]>
Commit | Line | Data |
---|---|---|
934b03fc | 1 | NAME: http_port ascii_port |
2 | TYPE: ushortlist | |
3 | DEFAULT: 3128 | |
4 | LOC: Config.Port.http | |
5 | DOC_START | |
6 | The port number where squid will listen for HTTP client | |
7 | requests. Default is 3128, for httpd-accel mode use port 80. | |
8 | May be overridden with -a on the command line. | |
9 | ||
10 | You may specify multiple ports here, but they MUST all be on | |
11 | a single line. | |
12 | ||
13 | http_port 3128 | |
14 | DOC_END | |
15 | ||
16 | ||
17 | NAME: icp_port udp_port | |
18 | TYPE: ushort | |
19 | DEFAULT: 3130 | |
20 | LOC: Config.Port.icp | |
21 | DOC_START | |
22 | The port number where squid send and receive ICP requests to | |
23 | and from neighbor caches. Default is 3130. To disable use | |
24 | "0". May be overridden with -u on the command line. | |
25 | ||
26 | icp_port 3130 | |
27 | DOC_END | |
28 | ||
29 | ||
30 | NAME: mcast_groups | |
31 | TYPE: wordlist | |
32 | LOC: Config.mcast_group_list | |
33 | DEFAULT: NULL | |
34 | DOC_START | |
35 | This tag specifies a list of multicast groups which your | |
36 | server should join to receive multicasted ICP requests. | |
37 | ||
38 | NOTE! Be very careful what you put here! Be sure you | |
39 | understand the difference between an ICP _query_ and an ICP | |
40 | _reply_. This option is to be set only if you want to RECEIVE | |
41 | multicast queries. Do NOT set this option to SEND multicast | |
42 | ICP (use cache_host for that). ICP replies are always sent via | |
43 | unicast, so this option does not affect whether or not you will | |
44 | receive replies from multicast group members. | |
45 | ||
46 | You must be very careful to NOT use a multicast address which | |
47 | is already in use by another group of caches. NLANR has been | |
48 | assigned a block of multicast address space for use in Web | |
49 | Caching. Plese write to us at nlanr-cache@nlanr.net to receive | |
50 | an address for your own use. | |
51 | ||
52 | Usage: mcast_groups 239.128.16.128 224.0.1.20 | |
53 | ||
54 | By default, squid doesn't listen on any multicast groups. | |
55 | ||
56 | mcast_groups 239.128.16.128 | |
57 | DOC_END | |
58 | ||
59 | ||
60 | NAME: tcp_incoming_address bind_address | |
61 | TYPE: address | |
62 | LOC: Config.Addrs.tcp_incoming | |
63 | DEFAULT: INADDR_ANY | |
64 | DOC_NONE | |
65 | ||
66 | NAME: tcp_outgoing_address outbound_address | |
67 | TYPE: address | |
68 | LOC: Config.Addrs.tcp_outgoing | |
69 | DEFAULT: no_addr.s_addr | |
70 | DOC_NONE | |
71 | ||
72 | NAME: udp_incoming_address | |
73 | TYPE: address | |
74 | LOC:Config.Addrs.udp_incoming | |
75 | DEFAULT: INADDR_ANY | |
76 | DOC_NONE | |
77 | ||
78 | NAME: udp_outgoing_address | |
79 | TYPE: address | |
80 | LOC: Config.Addrs.udp_outgoing | |
81 | DEFAULT: no_addr.s_addr | |
82 | DOC_START | |
83 | Usage: tcp_incoming_address 10.20.30.40 | |
84 | udp_outgoing_address fully.qualified.domain.name | |
85 | ||
86 | These tags have replaced 'bind_address' and 'outbound_address' | |
87 | to provide more control for multihomed hosts. | |
88 | ||
89 | tcp_incoming_address is used for the HTTP socket which accepts | |
90 | connections from clients and other caches. | |
91 | tcp_outgoing_address is used for connections made to remote | |
92 | servers and other caches. | |
93 | udp_incoming_address is used for the ICP socket receiving packets | |
94 | from other caches. | |
95 | udp_outgoing_address is used for ICP packets sent out to other | |
96 | caches. | |
97 | ||
98 | The defaults behaviour is to not bind to any specific address. | |
99 | ||
100 | NOTE, udp_incoming_address and udp_outgoing_address can not have | |
101 | the same value since they both use port 3130. | |
102 | ||
103 | tcp_incoming_address 0.0.0.0 | |
104 | tcp_outgoing_address 0.0.0.0 | |
105 | udp_incoming_address 0.0.0.0 | |
106 | udp_outgoing_address 0.0.0.0 | |
107 | DOC_END | |
108 | ||
109 | ||
110 | # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM | |
111 | #----------------------------------------------------------------------------- | |
112 | ||
113 | NAME: cache_host | |
114 | TYPE: cachehost | |
115 | DOC_START | |
116 | To specify other caches in a hierarchy, use the format: | |
117 | ||
118 | hostname type http_port icp_port | |
119 | ||
120 | For example, | |
121 | ||
122 | # proxy icp | |
123 | # hostname type port port options | |
124 | # -------------------- -------- ----- ----- ----------- | |
125 | cache_host bigserver.usc.edu parent 3128 3130 [proxy-only] | |
126 | cache_host littleguy1.usc.edu sibling 3128 3130 [proxy-only] | |
127 | cache_host littleguy1.usc.edu sibling 3128 3130 [proxy-only] | |
128 | ||
129 | type: either 'parent', 'sibling', or 'multicast'. | |
130 | ||
131 | proxy_port: The port number where the cache listens for proxy | |
132 | requests. | |
133 | ||
134 | icp_port: Used for querying neighbor caches about | |
135 | objects. To have a non-ICP neighbor | |
136 | specify '7' for the ICP port and make sure the | |
137 | neighbor machine has the UDP echo port | |
138 | enabled in its /etc/inetd.conf file. | |
139 | ||
140 | options: proxy-only | |
141 | weight=n | |
142 | ttl=n | |
143 | no-query | |
144 | default | |
145 | round-robin | |
146 | multicast-responder | |
147 | ||
148 | use 'proxy-only' to specify that objects fetched | |
149 | from this cache should not be saved locally. | |
150 | ||
151 | use 'weight=n' to specify a weighted parent. | |
152 | The weight must be an integer. The default weight | |
153 | is 1, larger weights are favored more. | |
154 | ||
155 | use 'ttl=n' to specify a IP multicast TTL to use | |
156 | when sending an ICP request to this address. | |
157 | Only useful when sending to a multicast group. | |
158 | Because we don't accept ICP replies from random | |
159 | hosts, you must configure other group members as | |
160 | peers with the 'multicast-responder' option below. | |
161 | ||
162 | use 'no-query' to NOT send ICP queries to this | |
163 | neighbor. | |
164 | ||
165 | use 'default' if this is a parent cache which can | |
166 | be used as a "last-resort." You should probably | |
167 | only use 'default' in situations where you cannot | |
168 | use ICP with your parent cache(s). | |
169 | ||
170 | use 'round-robin' to define a set of parents which | |
171 | should be used in a round-robin fashion in the | |
172 | absence of any ICP queries. | |
173 | ||
174 | 'multicast-responder' indicates that the named peer | |
175 | is a member of a multicast group. ICP queries will | |
176 | not be sent directly to the peer, but ICP replies | |
177 | will be accepted from it. | |
178 | ||
179 | NOTE: non-ICP neighbors must be specified as 'parent'. | |
180 | ||
181 | cache_host hostname type 3128 3130 | |
182 | DOC_END | |
183 | ||
184 | ||
185 | NAME: cache_host_domain | |
186 | TYPE: hostdomain | |
187 | DOC_START | |
188 | Use to limit the domains for which a neighbor cache will be queried. | |
189 | Usage: | |
190 | ||
191 | cache_host_domain cache-host domain [domain ...] | |
192 | cache_host_domain cache-host !domain | |
193 | ||
194 | For example, specifying | |
195 | ||
196 | cache_host_domain bigserver.usc.edu .edu | |
197 | ||
198 | has the effect such that UDP query packets are sent to | |
199 | 'bigserver' only when the requested object exists on a | |
200 | server in the .edu domain. Prefixing the domainname | |
201 | with '!' means that the cache will be queried for objects | |
202 | NOT in that domain. | |
203 | ||
