]>
Commit | Line | Data |
---|---|---|
934b03fc | 1 | NAME: http_port ascii_port |
2 | TYPE: ushortlist | |
3 | DEFAULT: 3128 | |
4 | LOC: Config.Port.http | |
5 | DOC_START | |
6 | The port number where squid will listen for HTTP client | |
7 | requests. Default is 3128, for httpd-accel mode use port 80. | |
8 | May be overridden with -a on the command line. | |
9 | ||
10 | You may specify multiple ports here, but they MUST all be on | |
11 | a single line. | |
12 | ||
13 | http_port 3128 | |
14 | DOC_END | |
15 | ||
16 | ||
17 | NAME: icp_port udp_port | |
18 | TYPE: ushort | |
19 | DEFAULT: 3130 | |
20 | LOC: Config.Port.icp | |
21 | DOC_START | |
22 | The port number where squid send and receive ICP requests to | |
23 | and from neighbor caches. Default is 3130. To disable use | |
24 | "0". May be overridden with -u on the command line. | |
25 | ||
26 | icp_port 3130 | |
27 | DOC_END | |
28 | ||
29 | ||
30 | NAME: mcast_groups | |
31 | TYPE: wordlist | |
32 | LOC: Config.mcast_group_list | |
1273d501 | 33 | DEFAULT: none |
934b03fc | 34 | DOC_START |
35 | This tag specifies a list of multicast groups which your | |
36 | server should join to receive multicasted ICP requests. | |
37 | ||
38 | NOTE! Be very careful what you put here! Be sure you | |
39 | understand the difference between an ICP _query_ and an ICP | |
40 | _reply_. This option is to be set only if you want to RECEIVE | |
41 | multicast queries. Do NOT set this option to SEND multicast | |
42 | ICP (use cache_host for that). ICP replies are always sent via | |
43 | unicast, so this option does not affect whether or not you will | |
44 | receive replies from multicast group members. | |
45 | ||
46 | You must be very careful to NOT use a multicast address which | |
47 | is already in use by another group of caches. NLANR has been | |
48 | assigned a block of multicast address space for use in Web | |
49 | Caching. Plese write to us at nlanr-cache@nlanr.net to receive | |
50 | an address for your own use. | |
51 | ||
52 | Usage: mcast_groups 239.128.16.128 224.0.1.20 | |
53 | ||
54 | By default, squid doesn't listen on any multicast groups. | |
55 | ||
56 | mcast_groups 239.128.16.128 | |
57 | DOC_END | |
58 | ||
59 | ||
60 | NAME: tcp_incoming_address bind_address | |
61 | TYPE: address | |
62 | LOC: Config.Addrs.tcp_incoming | |
270b86af | 63 | DEFAULT: 0.0.0.0 |
934b03fc | 64 | DOC_NONE |
65 | ||
66 | NAME: tcp_outgoing_address outbound_address | |
67 | TYPE: address | |
68 | LOC: Config.Addrs.tcp_outgoing | |
270b86af | 69 | DEFAULT: 255.255.255.255 |
934b03fc | 70 | DOC_NONE |
71 | ||
72 | NAME: udp_incoming_address | |
73 | TYPE: address | |
74 | LOC:Config.Addrs.udp_incoming | |
270b86af | 75 | DEFAULT: 0.0.0.0 |
934b03fc | 76 | DOC_NONE |
77 | ||
78 | NAME: udp_outgoing_address | |
79 | TYPE: address | |
80 | LOC: Config.Addrs.udp_outgoing | |
270b86af | 81 | DEFAULT: 255.255.255.255 |
934b03fc | 82 | DOC_START |
83 | Usage: tcp_incoming_address 10.20.30.40 | |
84 | udp_outgoing_address fully.qualified.domain.name | |
85 | ||
934b03fc | 86 | tcp_incoming_address is used for the HTTP socket which accepts |
87 | connections from clients and other caches. | |
88 | tcp_outgoing_address is used for connections made to remote | |
89 | servers and other caches. | |
90 | udp_incoming_address is used for the ICP socket receiving packets | |
91 | from other caches. | |
92 | udp_outgoing_address is used for ICP packets sent out to other | |
93 | caches. | |
94 | ||
95 | The defaults behaviour is to not bind to any specific address. | |
96 | ||
97 | NOTE, udp_incoming_address and udp_outgoing_address can not have | |
98 | the same value since they both use port 3130. | |
99 | ||
100 | tcp_incoming_address 0.0.0.0 | |
101 | tcp_outgoing_address 0.0.0.0 | |
102 | udp_incoming_address 0.0.0.0 | |
103 | udp_outgoing_address 0.0.0.0 | |
104 | DOC_END | |
105 | ||
106 | ||
107 | # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM | |
108 | #----------------------------------------------------------------------------- | |
109 | ||
40a1495e | 110 | NAME: cache_peer |
111 | TYPE: peer | |
1273d501 | 112 | DEFAULT: none |
0153d498 | 113 | LOC: Config.peers |
934b03fc | 114 | DOC_START |
115 | To specify other caches in a hierarchy, use the format: | |
116 | ||
117 | hostname type http_port icp_port | |
118 | ||
119 | For example, | |
120 | ||
121 | # proxy icp | |
122 | # hostname type port port options | |
123 | # -------------------- -------- ----- ----- ----------- | |
124 | cache_host bigserver.usc.edu parent 3128 3130 [proxy-only] | |
125 | cache_host littleguy1.usc.edu sibling 3128 3130 [proxy-only] | |
126 | cache_host littleguy1.usc.edu sibling 3128 3130 [proxy-only] | |
127 | ||
128 | type: either 'parent', 'sibling', or 'multicast'. | |
129 | ||
130 | proxy_port: The port number where the cache listens for proxy | |
131 | requests. | |
132 | ||
133 | icp_port: Used for querying neighbor caches about | |
134 | objects. To have a non-ICP neighbor | |
135 | specify '7' for the ICP port and make sure the | |
136 | neighbor machine has the UDP echo port | |
137 | enabled in its /etc/inetd.conf file. | |
138 | ||
139 | options: proxy-only | |
140 | weight=n | |
141 | ttl=n | |
142 | no-query | |
143 | default | |
144 | round-robin | |
145 | multicast-responder | |
b3264694 | 146 | closest-only |
934b03fc | 147 | |
148 | use 'proxy-only' to specify that objects fetched | |
149 | from this cache should not be saved locally. | |
150 | ||
151 | use 'weight=n' to specify a weighted parent. | |
152 | The weight must be an integer. The default weight | |
153 | is 1, larger weights are favored more. | |
154 | ||
155 | use 'ttl=n' to specify a IP multicast TTL to use | |
156 | when sending an ICP request to this address. | |
157 | Only useful when sending to a multicast group. | |
158 | Because we don't accept ICP replies from random | |
159 | hosts, you must configure other group members as | |
