]> git.ipfire.org Git - thirdparty/squid.git/blame - src/cf.data.pre
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Header file for radix.c
[thirdparty/squid.git] / src / cf.data.pre
CommitLineData
3a278cb8 1
0f74202c 2COMMENT_START
3 WELCOME TO SQUID 1.2
4 --------------------
3a278cb8 5
0f74202c 6 This is the default squid configuration file. You may wish
7 to look at http://cache.is.co.za/squid/ for documentation,
8 or the squid home page (http://squid.nlanr.net/) for the FAQ
3a278cb8 9
0f74202c 10COMMENT_END
3a278cb8 11
0f74202c 12COMMENT_START
3a278cb8 13 NETWORK OPTIONS
14 -----------------------------------------------------------------------------
0f74202c 15COMMENT_END
3a278cb8 16
934b03fc 17NAME: http_port ascii_port
18TYPE: ushortlist
f53b06f9 19DEFAULT: none
20DEFAULT_IF_NONE: 3128
934b03fc 21LOC: Config.Port.http
22DOC_START
23 The port number where squid will listen for HTTP client
24 requests. Default is 3128, for httpd-accel mode use port 80.
25 May be overridden with -a on the command line.
26
27 You may specify multiple ports here, but they MUST all be on
28 a single line.
29
30http_port 3128
31DOC_END
32
33
34NAME: icp_port udp_port
35TYPE: ushort
36DEFAULT: 3130
37LOC: Config.Port.icp
38DOC_START
39 The port number where squid send and receive ICP requests to
40 and from neighbor caches. Default is 3130. To disable use
41 "0". May be overridden with -u on the command line.
42
43icp_port 3130
44DOC_END
45
46
47NAME: mcast_groups
48TYPE: wordlist
49LOC: Config.mcast_group_list
1273d501 50DEFAULT: none
934b03fc 51DOC_START
52 This tag specifies a list of multicast groups which your
53 server should join to receive multicasted ICP requests.
54
55 NOTE! Be very careful what you put here! Be sure you
56 understand the difference between an ICP _query_ and an ICP
57 _reply_. This option is to be set only if you want to RECEIVE
58 multicast queries. Do NOT set this option to SEND multicast
a95856a0 59 ICP (use cache_peer for that). ICP replies are always sent via
934b03fc 60 unicast, so this option does not affect whether or not you will
61 receive replies from multicast group members.
62
63 You must be very careful to NOT use a multicast address which
64 is already in use by another group of caches. NLANR has been
65 assigned a block of multicast address space for use in Web
66 Caching. Plese write to us at nlanr-cache@nlanr.net to receive
67 an address for your own use.
68
69 Usage: mcast_groups 239.128.16.128 224.0.1.20
70
71 By default, squid doesn't listen on any multicast groups.
72
73mcast_groups 239.128.16.128
74DOC_END
75
76
77NAME: tcp_incoming_address bind_address
78TYPE: address
79LOC: Config.Addrs.tcp_incoming
270b86af 80DEFAULT: 0.0.0.0
934b03fc 81DOC_NONE
82
83NAME: tcp_outgoing_address outbound_address
84TYPE: address
85LOC: Config.Addrs.tcp_outgoing
270b86af 86DEFAULT: 255.255.255.255
934b03fc 87DOC_NONE
88
89NAME: udp_incoming_address
90TYPE: address
91LOC:Config.Addrs.udp_incoming
270b86af 92DEFAULT: 0.0.0.0
934b03fc 93DOC_NONE
94
95NAME: udp_outgoing_address
96TYPE: address
97LOC: Config.Addrs.udp_outgoing
270b86af 98DEFAULT: 255.255.255.255
934b03fc 99DOC_START
100 Usage: tcp_incoming_address 10.20.30.40
101 udp_outgoing_address fully.qualified.domain.name
102
934b03fc 103 tcp_incoming_address is used for the HTTP socket which accepts
104 connections from clients and other caches.
105 tcp_outgoing_address is used for connections made to remote
106 servers and other caches.
107 udp_incoming_address is used for the ICP socket receiving packets
108 from other caches.
109 udp_outgoing_address is used for ICP packets sent out to other
110 caches.
111
112 The defaults behaviour is to not bind to any specific address.
113
114 NOTE, udp_incoming_address and udp_outgoing_address can not have
115 the same value since they both use port 3130.
116
117tcp_incoming_address 0.0.0.0
118tcp_outgoing_address 0.0.0.0
119udp_incoming_address 0.0.0.0
120udp_outgoing_address 0.0.0.0
121DOC_END
122
0f74202c 123COMMENT_START
3a278cb8 124 OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
125 -----------------------------------------------------------------------------
0f74202c 126COMMENT_END
934b03fc 127
40a1495e 128NAME: cache_peer
129TYPE: peer
1273d501 130DEFAULT: none
0153d498 131LOC: Config.peers
934b03fc 132DOC_START
133 To specify other caches in a hierarchy, use the format:
134
135 hostname type http_port icp_port
136
137 For example,
138
139 # proxy icp
140 # hostname type port port options
141 # -------------------- -------- ----- ----- -----------
a95856a0 142 cache_peer bigserver.usc.edu parent 3128 3130 [proxy-only]
143 cache_peer littleguy1.usc.edu sibling 3128 3130 [proxy-only]
144 cache_peer littleguy1.usc.edu sibling 3128 3130 [proxy-only]
934b03fc 145
146 type: either 'parent', 'sibling', or 'multicast'.
147
148 proxy_port: The port number where the cache listens for proxy
149 requests.
150
151 icp_port: Used for querying neighbor caches about
152 objects. To have a non-ICP neighbor
153 specify '7' for the ICP port and make sure the
154 neighbor machine has the UDP echo port
155 enabled in its /etc/inetd.conf file.
156
157 options: proxy-only
158 weight=n
159 ttl=n
160 no-query
161 default
162 round-robin
163 multicast-responder
b3264694 164 closest-only
934b03fc 165
166 use 'proxy-only' to specify that objects fetched
167 from this cache should not be saved locally.
168
169 use 'weight=n' to specify a weighted parent.
170 The weight must be an integer. The default weight
171 is 1, larger weights are favored more.
172
173 use 'ttl=n' to specify a IP multicast TTL to use
174 when sending an ICP request to this address.
175 Only useful when sending to a multicast group.
176 Because we don't accept ICP replies from random
177 hosts, you must configure other group members as
178 peers with the 'multicast-responder' option below.
179
180 use 'no-query' to NOT send ICP queries to this
181 neighbor.
182
183 use 'default' if this is a parent cache which can
184 be used as a "last-resort." You should probably
185 only use 'default' in situations where you cannot
186 use ICP with your parent cache(s).
187
188 use 'round-robin' to define a set of parents which
189 should be used in a round-robin fashion in the
190 absence of any ICP queries.
191
192 'multicast-responder' indicates that the named peer
193 is a member of a multicast group. ICP queries will
194 not be sent directly to the peer, but ICP replies
195 will be accepted from it.
196
b3264694 197 'closest-only' indicates that, for ICP_OP_MISS
198 replies, we'll only forward CLOSEST_PARENT_MISSes
199 and never FIRST_PARENT_MISSes.
200
934b03fc 201 NOTE: non-ICP neighbors must be specified as 'parent'.
202
a95856a0 203cache_peer hostname type 3128 3130
934b03fc 204DOC_END
205
206
207NAME: cache_host_domain
208TYPE: hostdomain
f1dc9b30 209DEFAULT: none
210LOC: none
934b03fc 211DOC_START
212 Use to limit the domains for which a neighbor cache will be queried.
213 Usage:
214
215 cache_host_domain cache-host domain [domain ...]
216 cache_host_domain cache-host !domain
217
218 For example, specifying
219
220 cache_host_domain bigserver.usc.edu .edu
221
222 has the effect such that UDP query packets are sent to
223 'bigserver' only when the requested object exists on a
224 server in the .edu domain. Prefixing the domainname
225 with '!' means that the cache will be queried for objects
226 NOT in that domain.
227
228 NOTE: * Any number of domains may be given for a cache-host,
229 either on the same or separate lines.
230 * When multiple domains are given for a particular
231 cache-host, the first matched domain is applied.
232 * Cache hosts with no domain restrictions are queried
233 for all requests.
234 * There are no defaults.
235 * There is also a 'cache_host_acl' tag in the ACL
236 section.
237DOC_END
238
239
240NAME: neighbor_type_domain
241TYPE: hostdomaintype
f1dc9b30 242DEFAULT: none
243LOC: none
934b03fc 244DOC_START
245 usage: neighbor_type_domain parent|sibling domain domain ...
246
247 Modifying the neighbor type for specific domains is now
248 possible. You can treat some domains differently than the the
a95856a0 249 default neighbor type specified on the 'cache_peer' line.
934b03fc 250 Normally it should only be necessary to list domains which
251 should be treated differently because the default neighbor type
252 applies for hostnames which do not match domains listed here.
