web proxy: disable caching more carefully; /var MFS caching is ok

PR: https://forum.opnsense.org/index.php?topic=4227.0

src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml

@@ -117,16 +117,13 @@
                 <id>proxy.general.cache.local.cache_mem</id>
                 <label>Memory Cache size in Megabytes</label>
                 <type>text</type>
-                <help><![CDATA[Enter the cache memory size to use.]]></help>
-                <advanced>true</advanced>
+                <help><![CDATA[Enter the cache memory size to use or zero to disable completely.]]></help>
             </field>
             <field>
                 <id>proxy.general.cache.local.enabled</id>
                 <label>Enable local cache (requires service restart)</label>
                 <type>checkbox</type>
-                <help><![CDATA[Enable or disable the local cache.<br/>
-        Currently only ufs directory cache type is supported.<br/>
-        <b class="text-danger">Do not enable on embedded systems with SD or CF cards as this may break your drive.</b>]]></help>
+                <help><![CDATA[Enable or disable the local cache. Only UFS directory cache type is supported. Do not enable on embedded systems with SD or CF cards without the /var MFS option as this will wear down your drive.]]></help>
             </field>
             <field>
                 <id>proxy.general.cache.local.size</id>
@@ -135,6 +132,13 @@
                 <help><![CDATA[Enter the storage size for the local cache (default is 100).]]></help>
                 <advanced>true</advanced>
             </field>
+            <field>
+                <id>proxy.general.cache.local.directory</id>
+                <label>Cache directory location</label>
+                <type>text</type>
+                <help><![CDATA[Enter the directory location for thee local cache (default is /var/squid/cache).]]></help>
+                <advanced>true</advanced>
+            </field>
             <field>
                 <id>proxy.general.cache.local.l1</id>
                 <label>Number of first-level subdirectories</label>

src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml

@@ -100,7 +100,7 @@
                     </directory>
                     <cache_mem type="IntegerField">
                         <default>256</default>
-                        <MinimumValue>1</MinimumValue>
+                        <MinimumValue>0</MinimumValue>
                         <ValidationMessage>Specify a positive memory cache size. (number of MB's)</ValidationMessage>
                         <Required>Y</Required>
                     </cache_mem>

src/opnsense/service/templates/OPNsense/Proxy/squid.conf

 #
 # Automatic generated configuration for Squid.
 # Do not edit this file manually.
+#
 
 {# wrap http_port ssl bump configuration for reuse #}
 {% macro sslbump_httpsconfig(network, tags='') -%}
@@ -264,18 +265,23 @@ icap_enable off
 
 {% include "OPNsense/Proxy/squid.user.post_auth.conf" ignore missing with context %}
 
-{% if helpers.exists('OPNsense.proxy.general.cache.local') and OPNsense.proxy.general.cache.local.enabled == '1' %}
+# Caching settings
+{% if helpers.exists('OPNsense.proxy.general.cache.local') %}
+{%  if OPNsense.proxy.general.cache.local.cache_mem|default('256')|int == 0 and OPNsense.proxy.general.cache.local.enabled == '0' %}
+cache deny all
+cache_mem 0
+{%  else %}
 cache_mem {{ OPNsense.proxy.general.cache.local.cache_mem|default('256') }} MB
-{%  if OPNsense.proxy.general.cache.local.maximum_object_size|default('') != '' %}
+{%   if OPNsense.proxy.general.cache.local.maximum_object_size|default('') != '' %}
 maximum_object_size {{OPNsense.proxy.general.cache.local.maximum_object_size}} MB
-{%   if OPNsense.proxy.general.cache.local.maximum_object_size|int > 4 %}
+{%    if OPNsense.proxy.general.cache.local.maximum_object_size|int > 4 %}
 cache_replacement_policy heap LFUDA
+{%    endif %}
 {%   endif %}
-{%  endif %}
+{%   if OPNsense.proxy.general.cache.local.enabled == '1' %}
 cache_dir ufs {{OPNsense.proxy.general.cache.local.directory}} {{OPNsense.proxy.general.cache.local.size}} {{OPNsense.proxy.general.cache.local.l1}} {{OPNsense.proxy.general.cache.local.l2}}
-{% else %}
-cache deny all
-cache_mem 0
+{%   endif %}
+{%  endif %}
 {% endif %}
 
 # Leave coredumps in the first cache dir