204 | NOTE: * Any number of domains may be given for a cache-host, | |
205 | either on the same or separate lines. | |
206 | * When multiple domains are given for a particular | |
207 | cache-host, the first matched domain is applied. | |
208 | * Cache hosts with no domain restrictions are queried | |
209 | for all requests. | |
210 | * There are no defaults. | |
211 | * There is also a 'cache_host_acl' tag in the ACL | |
212 | section. | |
213 | DOC_END | |
214 | ||
215 | ||
216 | NAME: neighbor_type_domain | |
217 | TYPE: hostdomaintype | |
218 | DOC_START | |
219 | usage: neighbor_type_domain parent|sibling domain domain ... | |
220 | ||
221 | Modifying the neighbor type for specific domains is now | |
222 | possible. You can treat some domains differently than the the | |
223 | default neighbor type specified on the 'cache_host' line. | |
224 | Normally it should only be necessary to list domains which | |
225 | should be treated differently because the default neighbor type | |
226 | applies for hostnames which do not match domains listed here. | |
227 | ||
228 | EXAMPLE: | |
229 | cache_host parent cache.foo.org 3128 3130 | |
230 | neighbor_type_domain cache.foo.org sibling .com .net | |
231 | neighbor_type_domain cache.foo.org sibling .au .de | |
232 | DOC_END | |
233 | ||
234 | NAME: single_parent_bypass | |
235 | COMMENT: on|off | |
236 | TYPE: onoff | |
237 | DEFAULT: 0 | |
238 | LOC: Config.singleParentBypass | |
239 | DOC_START | |
240 | This tag specifies that it is okay to bypass the hierarchy | |
241 | "Pinging" when there is only a single parent for a given URL. | |
242 | ||
243 | Usage: single_parent_bypass on|off | |
244 | ||
245 | Before actually sending ICP "ping" packets to parents and | |
246 | neighbors, we figure out which hosts would be pinged based | |
247 | on the cache_host_domain rules, etc. Often it may be the | |
248 | case that only a single parent cache would be pinged. | |
249 | ||
250 | Since there is only a single parent, there is a very good | |
251 | chance that we will end up fetching the object from that | |
252 | parent. For this reason, it may be beneficial to avoid | |
253 | the ping and just fetch the object anyway. | |
254 | ||
255 | However, if we avoid the ping, we will be assuming that the | |
256 | parent host is reachable and that the cache process is running. | |
257 | By using the ping, we can be reasonably sure that the parent | |
258 | host will be able to handle our request. If the ping fails then | |
259 | it may be possible to fetch the object directly from the source. | |
260 | ||
261 | To favor the resiliency provided by the ping algorithm, | |
262 | single_parent_bypass is 'off' by default. | |
263 | ||
264 | single_parent_bypass off | |
265 | DOC_END | |
266 | ||
267 | ||
268 | NAME: source_ping | |
269 | COMMENT: on|off | |
270 | TYPE: onoff | |
271 | DEFAULT: 0 | |
272 | LOC: Config.sourcePing | |
273 | DOC_START | |
274 | If source_ping is enabled, then squid will include the source | |
275 | provider site in its selection algorithm. This is accomplished | |
276 | by sending ICP "HIT" packets to the UDP echo port of the source | |
277 | host. Note that using source_ping may send a fair amount of UDP | |
278 | traffic out on the Internet and may irritate paranoid network | |
279 | administrators. | |
280 | ||
281 | Note that source_ping is incompatible with inside_firewall. | |
282 | For hosts beyond the firewall, source_ping packets will never | |
283 | be sent. | |
284 | ||
285 | By default, source_ping is off. | |
286 | ||
287 | source_ping off | |
288 | DOC_END | |
289 | ||
290 | ||
291 | NAME: neighbor_timeout neighbour_timeout | |
292 | COMMENT: (seconds) | |
293 | DEFAULT: 2 | |
294 | TYPE: time_sec | |
295 | LOC: Config.neighborTimeout | |
296 | DOC_START | |
297 | This controls how long to wait for replies from neighbor caches. | |
298 | If none of the parent or neighbor caches reply before this many | |
299 | seconds (due to dropped packets or slow links), then the object | |
300 | request will be satisfied from the default source. The default | |
301 | timeout is two seconds. | |
302 | ||
303 | neighbor_timeout 2 seconds | |
304 | DOC_END | |
305 | ||
306 | ||
307 | NAME: hierarchy_stoplist | |
308 | TYPE: wordlist | |
309 | LOC: Config.hierarchy_stoplist | |
310 | DOC_START | |
311 | A list of words which, if found in a URL, cause the object to | |
312 | be handled directly by this cache. In other words, use this | |
313 | to not query neighbor caches for certain objects. You may | |
314 | list this option multiple times. | |
315 | ||
316 | The default is to directly fetch URLs containing 'cgi-bin' or '?'. | |
317 | ||
318 | hierarchy_stoplist cgi-bin ? | |
319 | DOC_END | |
320 | ||
321 | ||
322 | NAME: cache_stoplist | |
323 | TYPE: wordlist | |
324 | LOC: Config.cache_stoplist | |
325 | DOC_START | |
326 | A list of words which, if found in a URL, cause the object to | |
327 | immediately removed from the cache. In other words, use this | |
328 | to force certain objects to never be cached. You may list this | |
329 | option multiple times. | |
330 | ||
331 | The default is to not cache URLs containing 'cgi-bin' or '?'. | |
332 | ||
333 | cache_stoplist cgi-bin ? | |
334 | DOC_END | |
335 | ||
336 | ||
337 | NAME: cache_stoplist_pattern | |
338 | COMMENT: # case sensitive | |
339 | TYPE: regexlist | |
340 | LOC: Config.cache_stop_relist | |
341 | DOC_NONE | |
342 | ||
343 | NAME: cache_stoplist_pattern/i | |
344 | COMMENT: # case insensitive | |
345 | TYPE: regexlist_icase | |
346 | LOC: Config.cache_stop_relist | |
347 | DOC_START | |
348 | Just like 'cache_stoplist' but you can use regular expressions | |
349 | instead of simple string matching. There is no default. | |
350 | ||
351 | cache_stoplist_pattern | |
352 | DOC_END | |
353 | ||
354 | ||
355 | # OPTIONS WHICH AFFECT THE CACHE SIZE | |
356 | #----------------------------------------------------------------------------- | |
357 | ||
358 | ||
359 | NAME: cache_mem | |
360 | COMMENT: (in megabytes) | |
361 | TYPE: int | |
362 | DEFAULT: 8 | |
363 | LOC: Config.Mem.maxSize | |
364 | DOC_START | |
365 | Maximum amout of VM used to store objects in memory. | |
366 | This includes: | |
367 | in-transit objects, | |
368 | negative-cached objects, | |
369 | "hot" objects | |
370 | The value of cache_mem is an upper limit on the size of the | |
371 | "in-memory object data" pool. This is a pool of 4k pages used | |
372 | to hold object data. | |
373 | ||
374 | In-transit objects have priority over the others. When | |
375 | additional space is needed for incoming data, negative-cached | |
376 | and hot objects will be released. In other words, the | |
377 | negative-cached and hot objects will fill up any unused space | |
378 | not needed for in-transit objects. | |
379 | ||
380 | The values of cache_mem_low and cache_mem_high (below) can be | |
381 | used to tune the use of the memory pool. When the high mark is | |
382 | reached, in-transit and hot objects will be released to clear | |
383 | space. When an object transfer is completed, it will remain in | |
384 | memory only if the current memory usage is below the low water | |
385 | mark. | |
386 | ||
387 | The default is 8 Megabytes. | |
388 | ||
389 | cache_mem 8 | |
390 | DOC_END | |
391 | ||
392 | ||
393 | NAME: cache_swap_low | |
394 | COMMENT: (percent, 0-100) | |
395 | TYPE: int | |
396 | DEFAULT: 90 | |
397 | LOC: Config.Swap.lowWaterMark | |
398 | DOC_NONE | |
399 | ||
400 | NAME: cache_swap_high | |
401 | COMMENT: (percent, 0-100) | |