253
254EXAMPLE:
a95856a0 255 cache_peer parent cache.foo.org 3128 3130
934b03fc 256 neighbor_type_domain cache.foo.org sibling .com .net
257 neighbor_type_domain cache.foo.org sibling .au .de
258DOC_END
259
260NAME: single_parent_bypass
261COMMENT: on|off
262TYPE: onoff
f1dc9b30 263DEFAULT: off
17a0a4ee 264LOC: Config.onoff.single_parent_bypass
934b03fc 265DOC_START
266 This tag specifies that it is okay to bypass the hierarchy
267 "Pinging" when there is only a single parent for a given URL.
268
269 Usage: single_parent_bypass on|off
270
271 Before actually sending ICP "ping" packets to parents and
272 neighbors, we figure out which hosts would be pinged based
273 on the cache_host_domain rules, etc. Often it may be the
274 case that only a single parent cache would be pinged.
275
276 Since there is only a single parent, there is a very good
277 chance that we will end up fetching the object from that
278 parent. For this reason, it may be beneficial to avoid
279 the ping and just fetch the object anyway.
280
281 However, if we avoid the ping, we will be assuming that the
282 parent host is reachable and that the cache process is running.
283 By using the ping, we can be reasonably sure that the parent
284 host will be able to handle our request. If the ping fails then
285 it may be possible to fetch the object directly from the source.
286
287 To favor the resiliency provided by the ping algorithm,
288 single_parent_bypass is 'off' by default.
289
290single_parent_bypass off
291DOC_END
292
293
294NAME: source_ping
295COMMENT: on|off
296TYPE: onoff
f1dc9b30 297DEFAULT: off
17a0a4ee 298LOC: Config.onoff.source_ping
934b03fc 299DOC_START
300 If source_ping is enabled, then squid will include the source
301 provider site in its selection algorithm. This is accomplished
302 by sending ICP "HIT" packets to the UDP echo port of the source
303 host. Note that using source_ping may send a fair amount of UDP
304 traffic out on the Internet and may irritate paranoid network
305 administrators.
306
307 Note that source_ping is incompatible with inside_firewall.
308 For hosts beyond the firewall, source_ping packets will never
309 be sent.
310
311 By default, source_ping is off.
312
313source_ping off
314DOC_END
315
934b03fc 316NAME: neighbor_timeout neighbour_timeout
317COMMENT: (seconds)
9e975e4e 318DEFAULT: 2 seconds
f1dc9b30 319TYPE: time_t
934b03fc 320LOC: Config.neighborTimeout
321DOC_START
322 This controls how long to wait for replies from neighbor caches.
323 If none of the parent or neighbor caches reply before this many
324 seconds (due to dropped packets or slow links), then the object
325 request will be satisfied from the default source. The default
326 timeout is two seconds.
327
328neighbor_timeout 2 seconds
329DOC_END
330
331
332NAME: hierarchy_stoplist
333TYPE: wordlist
1273d501 334DEFAULT: none
934b03fc 335LOC: Config.hierarchy_stoplist
336DOC_START
337 A list of words which, if found in a URL, cause the object to
338 be handled directly by this cache. In other words, use this
339 to not query neighbor caches for certain objects. You may
340 list this option multiple times.
341
342 The default is to directly fetch URLs containing 'cgi-bin' or '?'.
343
344hierarchy_stoplist cgi-bin ?
345DOC_END
346
347
348NAME: cache_stoplist
349TYPE: wordlist
1273d501 350DEFAULT: none
934b03fc 351LOC: Config.cache_stoplist
352DOC_START
353 A list of words which, if found in a URL, cause the object to
354 immediately removed from the cache. In other words, use this
355 to force certain objects to never be cached. You may list this
356 option multiple times.
357
358 The default is to not cache URLs containing 'cgi-bin' or '?'.
359
360cache_stoplist cgi-bin ?
361DOC_END
362
363
364NAME: cache_stoplist_pattern
934b03fc 365TYPE: regexlist
366LOC: Config.cache_stop_relist
1273d501 367DEFAULT: none
934b03fc 368DOC_START
369 Just like 'cache_stoplist' but you can use regular expressions
370 instead of simple string matching. There is no default.
0153d498 371 Insert -i to get case-insensitive regular expressions.
934b03fc 372
373cache_stoplist_pattern
374DOC_END
375
376
0f74202c 377COMMENT_START
3a278cb8 378 OPTIONS WHICH AFFECT THE CACHE SIZE
379 -----------------------------------------------------------------------------
0f74202c 380COMMENT_END
934b03fc 381
382NAME: cache_mem
9906e724 383COMMENT: (bytes)
1b635117 384TYPE: b_size_t
9906e724 385DEFAULT: 8 MB
934b03fc 386LOC: Config.Mem.maxSize
387DOC_START
388 Maximum amout of VM used to store objects in memory.
389 This includes:
390 in-transit objects,
391 negative-cached objects,
392 "hot" objects
393 The value of cache_mem is an upper limit on the size of the
394 "in-memory object data" pool. This is a pool of 4k pages used
395 to hold object data.
396
397 In-transit objects have priority over the others. When
398 additional space is needed for incoming data, negative-cached
399 and hot objects will be released. In other words, the
400 negative-cached and hot objects will fill up any unused space
401 not needed for in-transit objects.
402
403 The values of cache_mem_low and cache_mem_high (below) can be
404 used to tune the use of the memory pool. When the high mark is
405 reached, in-transit and hot objects will be released to clear
406 space. When an object transfer is completed, it will remain in
407 memory only if the current memory usage is below the low water
408 mark.
409
410 The default is 8 Megabytes.
411
9906e724 412cache_mem 8 MB
934b03fc 413DOC_END
414
415
416NAME: cache_swap_low
417COMMENT: (percent, 0-100)
418TYPE: int
419DEFAULT: 90
420LOC: Config.Swap.lowWaterMark
421DOC_NONE
422
423NAME: cache_swap_high
424COMMENT: (percent, 0-100)
425TYPE: int
426DEFAULT: 95
427LOC: Config.Swap.highWaterMark
428DOC_START
429 The low- and high-water marks for cache LRU replacement.
430 LRU replacement begins when the high-water mark is reached
431 and ends when enough objects have been removed and the low-water
432 mark is reached. Defaults are 90% and 95%.
433
434cache_swap_low 90
435cache_swap_high 95
436DOC_END
437
438
439NAME: cache_mem_low
440COMMENT: (in percent, 0-100)
441TYPE: int
442DEFAULT: 75
443LOC: Config.Mem.lowWaterMark
444DOC_NONE
445
446NAME: cache_mem_high
447COMMENT: (in percent, 0-100)
448TYPE: int
449DEFAULT: 95
450LOC: Config.Mem.highWaterMark
451DOC_START
452 The low- and high-water mark for cache memory storage. When
453 the amount of RAM used by the hot-object RAM cache reaches this
454 point, the cache starts throwing objects out of the RAM cache
455 (but they remain on disk). Defaults are 75% and 90%.
456
457cache_mem_low 75
458cache_mem_high 90
459DOC_END
460
461
462NAME: maximum_object_size
9e975e4e 463COMMENT: (bytes)
1b635117 464TYPE: b_size_t
9906e724 465DEFAULT: 4096 KB
934b03fc 466LOC: Config.Store.maxObjectSize
467DOC_START
468 Objects larger than this size will NOT be saved on disk. The
469 value is specified in kilobytes, and the default is 4MB.
470
9906e724 471maximum_object_size 4096 KB
934b03fc 472DOC_END
473
474
475NAME: ipcache_size
476COMMENT: (number of entries)
477TYPE: int
478DEFAULT: 1024
479LOC: Config.ipcache.size
480DOC_NONE
481
482NAME: ipcache_low
483COMMENT: (percent)
484TYPE: int
485DEFAULT: 90
486LOC: Config.ipcache.low
487DOC_NONE
488
489NAME: ipcache_high
490COMMENT: (percent)
491TYPE: int
492DEFAULT: 95
493LOC: Config.ipcache.high
494DOC_START
495 The size, low-, and high-water marks for the IP cache.
496
497ipcache_size 1024
498ipcache_low 90
499ipcache_high 95
500DOC_END
501
0f74202c 502COMMENT_START
3a278cb8 503 LOGFILE PATHNAMES AND CACHE DIRECTORIES
504 -----------------------------------------------------------------------------
0f74202c 505COMMENT_END
934b03fc 506
507NAME: cache_dir
508TYPE: cachedir
f1dc9b30 509DEFAULT: none
0108d71f 510DEFAULT_IF_NONE: @DEFAULT_SWAP_DIR@ 100 16 256
f1dc9b30 511LOC: Config.cacheSwap
934b03fc 512DOC_START
513 Directory for on-disk cache storage. The cache will change into
514 this directory when running. The default is
5375428c 515 @DEFAULT_SWAP_DIR@.
934b03fc 516
517 You can specify multiple cache_dir lines to spread the
518 cache among different disk partitions.