160 | peers with the 'multicast-responder' option below. | |
161 | ||
162 | use 'no-query' to NOT send ICP queries to this | |
163 | neighbor. | |
164 | ||
165 | use 'default' if this is a parent cache which can | |
166 | be used as a "last-resort." You should probably | |
167 | only use 'default' in situations where you cannot | |
168 | use ICP with your parent cache(s). | |
169 | ||
170 | use 'round-robin' to define a set of parents which | |
171 | should be used in a round-robin fashion in the | |
172 | absence of any ICP queries. | |
173 | ||
174 | 'multicast-responder' indicates that the named peer | |
175 | is a member of a multicast group. ICP queries will | |
176 | not be sent directly to the peer, but ICP replies | |
177 | will be accepted from it. | |
178 | ||
b3264694 | 179 | 'closest-only' indicates that, for ICP_OP_MISS |
180 | replies, we'll only forward CLOSEST_PARENT_MISSes | |
181 | and never FIRST_PARENT_MISSes. | |
182 | ||
934b03fc | 183 | NOTE: non-ICP neighbors must be specified as 'parent'. |
184 | ||
185 | cache_host hostname type 3128 3130 | |
186 | DOC_END | |
187 | ||
188 | ||
189 | NAME: cache_host_domain | |
190 | TYPE: hostdomain | |
f1dc9b30 | 191 | DEFAULT: none |
192 | LOC: none | |
934b03fc | 193 | DOC_START |
194 | Use to limit the domains for which a neighbor cache will be queried. | |
195 | Usage: | |
196 | ||
197 | cache_host_domain cache-host domain [domain ...] | |
198 | cache_host_domain cache-host !domain | |
199 | ||
200 | For example, specifying | |
201 | ||
202 | cache_host_domain bigserver.usc.edu .edu | |
203 | ||
204 | has the effect such that UDP query packets are sent to | |
205 | 'bigserver' only when the requested object exists on a | |
206 | server in the .edu domain. Prefixing the domainname | |
207 | with '!' means that the cache will be queried for objects | |
208 | NOT in that domain. | |
209 | ||
210 | NOTE: * Any number of domains may be given for a cache-host, | |
211 | either on the same or separate lines. | |
212 | * When multiple domains are given for a particular | |
213 | cache-host, the first matched domain is applied. | |
214 | * Cache hosts with no domain restrictions are queried | |
215 | for all requests. | |
216 | * There are no defaults. | |
217 | * There is also a 'cache_host_acl' tag in the ACL | |
218 | section. | |
219 | DOC_END | |
220 | ||
221 | ||
222 | NAME: neighbor_type_domain | |
223 | TYPE: hostdomaintype | |
f1dc9b30 | 224 | DEFAULT: none |
225 | LOC: none | |
934b03fc | 226 | DOC_START |
227 | usage: neighbor_type_domain parent|sibling domain domain ... | |
228 | ||
229 | Modifying the neighbor type for specific domains is now | |
230 | possible. You can treat some domains differently than the the | |
231 | default neighbor type specified on the 'cache_host' line. | |
232 | Normally it should only be necessary to list domains which | |
233 | should be treated differently because the default neighbor type | |
234 | applies for hostnames which do not match domains listed here. | |
235 | ||
236 | EXAMPLE: | |
237 | cache_host parent cache.foo.org 3128 3130 | |
238 | neighbor_type_domain cache.foo.org sibling .com .net | |
239 | neighbor_type_domain cache.foo.org sibling .au .de | |
240 | DOC_END | |
241 | ||
242 | NAME: single_parent_bypass | |
243 | COMMENT: on|off | |
244 | TYPE: onoff | |
f1dc9b30 | 245 | DEFAULT: off |
17a0a4ee | 246 | LOC: Config.onoff.single_parent_bypass |
934b03fc | 247 | DOC_START |
248 | This tag specifies that it is okay to bypass the hierarchy | |
249 | "Pinging" when there is only a single parent for a given URL. | |
250 | ||
251 | Usage: single_parent_bypass on|off | |
252 | ||
253 | Before actually sending ICP "ping" packets to parents and | |
254 | neighbors, we figure out which hosts would be pinged based | |
255 | on the cache_host_domain rules, etc. Often it may be the | |
256 | case that only a single parent cache would be pinged. | |
257 | ||
258 | Since there is only a single parent, there is a very good | |
259 | chance that we will end up fetching the object from that | |
260 | parent. For this reason, it may be beneficial to avoid | |
261 | the ping and just fetch the object anyway. | |
262 | ||
263 | However, if we avoid the ping, we will be assuming that the | |
264 | parent host is reachable and that the cache process is running. | |
265 | By using the ping, we can be reasonably sure that the parent | |
266 | host will be able to handle our request. If the ping fails then | |
267 | it may be possible to fetch the object directly from the source. | |
268 | ||
269 | To favor the resiliency provided by the ping algorithm, | |
270 | single_parent_bypass is 'off' by default. | |
271 | ||
272 | single_parent_bypass off | |
273 | DOC_END | |
274 | ||
275 | ||
276 | NAME: source_ping | |
277 | COMMENT: on|off | |
278 | TYPE: onoff | |
f1dc9b30 | 279 | DEFAULT: off |
17a0a4ee | 280 | LOC: Config.onoff.source_ping |
934b03fc | 281 | DOC_START |
282 | If source_ping is enabled, then squid will include the source | |
283 | provider site in its selection algorithm. This is accomplished | |
284 | by sending ICP "HIT" packets to the UDP echo port of the source | |
285 | host. Note that using source_ping may send a fair amount of UDP | |
286 | traffic out on the Internet and may irritate paranoid network | |
287 | administrators. | |
288 | ||
289 | Note that source_ping is incompatible with inside_firewall. | |
290 | For hosts beyond the firewall, source_ping packets will never | |
291 | be sent. | |
292 | ||
293 | By default, source_ping is off. | |
294 | ||
295 | source_ping off | |
296 | DOC_END | |
297 | ||
298 | ||
299 | NAME: neighbor_timeout neighbour_timeout | |
300 | COMMENT: (seconds) | |
9e975e4e | 301 | DEFAULT: 2 seconds |
f1dc9b30 | 302 | TYPE: time_t |
934b03fc | 303 | LOC: Config.neighborTimeout |
304 | DOC_START | |
305 | This controls how long to wait for replies from neighbor caches. | |
