SQUID Proxy stops responding

Using openSUSE Leap 15.2 x86_64
I’ve been running squid for a very long time on a customers server. The client has moved from Wireless ISP to Fiber connection. The server is connected directly through a ASUS router to a Fibre ONT device.
Basicly every morning the connection through the squid is disconnected to the internet. I restart the squid software, which makes the connection to the internet work the whole day.

Below is my main squid.conf settings.

Recommended minimum configuration:

acl manager proto cache_object

acl localhost src ::1

acl localhost src

acl to_localhost dst

Example rule allowing access from your local networks.

Adapt to list your (internal) IP networks from where browsing

should be allowed

#acl localnet src # RFC1918 possible internal network
#acl localnet src # RFC1918 possible internal network

RFC1918 possible internal network






unregistered ports




multiling http



acl localnet src
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 1194
acl Safe_ports port 10106

acl block_site dstdomain “/etc/squid/blocked”

#acl work_network src
acl business_hours time MTWHFA 7:00-17:00
#http_access deny block_site

acl extensiondeny url_regex -i “/etc/squid/extensiondeny”
acl download method GET
http_access deny extensiondeny download
http_access deny extensiondeny
#acl whitelist dstdomain “/etc/squid/whitelist”

acl localnet src fc00::/7 # RFC 4193 local private network range

acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl allowsite dstdomain “/etc/squid/blocked”
acl allaccess arp 28:39:26:e0:4c:21 58:00:e3:1c:01:2c 2c:6f:c9:48:c1:fd
http_access allow allowsite allaccess
acl bannedsites dstdomain “/etc/squid/blocked”
http_access deny bannedsites

#acl windowsupdate dstdomain windowsupdate.microsoft.com
#acl windowsupdate dstdomain .update.microsoft.com
#acl windowsupdate dstdomain download.windowsupdate.com
#acl windowsupdate dstdomain redir.metaservices.microsoft.com
#acl windowsupdate dstdomain images.metaservices.microsoft.com
#acl windowsupdate dstdomain c.microsoft.com
#acl windowsupdate dstdomain www.download.windowsupdate.com
#acl windowsupdate dstdomain wustat.windows.com
#acl windowsupdate dstdomain crl.microsoft.com
#acl windowsupdate dstdomain sls.microsoft.com
#acl windowsupdate dstdomain productactivation.one.microsoft.com
#acl windowsupdate dstdomain ntservicepack.microsoft.com

#acl wuCONNECT dstdomain www.update.microsoft.com
#acl wuCONNECT dstdomain sls.microsoft.com

access_log /var/log/squid/access.log squid

#http_access deny all

Recommended minimum Access Permission configuration:

Only allow cachemgr access from localhost

Deny requests to certain unsafe ports

Deny CONNECT to other than secure SSL ports

And finally deny all other access to this proxy

http_access allow business_hours

http_access allow work_network business_hours

http_access deny !whitelist

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all

#acl work_network arp c4:17:fe:53:d7:7a 24:ec:99:18:7c:75 00:04:e2:37:a3:4b 08:00:27:e3:24da:0d
#http_access allow work_network

We strongly recommend the following be uncommented to protect innocent

web applications running on the proxy server who think the only

one who can access services on “localhost” is a local user

#http_access deny to_localhost


Example rule allowing access from your local networks.

Adapt localnet in the ACL section to list your (internal) IP networks

from where browsing should be allowed

#http_access deny to_localhost
#http_access allow CONNECT wuCONNECT localnet

icp_access deny all

allow localhost always proxy functionality

Squid normally listens to port 3128

http_port 3128
http_port 8080


Uncomment and adjust the following to add a disk cache directory.

cache_dir ufs /var/spool/squid 40000 16 256

Leave coredumps in the first cache dir

coredump_dir /var/cache/squid

Add any of your own refresh_pattern entries above these.

refresh_pattern -i microsoft.com/..(cab|exe|ms|[ap]sf|wm[v|a]|dat|zip) 4320 80 43200
refresh_pattern -i windowsupdate.com/..(cab|exe|ms|[ap]sf|wm[v|a]|dat|zip) 4320 80 43200
refresh_pattern -i windows.com/..(cab|exe|ms|[ap]sf|wm[v|a]|dat|zip) 4320 80 43200
refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0 1440
refresh_pattern -i (/cgi-bin/|?) 0 0 0
refresh_pattern . 0 20 4320

maximum_object_size_in_memory 50 KB

cache_replacement_policy heap LFUDA

cache_swap_low 90

cache_swap_high 95

cache_mem 100 MB

cache_effective_user squid

cache_effective_group nogroup

maximum_object_size 50 MB

icp_port 3130


cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

pid_filename /run/squid.pid

netdb_filename stdio:/var/log/squid/netdb.state

try to convert domain name to more ip addresses as default

forward_max_tries 25

log_fqdn on

cache_mgr webmaster

client_lifetime 1 day

connect_timeout 2 minute

error_directory /usr/share/squid/errors/en

ftp_passive on

memory_replacement_policy lru

minimum_object_size 0 KB***

Instead of looking at squid.conf, you should look at squids logfiles, especially journalctl.

journalctl -u squid

This is my results.

– Reboot –
systemd[1]: Starting Squid caching proxy…
squid[1785]: 2021/11/26 08:42:52| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
systemd[1]: Started Squid caching proxy.
squid[1798]: Squid Parent: will start 1 kids
squid[1798]: Squid Parent: (squid-1) process 1802 started
systemd[1]: Stopping Squid caching proxy…
systemd[1]: Stopped Squid caching proxy.
systemd[1]: Starting Squid caching proxy…
squid[14537]: 2021/11/26 09:42:50| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
systemd[1]: squid.service: PID file /run/squid.pid not readable (yet?) after start: No such file or directory