519
5375428c 520cache_dir @DEFAULT_SWAP_DIR@ 100 16 256
934b03fc 521DOC_END
522
523
524NAME: cache_access_log
525TYPE: string
d0b98f84 526DEFAULT: @DEFAULT_ACCESS_LOG@
934b03fc 527LOC: Config.Log.access
528DOC_START
529 Logs the client request activity. Contains an entry for
530 every HTTP and ICP request received.
531
5375428c 532cache_access_log @DEFAULT_ACCESS_LOG@
934b03fc 533DOC_END
534
535
536NAME: cache_log
537TYPE: string
0153d498 538DEFAULT: @DEFAULT_CACHE_LOG@
934b03fc 539LOC: Config.Log.log
540DOC_START
541 Cache logging file. Set logging levels with "debug_options" below.
542
0153d498 543cache_log @DEFAULT_CACHE_LOG@
934b03fc 544DOC_END
545
546
547NAME: cache_store_log
548TYPE: string
0153d498 549DEFAULT: @DEFAULT_STORE_LOG@
934b03fc 550LOC: Config.Log.store
551DOC_START
552 Logs the activities of the storage manager. Shows which
553 objects are ejected from the cache, and which objects are
554 saved and for how long. To disable, enter "none".
555
0153d498 556cache_store_log @DEFAULT_STORE_LOG@
934b03fc 557DOC_END
558
559
560NAME: cache_swap_log
561TYPE: string
562LOC: Config.Log.swap
1273d501 563DEFAULT: none
934b03fc 564DOC_START
d0d3ec94 565 Location for the cache "swap.log." This log file holds the
934b03fc 566 metadata of objects saved on disk. It is used to rebuild the
567 cache during startup. Normally this file resides in the first
568 'cache_dir' directory, but you may specify an alternate
569 pathname here. Note you must give a full filename, not just
570 a directory.
571
572cache_swap_log
573DOC_END
574
575
576NAME: emulate_httpd_log
577COMMENT: on|off
578TYPE: onoff
f1dc9b30 579DEFAULT: off
17a0a4ee 580LOC: Config.onoff.common_log
934b03fc 581DOC_START
582 The Cache can emulate the log file format which many 'httpd'
583 programs use. To disable/enable this emulation, set
584 emulate_httpd_log to 'off' or 'on'. The default
585 is to use the native log format.
586
587emulate_httpd_log off
588DOC_END
589
590
591NAME: mime_table
f0b19334 592TYPE: string
0153d498 593DEFAULT: @DEFAULT_MIME_TABLE@
934b03fc 594LOC: Config.mimeTablePathname
595DOC_START
596 Pathname to Squid's MIME table which has the format
597
598 regex content-type icon content-encoding transfer-mode
599
0153d498 600mime_table @DEFAULT_MIME_TABLE@
934b03fc 601DOC_END
602
603
604NAME: log_mime_hdrs
605COMMENT: on|off
606TYPE: onoff
17a0a4ee 607LOC: Config.onoff.log_mime_hdrs
f1dc9b30 608DEFAULT: off
934b03fc 609DOC_START
610 The Cache can record both the request and the response
611 MIME headers for each HTTP transaction. The headers are
612 encoded safely and will appear as two bracketed fields
613 at the end of the access log (for either the native
614 or httpd-emulated log formats). To enable this logging
615 set log_mime_hdrs to 'on'.
616
617 NOTE: support for this may require you to define
618 LOG_FULL_HEADERS before compiling.
619
620log_mime_hdrs off
621DOC_END
622
623
624NAME: useragent_log
625TYPE: string
626LOC: Config.Log.useragent
f1dc9b30 627DEFAULT: none
934b03fc 628DOC_START
629 If compiled with "-DUSE_USERAGENT_LOG=1" Squid will write
630 the User-Agent field from HTTP requests to the filename
631 specified here. By default useragent_log is disabled.
632
633useragent_log none
634DOC_END
635
636
637NAME: pid_filename
638TYPE: string
0153d498 639DEFAULT: @DEFAULT_PID_FILE@
934b03fc 640LOC: Config.pidFilename
641DOC_START
642 A pathname to write the process-id to. To disable, enter "none".
643
0153d498 644pid_filename @DEFAULT_PID_FILE@
934b03fc 645DOC_END
646
647
648NAME: debug_options
f1dc9b30 649TYPE: eol
934b03fc 650DEFAULT: ALL,1
651LOC: Config.debugOptions
652DOC_START
653 Logging options are set as section,level where each source file
654 is assigned a unique section. Lower levels result in less
655 output, Full debugging (level 9) can result in a very large
656 log file, so be careful. The magic word "ALL" sets debugging
657 levels for all sections. We recommend normally running with
658 "ALL,1".
659
660debug_options ALL,1
661DOC_END
662
663
664NAME: ident_lookup
665COMMENT: on|off
666TYPE: onoff
f1dc9b30 667DEFAULT: off
17a0a4ee 668LOC: Config.onoff.ident_lookup
934b03fc 669DOC_START
670 If you wish to make an RFC931/ident lookup of the client username
671 for each connection, enable this. It is off by default.
672
673ident_lookup off
674DOC_END
675
676
677NAME: log_fqdn
678COMMENT: on|off
679TYPE: onoff
f1dc9b30 680DEFAULT: off
17a0a4ee 681LOC: Config.onoff.log_fqdn
934b03fc 682DOC_START
683 Turn this on if you wish to log fully qualified domain names
684 in the access.log.
685
686log_fqdn off
687DOC_END
688
689
690NAME: client_netmask
691TYPE: address
692LOC: Config.Addrs.client_netmask
f1dc9b30 693DEFAULT: 255.255.255.255
934b03fc 694DOC_START
695 A netmask for client addresses in logfiles and cachemgr output.
696 Change this to protect the privacy of your cache clients.
697
698client_netmask 255.255.255.255
699DOC_END
700
701
0f74202c 702COMMENT_START
3a278cb8 703 OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
704 -----------------------------------------------------------------------------
0f74202c 705COMMENT_END
934b03fc 706
707# TAG: ftpget_program
708# Where to find the 'ftpget' program that retrieves FTP data (HTTP
709# and Gopher protocol support are built into the cache).
710#
711# To disable ftpget and the ability to retrieve FTP objects, set
712# this to "none". Note that ftpget is automatically disabled for
713# http_accel mode.
714#
715#ftpget_program @DEFAULT_FTPGET@
716
717# TAG: ftpget_options
718# Options for the 'ftpget' program. Please run 'ftpget' without
719# any arguments to see a list of options. The default is
720# no options. An example is
721#
722# ftpget_options -n 60 -R -W
723#
724#ftpget_options
725
726NAME: ftp_user
727TYPE: string
728DEFAULT: squid@
729LOC: Config.Ftp.anon_user
730DOC_START
731 If you want the anonymous login password to be more informative
732 (and enable the use of picky ftp servers), set this to something
733 resonable for your domain, like wwwuser@somewhere.net
734
735 The reason why this is domainless by default is that the
736 request can be made on the behalf of a user in any domain,
737 depending on how the cache is used.
738 Some ftp server also validate that the email address is valid
739 (for example perl.com).
740
741ftp_user squid@
742DOC_END
743
365cb147 744NAME: ftp_list_width
1b635117 745TYPE: size_t
365cb147 746DEFAULT: 32
747LOC: Config.Ftp.list_width
748DOC_START
749ftp_list_width 32
750DOC_END
751
934b03fc 752NAME: cache_dns_program
f0b19334 753TYPE: string
0153d498 754DEFAULT: @DEFAULT_DNSSERVER@
934b03fc 755LOC: Config.Program.dnsserver
756DOC_START
757 Specify the location of the executable for dnslookup process.
758
0153d498 759cache_dns_program @DEFAULT_DNSSERVER@
934b03fc 760DOC_END
761
934b03fc 762NAME: dns_children
763TYPE: int
764DEFAULT: 5
765LOC: Config.dnsChildren
766DOC_START
767 The number of processes spawn to service DNS name lookups.
768 For heavily loaded caches on large servers, you should
769 probably increase this value to at least 10. The maximum
770 is 32. The default is 5.
771
772 To disable dnsservers, set this to 0. NOTE, this is very
773 strongly discouraged. If you disable dnsservers your Squid
774 process will BLOCK on DNS lookups!
775
776dns_children 5
777DOC_END
778
779
780NAME: dns_defnames
781COMMENT: on|off
782TYPE: onoff
f1dc9b30 783DEFAULT: off
17a0a4ee 784LOC: Config.onoff.res_defnames
934b03fc 785DOC_START
786 Normally the 'dnsserver' disables the RES_DEFNAMES resolver
787 option (see res_init(3)). This prevents caches in a hierarchy
788 from interpreting single-component hostnames locally. To allow
789 dnsserver to handle single-component names, enable this
790 option.
