as frequently requested objects are cached regardless of their size. For example, frequently requested large objects may be kept in the cache at the expense of many small objects.
    • This policy is often best for disk cache replacement policy when a large "harddisk cache size (MB)" is defined.
  • heap GDSF = (Greedy-Dual Size Frequency) Aims to keep small and frequently requested objects in the cache, which will result in less frequently used larger objects being removed. The object-hit rate (cache speed) will be enhanced using this policy.
    • This policy is often best for memory replacement policy or links with high bandwidth.
  • heap LRU = Works the same way as the original LRU, but uses a heap data structure for increased efficiency.

Enable offline mode - offline_mode

When this is enabled, Squid will not try to check if cached objects (web pages and images) are current and will display them regardless of their age. This mode will result in less internet traffic used, but is likely to result in stale (old) objects being returned to clients.

This setting is not recommended for most IPFire installations.

Enable Cache-Digest Generation

This is only beneficial when working with multiple proxies (peers) and will not be helpful to basic IPFire installations. When selected a summary of the objects held by the Squid cache is created. This summary can be exchanged with cache peers (other proxies) and can result in reduced client latency and response time.

Do not cache these domains (one per line)

dst_nocache.acl - IP Addresses or internet domains entered in to this text box will not be cached by Squid. This means that each time one of these addresses or domains are requested by a client they will be retrieved directly from the internet.

This is useful for sites which are very frequently updated, for bandwidth speed test sites and, if IPFire routes between two internal networks (such as Blue and Green), for internal domains and IPs.

Next configuration section

Back to proxy main page

Edit Page ‐ Yes, you can edit!

Older Revisions • January 10 at 1:03 am • Jon