402 | TYPE: int | |
403 | DEFAULT: 95 | |
404 | LOC: Config.Swap.highWaterMark | |
405 | DOC_START | |
406 | The low- and high-water marks for cache LRU replacement. | |
407 | LRU replacement begins when the high-water mark is reached | |
408 | and ends when enough objects have been removed and the low-water | |
409 | mark is reached. Defaults are 90% and 95%. | |
410 | ||
411 | cache_swap_low 90 | |
412 | cache_swap_high 95 | |
413 | DOC_END | |
414 | ||
415 | ||
416 | NAME: cache_mem_low | |
417 | COMMENT: (in percent, 0-100) | |
418 | TYPE: int | |
419 | DEFAULT: 75 | |
420 | LOC: Config.Mem.lowWaterMark | |
421 | DOC_NONE | |
422 | ||
423 | NAME: cache_mem_high | |
424 | COMMENT: (in percent, 0-100) | |
425 | TYPE: int | |
426 | DEFAULT: 95 | |
427 | LOC: Config.Mem.highWaterMark | |
428 | DOC_START | |
429 | The low- and high-water mark for cache memory storage. When | |
430 | the amount of RAM used by the hot-object RAM cache reaches this | |
431 | point, the cache starts throwing objects out of the RAM cache | |
432 | (but they remain on disk). Defaults are 75% and 90%. | |
433 | ||
434 | cache_mem_low 75 | |
435 | cache_mem_high 90 | |
436 | DOC_END | |
437 | ||
438 | ||
439 | NAME: maximum_object_size | |
440 | TYPE: int | |
441 | DEFAULT: 4096 | |
442 | LOC: Config.Store.maxObjectSize | |
443 | DOC_START | |
444 | Objects larger than this size will NOT be saved on disk. The | |
445 | value is specified in kilobytes, and the default is 4MB. | |
446 | ||
447 | maximum_object_size 4096 | |
448 | DOC_END | |
449 | ||
450 | ||
451 | NAME: ipcache_size | |
452 | COMMENT: (number of entries) | |
453 | TYPE: int | |
454 | DEFAULT: 1024 | |
455 | LOC: Config.ipcache.size | |
456 | DOC_NONE | |
457 | ||
458 | NAME: ipcache_low | |
459 | COMMENT: (percent) | |
460 | TYPE: int | |
461 | DEFAULT: 90 | |
462 | LOC: Config.ipcache.low | |
463 | DOC_NONE | |
464 | ||
465 | NAME: ipcache_high | |
466 | COMMENT: (percent) | |
467 | TYPE: int | |
468 | DEFAULT: 95 | |
469 | LOC: Config.ipcache.high | |
470 | DOC_START | |
471 | The size, low-, and high-water marks for the IP cache. | |
472 | ||
473 | ipcache_size 1024 | |
474 | ipcache_low 90 | |
475 | ipcache_high 95 | |
476 | DOC_END | |
477 | ||
478 | ||
479 | # LOGFILE PATHNAMES AND CACHE DIRECTORIES | |
480 | #----------------------------------------------------------------------------- | |
481 | ||
482 | NAME: cache_dir | |
483 | TYPE: cachedir | |
484 | DOC_START | |
485 | Directory for on-disk cache storage. The cache will change into | |
486 | this directory when running. The default is | |
487 | /usr/local/squid/cache. | |
488 | ||
489 | You can specify multiple cache_dir lines to spread the | |
490 | cache among different disk partitions. | |
491 | ||
492 | cache_dir /usr/local/squid/cache 256 16 16 | |
493 | DOC_END | |
494 | ||
495 | ||
496 | NAME: cache_access_log | |
497 | TYPE: string | |
498 | DEFAULT: /usr/local/squid/logs/access.log | |
499 | LOC: Config.Log.access | |
500 | DOC_START | |
501 | Logs the client request activity. Contains an entry for | |
502 | every HTTP and ICP request received. | |
503 | ||
504 | cache_access_log /usr/local/squid/logs/access.log | |
505 | DOC_END | |
506 | ||
507 | ||
508 | NAME: cache_log | |
509 | TYPE: string | |
510 | DEFAULT: /usr/local/squid/logs/cache.log | |
511 | LOC: Config.Log.log | |
512 | DOC_START | |
513 | Cache logging file. Set logging levels with "debug_options" below. | |
514 | ||
515 | cache_log /usr/local/squid/logs/cache.log | |
516 | DOC_END | |
517 | ||
518 | ||
519 | NAME: cache_store_log | |
520 | TYPE: string | |
521 | DEFAULT: /usr/local/squid/logs/store.log | |
522 | LOC: Config.Log.store | |
523 | DOC_START | |
524 | Logs the activities of the storage manager. Shows which | |
525 | objects are ejected from the cache, and which objects are | |
526 | saved and for how long. To disable, enter "none". | |
527 | ||
528 | cache_store_log /usr/local/squid/logs/store.log | |
529 | DOC_END | |
530 | ||
531 | ||
532 | NAME: cache_swap_log | |
533 | TYPE: string | |
534 | LOC: Config.Log.swap | |
535 | DOC_START | |
536 | Location for the cache "swap log." This log file holds the | |
537 | metadata of objects saved on disk. It is used to rebuild the | |
538 | cache during startup. Normally this file resides in the first | |
539 | 'cache_dir' directory, but you may specify an alternate | |
540 | pathname here. Note you must give a full filename, not just | |
541 | a directory. | |
542 | ||
543 | cache_swap_log | |
544 | DOC_END | |
545 | ||
546 | ||
547 | NAME: emulate_httpd_log | |
548 | COMMENT: on|off | |
549 | TYPE: onoff | |
550 | DEFAULT: 0 | |
551 | LOC: Config.commonLogFormat | |
552 | DOC_START | |
553 | The Cache can emulate the log file format which many 'httpd' | |
554 | programs use. To disable/enable this emulation, set | |
555 | emulate_httpd_log to 'off' or 'on'. The default | |
556 | is to use the native log format. | |
557 | ||
558 | emulate_httpd_log off | |
559 | DOC_END | |
560 | ||
561 | ||
562 | NAME: mime_table | |
563 | TYPE: pathname_check | |
564 | DEFAULT: /usr/local/squid/etc/mime.conf | |
565 | LOC: Config.mimeTablePathname | |
566 | DOC_START | |
567 | Pathname to Squid's MIME table which has the format | |
568 | ||
569 | regex content-type icon content-encoding transfer-mode | |
570 | ||
571 | mime_table /usr/local/squid/etc/mime.conf | |
572 | DOC_END | |
573 | ||
574 | ||
575 | NAME: log_mime_hdrs | |
576 | COMMENT: on|off | |
577 | TYPE: onoff | |
578 | LOC: Config.logMimeHdrs | |
579 | DOC_START | |
580 | The Cache can record both the request and the response | |
581 | MIME headers for each HTTP transaction. The headers are | |
582 | encoded safely and will appear as two bracketed fields | |
583 | at the end of the access log (for either the native | |
584 | or httpd-emulated log formats). To enable this logging | |
585 | set log_mime_hdrs to 'on'. | |
586 | ||
587 | NOTE: support for this may require you to define | |
588 | LOG_FULL_HEADERS before compiling. | |
589 | ||
590 | log_mime_hdrs off | |
591 | DOC_END | |
592 | ||
593 | ||
594 | NAME: useragent_log | |
595 | TYPE: string | |
596 | LOC: Config.Log.useragent | |
597 | DOC_START | |
598 | If compiled with "-DUSE_USERAGENT_LOG=1" Squid will write | |
599 | the User-Agent field from HTTP requests to the filename | |
600 | specified here. By default useragent_log is disabled. | |
601 | ||
602 | useragent_log none | |
603 | DOC_END | |
604 | ||
605 | ||
606 | NAME: pid_filename | |
607 | TYPE: string | |
608 | DEFAULT: /usr/local/squid/logs/squid.pid | |
609 | LOC: Config.pidFilename | |
610 | DOC_START | |
611 | A pathname to write the process-id to. To disable, enter "none". | |
612 | ||
613 | pid_filename /usr/local/squid/logs/squid.pid | |
614 | DOC_END | |
615 | ||
616 | ||
617 | NAME: debug_options | |
618 | TYPE: string_optional | |
619 | DEFAULT: ALL,1 | |
620 | LOC: Config.debugOptions | |
621 | DOC_START | |
622 | Logging options are set as section,level where each source file | |
623 | is assigned a unique section. Lower levels result in less | |
624 | output, Full debugging (level 9) can result in a very large | |
625 | log file, so be careful. The magic word "ALL" sets debugging | |
626 | levels for all sections. We recommend normally running with | |
627 | "ALL,1". | |
628 | ||
629 | debug_options ALL,1 | |
630 | DOC_END | |
631 | ||
632 | ||
633 | NAME: ident_lookup | |
634 | COMMENT: on|off | |
635 | TYPE: onoff | |
636 | DEFAULT: 0 | |
637 | LOC: Config.identLookup | |