791
792dns_defnames off
793DOC_END
794
795
796NAME: unlinkd_program
f0b19334 797TYPE: string
0153d498 798DEFAULT: @DEFAULT_UNLINKD@
934b03fc 799LOC: Config.Program.unlinkd
800DOC_START
801 Specify the location of the executable for file deletion process.
802
0153d498 803unlinkd_program @DEFAULT_UNLINKD@
934b03fc 804DOC_END
805
806
807NAME: pinger_program
a95856a0 808TYPE: string
0153d498 809DEFAULT: @DEFAULT_PINGER@
934b03fc 810LOC: Config.Program.pinger
811DOC_START
812 Specify the location of the executable for the pinger process.
813
0153d498 814pinger_program @DEFAULT_PINGER@
934b03fc 815DOC_END
816
817
818NAME: redirect_program
f0b19334 819TYPE: string
934b03fc 820LOC: Config.Program.redirect
62607543 821DEFAULT: none
934b03fc 822DOC_START
823 Specify the location of the executable for the URL redirector.
824 Currently, you must provide your own redirector program.
825 See the Release-Notes for how to write one.
826 By default, the redirector is not used.
827
f0b19334 828redirect_program none
934b03fc 829DOC_END
830
831
832NAME: redirect_children
833TYPE: int
834DEFAULT: 5
835LOC: Config.redirectChildren
836DOC_START
837 The number of redirector processes to spawn.
838
839redirect_children 5
840DOC_END
841
0f74202c 842COMMENT_START
3a278cb8 843 OPTIONS FOR TUNING THE CACHE
844 -----------------------------------------------------------------------------
0f74202c 845COMMENT_END
934b03fc 846
0153d498 847NAME: wais_relay_host
848TYPE: string
1273d501 849DEFAULT: none
0153d498 850LOC: Config.Wais.relayHost
851DOC_NONE
934b03fc 852
0153d498 853NAME: wais_relay_port
854TYPE: ushort
855DEFAULT: 0
856LOC: Config.Wais.relayPort
934b03fc 857DOC_START
858 Relay WAIS request to host (1st arg) at port (2 arg).
859
0153d498 860wais_relay_host localhost
861wais_relay_port 8000
934b03fc 862DOC_END
863
864
865NAME: request_size
9906e724 866COMMENT: (KB)
518da0bd 867TYPE: b_size_t
9906e724 868DEFAULT: 100 KB
934b03fc 869LOC: Config.maxRequestSize
870DOC_START
871 Maximum allowed request size in kilobytes. If people are using
872 POST to upload files, then set this to the largest acceptable
873 filesize plus a few extra kbytes.
874
9906e724 875request_size 100 KB
934b03fc 876DOC_END
877
878
879NAME: refresh_pattern
934b03fc 880TYPE: refreshpattern
f1dc9b30 881LOC: Config.Refresh
1273d501 882DEFAULT: none
934b03fc 883DOC_START
884 usage: refresh_pattern regex min percent max
885
886 min and max are specified in MINUTES.
887 percent is an integer number.
888
889 Please see the file doc/Release-Notes-1.1.txt for a full
890 description of Squid's refresh algorithm. Basically a
891 cached object is:
892
893 FRESH if age < min
894 STALE if expires < now
895 STALE if age > max
896 FRESH if lm-factor < percent
897
898 The refresh_pattern lines are checked in the order listed here.
899 The first entry which matches is used. If none of the entries
900 match, then the default will be used.
901
902Default:
903refresh_pattern . 0 20% 4320
904DOC_END
905
906
907NAME: reference_age
f1dc9b30 908TYPE: time_t
934b03fc 909LOC: Config.referenceAge
f1dc9b30 910DEFAULT: 1 year
934b03fc 911DOC_START
912 As a part of normal operation, Squid performs Least Recently
913 Used removal of cached objects. The LRU age for removal is
914 computed dynamically, based on the amount of disk space in
915 use. The 'reference_age' value defines the maximum LRU age.
916 For example, setting reference_age to '1 week' will cause
917 objects to be removed if they have not been accessed for a week
918 or more. If set to zero, LRU removal is disabled, and objects
919 will be removed only when disk usage is over the high water
920 mark. The default value is one year.
921
922 Specify a number here, followed by units of time. For example:
923 1 week
924 3.5 days
925 4 months
926 2.2 hours
927
f1dc9b30 928reference_age 1 month
934b03fc 929DOC_END
930
931
0153d498 932NAME: quick_abort_min
9906e724 933COMMENT: (KB)
934TYPE: kb_size_t
9e975e4e 935DEFAULT: -1 kb
0153d498 936LOC: Config.quickAbort.min
937DOC_NONE
938
939NAME: quick_abort_pct
940COMMENT: (percent)
941TYPE: int
942DEFAULT: 0
943LOC: Config.quickAbort.pct
944DOC_NONE
945
946NAME: quick_abort_max
9906e724 947COMMENT: (KB)
948TYPE: kb_size_t
9e975e4e 949DEFAULT: 0 kb
0153d498 950LOC: Config.quickAbort.max
934b03fc 951DOC_START
952 By default the cache continues to retrieve objects from
953 aborted requests. This may be undesirable on slow (e.g. SLIP)
954 links and/or very busy caches. Impatient users may tie up
955 file descriptors by repeatedly aborting and re-requesting
956 non-cachable objects.
957
958 Usage: quick_abort min-kbytes percent max-kbytes
959
960 When the user aborts a request, Squid will check the
961 quick_abort values to the amount of data transfered until
962 then.
963
964 If the transfer has less than 'min-kbytes' remaining, it
965 will finish the retrieval. Setting minlength to -1 will
966 disable the quick_abort feature.
967
968 If the transfer has more than 'max-kbytes' remaining, it
969 will abort the retrieval.
970
971 If more than 'percent' of the transfer has completed, it will
972 finish the retrieval.
973
0153d498 974quick_abort_min -1
975quick_abort_pct 0
976quick_abort_max 0
934b03fc 977DOC_END
978
979
980NAME: negative_ttl
bc0eb004 981COMMENT: time-units
f1dc9b30 982TYPE: time_t
934b03fc 983LOC: Config.negativeTtl
9e975e4e 984DEFAULT: 5 minutes
934b03fc 985DOC_START
986 Time-to-Live (TTL) for failed requests. Certain types of
987 failures (such as "connection refused" and "404 Not Found") are
988 negatively-cached for a small amount of time. The default is 5
989 minutes. Note that this is different from negative caching of
990 DNS lookups.
991
992negative_ttl 5 minutes
993DOC_END
994
995
996NAME: positive_dns_ttl
bc0eb004 997COMMENT: time-units
f1dc9b30 998TYPE: time_t
934b03fc 999LOC: Config.positiveDnsTtl
9e975e4e 1000DEFAULT: 6 hours
934b03fc 1001DOC_START
1002 Time-to-Live (TTL) for positive caching of successful DNS lookups.
1003 Default is 6 hours (360 minutes). If you want to minimize the
1004 use of Squid's ipcache, set this to 1, not 0.
1005
9e975e4e 1006positive_dns_ttl 6 hours
934b03fc 1007DOC_END
1008
1009
1010NAME: negative_dns_ttl
bc0eb004 1011COMMENT: time-units
f1dc9b30 1012TYPE: time_t
934b03fc 1013LOC: Config.negativeDnsTtl
9e975e4e 1014DEFAULT: 5 minutes
934b03fc 1015DOC_START
1016 Time-to-Live (TTL) for negative caching of failed DNS lookups.
1017
1018negative_dns_ttl 5 minutes
1019DOC_END
1020
0f74202c 1021COMMENT_START
3a278cb8 1022 TIMEOUTS
1023 -----------------------------------------------------------------------------
0f74202c 1024COMMENT_END
934b03fc 1025
1026NAME: connect_timeout
bc0eb004 1027COMMENT: time-units
f1dc9b30 1028TYPE: time_t
934b03fc 1029LOC: Config.Timeout.connect
9e975e4e 1030DEFAULT: 2 minutes
934b03fc 1031DOC_START
1032 Some systems (notably Linux) can not be relied upon to properly
1033 time out connect(2) requests. Therefore the squid process
1034 enforces its own timeout on server connections. This parameter
1035 specifies how long to wait for the connect to complete. The
1036 default is two minutes (120 seconds).
1037
1038connect_timeout 120 seconds
1039DOC_END
1040
23d92c64 1041NAME: siteselect_timeout
1042COMMENT: time-units
1043TYPE: time_t
1044LOC: Config.Timeout.siteSelect
1045DEFAULT: 4 seconds
1046DOC_START
1047 For URN to multiple URL's URL selection
1048
1049siteselect_timeout 4 seconds
1050DOC_END
934b03fc 1051
1052NAME: read_timeout
bc0eb004 1053COMMENT: time-units
f1dc9b30 1054TYPE: time_t
934b03fc 1055LOC: Config.Timeout.read
9e975e4e 1056DEFAULT: 15 minutes
934b03fc 1057DOC_START
1058 The read_timeout is applied on server-side connections. After
1059 each successful read(), the timeout will be extended by this
1060 amount. If no data is read again after this amount of time,
1061 the request is aborted and logged with ERR_READ_TIMEOUT. The
1062 default is 15 minutes.