306 | If none of the parent or neighbor caches reply before this many | |
307 | seconds (due to dropped packets or slow links), then the object | |
308 | request will be satisfied from the default source. The default | |
309 | timeout is two seconds. | |
310 | ||
311 | neighbor_timeout 2 seconds | |
312 | DOC_END | |
313 | ||
314 | ||
315 | NAME: hierarchy_stoplist | |
316 | TYPE: wordlist | |
1273d501 | 317 | DEFAULT: none |
934b03fc | 318 | LOC: Config.hierarchy_stoplist |
319 | DOC_START | |
320 | A list of words which, if found in a URL, cause the object to | |
321 | be handled directly by this cache. In other words, use this | |
322 | to not query neighbor caches for certain objects. You may | |
323 | list this option multiple times. | |
324 | ||
325 | The default is to directly fetch URLs containing 'cgi-bin' or '?'. | |
326 | ||
327 | hierarchy_stoplist cgi-bin ? | |
328 | DOC_END | |
329 | ||
330 | ||
331 | NAME: cache_stoplist | |
332 | TYPE: wordlist | |
1273d501 | 333 | DEFAULT: none |
934b03fc | 334 | LOC: Config.cache_stoplist |
335 | DOC_START | |
336 | A list of words which, if found in a URL, cause the object to | |
337 | immediately removed from the cache. In other words, use this | |
338 | to force certain objects to never be cached. You may list this | |
339 | option multiple times. | |
340 | ||
341 | The default is to not cache URLs containing 'cgi-bin' or '?'. | |
342 | ||
343 | cache_stoplist cgi-bin ? | |
344 | DOC_END | |
345 | ||
346 | ||
347 | NAME: cache_stoplist_pattern | |
934b03fc | 348 | TYPE: regexlist |
349 | LOC: Config.cache_stop_relist | |
1273d501 | 350 | DEFAULT: none |
934b03fc | 351 | DOC_START |
352 | Just like 'cache_stoplist' but you can use regular expressions | |
353 | instead of simple string matching. There is no default. | |
0153d498 | 354 | Insert -i to get case-insensitive regular expressions. |
934b03fc | 355 | |
356 | cache_stoplist_pattern | |
357 | DOC_END | |
358 | ||
359 | ||
360 | # OPTIONS WHICH AFFECT THE CACHE SIZE | |
361 | #----------------------------------------------------------------------------- | |
362 | ||
363 | ||
364 | NAME: cache_mem | |
9906e724 | 365 | COMMENT: (bytes) |
1b635117 | 366 | TYPE: b_size_t |
9906e724 | 367 | DEFAULT: 8 MB |
934b03fc | 368 | LOC: Config.Mem.maxSize |
369 | DOC_START | |
370 | Maximum amout of VM used to store objects in memory. | |
371 | This includes: | |
372 | in-transit objects, | |
373 | negative-cached objects, | |
374 | "hot" objects | |
375 | The value of cache_mem is an upper limit on the size of the | |
376 | "in-memory object data" pool. This is a pool of 4k pages used | |
377 | to hold object data. | |
378 | ||
379 | In-transit objects have priority over the others. When | |
380 | additional space is needed for incoming data, negative-cached | |
381 | and hot objects will be released. In other words, the | |
382 | negative-cached and hot objects will fill up any unused space | |
383 | not needed for in-transit objects. | |
384 | ||
385 | The values of cache_mem_low and cache_mem_high (below) can be | |
386 | used to tune the use of the memory pool. When the high mark is | |
387 | reached, in-transit and hot objects will be released to clear | |
388 | space. When an object transfer is completed, it will remain in | |
389 | memory only if the current memory usage is below the low water | |
390 | mark. | |
391 | ||
392 | The default is 8 Megabytes. | |
393 | ||
9906e724 | 394 | cache_mem 8 MB |
934b03fc | 395 | DOC_END |
396 | ||
397 | ||
398 | NAME: cache_swap_low | |
399 | COMMENT: (percent, 0-100) | |
400 | TYPE: int | |
401 | DEFAULT: 90 | |
402 | LOC: Config.Swap.lowWaterMark | |
403 | DOC_NONE | |
404 | ||
405 | NAME: cache_swap_high | |
406 | COMMENT: (percent, 0-100) | |
407 | TYPE: int | |
408 | DEFAULT: 95 | |
409 | LOC: Config.Swap.highWaterMark | |
410 | DOC_START | |
411 | The low- and high-water marks for cache LRU replacement. | |
412 | LRU replacement begins when the high-water mark is reached | |
413 | and ends when enough objects have been removed and the low-water | |
414 | mark is reached. Defaults are 90% and 95%. | |
415 | ||
416 | cache_swap_low 90 | |
417 | cache_swap_high 95 | |
418 | DOC_END | |
419 | ||
420 | ||
421 | NAME: cache_mem_low | |
422 | COMMENT: (in percent, 0-100) | |
423 | TYPE: int | |
424 | DEFAULT: 75 | |
425 | LOC: Config.Mem.lowWaterMark | |
426 | DOC_NONE | |
427 | ||
428 | NAME: cache_mem_high | |
429 | COMMENT: (in percent, 0-100) | |
430 | TYPE: int | |
431 | DEFAULT: 95 | |
432 | LOC: Config.Mem.highWaterMark | |
433 | DOC_START | |
434 | The low- and high-water mark for cache memory storage. When | |
435 | the amount of RAM used by the hot-object RAM cache reaches this | |
436 | point, the cache starts throwing objects out of the RAM cache | |
437 | (but they remain on disk). Defaults are 75% and 90%. | |
438 | ||
439 | cache_mem_low 75 | |
440 | cache_mem_high 90 | |
441 | DOC_END | |
442 | ||
443 | ||
444 | NAME: maximum_object_size | |
9e975e4e | 445 | COMMENT: (bytes) |
1b635117 | 446 | TYPE: b_size_t |
9906e724 | 447 | DEFAULT: 4096 KB |
934b03fc | 448 | LOC: Config.Store.maxObjectSize |
449 | DOC_START | |
450 | Objects larger than this size will NOT be saved on disk. The | |
451 | value is specified in kilobytes, and the default is 4MB. | |
452 | ||
9906e724 | 453 | maximum_object_size 4096 KB |
934b03fc | 454 | DOC_END |
455 | ||
456 | ||
457 | NAME: ipcache_size | |
458 | COMMENT: (number of entries) | |
459 | TYPE: int | |
460 | DEFAULT: 1024 | |
461 | LOC: Config.ipcache.size | |
462 | DOC_NONE | |
463 | ||
464 | NAME: ipcache_low | |
465 | COMMENT: (percent) | |
466 | TYPE: int | |
467 | DEFAULT: 90 | |
468 | LOC: Config.ipcache.low | |
469 | DOC_NONE | |
470 | ||
471 | NAME: ipcache_high | |
472 | COMMENT: (percent) | |
473 | TYPE: int | |
474 | DEFAULT: 95 | |
475 | LOC: Config.ipcache.high | |
476 | DOC_START | |
477 | The size, low-, and high-water marks for the IP cache. | |
478 | ||