638 | DOC_START | |
639 | If you wish to make an RFC931/ident lookup of the client username | |
640 | for each connection, enable this. It is off by default. | |
641 | ||
642 | ident_lookup off | |
643 | DOC_END | |
644 | ||
645 | ||
646 | NAME: log_fqdn | |
647 | COMMENT: on|off | |
648 | TYPE: onoff | |
649 | DEFAULT: 0 | |
650 | LOC: Config.Log.log_fqdn | |
651 | DOC_START | |
652 | Turn this on if you wish to log fully qualified domain names | |
653 | in the access.log. | |
654 | ||
655 | log_fqdn off | |
656 | DOC_END | |
657 | ||
658 | ||
659 | NAME: client_netmask | |
660 | TYPE: address | |
661 | LOC: Config.Addrs.client_netmask | |
662 | DOC_START | |
663 | A netmask for client addresses in logfiles and cachemgr output. | |
664 | Change this to protect the privacy of your cache clients. | |
665 | ||
666 | client_netmask 255.255.255.255 | |
667 | DOC_END | |
668 | ||
669 | ||
670 | # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS | |
671 | #----------------------------------------------------------------------------- | |
672 | ||
673 | # TAG: ftpget_program | |
674 | # Where to find the 'ftpget' program that retrieves FTP data (HTTP | |
675 | # and Gopher protocol support are built into the cache). | |
676 | # | |
677 | # To disable ftpget and the ability to retrieve FTP objects, set | |
678 | # this to "none". Note that ftpget is automatically disabled for | |
679 | # http_accel mode. | |
680 | # | |
681 | #ftpget_program @DEFAULT_FTPGET@ | |
682 | ||
683 | # TAG: ftpget_options | |
684 | # Options for the 'ftpget' program. Please run 'ftpget' without | |
685 | # any arguments to see a list of options. The default is | |
686 | # no options. An example is | |
687 | # | |
688 | # ftpget_options -n 60 -R -W | |
689 | # | |
690 | #ftpget_options | |
691 | ||
692 | NAME: ftp_user | |
693 | TYPE: string | |
694 | DEFAULT: squid@ | |
695 | LOC: Config.Ftp.anon_user | |
696 | DOC_START | |
697 | If you want the anonymous login password to be more informative | |
698 | (and enable the use of picky ftp servers), set this to something | |
699 | resonable for your domain, like wwwuser@somewhere.net | |
700 | ||
701 | The reason why this is domainless by default is that the | |
702 | request can be made on the behalf of a user in any domain, | |
703 | depending on how the cache is used. | |
704 | Some ftp server also validate that the email address is valid | |
705 | (for example perl.com). | |
706 | ||
707 | ftp_user squid@ | |
708 | DOC_END | |
709 | ||
710 | ||
711 | NAME: cache_dns_program | |
712 | TYPE: pathname_check | |
713 | DEFAULT: /usr/local/squid/bin/dnsserver | |
714 | LOC: Config.Program.dnsserver | |
715 | DOC_START | |
716 | Specify the location of the executable for dnslookup process. | |
717 | ||
718 | cache_dns_program /usr/local/squid/bin/dnsserver | |
719 | DOC_END | |
720 | ||
721 | ||
722 | NAME: dns_children | |
723 | TYPE: int | |
724 | DEFAULT: 5 | |
725 | LOC: Config.dnsChildren | |
726 | DOC_START | |
727 | The number of processes spawn to service DNS name lookups. | |
728 | For heavily loaded caches on large servers, you should | |
729 | probably increase this value to at least 10. The maximum | |
730 | is 32. The default is 5. | |
731 | ||
732 | To disable dnsservers, set this to 0. NOTE, this is very | |
733 | strongly discouraged. If you disable dnsservers your Squid | |
734 | process will BLOCK on DNS lookups! | |
735 | ||
736 | dns_children 5 | |
737 | DOC_END | |
738 | ||
739 | ||
740 | NAME: dns_defnames | |
741 | COMMENT: on|off | |
742 | TYPE: onoff | |
743 | DEFAULT: 0 | |
744 | LOC: Config.Options.res_defnames | |
745 | DOC_START | |
746 | Normally the 'dnsserver' disables the RES_DEFNAMES resolver | |
747 | option (see res_init(3)). This prevents caches in a hierarchy | |
748 | from interpreting single-component hostnames locally. To allow | |
749 | dnsserver to handle single-component names, enable this | |
750 | option. | |
751 | ||
752 | dns_defnames off | |
753 | DOC_END | |
754 | ||
755 | ||
756 | NAME: unlinkd_program | |
757 | TYPE: pathname_check | |
758 | DEFAULT: /usr/local/squid/bin/unlinkd | |
759 | LOC: Config.Program.unlinkd | |
760 | DOC_START | |
761 | Specify the location of the executable for file deletion process. | |
762 | ||
763 | unlinkd_program /usr/local/squid/bin/unlinkd | |
764 | DOC_END | |
765 | ||
766 | ||
767 | NAME: pinger_program | |
768 | TYPE: pathname_check | |
769 | DEFAULT: /usr/local/squid/bin/pinger | |
770 | LOC: Config.Program.pinger | |
771 | DOC_START | |
772 | Specify the location of the executable for the pinger process. | |
773 | ||
774 | pinger_program /usr/local/squid/bin/pinger | |
775 | DOC_END | |
776 | ||
777 | ||
778 | NAME: redirect_program | |
779 | TYPE: pathname_check | |
780 | LOC: Config.Program.redirect | |
781 | DOC_START | |
782 | Specify the location of the executable for the URL redirector. | |
783 | Currently, you must provide your own redirector program. | |
784 | See the Release-Notes for how to write one. | |
785 | By default, the redirector is not used. | |
786 | ||
787 | redirect_program /bin/false | |
788 | DOC_END | |
789 | ||
790 | ||
791 | NAME: redirect_children | |
792 | TYPE: int | |
793 | DEFAULT: 5 | |
794 | LOC: Config.redirectChildren | |
795 | DOC_START | |
796 | The number of redirector processes to spawn. | |
797 | ||
798 | redirect_children 5 | |
799 | DOC_END | |
800 | ||
801 | ||
802 | # OPTIONS FOR TUNING THE CACHE | |
803 | #----------------------------------------------------------------------------- | |
804 | ||
805 | NAME: wais_relay | |
806 | TYPE: waisrelay | |
807 | DOC_START | |
808 | Relay WAIS request to host (1st arg) at port (2 arg). | |
809 | ||
810 | wais_relay localhost 8000 | |
811 | DOC_END | |
812 | ||
813 | ||
814 | NAME: request_size | |
815 | TYPE: int | |
816 | DEFAULT: 100 | |
817 | LOC: Config.maxRequestSize | |
818 | DOC_START | |
819 | Maximum allowed request size in kilobytes. If people are using | |
820 | POST to upload files, then set this to the largest acceptable | |
821 | filesize plus a few extra kbytes. | |
822 | ||
823 | request_size 100 | |
824 | DOC_END | |
825 | ||
826 | ||
827 | NAME: refresh_pattern | |
828 | COMMENT: # case sensitive | |
829 | TYPE: refreshpattern | |
830 | DOC_NONE | |
831 | ||
832 | NAME: refresh_pattern/i | |
833 | COMMENT: # case insensitive | |
834 | TYPE: refreshpattern_icase | |
835 | DOC_START | |
836 | usage: refresh_pattern regex min percent max | |
837 | ||
838 | min and max are specified in MINUTES. | |
839 | percent is an integer number. | |
840 | ||
841 | Please see the file doc/Release-Notes-1.1.txt for a full | |
842 | description of Squid's refresh algorithm. Basically a | |
843 | cached object is: | |
844 | ||
845 | FRESH if age < min | |
846 | STALE if expires < now | |
847 | STALE if age > max | |
848 | FRESH if lm-factor < percent | |
849 | ||
850 | The refresh_pattern lines are checked in the order listed here. | |
851 | The first entry which matches is used. If none of the entries | |
852 | match, then the default will be used. | |
853 | ||
854 | Default: | |
855 | refresh_pattern . 0 20% 4320 | |
856 | DOC_END | |
857 | ||
858 | ||
859 | NAME: reference_age | |
860 | TYPE: time_min | |
861 | LOC: Config.referenceAge | |
862 | DOC_START | |
863 | As a part of normal operation, Squid performs Least Recently | |
864 | Used removal of cached objects. The LRU age for removal is | |
865 | computed dynamically, based on the amount of disk space in | |
866 | use. The 'reference_age' value defines the maximum LRU age. | |