1063
1064read_timeout 15 minutes
1065DOC_END
1066
1067
934b03fc 1068NAME: request_timeout
f1dc9b30 1069TYPE: time_t
934b03fc 1070LOC: Config.Timeout.request
9e975e4e 1071DEFAULT: 30 seconds
934b03fc 1072DOC_START
1073 How long to wait for an HTTP request after connection
1074 establishment. For persistent connections, wait this long
1075 after the previous request completes.
1076
1077defer_timeout 30 seconds
1078DOC_END
1079
1080
1081NAME: client_lifetime
bc0eb004 1082COMMENT: time-units
f1dc9b30 1083TYPE: time_t
934b03fc 1084LOC: Config.Timeout.lifetime
9e975e4e 1085DEFAULT: 1 day
934b03fc 1086DOC_START
1087 The maximum amount of time that a client (browser) is allowed to
1088 remain connected to the cache process. This protects the Cache
1089 from having alot of sockets (and hence file descriptors) tied up
1090 in a CLOSE_WAIT state from remote clients that go away without
1091 properly shutting down (either because of a network failure or
1092 because of a poor client implementation). The default is one
1093 day, 1440 minutes.
1094
1095 NOTE: The default value is intended to be much larger than any
1096 client would ever need to be connected to your cache. You
1097 should probably change client_lifetime only as a last resort.
1098 If you seem to have many client connections tying up
1099 filedescriptors, we recommend first tuning the read_timeout,
1100 defer_timeout, and quick_abort values.
1101
1102client_lifetime 1 day
1103DOC_END
1104
603a02fd 1105NAME: pconn_timeout
1106TYPE: time_t
1107LOC: Config.Timeout.pconn
1108DEFAULT: 120 seconds
1109DOC_START
1110 Timeout for idle persistent connections to servers and other
1111 proxies.
1112pconn_timeout 120 seconds
1113DOC_END
1114
934b03fc 1115
1116NAME: shutdown_lifetime
bc0eb004 1117COMMENT: time-units
f1dc9b30 1118TYPE: time_t
934b03fc 1119LOC: Config.shutdownLifetime
9e975e4e 1120DEFAULT: 30 seconds
934b03fc 1121DOC_START
1122 When SIGTERM or SIGHUP is received, the cache is put into
1123 "shutdown pending" mode until all active sockets are closed.
1124 This value is the lifetime to set for all open descriptors
1125 during shutdown mode. Any active clients after this many
1126 seconds will receive a 'timeout' message.
1127
1128shutdown_lifetime 30 seconds
1129DOC_END
1130
0f74202c 1131COMMENT_START
3a278cb8 1132 ACCESS CONTROLS
1133 -----------------------------------------------------------------------------
0f74202c 1134COMMENT_END
934b03fc 1135
1136NAME: acl
1137TYPE: acl
f1dc9b30 1138LOC: Config.aclList
1139DEFAULT: none
934b03fc 1140DOC_START
1141 Defining an Access List
1142
1143 acl aclname acltype string1 ...
1144 acl aclname acltype "file" ...
1145
1146 when using "file", the file should contain one item per line
1147
1148 acltype is one of src dst srcdomain dstdomain url_pattern
1149 urlpath_pattern time port proto method browser user
1150
1151 acl aclname src ip-address/netmask ... (clients IP address)
1152 acl aclname src addr1-addr2/netmask ... (range of addresses)
1153 acl aclname dst ip-address/netmask ... (URL host's IP address)
1154 acl aclname srcdomain foo.com ... (taken from reverse DNS lookup)
1155 acl aclname dstdomain foo.com ... (taken from the URL)
1156 acl aclname time [day-abbrevs] [h1:m1-h2:m2]
1157 day-abbrevs:
1158 S - Sunday
1159 M - Monday
1160 T - Tuesday
1161 W - Wednesday
1162 H - Thursday
1163 F - Friday
1164 A - Saturday
1165 h1:m1 must be less than h2:m2
1166 acl aclname url_regex ^http:// ... # regex matching on whole URL
1167 acl aclname urlpath_regex \.gif$ ... # regex matching on URL path only
1168 acl aclname port 80 70 21 ...
1169 acl aclname proto HTTP FTP ...
1170 acl aclname method GET POST ...
1171 acl aclname browser regexp
1172 acl aclname user username ... # string match on ident output.
1173 # use REQUIRED to accept any
1174 # non-null ident.
afe95a7e 1175 acl aclname proxy_auth passwd_file [ refresh ]
1176 # 'passwd_file' is an Apache-style file of passwords for
1177 # authenticated proxy access. Looks like user:password, with
1178 # the password being standard crypt() format. 'refresh' is
1179 # the time in seconds to check for a changes in the file
1180 # (default = 300 secs). When using a proxy_auth ACL in an
1181 # ACL list, make sure it is the *last* in the list and the
1182 # only proxy_auth ACL in the list. NOTE: when a
1183 # Proxy-Authentication header is sent but it is not needed
1184 # during ACL checking the username is NOT logged in
1185 # access.log.
934b03fc 1186
1187acl manager proto cache_object
1188acl localhost src 127.0.0.1/255.255.255.255
1189acl all src 0.0.0.0/0.0.0.0
1190
1191acl SSL_ports port 443 563
1192acl Dangerous_ports port 7 9 19
1193acl CONNECT method CONNECT
1194DOC_END
1195
1196NAME: http_access
1197TYPE: acl_access
f1dc9b30 1198LOC: Config.accessList.http
1199DEFAULT: none
934b03fc 1200DOC_START
1201 Allowing or Denying access based on defined access lists
1202
1203 Access to the HTTP port:
1204 http_access allow|deny [!]aclname ...
1205
1206 Access to the ICP port:
1207 icp_access allow|deny [!]aclname ...
1208
1209 NOTE on default values:
1210
1211 If there are no "access" lines present, the default is to allow
1212 the request.
1213
1214 If none of the "access" lines cause a match, the default is the
1215 opposite of the last line in the list. If the last line was
1216 deny, then the default is allow. Conversely, if the last line
1217 is allow, the default will be deny. For these reasons, it is a
1218 good idea to have an "deny all" or "allow all" entry at the end
1219 of your access lists to avoid potential confusion.
1220
1221
1222 Only allow access to the cache manager functions from the local host.
1223http_access deny manager !localhost
1224http_access deny CONNECT !SSL_ports
1225http_access deny Dangerous_ports
1226
1227 Allow everything else
1228http_access allow all
1229DOC_END
1230
1231
1232NAME: icp_access
1233TYPE: acl_access
f1dc9b30 1234LOC: Config.accessList.icp
1235DEFAULT: none
934b03fc 1236DOC_START
1237 Reply to all ICP queries we receive
1238
1239icp_access allow all
1240DOC_END
1241
1242
1243NAME: miss_access
1244TYPE: acl_access
f1dc9b30 1245LOC: Config.accessList.miss
1246DEFAULT: none
934b03fc 1247DOC_START
1248 Use to force your neighbors to use you as a sibling instead of
1249 a parent. For example:
1250
1251 acl localclients src 172.16.0.0/16
1252 miss_access allow localclients
1253 miss_access deny !localclients
1254
1255 This means that only your local clients are allowed to fetch
1256 MISSES and all other clients can only fetch HITS.
1257
1258 By default, allow all clients who passed the http_access rules
1259 to fetch MISSES from us.
1260
1261miss_access allow all
1262DOC_END
1263
1264
1265NAME: cache_host_acl
f1dc9b30 1266TYPE: peeracl
1267DEFAULT: none
1268LOC: none
934b03fc 1269DOC_START
1270 Just like 'cache_host_domain' but provides more flexibility by
1271 using ACL's.
1272
1273 cache_host_acl cache-host [!]aclname ...
1274
1275 NOTE: * Any number of ACL's may be given for a cache-host,
1276 either on the same or separate lines.
1277 * When multiple ACL's are given for a particular
1278 cache-host, the first matched ACL is applied.
1279 * Cache hosts with no domain or ACL restrictions are
1280 queried for all requests.
1281 * There are no defaults.
1282DOC_END
1283
0f74202c 1284COMMENT_START
3a278cb8 1285 ADMINISTRATIVE PARAMETERS
1286 -----------------------------------------------------------------------------
0f74202c 1287COMMENT_END
934b03fc 1288
1289NAME: cache_mgr
1290TYPE: string
1291DEFAULT: webmaster
1292LOC: Config.adminEmail
1293DOC_START
1294 Email-address of local cache manager who will receive
1295 mail if the cache dies. The default is "webmaster."
1296
1297cache_mgr webmaster
1298DOC_END
1299
1300
1301NAME: cache_effective_user
0153d498 1302TYPE: string
a95856a0 1303DEFAULT: nobody
0153d498 1304LOC: Config.effectiveUser
1305DOC_NONE
1306
1307NAME: cache_effective_group
1308TYPE: string
a95856a0 1309DEFAULT: nogroup
0153d498 1310LOC: Config.effectiveGroup
934b03fc 1311DOC_START
1312 If the cache is run as root, it will change its effective/real
1313 UID/GID to the UID/GID specified below. The default is not to
1314 change UID/GID.