479 | ipcache_size 1024 | |
480 | ipcache_low 90 | |
481 | ipcache_high 95 | |
482 | DOC_END | |
483 | ||
484 | ||
485 | # LOGFILE PATHNAMES AND CACHE DIRECTORIES | |
486 | #----------------------------------------------------------------------------- | |
487 | ||
488 | NAME: cache_dir | |
489 | TYPE: cachedir | |
f1dc9b30 | 490 | DEFAULT: none |
491 | LOC: Config.cacheSwap | |
934b03fc | 492 | DOC_START |
493 | Directory for on-disk cache storage. The cache will change into | |
494 | this directory when running. The default is | |
495 | /usr/local/squid/cache. | |
496 | ||
497 | You can specify multiple cache_dir lines to spread the | |
498 | cache among different disk partitions. | |
499 | ||
0153d498 | 500 | cache_dir /usr/local/squid/cache 1000 256 16 |
934b03fc | 501 | DOC_END |
502 | ||
503 | ||
504 | NAME: cache_access_log | |
505 | TYPE: string | |
d0b98f84 | 506 | DEFAULT: @DEFAULT_ACCESS_LOG@ |
934b03fc | 507 | LOC: Config.Log.access |
508 | DOC_START | |
509 | Logs the client request activity. Contains an entry for | |
510 | every HTTP and ICP request received. | |
511 | ||
512 | cache_access_log /usr/local/squid/logs/access.log | |
513 | DOC_END | |
514 | ||
515 | ||
516 | NAME: cache_log | |
517 | TYPE: string | |
0153d498 | 518 | DEFAULT: @DEFAULT_CACHE_LOG@ |
934b03fc | 519 | LOC: Config.Log.log |
520 | DOC_START | |
521 | Cache logging file. Set logging levels with "debug_options" below. | |
522 | ||
0153d498 | 523 | cache_log @DEFAULT_CACHE_LOG@ |
934b03fc | 524 | DOC_END |
525 | ||
526 | ||
527 | NAME: cache_store_log | |
528 | TYPE: string | |
0153d498 | 529 | DEFAULT: @DEFAULT_STORE_LOG@ |
934b03fc | 530 | LOC: Config.Log.store |
531 | DOC_START | |
532 | Logs the activities of the storage manager. Shows which | |
533 | objects are ejected from the cache, and which objects are | |
534 | saved and for how long. To disable, enter "none". | |
535 | ||
0153d498 | 536 | cache_store_log @DEFAULT_STORE_LOG@ |
934b03fc | 537 | DOC_END |
538 | ||
539 | ||
540 | NAME: cache_swap_log | |
541 | TYPE: string | |
542 | LOC: Config.Log.swap | |
1273d501 | 543 | DEFAULT: none |
934b03fc | 544 | DOC_START |
d0d3ec94 | 545 | Location for the cache "swap.log." This log file holds the |
934b03fc | 546 | metadata of objects saved on disk. It is used to rebuild the |
547 | cache during startup. Normally this file resides in the first | |
548 | 'cache_dir' directory, but you may specify an alternate | |
549 | pathname here. Note you must give a full filename, not just | |
550 | a directory. | |
551 | ||
552 | cache_swap_log | |
553 | DOC_END | |
554 | ||
555 | ||
556 | NAME: emulate_httpd_log | |
557 | COMMENT: on|off | |
558 | TYPE: onoff | |
f1dc9b30 | 559 | DEFAULT: off |
17a0a4ee | 560 | LOC: Config.onoff.common_log |
934b03fc | 561 | DOC_START |
562 | The Cache can emulate the log file format which many 'httpd' | |
563 | programs use. To disable/enable this emulation, set | |
564 | emulate_httpd_log to 'off' or 'on'. The default | |
565 | is to use the native log format. | |
566 | ||
567 | emulate_httpd_log off | |
568 | DOC_END | |
569 | ||
570 | ||
571 | NAME: mime_table | |
0153d498 | 572 | TYPE: pathname_stat |
573 | DEFAULT: @DEFAULT_MIME_TABLE@ | |
934b03fc | 574 | LOC: Config.mimeTablePathname |
575 | DOC_START | |
576 | Pathname to Squid's MIME table which has the format | |
577 | ||
578 | regex content-type icon content-encoding transfer-mode | |
579 | ||
0153d498 | 580 | mime_table @DEFAULT_MIME_TABLE@ |
934b03fc | 581 | DOC_END |
582 | ||
583 | ||
584 | NAME: log_mime_hdrs | |
585 | COMMENT: on|off | |
586 | TYPE: onoff | |
17a0a4ee | 587 | LOC: Config.onoff.log_mime_hdrs |
f1dc9b30 | 588 | DEFAULT: off |
934b03fc | 589 | DOC_START |
590 | The Cache can record both the request and the response | |
591 | MIME headers for each HTTP transaction. The headers are | |
592 | encoded safely and will appear as two bracketed fields | |
593 | at the end of the access log (for either the native | |
594 | or httpd-emulated log formats). To enable this logging | |
595 | set log_mime_hdrs to 'on'. | |
596 | ||
597 | NOTE: support for this may require you to define | |
598 | LOG_FULL_HEADERS before compiling. | |
599 | ||
600 | log_mime_hdrs off | |
601 | DOC_END | |
602 | ||
603 | ||
604 | NAME: useragent_log | |
605 | TYPE: string | |
606 | LOC: Config.Log.useragent | |
f1dc9b30 | 607 | DEFAULT: none |
934b03fc | 608 | DOC_START |
609 | If compiled with "-DUSE_USERAGENT_LOG=1" Squid will write | |
610 | the User-Agent field from HTTP requests to the filename | |
611 | specified here. By default useragent_log is disabled. | |
612 | ||
613 | useragent_log none | |
614 | DOC_END | |
615 | ||
616 | ||
617 | NAME: pid_filename | |
618 | TYPE: string | |
0153d498 | 619 | DEFAULT: @DEFAULT_PID_FILE@ |
934b03fc | 620 | LOC: Config.pidFilename |
621 | DOC_START | |
622 | A pathname to write the process-id to. To disable, enter "none". | |
623 | ||
0153d498 | 624 | pid_filename @DEFAULT_PID_FILE@ |
934b03fc | 625 | DOC_END |
626 | ||
627 | ||
628 | NAME: debug_options | |
f1dc9b30 | 629 | TYPE: eol |
934b03fc | 630 | DEFAULT: ALL,1 |
631 | LOC: Config.debugOptions | |
632 | DOC_START | |
633 | Logging options are set as section,level where each source file | |
634 | is assigned a unique section. Lower levels result in less | |
635 | output, Full debugging (level 9) can result in a very large | |
636 | log file, so be careful. The magic word "ALL" sets debugging | |
637 | levels for all sections. We recommend normally running with | |
638 | "ALL,1". | |
639 | ||
640 | debug_options ALL,1 | |
641 | DOC_END | |
642 | ||
643 | ||
644 | NAME: ident_lookup | |
645 | COMMENT: on|off | |
646 | TYPE: onoff | |
f1dc9b30 | 647 | DEFAULT: off |
17a0a4ee | 648 | LOC: Config.onoff.ident_lookup |
934b03fc | 649 | DOC_START |
650 | If you wish to make an RFC931/ident lookup of the client username | |
651 | for each connection, enable this. It is off by default. | |