867 | For example, setting reference_age to '1 week' will cause | |
868 | objects to be removed if they have not been accessed for a week | |
869 | or more. If set to zero, LRU removal is disabled, and objects | |
870 | will be removed only when disk usage is over the high water | |
871 | mark. The default value is one year. | |
872 | ||
873 | Specify a number here, followed by units of time. For example: | |
874 | 1 week | |
875 | 3.5 days | |
876 | 4 months | |
877 | 2.2 hours | |
878 | ||
879 | reference_age 1 year | |
880 | DOC_END | |
881 | ||
882 | ||
883 | NAME: quick_abort | |
884 | TYPE: quickabort | |
885 | DOC_START | |
886 | By default the cache continues to retrieve objects from | |
887 | aborted requests. This may be undesirable on slow (e.g. SLIP) | |
888 | links and/or very busy caches. Impatient users may tie up | |
889 | file descriptors by repeatedly aborting and re-requesting | |
890 | non-cachable objects. | |
891 | ||
892 | Usage: quick_abort min-kbytes percent max-kbytes | |
893 | ||
894 | When the user aborts a request, Squid will check the | |
895 | quick_abort values to the amount of data transfered until | |
896 | then. | |
897 | ||
898 | If the transfer has less than 'min-kbytes' remaining, it | |
899 | will finish the retrieval. Setting minlength to -1 will | |
900 | disable the quick_abort feature. | |
901 | ||
902 | If the transfer has more than 'max-kbytes' remaining, it | |
903 | will abort the retrieval. | |
904 | ||
905 | If more than 'percent' of the transfer has completed, it will | |
906 | finish the retrieval. | |
907 | ||
908 | quick_abort -1 0 0 | |
909 | DOC_END | |
910 | ||
911 | ||
912 | NAME: negative_ttl | |
913 | COMMENT: (in minutes) | |
914 | TYPE: time_sec | |
915 | LOC: Config.negativeTtl | |
916 | DOC_START | |
917 | Time-to-Live (TTL) for failed requests. Certain types of | |
918 | failures (such as "connection refused" and "404 Not Found") are | |
919 | negatively-cached for a small amount of time. The default is 5 | |
920 | minutes. Note that this is different from negative caching of | |
921 | DNS lookups. | |
922 | ||
923 | negative_ttl 5 minutes | |
924 | DOC_END | |
925 | ||
926 | ||
927 | NAME: positive_dns_ttl | |
928 | COMMENT: (in minutes) | |
929 | TYPE: time_sec | |
930 | LOC: Config.positiveDnsTtl | |
931 | DOC_START | |
932 | Time-to-Live (TTL) for positive caching of successful DNS lookups. | |
933 | Default is 6 hours (360 minutes). If you want to minimize the | |
934 | use of Squid's ipcache, set this to 1, not 0. | |
935 | ||
936 | positive_dns_ttl 360 minutes | |
937 | DOC_END | |
938 | ||
939 | ||
940 | NAME: negative_dns_ttl | |
941 | COMMENT: (in minutes) | |
942 | TYPE: time_sec | |
943 | LOC: Config.negativeDnsTtl | |
944 | DOC_START | |
945 | Time-to-Live (TTL) for negative caching of failed DNS lookups. | |
946 | ||
947 | negative_dns_ttl 5 minutes | |
948 | DOC_END | |
949 | ||
950 | ||
951 | # TIMEOUTS | |
952 | #----------------------------------------------------------------------------- | |
953 | ||
954 | NAME: connect_timeout | |
955 | COMMENT: (in seconds) | |
956 | TYPE: time_sec | |
957 | LOC: Config.Timeout.connect | |
958 | DOC_START | |
959 | Some systems (notably Linux) can not be relied upon to properly | |
960 | time out connect(2) requests. Therefore the squid process | |
961 | enforces its own timeout on server connections. This parameter | |
962 | specifies how long to wait for the connect to complete. The | |
963 | default is two minutes (120 seconds). | |
964 | ||
965 | connect_timeout 120 seconds | |
966 | DOC_END | |
967 | ||
968 | ||
969 | NAME: read_timeout | |
970 | COMMENT: (in minutes) | |
971 | TYPE: time_sec | |
972 | LOC: Config.Timeout.read | |
973 | DOC_START | |
974 | The read_timeout is applied on server-side connections. After | |
975 | each successful read(), the timeout will be extended by this | |
976 | amount. If no data is read again after this amount of time, | |
977 | the request is aborted and logged with ERR_READ_TIMEOUT. The | |
978 | default is 15 minutes. | |
979 | ||
980 | read_timeout 15 minutes | |
981 | DOC_END | |
982 | ||
983 | ||
984 | NAME: defer_timeout | |
985 | COMMENT: (in minutes) | |
986 | TYPE: time_sec | |
987 | LOC: Config.Timeout.defer | |
988 | DOC_START | |
989 | If your clients are behind slow (e.g. PPP/SLIP) connections, | |
990 | then data may come in from the server-side faster than it can | |
991 | be written to the client-side. When the server side gets too | |
992 | far ahead of the client-side, subsequent reads will be deferred | |
993 | until the client catches up. This timeout determines how long | |
994 | to wait while in "deferred read mode." The default is one | |
995 | hour. | |
996 | ||
997 | defer_timeout 60 minutes | |
998 | DOC_END | |
999 | ||
1000 | ||
1001 | NAME: request_timeout | |
1002 | TYPE: time_sec | |
1003 | LOC: Config.Timeout.request | |
1004 | DOC_START | |
1005 | How long to wait for an HTTP request after connection | |
1006 | establishment. For persistent connections, wait this long | |
1007 | after the previous request completes. | |
1008 | ||
1009 | defer_timeout 30 seconds | |
1010 | DOC_END | |
1011 | ||
1012 | ||
1013 | NAME: client_lifetime | |
1014 | COMMENT: (in minutes) | |
1015 | TYPE: time_sec | |
1016 | LOC: Config.Timeout.lifetime | |
1017 | DOC_START | |
1018 | The maximum amount of time that a client (browser) is allowed to | |
1019 | remain connected to the cache process. This protects the Cache | |
1020 | from having alot of sockets (and hence file descriptors) tied up | |
1021 | in a CLOSE_WAIT state from remote clients that go away without | |
1022 | properly shutting down (either because of a network failure or | |
1023 | because of a poor client implementation). The default is one | |
1024 | day, 1440 minutes. | |
1025 | ||
1026 | NOTE: The default value is intended to be much larger than any | |
1027 | client would ever need to be connected to your cache. You | |
1028 | should probably change client_lifetime only as a last resort. | |
1029 | If you seem to have many client connections tying up | |
1030 | filedescriptors, we recommend first tuning the read_timeout, | |
1031 | defer_timeout, and quick_abort values. | |
1032 | ||
1033 | client_lifetime 1 day | |
1034 | DOC_END | |
1035 | ||
1036 | ||
1037 | NAME: shutdown_lifetime | |
1038 | COMMENT: (in seconds) | |
1039 | TYPE: time_sec | |
1040 | LOC: Config.shutdownLifetime | |
1041 | DOC_START | |
1042 | When SIGTERM or SIGHUP is received, the cache is put into | |
1043 | "shutdown pending" mode until all active sockets are closed. | |
1044 | This value is the lifetime to set for all open descriptors | |
1045 | during shutdown mode. Any active clients after this many | |
1046 | seconds will receive a 'timeout' message. | |
1047 | ||
1048 | shutdown_lifetime 30 seconds | |
1049 | DOC_END | |
1050 | ||
1051 | ||
1052 | # ACCESS CONTROLS | |
1053 | #----------------------------------------------------------------------------- | |
1054 | ||
1055 | NAME: acl | |
1056 | TYPE: acl | |
1057 | DOC_START | |
1058 | Defining an Access List | |
1059 | ||
1060 | acl aclname acltype string1 ... | |
1061 | acl aclname acltype "file" ... | |
1062 | ||
1063 | when using "file", the file should contain one item per line | |
1064 | ||
1065 | acltype is one of src dst srcdomain dstdomain url_pattern | |
1066 | urlpath_pattern time port proto method browser user | |
1067 | ||
1068 | acl aclname src ip-address/netmask ... (clients IP address) | |