1315
0153d498 1316cache_effective_user nobody
1317cache_effective_group nogroup
934b03fc 1318DOC_END
1319
1320
1321NAME: visible_hostname
1322TYPE: string
1323LOC: Config.visibleHostname
f1dc9b30 1324DEFAULT: none
934b03fc 1325DOC_START
1326 If you want to present a special hostname in error messages, etc,
1327 then define this. Otherwise, the return value of gethostname()
1328 will be used.
1329
1330visible_hostname www-cache.foo.org
1331DOC_END
1332
0f74202c 1333COMMENT_START
3a278cb8 1334 OPTIONS FOR THE CACHE REGISTRATION SERVICE
1335 -----------------------------------------------------------------------------
934b03fc 1336
3a278cb8 1337 This section contains parameters for the (optional) cache
1338 announcement service. This service is provided to help
1339 cache administrators locate one another in order to join or
1340 create cache hierarchies.
934b03fc 1341
3a278cb8 1342 An 'announcement' message is sent (via UDP) to the registration
1343 service by Squid. By default, the annoucement message is NOT
1344 SENT unless you enable it with 'cache_announce' below.
1345
1346 The announcement message includes your hostname, plus the
1347 following information from this configuration file:
934b03fc 1348
3a278cb8 1349 http_port
1350 icp_port
1351 cache_mgr
1352
1353 All current information is processed regularly and made
1354 available on the Web at http://www.nlanr.net/Cache/Tracker/.
0f74202c 1355COMMENT_END
934b03fc 1356
f1dc9b30 1357NAME: announce_period
1358TYPE: time_t
1359LOC: Config.Announce.period
9e975e4e 1360DEFAULT: 1 day
934b03fc 1361DOC_START
1362 This is how frequently to send cache announcements. The default
1363 is `0' which disables sending the announcement messages.
1364
1365 To enable announcing your cache, just uncomment the line below.
1366
9e975e4e 1367announce_period 1 day
934b03fc 1368DOC_END
1369
1370
f1dc9b30 1371NAME: announce_host
1372TYPE: string
1373DEFAULT: sd.cache.nlanr.net
1374LOC: Config.Announce.host
1375DOC_NONE
1376
1377NAME: announce_port
1378TYPE: ushort
1379DEFAULT: 3131
1380LOC: Config.Announce.port
934b03fc 1381DOC_START
1382 This is the hostname and portnumber where the registration message
1383 will be sent.
1384
1385 Format: announce_to host[:port] [filename]
1386
1387 Hostname will default to 'sd.cache.nlanr.net' and port will default
1388 to 3131. If the 'filename' argument is given, the contents of that
1389 file will be included in the announce message.
1390
f1dc9b30 1391announce_host sd.cache.nlanr.net
1392announce_port 3131
934b03fc 1393DOC_END
1394
f1dc9b30 1395NAME: announce_file
f0b19334 1396TYPE: string
f1dc9b30 1397DEFAULT: /dev/null
1398LOC: Config.Announce.file
1399DOC_NONE
1400
0f74202c 1401COMMENT_START
3a278cb8 1402 HTTPD-ACCELERATOR OPTIONS
1403 -----------------------------------------------------------------------------
0f74202c 1404COMMENT_END
934b03fc 1405
f1dc9b30 1406NAME: httpd_accel_host
1407TYPE: string
1408LOC: Config.Accel.host
1409DEFAULT: none
1410DOC_NONE
1411
1412NAME: httpd_accel_port
1413TYPE: ushort
1414LOC: Config.Accel.port
5b68a4d3 1415DEFAULT: 80
934b03fc 1416DOC_START
1417 If you want to run squid as an httpd accelerator, define the
1418 host name and port number where the real HTTP server is.
1419
1420 If you want virtual host support then specify the hostname
1421 as "virtual".
1422
f1dc9b30 1423httpd_accel_host hostname
1424httpd_accel_port port
934b03fc 1425DOC_END
1426
1427
1428NAME: httpd_accel_with_proxy
1429COMMENT: on|off
1430TYPE: onoff
f1dc9b30 1431DEFAULT: off
17a0a4ee 1432LOC: Config.onoff.accel_with_proxy
934b03fc 1433DOC_START
1434 If you want to use squid as both a local httpd accelerator
1435 and as a proxy, change this to 'on'.
1436
1437httpd_accel_with_proxy off
1438DOC_END
1439
1440
1441NAME: httpd_accel_uses_host_header
1442COMMENT: on|off
1443TYPE: onoff
f1dc9b30 1444DEFAULT: off
934b03fc 1445LOC: opt_accel_uses_host
1446DOC_START
1447 HTTP/1.1 requests include a Host: header which is basically the
1448 hostname from the URL. Squid can be an accelerator for
1449 different HTTP servers by looking at this header. However,
1450 Squid does NOT check the value of the Host header, so it opens
1451 a big security hole. We recommend that this option remain
1452 disabled unless you are sure of what you are doing.
1453
1454httpd_accel_uses_host_header off
1455DOC_END
1456
0f74202c 1457COMMENT_START
3a278cb8 1458 MISCELLANEOUS
1459 -----------------------------------------------------------------------------
0f74202c 1460COMMENT_END
934b03fc 1461
1462NAME: dns_testnames
1463TYPE: wordlist
1464LOC: Config.dns_testname_list
f1dc9b30 1465DEFAULT: none
934b03fc 1466DOC_START
1467 The DNS tests exit as soon as the first site is successfully looked up
1468
1469 If you want to disable DNS tests, do not comment out or delete this
1470 list. Instead use the -D command line option
1471
1472dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu
1473DOC_END
1474
1475
1476NAME: logfile_rotate
1477TYPE: int
1478DEFAULT: 10
1479LOC: Config.Log.rotateNumber
1480DOC_START
1481 Specifies the number of logfile rotations to make upon receiving
1482 a USR1 signal. The default is 10, which will rotate with
1483 extensions 0 through 9. Setting logfile_rotate to 0 will
1484 disable the rotation, but the logfiles are still closed and
1485 re-opened. This will enable you to rename the logfiles yourself
1486 just before sending a USR1 signal to the squid process.
1487
1488logfile_rotate 10
1489DOC_END
1490
1491
1492NAME: append_domain
f1dc9b30 1493TYPE: string
1494LOC: Config.appendDomain
1495DEFAULT: none
934b03fc 1496DOC_START
1497 Appends local domain name to hostnames without any dots in them.
1498 append_domain must begin with a period.
1499
1500append_domain .yourdomain.com
1501DOC_END
1502
1503
1504NAME: tcp_recv_bufsize
89de058c 1505COMMENT: (bytes)
1b635117 1506TYPE: b_size_t
89de058c 1507DEFAULT: 0 bytes
934b03fc 1508LOC: Config.tcpRcvBufsz
1509DOC_START
1510 Size of receive buffer to set for TCP sockets. Probably just
1511 as easy to change your kernel's default. Set to zero to use
1512 the default buffer size.
1513
89de058c 1514tcp_recv_bufsize 0 bytes
934b03fc 1515DOC_END
1516
934b03fc 1517NAME: err_html_text
f1dc9b30 1518TYPE: eol
1519LOC: Config.errHtmlText
1520DEFAULT: none
934b03fc 1521DOC_START
1522 HTML text to include in error messages. Make this a "mailto"
1523 URL to your admin address, or maybe just a link to your
1524 organizations Web page.
1525
1526err_html_text
1527DOC_END
1528
1529
1530NAME: deny_info
1531TYPE: denyinfo
1532LOC: Config.denyInfoList
f1dc9b30 1533DEFAULT: none
934b03fc 1534DOC_START
1535 Usage: deny_info URL acl
1536
1537 This can be used to return a HTTP redirect for requests which
1538 do not pass the 'http_access' rules. A single ACL will cause
1539 the http_access check to fail. If a 'deny_info' line exists
1540 for that ACL then Squid returns a redirect to the given URL.
1541DOC_END
1542
1543
1544NAME: udp_hit_obj
1545COMMENT: on|off
1546TYPE: onoff
f1dc9b30 1547DEFAULT: off
934b03fc 1548LOC: opt_udp_hit_obj
1549DOC_START
1550 If set, Squid will request UDP_HIT_OBJ replies from its
1551 neighbors. UDP_HIT_OBJ is nice because it saves bandwidth, but
1552 it can cause some other problems. For one it complicates
1553 calculating hit rates. Also, problems arise because the ICP
1554 query does not contain any HTTP request headers which may
1555 affect the reply.
1556
1557udp_hit_obj off
1558DOC_END
1559
1560
1561NAME: udp_hit_obj_size
89de058c 1562COMMENT: (bytes)
1b635117 1563TYPE: b_size_t
934b03fc 1564LOC: Config.udpMaxHitObjsz
89de058c 1565DEFAULT: 0 bytes
934b03fc 1566DOC_START
1567 If set, Squid will limit UDP_HIT_OBJ size to be less than
1568 this value. Setting this value to more than SQUID_UDP_SO_SNDBUF
1569 will not work as expected. Set to zero to select the size
1570 permited by the socket.