652 | ||
653 | ident_lookup off | |
654 | DOC_END | |
655 | ||
656 | ||
657 | NAME: log_fqdn | |
658 | COMMENT: on|off | |
659 | TYPE: onoff | |
f1dc9b30 | 660 | DEFAULT: off |
17a0a4ee | 661 | LOC: Config.onoff.log_fqdn |
934b03fc | 662 | DOC_START |
663 | Turn this on if you wish to log fully qualified domain names | |
664 | in the access.log. | |
665 | ||
666 | log_fqdn off | |
667 | DOC_END | |
668 | ||
669 | ||
670 | NAME: client_netmask | |
671 | TYPE: address | |
672 | LOC: Config.Addrs.client_netmask | |
f1dc9b30 | 673 | DEFAULT: 255.255.255.255 |
934b03fc | 674 | DOC_START |
675 | A netmask for client addresses in logfiles and cachemgr output. | |
676 | Change this to protect the privacy of your cache clients. | |
677 | ||
678 | client_netmask 255.255.255.255 | |
679 | DOC_END | |
680 | ||
681 | ||
682 | # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS | |
683 | #----------------------------------------------------------------------------- | |
684 | ||
685 | # TAG: ftpget_program | |
686 | # Where to find the 'ftpget' program that retrieves FTP data (HTTP | |
687 | # and Gopher protocol support are built into the cache). | |
688 | # | |
689 | # To disable ftpget and the ability to retrieve FTP objects, set | |
690 | # this to "none". Note that ftpget is automatically disabled for | |
691 | # http_accel mode. | |
692 | # | |
693 | #ftpget_program @DEFAULT_FTPGET@ | |
694 | ||
695 | # TAG: ftpget_options | |
696 | # Options for the 'ftpget' program. Please run 'ftpget' without | |
697 | # any arguments to see a list of options. The default is | |
698 | # no options. An example is | |
699 | # | |
700 | # ftpget_options -n 60 -R -W | |
701 | # | |
702 | #ftpget_options | |
703 | ||
704 | NAME: ftp_user | |
705 | TYPE: string | |
706 | DEFAULT: squid@ | |
707 | LOC: Config.Ftp.anon_user | |
708 | DOC_START | |
709 | If you want the anonymous login password to be more informative | |
710 | (and enable the use of picky ftp servers), set this to something | |
711 | resonable for your domain, like wwwuser@somewhere.net | |
712 | ||
713 | The reason why this is domainless by default is that the | |
714 | request can be made on the behalf of a user in any domain, | |
715 | depending on how the cache is used. | |
716 | Some ftp server also validate that the email address is valid | |
717 | (for example perl.com). | |
718 | ||
719 | ftp_user squid@ | |
720 | DOC_END | |
721 | ||
365cb147 | 722 | NAME: ftp_list_width |
1b635117 | 723 | TYPE: size_t |
365cb147 | 724 | DEFAULT: 32 |
725 | LOC: Config.Ftp.list_width | |
726 | DOC_START | |
727 | ftp_list_width 32 | |
728 | DOC_END | |
729 | ||
934b03fc | 730 | |
731 | NAME: cache_dns_program | |
0153d498 | 732 | TYPE: pathname_stat |
733 | DEFAULT: @DEFAULT_DNSSERVER@ | |
934b03fc | 734 | LOC: Config.Program.dnsserver |
735 | DOC_START | |
736 | Specify the location of the executable for dnslookup process. | |
737 | ||
0153d498 | 738 | cache_dns_program @DEFAULT_DNSSERVER@ |
934b03fc | 739 | DOC_END |
740 | ||
741 | ||
742 | NAME: dns_children | |
743 | TYPE: int | |
744 | DEFAULT: 5 | |
745 | LOC: Config.dnsChildren | |
746 | DOC_START | |
747 | The number of processes spawn to service DNS name lookups. | |
748 | For heavily loaded caches on large servers, you should | |
749 | probably increase this value to at least 10. The maximum | |
750 | is 32. The default is 5. | |
751 | ||
752 | To disable dnsservers, set this to 0. NOTE, this is very | |
753 | strongly discouraged. If you disable dnsservers your Squid | |
754 | process will BLOCK on DNS lookups! | |
755 | ||
756 | dns_children 5 | |
757 | DOC_END | |
758 | ||
759 | ||
760 | NAME: dns_defnames | |
761 | COMMENT: on|off | |
762 | TYPE: onoff | |
f1dc9b30 | 763 | DEFAULT: off |
17a0a4ee | 764 | LOC: Config.onoff.res_defnames |
934b03fc | 765 | DOC_START |
766 | Normally the 'dnsserver' disables the RES_DEFNAMES resolver | |
767 | option (see res_init(3)). This prevents caches in a hierarchy | |
768 | from interpreting single-component hostnames locally. To allow | |
769 | dnsserver to handle single-component names, enable this | |
770 | option. | |
771 | ||
772 | dns_defnames off | |
773 | DOC_END | |
774 | ||
775 | ||
776 | NAME: unlinkd_program | |
0153d498 | 777 | TYPE: pathname_stat |
778 | DEFAULT: @DEFAULT_UNLINKD@ | |
934b03fc | 779 | LOC: Config.Program.unlinkd |
780 | DOC_START | |
781 | Specify the location of the executable for file deletion process. | |
782 | ||
0153d498 | 783 | unlinkd_program @DEFAULT_UNLINKD@ |
934b03fc | 784 | DOC_END |
785 | ||
786 | ||
787 | NAME: pinger_program | |
0153d498 | 788 | TYPE: pathname_stat |
789 | DEFAULT: @DEFAULT_PINGER@ | |
934b03fc | 790 | LOC: Config.Program.pinger |
791 | DOC_START | |
792 | Specify the location of the executable for the pinger process. | |
793 | ||
0153d498 | 794 | pinger_program @DEFAULT_PINGER@ |
934b03fc | 795 | DOC_END |
796 | ||
797 | ||
798 | NAME: redirect_program | |
0153d498 | 799 | TYPE: pathname_stat |
934b03fc | 800 | LOC: Config.Program.redirect |
62607543 | 801 | DEFAULT: none |
934b03fc | 802 | DOC_START |
803 | Specify the location of the executable for the URL redirector. | |
804 | Currently, you must provide your own redirector program. | |
805 | See the Release-Notes for how to write one. | |
806 | By default, the redirector is not used. | |
807 | ||
808 | redirect_program /bin/false | |
809 | DOC_END | |
810 | ||
811 | ||
812 | NAME: redirect_children | |
813 | TYPE: int | |
814 | DEFAULT: 5 | |
815 | LOC: Config.redirectChildren | |
816 | DOC_START | |
817 | The number of redirector processes to spawn. | |
818 | ||
819 | redirect_children 5 | |
820 | DOC_END | |
821 | ||
822 | ||
823 | # OPTIONS FOR TUNING THE CACHE | |
824 | #----------------------------------------------------------------------------- | |
0153d498 | 825 | NAME: wais_relay_host |
826 | TYPE: string | |
1273d501 | 827 | DEFAULT: none |
0153d498 | 828 | LOC: Config.Wais.relayHost |
