Authored by: Support.com Tech Pro Team
How to troubleshoot Squid Package on Netgate router
The swap.state from the Squid file can grow large and consume all available drive space. See Tuning the Squid Package for more details.
As a security measure, squid will not allow a user to connect to a site that has a hostname that does not match its IP address. This prevents clients from hardcoding or altering DNS responses to evade access controls. The side effect of this, however, is that sites which employ round-robin DNS or other DNS optimizations can cause squid to block or drop connections to those sites unintentionally. The squid access log will have a 409 (Conflict) error code when a connection is dropped for this reason.
This happens with sites such as Google or Facebook when the client and squid use different DNS sources, thus getting different DNS results for the same query because the results are randomized. Even though the address for the server is valid, the disparity causes squid to drop the connection.
The solution is to have the clients use the firewall as their DNS server so that both squid and clients use the same DNS source and the results will match.
Resetting the cache in squid can often clear up issues without performing a more complicated procedure. Before performing a full reset, try clearing and resetting the cache:
mv /var/squid/cache /var/squid/cache.oldsquid -zrm -rf /var/squid/cache.old
The old cache should be moved, then reset, and then the old cache should be removed, as above, because removing the cache directory can be time-consuming, and if it is moved first, then its removal will not prevent squid from being running while it is happening.
When troubleshooting squid/squidGuard there are some procedures that may be followed to ensure things are completely reset.