89de058c 1571udp_hit_obj_size 0 bytes
934b03fc 1572DOC_END
1573
1574
1575NAME: memory_pools
1576COMMENT: on|off
1577TYPE: onoff
f1dc9b30 1578DEFAULT: on
934b03fc 1579LOC: opt_mem_pools
1580DOC_START
1581 If set, Squid will keep pools of allocated (but unused) memory
1582 available for future use. If memory is a premium on your
1583 system, disable this.
1584
1585memory_pools on
1586DOC_END
1587
1588NAME: forwarded_for
1589COMMENT: on|off
1590TYPE: onoff
f1dc9b30 1591DEFAULT: on
934b03fc 1592LOC: opt_forwarded_for
1593DOC_START
1594 If set, Squid will include your system's IP address or name
1595 in the HTTP requests it forwards. By default it looks like
1596 this:
1597
1598 X-Forwarded-For: 192.1.2.3
1599
1600 If you disable this, it will appear as
1601
1602 X-Forwarded-For: unknown
1603
1604forwarded_for on
1605DOC_END
1606
1607NAME: log_icp_queries
1608COMMENT: on|off
1609TYPE: onoff
f1dc9b30 1610DEFAULT: on
17a0a4ee 1611LOC: Config.onoff.log_udp
934b03fc 1612DOC_START
1613 If set, ICP queries are logged to access.log. ICP logging
1614 is enabled by default, so uncomment and change the line
1615 below to disable it.
1616
1617log_icp_queries on
1618DOC_END
1619
88738790 1620NAME: icp_hit_stale
1621COMMENT: on|off
1622TYPE: onoff
1623DEFAULT: off
17a0a4ee 1624LOC: Config.onoff.icp_hit_stale
88738790 1625DOC_START
1626 If you want to return ICP_HIT for stale cache objects, set this
1627 option to 'on'. If you have sibling relationships with caches
1628 in other administrative domains, this should be 'off'. If you only
1629 have sibling relationships with caches under your control, then
1630 it is probably okay to set this to 'on'.
1631
1632icp_hit_stale off
1633DOC_END
1634
934b03fc 1635
1636NAME: minimum_direct_hops
1637TYPE: int
1638DEFAULT: 4
1639LOC: Config.minDirectHops
1640DOC_START
1641 If using the ICMP pinging stuff, do direct fetches for sites
1642 which are no more than this many hops away.
1643
1644minimum_direct_hops 4
1645DOC_END
1646
1647
1648NAME: cachemgr_passwd
1649TYPE: cachemgrpasswd
86101e40 1650DEFAULT: none
f1dc9b30 1651LOC: Config.passwd_list
934b03fc 1652DOC_START
1653 Specify passwords for cachemgr operations.
1654
1655 Usage: cachemgr_passwd password action action ...
1656
1657 valid actions are:
1658 shutdown *
1659 info
1660 stats/objects
1661 stats/vm_objects
1662 stats/utilization
1663 stats/ipcache
1664 stats/fqdncache
1665 stats/dns
1666 stats/redirector
1667 stats/io
1668 stats/reply_headers
1669 stats/filedescriptors
1670 stats/netdb
1671 log/status *
1672 log/enable *
1673 log/disable *
1674 log/clear *
1675 log *
1676 parameter
1677 server_list
1678 client_list
1679 squid.conf *
1680
1681 * Indicates actions which will not be performed without a
1682 valid password, others can be performed if not listed here.
1683
1684 To disable an action, set the password to "disable".
1685 To allow performing an action without a password, set the
1686 password to "none".
1687
1688 Use the keyword "all" to set the same password for all actions.
1689
1690cachemgr_passwd secret shutdown
1691cachemgr_passwd lesssssssecret info stats/objects
1692cachemgr_passwd disable all
1693DOC_END
1694
1695
1696# TAG: swap_level1_dirs
1697# Number of first-level directories to create for storing cached
1698# objects. Minimum 1, maximum 256, default 16.
1699#
1700#swap_level1_dirs 16
1701
1702# TAG: swap_level2_dirs
1703# Number of sub-directories to create under each first-level
1704# directory. Minimum 1, maximum 256, default 256.
1705#
1706#swap_level2_dirs 256
1707
1708NAME: store_avg_object_size
86101e40 1709COMMENT: (kbytes)
1710TYPE: kb_size_t
89de058c 1711DEFAULT: 20 KB
934b03fc 1712LOC: Config.Store.avgObjectSize
1713DOC_START
1714 Average object size, used to estimate number of objects your
1715 cache can hold. See doc/Release-Notes-1.1.txt. The default is
1716 20K.
1717
89de058c 1718store_avg_object_size 20 KB
934b03fc 1719DOC_END
1720
1721NAME: store_objects_per_bucket
1722TYPE: int
1723DEFAULT: 50
1724LOC: Config.Store.objectsPerBucket
1725DOC_START
1726 Target number of objects per bucket in the store hash table.
1727 Lowering this value increases the total number of buckets and
1728 also the storage maintenance rate. The default is 20.
1729
1730store_objects_per_bucket 20
1731DOC_END
1732
1733
1734NAME: http_anonymizer
1735TYPE: httpanonymizer
17a0a4ee 1736LOC: Config.onoff.anonymizer
f1dc9b30 1737DEFAULT: off
934b03fc 1738DOC_START
1739 If you want to filter out certain HTTP request headers for
1740 privacy reasons, enable this option. There are three
1741 appropriate settings:
1742 'off' All HTTP request headers are passed.
1743 'standard' Specific headers are removed
1744 'paranoid' Only specific headers are allowed.
1745 To see which headers are allowed or denied, please see the
1746 http-anon.c source file.
1747
1748http_anonymizer off
1749DOC_END
1750
1751
1752NAME: client_db
1753COMMENT: on|off
1754TYPE: onoff
f1dc9b30 1755DEFAULT: on
17a0a4ee 1756LOC: Config.onoff.client_db
934b03fc 1757DOC_START
1758 If you want to disable collecting per-client statistics, then
1759 turn off client_db here.
1760
1761client_db on
1762DOC_END
1763
1764
1765NAME: netdb_low
1766TYPE: int
1767DEFAULT: 900
1768LOC: Config.Netdb.low
1769DOC_NONE
1770
1771NAME: netdb_high
1772TYPE: int
1773DEFAULT: 1000
1774LOC: Config.Netdb.high
1775DOC_START
1776 The low and high water marks for the ICMP measurement
1777 database. These are counts, not percents. The defaults are
1778 900 and 1000. When the high water mark is reached, database
1779 entries will be deleted until the low mark is reached.
1780
1781netdb_low 900
1782netdb_high 1000
1783DOC_END
1784
1785
1786NAME: netdb_ping_period
f1dc9b30 1787TYPE: time_t
934b03fc 1788LOC: Config.Netdb.period
9e975e4e 1789DEFAULT: 5 minutes
934b03fc 1790DOC_START
1791 The minimum period for measuring a site. There will be at
1792 least this much delay between successive pings to the same
1793 network. The default is five minutes.
1794
1795netdb_ping_period 5 minutes
1796DOC_END
1797
1798
1799NAME: query_icmp
1800COMMENT: on|off
1801TYPE: onoff
f1dc9b30 1802DEFAULT: off
17a0a4ee 1803LOC: Config.onoff.query_icmp
934b03fc 1804DOC_START
1805 If you want to ask your peers to include ICMP data in their ICP
1806 replies, enable this option.
1807
1808 If your peer has built squid with '-DUSE_ICMP=1' then that peer
1809 will send ICMP pings to origin server sites of the URLs it
1810 receives. If you enable this option then the ICP replies from
1811 that peer will include the ICMP data (if available). Then,
1812 when choosing a parent cache, Squid will choose the parent with
1813 the minimal RTT to the origin server. When this happens, the
1814 hierarchy field of the access.log will be
1815 "CLOSEST_PARENT_MISS". This option is off by default.
1816
1817query_icmp off
1818DOC_END
1819
78f1250a 1820NAME: buffered_logs
1821COMMENT: on|off
1822TYPE: onoff
1823DEFAULT: off
17a0a4ee 1824LOC: Config.onoff.buffered_logs
78f1250a 1825DOC_START
1826 Some log files (cache.log, useragent.log) are written with
1827 stdio functions, and as such they can be buffered or
1828 unbuffered. By default they will be unbuffered.