829 | DOC_NONE | |
934b03fc | 830 | |
0153d498 | 831 | NAME: wais_relay_port |
832 | TYPE: ushort | |
833 | DEFAULT: 0 | |
834 | LOC: Config.Wais.relayPort | |
934b03fc | 835 | DOC_START |
836 | Relay WAIS request to host (1st arg) at port (2 arg). | |
837 | ||
0153d498 | 838 | wais_relay_host localhost |
839 | wais_relay_port 8000 | |
934b03fc | 840 | DOC_END |
841 | ||
842 | ||
843 | NAME: request_size | |
9906e724 | 844 | COMMENT: (KB) |
845 | TYPE: kb_size_t | |
846 | DEFAULT: 100 KB | |
934b03fc | 847 | LOC: Config.maxRequestSize |
848 | DOC_START | |
849 | Maximum allowed request size in kilobytes. If people are using | |
850 | POST to upload files, then set this to the largest acceptable | |
851 | filesize plus a few extra kbytes. | |
852 | ||
9906e724 | 853 | request_size 100 KB |
934b03fc | 854 | DOC_END |
855 | ||
856 | ||
857 | NAME: refresh_pattern | |
934b03fc | 858 | TYPE: refreshpattern |
f1dc9b30 | 859 | LOC: Config.Refresh |
1273d501 | 860 | DEFAULT: none |
934b03fc | 861 | DOC_START |
862 | usage: refresh_pattern regex min percent max | |
863 | ||
864 | min and max are specified in MINUTES. | |
865 | percent is an integer number. | |
866 | ||
867 | Please see the file doc/Release-Notes-1.1.txt for a full | |
868 | description of Squid's refresh algorithm. Basically a | |
869 | cached object is: | |
870 | ||
871 | FRESH if age < min | |
872 | STALE if expires < now | |
873 | STALE if age > max | |
874 | FRESH if lm-factor < percent | |
875 | ||
876 | The refresh_pattern lines are checked in the order listed here. | |
877 | The first entry which matches is used. If none of the entries | |
878 | match, then the default will be used. | |
879 | ||
880 | Default: | |
881 | refresh_pattern . 0 20% 4320 | |
882 | DOC_END | |
883 | ||
884 | ||
885 | NAME: reference_age | |
f1dc9b30 | 886 | TYPE: time_t |
934b03fc | 887 | LOC: Config.referenceAge |
f1dc9b30 | 888 | DEFAULT: 1 year |
934b03fc | 889 | DOC_START |
890 | As a part of normal operation, Squid performs Least Recently | |
891 | Used removal of cached objects. The LRU age for removal is | |
892 | computed dynamically, based on the amount of disk space in | |
893 | use. The 'reference_age' value defines the maximum LRU age. | |
894 | For example, setting reference_age to '1 week' will cause | |
895 | objects to be removed if they have not been accessed for a week | |
896 | or more. If set to zero, LRU removal is disabled, and objects | |
897 | will be removed only when disk usage is over the high water | |
898 | mark. The default value is one year. | |
899 | ||
900 | Specify a number here, followed by units of time. For example: | |
901 | 1 week | |
902 | 3.5 days | |
903 | 4 months | |
904 | 2.2 hours | |
905 | ||
f1dc9b30 | 906 | reference_age 1 month |
934b03fc | 907 | DOC_END |
908 | ||
909 | ||
0153d498 | 910 | NAME: quick_abort_min |
9906e724 | 911 | COMMENT: (KB) |
912 | TYPE: kb_size_t | |
9e975e4e | 913 | DEFAULT: -1 kb |
0153d498 | 914 | LOC: Config.quickAbort.min |
915 | DOC_NONE | |
916 | ||
917 | NAME: quick_abort_pct | |
918 | COMMENT: (percent) | |
919 | TYPE: int | |
920 | DEFAULT: 0 | |
921 | LOC: Config.quickAbort.pct | |
922 | DOC_NONE | |
923 | ||
924 | NAME: quick_abort_max | |
9906e724 | 925 | COMMENT: (KB) |
926 | TYPE: kb_size_t | |
9e975e4e | 927 | DEFAULT: 0 kb |
0153d498 | 928 | LOC: Config.quickAbort.max |
934b03fc | 929 | DOC_START |
930 | By default the cache continues to retrieve objects from | |
931 | aborted requests. This may be undesirable on slow (e.g. SLIP) | |
932 | links and/or very busy caches. Impatient users may tie up | |
933 | file descriptors by repeatedly aborting and re-requesting | |
934 | non-cachable objects. | |
935 | ||
936 | Usage: quick_abort min-kbytes percent max-kbytes | |
937 | ||
938 | When the user aborts a request, Squid will check the | |
939 | quick_abort values to the amount of data transfered until | |
940 | then. | |
941 | ||
942 | If the transfer has less than 'min-kbytes' remaining, it | |
943 | will finish the retrieval. Setting minlength to -1 will | |
944 | disable the quick_abort feature. | |
945 | ||
946 | If the transfer has more than 'max-kbytes' remaining, it | |
947 | will abort the retrieval. | |
948 | ||
949 | If more than 'percent' of the transfer has completed, it will | |
950 | finish the retrieval. | |
951 | ||
0153d498 | 952 | quick_abort_min -1 |
953 | quick_abort_pct 0 | |
954 | quick_abort_max 0 | |
934b03fc | 955 | DOC_END |
956 | ||
957 | ||
958 | NAME: negative_ttl | |
959 | COMMENT: (in minutes) | |
f1dc9b30 | 960 | TYPE: time_t |
934b03fc | 961 | LOC: Config.negativeTtl |
9e975e4e | 962 | DEFAULT: 5 minutes |
934b03fc | 963 | DOC_START |
964 | Time-to-Live (TTL) for failed requests. Certain types of | |
965 | failures (such as "connection refused" and "404 Not Found") are | |
966 | negatively-cached for a small amount of time. The default is 5 | |
967 | minutes. Note that this is different from negative caching of | |
968 | DNS lookups. | |
969 | ||
970 | negative_ttl 5 minutes | |
971 | DOC_END | |
972 | ||
973 | ||
974 | NAME: positive_dns_ttl | |
975 | COMMENT: (in minutes) | |
f1dc9b30 | 976 | TYPE: time_t |
934b03fc | 977 | LOC: Config.positiveDnsTtl |
9e975e4e | 978 | DEFAULT: 6 hours |
934b03fc | 979 | DOC_START |
980 | Time-to-Live (TTL) for positive caching of successful DNS lookups. | |
981 | Default is 6 hours (360 minutes). If you want to minimize the | |
982 | use of Squid's ipcache, set this to 1, not 0. | |
983 | ||
9e975e4e | 984 | positive_dns_ttl 6 hours |
934b03fc | 985 | DOC_END |
986 | ||
987 | ||
988 | NAME: negative_dns_ttl | |
989 | COMMENT: (in minutes) | |
f1dc9b30 | 990 | TYPE: time_t |
934b03fc | 991 | LOC: Config.negativeDnsTtl |
9e975e4e | 992 | DEFAULT: 5 minutes |
934b03fc | 993 | DOC_START |
994 | Time-to-Live (TTL) for negative caching of failed DNS lookups. | |
995 | ||
996 | negative_dns_ttl 5 minutes | |
997 | DOC_END | |
998 | ||
999 | ||