1069 | acl aclname src addr1-addr2/netmask ... (range of addresses) | |
1070 | acl aclname dst ip-address/netmask ... (URL host's IP address) | |
1071 | acl aclname srcdomain foo.com ... (taken from reverse DNS lookup) | |
1072 | acl aclname dstdomain foo.com ... (taken from the URL) | |
1073 | acl aclname time [day-abbrevs] [h1:m1-h2:m2] | |
1074 | day-abbrevs: | |
1075 | S - Sunday | |
1076 | M - Monday | |
1077 | T - Tuesday | |
1078 | W - Wednesday | |
1079 | H - Thursday | |
1080 | F - Friday | |
1081 | A - Saturday | |
1082 | h1:m1 must be less than h2:m2 | |
1083 | acl aclname url_regex ^http:// ... # regex matching on whole URL | |
1084 | acl aclname urlpath_regex \.gif$ ... # regex matching on URL path only | |
1085 | acl aclname port 80 70 21 ... | |
1086 | acl aclname proto HTTP FTP ... | |
1087 | acl aclname method GET POST ... | |
1088 | acl aclname browser regexp | |
1089 | acl aclname user username ... # string match on ident output. | |
1090 | # use REQUIRED to accept any | |
1091 | # non-null ident. | |
1092 | ||
1093 | acl manager proto cache_object | |
1094 | acl localhost src 127.0.0.1/255.255.255.255 | |
1095 | acl all src 0.0.0.0/0.0.0.0 | |
1096 | ||
1097 | acl SSL_ports port 443 563 | |
1098 | acl Dangerous_ports port 7 9 19 | |
1099 | acl CONNECT method CONNECT | |
1100 | DOC_END | |
1101 | ||
1102 | NAME: http_access | |
1103 | TYPE: acl_access | |
1104 | LOC: Config.accessList.HTTP | |
1105 | DOC_START | |
1106 | Allowing or Denying access based on defined access lists | |
1107 | ||
1108 | Access to the HTTP port: | |
1109 | http_access allow|deny [!]aclname ... | |
1110 | ||
1111 | Access to the ICP port: | |
1112 | icp_access allow|deny [!]aclname ... | |
1113 | ||
1114 | NOTE on default values: | |
1115 | ||
1116 | If there are no "access" lines present, the default is to allow | |
1117 | the request. | |
1118 | ||
1119 | If none of the "access" lines cause a match, the default is the | |
1120 | opposite of the last line in the list. If the last line was | |
1121 | deny, then the default is allow. Conversely, if the last line | |
1122 | is allow, the default will be deny. For these reasons, it is a | |
1123 | good idea to have an "deny all" or "allow all" entry at the end | |
1124 | of your access lists to avoid potential confusion. | |
1125 | ||
1126 | ||
1127 | Only allow access to the cache manager functions from the local host. | |
1128 | http_access deny manager !localhost | |
1129 | http_access deny CONNECT !SSL_ports | |
1130 | http_access deny Dangerous_ports | |
1131 | ||
1132 | Allow everything else | |
1133 | http_access allow all | |
1134 | DOC_END | |
1135 | ||
1136 | ||
1137 | NAME: icp_access | |
1138 | TYPE: acl_access | |
1139 | LOC: Config.accessList.ICP | |
1140 | DOC_START | |
1141 | Reply to all ICP queries we receive | |
1142 | ||
1143 | icp_access allow all | |
1144 | DOC_END | |
1145 | ||
1146 | ||
1147 | NAME: miss_access | |
1148 | TYPE: acl_access | |
1149 | LOC: Config.accessList.MISS | |
1150 | DOC_START | |
1151 | Use to force your neighbors to use you as a sibling instead of | |
1152 | a parent. For example: | |
1153 | ||
1154 | acl localclients src 172.16.0.0/16 | |
1155 | miss_access allow localclients | |
1156 | miss_access deny !localclients | |
1157 | ||
1158 | This means that only your local clients are allowed to fetch | |
1159 | MISSES and all other clients can only fetch HITS. | |
1160 | ||
1161 | By default, allow all clients who passed the http_access rules | |
1162 | to fetch MISSES from us. | |
1163 | ||
1164 | miss_access allow all | |
1165 | DOC_END | |
1166 | ||
1167 | ||
1168 | NAME: cache_host_acl | |
1169 | TYPE: hostacl | |
1170 | DOC_START | |
1171 | Just like 'cache_host_domain' but provides more flexibility by | |
1172 | using ACL's. | |
1173 | ||
1174 | cache_host_acl cache-host [!]aclname ... | |
1175 | ||
1176 | NOTE: * Any number of ACL's may be given for a cache-host, | |
1177 | either on the same or separate lines. | |
1178 | * When multiple ACL's are given for a particular | |
1179 | cache-host, the first matched ACL is applied. | |
1180 | * Cache hosts with no domain or ACL restrictions are | |
1181 | queried for all requests. | |
1182 | * There are no defaults. | |
1183 | DOC_END | |
1184 | ||
1185 | ||
1186 | # ADMINISTRATIVE PARAMETERS | |
1187 | #----------------------------------------------------------------------------- | |
1188 | ||
1189 | NAME: cache_mgr | |
1190 | TYPE: string | |
1191 | DEFAULT: webmaster | |
1192 | LOC: Config.adminEmail | |
1193 | DOC_START | |
1194 | Email-address of local cache manager who will receive | |
1195 | mail if the cache dies. The default is "webmaster." | |
1196 | ||
1197 | cache_mgr webmaster | |
1198 | DOC_END | |
1199 | ||
1200 | ||
1201 | NAME: cache_effective_user | |
1202 | TYPE: effectiveuser | |
1203 | DOC_START | |
1204 | If the cache is run as root, it will change its effective/real | |
1205 | UID/GID to the UID/GID specified below. The default is not to | |
1206 | change UID/GID. | |
1207 | ||
1208 | cache_effective_user nobody nogroup | |
1209 | DOC_END | |
1210 | ||
1211 | ||
1212 | NAME: visible_hostname | |
1213 | TYPE: string | |
1214 | LOC: Config.visibleHostname | |
1215 | DOC_START | |
1216 | If you want to present a special hostname in error messages, etc, | |
1217 | then define this. Otherwise, the return value of gethostname() | |
1218 | will be used. | |
1219 | ||
1220 | visible_hostname www-cache.foo.org | |
1221 | DOC_END | |
1222 | ||
1223 | ||
1224 | # OPTIONS FOR THE CACHE REGISTRATION SERVICE | |
1225 | #----------------------------------------------------------------------------- | |
1226 | ||
1227 | # This section contains parameters for the (optional) cache | |
1228 | # announcement service. This service is provided to help | |
1229 | # cache administrators locate one another in order to join or | |
1230 | # create cache hierarchies. | |
1231 | # | |
1232 | # An 'announcement' message is sent (via UDP) to the registration | |
1233 | # service by Squid. By default, the annoucement message is NOT | |
1234 | # SENT unless you enable it with 'cache_announce' below. | |
1235 | # | |
1236 | # The announcement message includes your hostname, plus the | |
1237 | # following information from this configuration file: | |
1238 | # | |
1239 | # http_port | |
1240 | # icp_port | |
1241 | # cache_mgr | |
1242 | # | |
1243 | # All current information is processed regularly and made | |
1244 | # available on the Web at http://www.nlanr.net/Cache/Tracker/. | |
1245 | ||
1246 | ||
1247 | NAME: cache_announce | |
1248 | TYPE: cacheannounce | |
1249 | DOC_START | |
1250 | This is how frequently to send cache announcements. The default | |
1251 | is `0' which disables sending the announcement messages. | |
1252 | ||
1253 | To enable announcing your cache, just uncomment the line below. | |
1254 | ||
1255 | cache_announce 24 | |
1256 | DOC_END | |
1257 | ||
1258 | ||
1259 | NAME: announce_to | |
1260 | TYPE: announceto | |
1261 | DOC_START | |
1262 | This is the hostname and portnumber where the registration message | |
1263 | will be sent. | |
1264 | ||
1265 | Format: announce_to host[:port] [filename] | |
1266 | ||
1267 | Hostname will default to 'sd.cache.nlanr.net' and port will default | |
1268 | to 3131. If the 'filename' argument is given, the contents of that | |
1269 | file will be included in the announce message. | |
1270 | ||
1271 | announce_to sd.cache.nlanr.net:3131 | |
1272 | DOC_END | |
1273 | ||
1274 | ||
1275 | # HTTPD-ACCELERATOR OPTIONS | |