1829buffered_logs off
1830DOC_END
1831
934b03fc 1832NAME: always_direct
1833TYPE: acl_access
1834LOC: Config.accessList.AlwaysDirect
f1dc9b30 1835DEFAULT: none
934b03fc 1836DOC_START
1837 XXX need docs
1838DOC_END
1839
1840NAME: never_direct
1841TYPE: acl_access
1842LOC: Config.accessList.NeverDirect
f1dc9b30 1843DEFAULT: none
934b03fc 1844DOC_START
1845 XXX need docs
1846DOC_END
1847
1848#NAME: proxy_auth_ignore
1849#TYPE: regexplist_icase
1850#LOC: Config.proxyAuth.IgnoreDomains
1851#DOC_START
1852# XXX need docs
1853#DOC_END
1854
88738790 1855NAME: fake_user_agent
1856TYPE: eol
1857LOC: Config.fake_ua
1858DEFAULT: none
1859DOC_START
1860 If you use the paranoid http_anonymizer setting, Squid will strip
1861 your User-agent string from the request. Some Web servers will
1862 refuse your request without a User-agent string. Use this to
1863 fake one up. For example:
1864
1865 fake_user_agent Nutscrape/1.0 (CP/M; 8-bit)
1866 (credit to Paul Southworth pauls@etext.org for this one!)
1867
1868fake_user_agent none
1869DOC_END
1870
365cb147 1871NAME: icon_directory
f0b19334 1872TYPE: string
365cb147 1873LOC: Config.icons.directory
1874DEFAULT: @DEFAULT_ICON_DIR@
1875DOC_START
1876 XXX
1877DOC_END
1878
9b312a19 1879NAME: error_directory
f0b19334 1880TYPE: string
9b312a19 1881LOC: Config.errorDirectory
1882DEFAULT: @DEFAULT_ERROR_DIR@
1883DOC_START
1884 XXX
1885DOC_END
1886
365cb147 1887NAME: icon_content_type
1888TYPE: string
1889LOC: Config.icons.content_type
1890DEFAULT: image/gif
1891DOC_START
1892 XXX
1893DOC_END
88738790 1894
22c653cd 1895NAME: minimum_retry_timeout
1896COMMENT: (seconds)
1897TYPE: time_t
1898LOC: Config.retry.timeout
1899DEFAULT: 5 seconds
1900DOC_START
1901 This specifies the minimum connect timeout, for when the
1902 connect timeout is reduced to compensate for the availability
1903 of multiple IP addresses.
1904
1905 When a connection to a host is initiated, and that host
1906 has several IP addresses, the default connection timeout
1907 is reduced by dividing it by the number of addresses. So,
1908 a site with 15 addresses would then have a timeout of 8
1909 seconds for each address attempted. To avoid having the
1910 timeout reduced to the point where even a working host
1911 would not have a chance to respond, this setting is provided.
1912 The default, and the minimum value, is five seconds, and
1913 the maximum value is sixty seconds, or half of connect_timeout,
1914 whichever is greater and less than connect_timeout.
1915
1916minimum_retry_timeout 5
1917DOC_END
1918
1919NAME: maximum_single_addr_tries
1920TYPE: int
1921LOC: Config.retry.maxtries
1922DEFAULT: 3
1923DOC_START
1924 This sets the maximum number of connection attempts for a
1925 host that only has one address (for multiple-address hosts,
1926 each address is tried once).
1927
1928 The default value is three tries, the (not recommended)
1929 maximum is 255 tries. A warning message will be generated
1930 if it is set to a value greater than ten.
1931
1932maximum_single_addr_tries 3
1933DOC_END
6d1c0d53 1934
a97cfa48 1935NAME: snmp_port
1936TYPE: ushort
1937LOC: Config.Port.snmp
1938DEFAULT: 3401
1df370e3 1939IFDEF: SQUID_SNMP
a97cfa48 1940DOC_START
1941 Port for snmp. <=0 to disable.
1942DOC_END
1943
1944NAME: snmp_config_file
1945TYPE: string
1946LOC: Config.Snmp.configFile
1947DEFAULT: @DEFAULT_SNMP_CONF@
1df370e3 1948IFDEF: SQUID_SNMP
a97cfa48 1949DOC_START
1950 External snmp configuration file, CMU-snmpd style.
1951DOC_END
1952
1953NAME: snmp_do_queueing
1954TYPE: onoff
1955LOC: Config.Snmp.do_queueing
1956DEFAULT: on
1df370e3 1957IFDEF: SQUID_SNMP
a97cfa48 1958DOC_START
1959 If disabled, snmp packets will not be queued but delivered
1960 immediately. This could be performant when you want to monitor
1961 a cache in trouble, but this could also bring squid to block.
1962DOC_END
1963
1964NAME: forward_snmpd_port
1965TYPE: ushort
1966LOC: Config.Snmp.localPort
1967DEFAULT: 0
1df370e3 1968IFDEF: SQUID_SNMP
a97cfa48 1969DOC_START
1970 This configures whether we should be forwarding SNMP requests
1971 to another snmpd. The reason for putting this piece of functionality
1972 into squid was to enable access to the system's installed
1973 snmpd with minimal changes.
1974 This option is turned off by default, check with your /etc/services
1975 for your system's snmp port (usually 161).
1976 We do not use getservbyname() to allow you to set squid into port 161
1977 and your system's snmpd to another port by changing /etc/services.
1978
1979 WARNING: Because of squid acting as a proxy snmpd for system
1980 you have to do security checks on THIS snmpd for all objects.
1981 Check your snmp_config_file
1982DOC_END
1983
1984NAME: snmp_mib_path
1985TYPE: string
1986LOC: Config.Snmp.mibPath
1987DEFAULT: @DEFAULT_MIB_PATH@
1df370e3 1988IFDEF: SQUID_SNMP
a97cfa48 1989DOC_START
1990 The location of squid's mib.
1991DOC_END
1992
4feb7b2e 1993NAME: snmp_port
1994TYPE: ushort
1995LOC: Config.Port.snmp
1996DEFAULT: 3401
1df370e3 1997IFDEF: SQUID_SNMP
4feb7b2e 1998DOC_START
1999 Port for snmp. <=0 to disable.
2000DOC_END
2001
2002NAME: snmp_config_file
2003TYPE: string
2004LOC: Config.Snmp.configFile
2005DEFAULT: @DEFAULT_SNMP_CONF@
1df370e3 2006IFDEF: SQUID_SNMP
4feb7b2e 2007DOC_START
2008 External snmp configuration file, CMU-snmpd style.
2009DOC_END
2010
2011NAME: snmp_do_queueing
2012TYPE: onoff
2013LOC: Config.Snmp.do_queueing
2014DEFAULT: on
1df370e3 2015IFDEF: SQUID_SNMP
4feb7b2e 2016DOC_START
2017 If disabled, snmp packets will not be queued but delivered
2018 immediately. This could be performant when you want to monitor a
2019 cache in trouble, but this could also bring squid to block.
2020DOC_END
1df370e3 2021
4feb7b2e 2022NAME: forward_snmpd_port
2023TYPE: ushort
2024LOC: Config.Snmp.localPort
2025DEFAULT: 0
1df370e3 2026IFDEF: SQUID_SNMP
4feb7b2e 2027DOC_START
2028 This configures whether we should be forwarding SNMP requests to
2029 another snmpd. The reason for putting this piece of
2030 functionality into squid was to enable access to the system's
2031 installed snmpd with minimal changes. This option is turned off
2032 by default, check with your /etc/services for your system's snmp
2033 port (usually 161). We do not use getservbyname() to allow you
2034 to set squid into port 161 and your system's snmpd to another
2035 port by changing /etc/services. WARNING: Because of squid
2036 acting as a proxy snmpd for system you have to do security
2037 checks on THIS snmpd for all objects. Check your
2038 snmp_config_file
2039DOC_END
2040
a97cfa48 2041NAME: trap_sink
4feb7b2e 2042TYPE: string
a97cfa48 2043LOC: Config.Snmp.trap_sink
2044DEFAULT: 127.0.0.1
1df370e3 2045IFDEF: SQUID_SNMP
4feb7b2e 2046DOC_START
a97cfa48 2047 Hostname or ip address of trap sink for snmp
4feb7b2e 2048DOC_END
2049
a97cfa48 2050NAME: snmp_trap_community
2051TYPE: string
2052LOC: Config.Snmp.trap_community
2053DEFAULT: public
1df370e3 2054IFDEF: SQUID_SNMP
a97cfa48 2055DOC_START
2056 Community name for traps
2057DOC_END
2058
2059NAME: snmp_enable_authen_traps
2060TYPE: onoff
2061LOC: Config.Snmp.conf_authtraps
2062DEFAULT: off
1df370e3 2063IFDEF: SQUID_SNMP
a97cfa48 2064DOC_START
2065 Enable SNMP authenticated traps
2066DOC_END
2067
2068NAME: snmp_agent_conf
2069TYPE: snmp_conf
2070LOC: Config.Snmp.snmpconf
2071DEFAULT: none
1df370e3 2072IFDEF: SQUID_SNMP
a97cfa48 2073DOC_START
2074 Define snmp views, users and communities
2075 Example:
2076 snmp_agent_conf view all .1.3.6 included
2077 snmp_agent_conf view squid .1.3.6 included
2078 snmp_agent_conf user squid - all all public
2079 snmp_agent_conf user all all all all squid
2080 snmp_agent_conf community public squid squid
2081 snmp_agent_conf community readwrite all all
2082DOC_END
4feb7b2e 2083
6d1c0d53 2084EOF
Mirror of https://github.com/squid-cache/squid.git