1000 | # TIMEOUTS | |
1001 | #----------------------------------------------------------------------------- | |
1002 | ||
1003 | NAME: connect_timeout | |
1004 | COMMENT: (in seconds) | |
f1dc9b30 | 1005 | TYPE: time_t |
934b03fc | 1006 | LOC: Config.Timeout.connect |
9e975e4e | 1007 | DEFAULT: 2 minutes |
934b03fc | 1008 | DOC_START |
1009 | Some systems (notably Linux) can not be relied upon to properly | |
1010 | time out connect(2) requests. Therefore the squid process | |
1011 | enforces its own timeout on server connections. This parameter | |
1012 | specifies how long to wait for the connect to complete. The | |
1013 | default is two minutes (120 seconds). | |
1014 | ||
1015 | connect_timeout 120 seconds | |
1016 | DOC_END | |
1017 | ||
1018 | ||
1019 | NAME: read_timeout | |
1020 | COMMENT: (in minutes) | |
f1dc9b30 | 1021 | TYPE: time_t |
934b03fc | 1022 | LOC: Config.Timeout.read |
9e975e4e | 1023 | DEFAULT: 15 minutes |
934b03fc | 1024 | DOC_START |
1025 | The read_timeout is applied on server-side connections. After | |
1026 | each successful read(), the timeout will be extended by this | |
1027 | amount. If no data is read again after this amount of time, | |
1028 | the request is aborted and logged with ERR_READ_TIMEOUT. The | |
1029 | default is 15 minutes. | |
1030 | ||
1031 | read_timeout 15 minutes | |
1032 | DOC_END | |
1033 | ||
1034 | ||
1035 | NAME: defer_timeout | |
1036 | COMMENT: (in minutes) | |
f1dc9b30 | 1037 | TYPE: time_t |
934b03fc | 1038 | LOC: Config.Timeout.defer |
9e975e4e | 1039 | DEFAULT: 1 hour |
934b03fc | 1040 | DOC_START |
1041 | If your clients are behind slow (e.g. PPP/SLIP) connections, | |
1042 | then data may come in from the server-side faster than it can | |
1043 | be written to the client-side. When the server side gets too | |
1044 | far ahead of the client-side, subsequent reads will be deferred | |
1045 | until the client catches up. This timeout determines how long | |
1046 | to wait while in "deferred read mode." The default is one | |
1047 | hour. | |
1048 | ||
9e975e4e | 1049 | defer_timeout 1 hour |
934b03fc | 1050 | DOC_END |
1051 | ||
1052 | ||
1053 | NAME: request_timeout | |
f1dc9b30 | 1054 | TYPE: time_t |
934b03fc | 1055 | LOC: Config.Timeout.request |
9e975e4e | 1056 | DEFAULT: 30 seconds |
934b03fc | 1057 | DOC_START |
1058 | How long to wait for an HTTP request after connection | |
1059 | establishment. For persistent connections, wait this long | |
1060 | after the previous request completes. | |
1061 | ||
1062 | defer_timeout 30 seconds | |
1063 | DOC_END | |
1064 | ||
1065 | ||
1066 | NAME: client_lifetime | |
1067 | COMMENT: (in minutes) | |
f1dc9b30 | 1068 | TYPE: time_t |
934b03fc | 1069 | LOC: Config.Timeout.lifetime |
9e975e4e | 1070 | DEFAULT: 1 day |
934b03fc | 1071 | DOC_START |
1072 | The maximum amount of time that a client (browser) is allowed to | |
1073 | remain connected to the cache process. This protects the Cache | |
1074 | from having alot of sockets (and hence file descriptors) tied up | |
1075 | in a CLOSE_WAIT state from remote clients that go away without | |
1076 | properly shutting down (either because of a network failure or | |
1077 | because of a poor client implementation). The default is one | |
1078 | day, 1440 minutes. | |
1079 | ||
1080 | NOTE: The default value is intended to be much larger than any | |
1081 | client would ever need to be connected to your cache. You | |
1082 | should probably change client_lifetime only as a last resort. | |
1083 | If you seem to have many client connections tying up | |
1084 | filedescriptors, we recommend first tuning the read_timeout, | |
1085 | defer_timeout, and quick_abort values. | |
1086 | ||
1087 | client_lifetime 1 day | |
1088 | DOC_END | |
1089 | ||
603a02fd | 1090 | NAME: pconn_timeout |
1091 | TYPE: time_t | |
1092 | LOC: Config.Timeout.pconn | |
1093 | DEFAULT: 120 seconds | |
1094 | DOC_START | |
1095 | Timeout for idle persistent connections to servers and other | |
1096 | proxies. | |
1097 | pconn_timeout 120 seconds | |
1098 | DOC_END | |
1099 | ||
934b03fc | 1100 | |
1101 | NAME: shutdown_lifetime | |
1102 | COMMENT: (in seconds) | |
f1dc9b30 | 1103 | TYPE: time_t |
934b03fc | 1104 | LOC: Config.shutdownLifetime |
9e975e4e | 1105 | DEFAULT: 30 seconds |
934b03fc | 1106 | DOC_START |
1107 | When SIGTERM or SIGHUP is received, the cache is put into | |
1108 | "shutdown pending" mode until all active sockets are closed. | |
1109 | This value is the lifetime to set for all open descriptors | |
1110 | during shutdown mode. Any active clients after this many | |
1111 | seconds will receive a 'timeout' message. | |
1112 | ||
1113 | shutdown_lifetime 30 seconds | |
1114 | DOC_END | |
1115 | ||
1116 | ||
1117 | # ACCESS CONTROLS | |
1118 | #----------------------------------------------------------------------------- | |
1119 | ||
1120 | NAME: acl | |
1121 | TYPE: acl | |
f1dc9b30 | 1122 | LOC: Config.aclList |
1123 | DEFAULT: none | |
934b03fc | 1124 | DOC_START |
1125 | Defining an Access List | |
1126 | ||
1127 | acl aclname acltype string1 ... | |
1128 | acl aclname acltype "file" ... | |
1129 | ||
1130 | when using "file", the file should contain one item per line | |
1131 | ||
1132 | acltype is one of src dst srcdomain dstdomain url_pattern | |
1133 | urlpath_pattern time port proto method browser user | |
1134 | ||
1135 | acl aclname src ip-address/netmask ... (clients IP address) | |
1136 | acl aclname src addr1-addr2/netmask ... (range of addresses) | |
1137 | acl aclname dst ip-address/netmask ... (URL host's IP address) | |
1138 | acl aclname srcdomain foo.com ... (taken from reverse DNS lookup) | |
1139 | acl aclname dstdomain foo.com ... (taken from the URL) | |
1140 | acl aclname time [day-abbrevs] [h1:m1-h2:m2] | |
1141 | day-abbrevs: | |
1142 | S - Sunday | |
1143 | M - Monday | |
1144 | T - Tuesday | |
1145 | W - Wednesday | |
1146 | H - Thursday | |
1147 | F - Friday | |