1276 | #----------------------------------------------------------------------------- | |
1277 | ||
1278 | NAME: httpd_accel | |
1279 | TYPE: httpdaccel | |
1280 | DOC_START | |
1281 | If you want to run squid as an httpd accelerator, define the | |
1282 | host name and port number where the real HTTP server is. | |
1283 | ||
1284 | If you want virtual host support then specify the hostname | |
1285 | as "virtual". | |
1286 | ||
1287 | httpd_accel real_httpd_host real_httpd_port | |
1288 | DOC_END | |
1289 | ||
1290 | ||
1291 | NAME: httpd_accel_with_proxy | |
1292 | COMMENT: on|off | |
1293 | TYPE: onoff | |
1294 | DEFAULT: 0 | |
1295 | LOC: Config.Accel.withProxy | |
1296 | DOC_START | |
1297 | If you want to use squid as both a local httpd accelerator | |
1298 | and as a proxy, change this to 'on'. | |
1299 | ||
1300 | httpd_accel_with_proxy off | |
1301 | DOC_END | |
1302 | ||
1303 | ||
1304 | NAME: httpd_accel_uses_host_header | |
1305 | COMMENT: on|off | |
1306 | TYPE: onoff | |
1307 | LOC: opt_accel_uses_host | |
1308 | DOC_START | |
1309 | HTTP/1.1 requests include a Host: header which is basically the | |
1310 | hostname from the URL. Squid can be an accelerator for | |
1311 | different HTTP servers by looking at this header. However, | |
1312 | Squid does NOT check the value of the Host header, so it opens | |
1313 | a big security hole. We recommend that this option remain | |
1314 | disabled unless you are sure of what you are doing. | |
1315 | ||
1316 | httpd_accel_uses_host_header off | |
1317 | DOC_END | |
1318 | ||
1319 | ||
1320 | # MISCELLANEOUS | |
1321 | #----------------------------------------------------------------------------- | |
1322 | ||
1323 | NAME: dns_testnames | |
1324 | TYPE: wordlist | |
1325 | LOC: Config.dns_testname_list | |
1326 | DOC_START | |
1327 | The DNS tests exit as soon as the first site is successfully looked up | |
1328 | ||
1329 | If you want to disable DNS tests, do not comment out or delete this | |
1330 | list. Instead use the -D command line option | |
1331 | ||
1332 | dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu | |
1333 | DOC_END | |
1334 | ||
1335 | ||
1336 | NAME: logfile_rotate | |
1337 | TYPE: int | |
1338 | DEFAULT: 10 | |
1339 | LOC: Config.Log.rotateNumber | |
1340 | DOC_START | |
1341 | Specifies the number of logfile rotations to make upon receiving | |
1342 | a USR1 signal. The default is 10, which will rotate with | |
1343 | extensions 0 through 9. Setting logfile_rotate to 0 will | |
1344 | disable the rotation, but the logfiles are still closed and | |
1345 | re-opened. This will enable you to rename the logfiles yourself | |
1346 | just before sending a USR1 signal to the squid process. | |
1347 | ||
1348 | logfile_rotate 10 | |
1349 | DOC_END | |
1350 | ||
1351 | ||
1352 | NAME: append_domain | |
1353 | TYPE: appenddomain | |
1354 | DOC_START | |
1355 | Appends local domain name to hostnames without any dots in them. | |
1356 | append_domain must begin with a period. | |
1357 | ||
1358 | append_domain .yourdomain.com | |
1359 | DOC_END | |
1360 | ||
1361 | ||
1362 | NAME: tcp_recv_bufsize | |
1363 | TYPE: int | |
1364 | DEFAULT: 0 | |
1365 | LOC: Config.tcpRcvBufsz | |
1366 | DOC_START | |
1367 | Size of receive buffer to set for TCP sockets. Probably just | |
1368 | as easy to change your kernel's default. Set to zero to use | |
1369 | the default buffer size. | |
1370 | ||
1371 | tcp_recv_bufsize 0 | |
1372 | DOC_END | |
1373 | ||
1374 | ||
1375 | NAME: ssl_proxy | |
1376 | TYPE: proxy | |
1377 | LOC: Config.sslProxy | |
1378 | DOC_START | |
1379 | Specify the name of a 'cache_host' listed above, or a hostname | |
1380 | and port number where all SSL requests should be forwarded to. | |
1381 | ||
1382 | Usage: ssl_proxy cache_host | |
1383 | ssl_proxy host:port | |
1384 | ||
1385 | ssl_proxy | |
1386 | DOC_END | |
1387 | ||
1388 | ||
1389 | NAME: passthrough_proxy | |
1390 | TYPE: proxy | |
1391 | LOC: Config.passProxy | |
1392 | DOC_START | |
1393 | Specify the name of a 'cache_host' listed above, or a hostname | |
1394 | and port number where all non-GET (i.e. POST, PUT) requests | |
1395 | should be forwarded to. | |
1396 | ||
1397 | Usage: passthrough_proxy cache_host | |
1398 | passthrough_proxy host:port | |
1399 | ||
1400 | passthrough_proxy | |
1401 | DOC_END | |
1402 | ||
1403 | ||
1404 | NAME: proxy_auth | |
1405 | TYPE: proxyauth | |
1406 | DOC_START | |
1407 | Usage: proxy_auth passwd_file [ ignore-domain ] | |
1408 | ||
1409 | 'passwd_file' is an apache-style file of passwords for | |
1410 | authenticated proxy access Looks like user:password, with the | |
1411 | password being standard crypt() format. Proxy authentication | |
1412 | is disabled by default. | |
1413 | ||
1414 | 'ignore-domain' is a domain name for which authorization will | |
1415 | *not* be required. | |
1416 | ||
1417 | NOTE, proxy_auth support is not compiled into Squid by default. | |
1418 | To use this feature you must enable the USE_PROXY_AUTH option | |
1419 | near the top of src/Makefile. | |
1420 | ||
1421 | proxy_auth /dev/null | |
1422 | DOC_END | |
1423 | ||
1424 | ||
1425 | NAME: err_html_text | |
1426 | TYPE: errhtml | |
1427 | DOC_START | |
1428 | HTML text to include in error messages. Make this a "mailto" | |
1429 | URL to your admin address, or maybe just a link to your | |
1430 | organizations Web page. | |
1431 | ||
1432 | err_html_text | |
1433 | DOC_END | |
1434 | ||
1435 | ||
1436 | NAME: deny_info | |
1437 | TYPE: denyinfo | |
1438 | LOC: Config.denyInfoList | |
1439 | DOC_START | |
1440 | Usage: deny_info URL acl | |
1441 | ||
1442 | This can be used to return a HTTP redirect for requests which | |
1443 | do not pass the 'http_access' rules. A single ACL will cause | |
1444 | the http_access check to fail. If a 'deny_info' line exists | |
1445 | for that ACL then Squid returns a redirect to the given URL. | |
1446 | DOC_END | |
1447 | ||
1448 | ||
1449 | NAME: udp_hit_obj | |
1450 | COMMENT: on|off | |
1451 | TYPE: onoff | |
1452 | LOC: opt_udp_hit_obj | |
1453 | DOC_START | |
1454 | If set, Squid will request UDP_HIT_OBJ replies from its | |
1455 | neighbors. UDP_HIT_OBJ is nice because it saves bandwidth, but | |
1456 | it can cause some other problems. For one it complicates | |
1457 | calculating hit rates. Also, problems arise because the ICP | |
1458 | query does not contain any HTTP request headers which may | |
1459 | affect the reply. | |
1460 | ||
1461 | udp_hit_obj off | |
1462 | DOC_END | |
1463 | ||
1464 | ||
1465 | NAME: udp_hit_obj_size | |
1466 | TYPE: int | |
1467 | LOC: Config.udpMaxHitObjsz | |
1468 | DOC_START | |
1469 | If set, Squid will limit UDP_HIT_OBJ size to be less than | |
1470 | this value. Setting this value to more than SQUID_UDP_SO_SNDBUF | |
1471 | will not work as expected. Set to zero to select the size | |
1472 | permited by the socket. | |
1473 | udp_hit_obj_size 0 | |
1474 | DOC_END | |
1475 | ||
1476 | ||
1477 | NAME: memory_pools | |
1478 | COMMENT: on|off | |
1479 | TYPE: onoff | |
1480 | LOC: opt_mem_pools | |
1481 | DOC_START | |
1482 | If set, Squid will keep pools of allocated (but unused) memory | |
1483 | available for future use. If memory is a premium on your | |
1484 | system, disable this. | |
1485 | ||
1486 | memory_pools on | |
1487 | DOC_END | |
1488 | ||
1489 | NAME: forwarded_for | |
1490 | COMMENT: on|off | |
1491 | TYPE: onoff | |
1492 | LOC: opt_forwarded_for | |
1493 | DOC_START | |
1494 | If set, Squid will include your system's IP address or name | |
1495 | in the HTTP requests it forwards. By default it looks like | |
1496 | this: | |
1497 | ||
1498 | X-Forwarded-For: 192.1.2.3 | |
1499 | ||
1500 | If you disable this, it will appear as | |
1501 | ||
1502 | X-Forwarded-For: unknown | |
1503 | ||
1504 | forwarded_for on | |
1505 | DOC_END | |
1506 | ||
1507 | NAME: log_icp_queries | |
1508 | COMMENT: on|off | |
1509 | TYPE: onoff | |
1510 | DEFAULT: 1 | |
1511 | LOC: Config.Options.log_udp | |
1512 | DOC_START | |
1513 | If set, ICP queries are logged to access.log. ICP logging | |
1514 | is enabled by default, so uncomment and change the line | |
1515 | below to disable it. | |
1516 | ||
1517 | log_icp_queries on | |
1518 | DOC_END | |
1519 | ||
1520 | ||
1521 | NAME: minimum_direct_hops | |
1522 | TYPE: int | |
1523 | DEFAULT: 4 | |
1524 | LOC: Config.minDirectHops | |
1525 | DOC_START | |
1526 | If using the ICMP pinging stuff, do direct fetches for sites | |
1527 | which are no more than this many hops away. | |
1528 | ||
1529 | minimum_direct_hops 4 | |
1530 | DOC_END | |
1531 | ||
1532 | ||
1533 | NAME: cachemgr_passwd | |
1534 | TYPE: cachemgrpasswd | |
1535 | DOC_START | |
1536 | Specify passwords for cachemgr operations. | |
1537 | ||
1538 | Usage: cachemgr_passwd password action action ... | |
1539 | ||
1540 | valid actions are: | |
1541 | shutdown * | |
1542 | info | |
1543 | stats/objects | |
1544 | stats/vm_objects | |
1545 | stats/utilization | |
1546 | stats/ipcache | |
1547 | stats/fqdncache | |
1548 | stats/dns | |
1549 | stats/redirector | |
1550 | stats/io | |
1551 | stats/reply_headers | |
1552 | stats/filedescriptors | |
1553 | stats/netdb | |
1554 | log/status * | |
1555 | log/enable * | |
1556 | log/disable * | |
1557 | log/clear * | |
1558 | log * | |
1559 | parameter | |
1560 | server_list | |
1561 | client_list | |
1562 | squid.conf * | |
1563 | ||
1564 | * Indicates actions which will not be performed without a | |
1565 | valid password, others can be performed if not listed here. | |
1566 | ||
1567 | To disable an action, set the password to "disable". | |
1568 | To allow performing an action without a password, set the | |
1569 | password to "none". | |
1570 | ||
1571 | Use the keyword "all" to set the same password for all actions. | |
1572 | ||
1573 | cachemgr_passwd secret shutdown | |
1574 | cachemgr_passwd lesssssssecret info stats/objects | |
1575 | cachemgr_passwd disable all | |
1576 | DOC_END | |
1577 | ||
1578 | ||
1579 | # TAG: swap_level1_dirs | |
1580 | # Number of first-level directories to create for storing cached | |
1581 | # objects. Minimum 1, maximum 256, default 16. | |
1582 | # | |
1583 | #swap_level1_dirs 16 | |
1584 | ||
1585 | # TAG: swap_level2_dirs | |
1586 | # Number of sub-directories to create under each first-level | |
1587 | # directory. Minimum 1, maximum 256, default 256. | |
1588 | # | |
1589 | #swap_level2_dirs 256 | |
1590 | ||
1591 | NAME: store_avg_object_size | |
1592 | TYPE: int | |
1593 | DEFAULT: 20 | |
1594 | LOC: Config.Store.avgObjectSize | |
1595 | DOC_START | |
1596 | Average object size, used to estimate number of objects your | |
1597 | cache can hold. See doc/Release-Notes-1.1.txt. The default is | |
1598 | 20K. | |
1599 | ||
1600 | store_avg_object_size 20 | |
1601 | DOC_END | |
1602 | ||
1603 | NAME: store_objects_per_bucket | |
1604 | TYPE: int | |
1605 | DEFAULT: 50 | |
1606 | LOC: Config.Store.objectsPerBucket | |
1607 | DOC_START | |
1608 | Target number of objects per bucket in the store hash table. | |
1609 | Lowering this value increases the total number of buckets and | |
1610 | also the storage maintenance rate. The default is 20. | |
1611 | ||
1612 | store_objects_per_bucket 20 | |
1613 | DOC_END | |
1614 | ||
1615 | ||
1616 | NAME: http_anonymizer | |
1617 | TYPE: httpanonymizer | |
1618 | LOC: Config.Options.anonymizer | |
1619 | DOC_START | |
1620 | If you want to filter out certain HTTP request headers for | |
1621 | privacy reasons, enable this option. There are three | |
1622 | appropriate settings: | |
1623 | 'off' All HTTP request headers are passed. | |
1624 | 'standard' Specific headers are removed | |
1625 | 'paranoid' Only specific headers are allowed. | |
1626 | To see which headers are allowed or denied, please see the | |
1627 | http-anon.c source file. | |
1628 | ||
1629 | http_anonymizer off | |
1630 | DOC_END | |
1631 | ||
1632 | ||
1633 | NAME: client_db | |
1634 | COMMENT: on|off | |
1635 | TYPE: onoff | |
1636 | DEFAULT: 1 | |
1637 | LOC: Config.Options.client_db | |
1638 | DOC_START | |
1639 | If you want to disable collecting per-client statistics, then | |
1640 | turn off client_db here. | |
1641 | ||
1642 | client_db on | |
1643 | DOC_END | |
1644 | ||
1645 | ||
1646 | NAME: netdb_low | |
1647 | TYPE: int | |
1648 | DEFAULT: 900 | |
1649 | LOC: Config.Netdb.low | |
1650 | DOC_NONE | |
1651 | ||
1652 | NAME: netdb_high | |
1653 | TYPE: int | |
1654 | DEFAULT: 1000 | |
1655 | LOC: Config.Netdb.high | |
1656 | DOC_START | |
1657 | The low and high water marks for the ICMP measurement | |
1658 | database. These are counts, not percents. The defaults are | |
1659 | 900 and 1000. When the high water mark is reached, database | |
1660 | entries will be deleted until the low mark is reached. | |
1661 | ||
1662 | netdb_low 900 | |
1663 | netdb_high 1000 | |
1664 | DOC_END | |
1665 | ||
1666 | ||
1667 | NAME: netdb_ping_period | |
1668 | TYPE: time_sec | |
1669 | LOC: Config.Netdb.period | |
1670 | DOC_START | |
1671 | The minimum period for measuring a site. There will be at | |
1672 | least this much delay between successive pings to the same | |
1673 | network. The default is five minutes. | |
1674 | ||
1675 | netdb_ping_period 5 minutes | |
1676 | DOC_END | |
1677 | ||
1678 | ||
1679 | NAME: query_icmp | |
1680 | COMMENT: on|off | |
1681 | TYPE: onoff | |
1682 | DEFAULT: 0 | |
1683 | LOC: Config.Options.query_icmp | |
1684 | DOC_START | |
1685 | If you want to ask your peers to include ICMP data in their ICP | |
1686 | replies, enable this option. | |
1687 | ||
1688 | If your peer has built squid with '-DUSE_ICMP=1' then that peer | |
1689 | will send ICMP pings to origin server sites of the URLs it | |
1690 | receives. If you enable this option then the ICP replies from | |
1691 | that peer will include the ICMP data (if available). Then, | |
1692 | when choosing a parent cache, Squid will choose the parent with | |
1693 | the minimal RTT to the origin server. When this happens, the | |
1694 | hierarchy field of the access.log will be | |
1695 | "CLOSEST_PARENT_MISS". This option is off by default. | |
1696 | ||
1697 | query_icmp off | |
1698 | DOC_END | |
1699 | ||
1700 | NAME: clean_rate | |
1701 | TYPE: time_sec | |
1702 | LOC: Config.cleanRate | |
1703 | DOC_START | |
1704 | XXX need docs | |
1705 | DOC_END | |
1706 | ||
1707 | NAME: always_direct | |
1708 | TYPE: acl_access | |
1709 | LOC: Config.accessList.AlwaysDirect | |
1710 | DOC_START | |
1711 | XXX need docs | |
1712 | DOC_END | |
1713 | ||
1714 | NAME: never_direct | |
1715 | TYPE: acl_access | |
1716 | LOC: Config.accessList.NeverDirect | |
1717 | DOC_START | |
1718 | XXX need docs | |
1719 | DOC_END | |
1720 | ||
1721 | NAME: viz_hack_addr | |
1722 | TYPE: vizhack | |
1723 | DOC_START | |
1724 | XXX need docs | |
1725 | DOC_END | |
1726 | ||
1727 | #NAME: proxy_auth_ignore | |
1728 | #TYPE: regexplist_icase | |
1729 | #LOC: Config.proxyAuth.IgnoreDomains | |
1730 | #DOC_START | |
1731 | # XXX need docs | |
1732 | #DOC_END | |
1733 | ||
1734 | EOF |