1148 | A - Saturday | |
1149 | h1:m1 must be less than h2:m2 | |
1150 | acl aclname url_regex ^http:// ... # regex matching on whole URL | |
1151 | acl aclname urlpath_regex \.gif$ ... # regex matching on URL path only | |
1152 | acl aclname port 80 70 21 ... | |
1153 | acl aclname proto HTTP FTP ... | |
1154 | acl aclname method GET POST ... | |
1155 | acl aclname browser regexp | |
1156 | acl aclname user username ... # string match on ident output. | |
1157 | # use REQUIRED to accept any | |
1158 | # non-null ident. | |
1159 | ||
1160 | acl manager proto cache_object | |
1161 | acl localhost src 127.0.0.1/255.255.255.255 | |
1162 | acl all src 0.0.0.0/0.0.0.0 | |
1163 | ||
1164 | acl SSL_ports port 443 563 | |
1165 | acl Dangerous_ports port 7 9 19 | |
1166 | acl CONNECT method CONNECT | |
1167 | DOC_END | |
1168 | ||
1169 | NAME: http_access | |
1170 | TYPE: acl_access | |
f1dc9b30 | 1171 | LOC: Config.accessList.http |
1172 | DEFAULT: none | |
934b03fc | 1173 | DOC_START |
1174 | Allowing or Denying access based on defined access lists | |
1175 | ||
1176 | Access to the HTTP port: | |
1177 | http_access allow|deny [!]aclname ... | |
1178 | ||
1179 | Access to the ICP port: | |
1180 | icp_access allow|deny [!]aclname ... | |
1181 | ||
1182 | NOTE on default values: | |
1183 | ||
1184 | If there are no "access" lines present, the default is to allow | |
1185 | the request. | |
1186 | ||
1187 | If none of the "access" lines cause a match, the default is the | |
1188 | opposite of the last line in the list. If the last line was | |
1189 | deny, then the default is allow. Conversely, if the last line | |
1190 | is allow, the default will be deny. For these reasons, it is a | |
1191 | good idea to have an "deny all" or "allow all" entry at the end | |
1192 | of your access lists to avoid potential confusion. | |
1193 | ||
1194 | ||
1195 | Only allow access to the cache manager functions from the local host. | |
1196 | http_access deny manager !localhost | |
1197 | http_access deny CONNECT !SSL_ports | |
1198 | http_access deny Dangerous_ports | |
1199 | ||
1200 | Allow everything else | |
1201 | http_access allow all | |
1202 | DOC_END | |
1203 | ||
1204 | ||
1205 | NAME: icp_access | |
1206 | TYPE: acl_access | |
f1dc9b30 | 1207 | LOC: Config.accessList.icp |
1208 | DEFAULT: none | |
934b03fc | 1209 | DOC_START |
1210 | Reply to all ICP queries we receive | |
1211 | ||
1212 | icp_access allow all | |
1213 | DOC_END | |
1214 | ||
1215 | ||
1216 | NAME: miss_access | |
1217 | TYPE: acl_access | |
f1dc9b30 | 1218 | LOC: Config.accessList.miss |
1219 | DEFAULT: none | |
934b03fc | 1220 | DOC_START |
1221 | Use to force your neighbors to use you as a sibling instead of | |
1222 | a parent. For example: | |
1223 | ||
1224 | acl localclients src 172.16.0.0/16 | |
1225 | miss_access allow localclients | |
1226 | miss_access deny !localclients | |
1227 | ||
1228 | This means that only your local clients are allowed to fetch | |
1229 | MISSES and all other clients can only fetch HITS. | |
1230 | ||
1231 | By default, allow all clients who passed the http_access rules | |
1232 | to fetch MISSES from us. | |
1233 | ||
1234 | miss_access allow all | |
1235 | DOC_END | |
1236 | ||
1237 | ||
1238 | NAME: cache_host_acl | |
f1dc9b30 | 1239 | TYPE: peeracl |
1240 | DEFAULT: none | |
1241 | LOC: none | |
934b03fc | 1242 | DOC_START |
1243 | Just like 'cache_host_domain' but provides more flexibility by | |
1244 | using ACL's. | |
1245 | ||
1246 | cache_host_acl cache-host [!]aclname ... | |
1247 | ||
1248 | NOTE: * Any number of ACL's may be given for a cache-host, | |
1249 | either on the same or separate lines. | |
1250 | * When multiple ACL's are given for a particular | |
1251 | cache-host, the first matched ACL is applied. | |
1252 | * Cache hosts with no domain or ACL restrictions are | |
1253 | queried for all requests. | |
1254 | * There are no defaults. | |
1255 | DOC_END | |
1256 | ||
1257 | ||
1258 | # ADMINISTRATIVE PARAMETERS | |
1259 | #----------------------------------------------------------------------------- | |
1260 | ||
1261 | NAME: cache_mgr | |
1262 | TYPE: string | |
1263 | DEFAULT: webmaster | |
1264 | LOC: Config.adminEmail | |
1265 | DOC_START | |
1266 | Email-address of local cache manager who will receive | |
1267 | mail if the cache dies. The default is "webmaster." | |
1268 | ||
1269 | cache_mgr webmaster | |
1270 | DOC_END | |
1271 | ||
1272 | ||
1273 | NAME: cache_effective_user | |
0153d498 | 1274 | TYPE: string |
1273d501 | 1275 | DEFAULT: none |
0153d498 | 1276 | LOC: Config.effectiveUser |
1277 | DOC_NONE | |
1278 | ||
1279 | NAME: cache_effective_group | |
1280 | TYPE: string | |
1273d501 | 1281 | DEFAULT: none |
0153d498 | 1282 | LOC: Config.effectiveGroup |
934b03fc | 1283 | DOC_START |
1284 | If the cache is run as root, it will change its effective/real | |
1285 | UID/GID to the UID/GID specified below. The default is not to | |
1286 | change UID/GID. | |
1287 | ||
0153d498 | 1288 | cache_effective_user nobody |
1289 | cache_effective_group nogroup | |
934b03fc | 1290 | DOC_END |
1291 | ||
1292 | ||
1293 | NAME: visible_hostname | |
1294 | TYPE: string | |
1295 | LOC: Config.visibleHostname | |
f1dc9b30 | 1296 | DEFAULT: none |
934b03fc | 1297 | DOC_START |
1298 | If you want to present a special hostname in error messages, etc, | |
1299 | then define this. Otherwise, the return value of gethostname() | |
1300 | will be used. | |
1301 | ||
1302 | visible_hostname www-cache.foo.org | |
1303 | DOC_END | |
1304 | ||
1305 | ||
1306 | # OPTIONS FOR THE CACHE REGISTRATION SERVICE | |
1307 | #----------------------------------------------------------------------------- | |
1308 | ||
1309 | # This section contains parameters for the (optional) cache | |
1310 | # announcement service. This service is provided to help | |
1311 | # cache administrators locate one another in order to join or | |
1312 | # create cache hierarchies. | |
1313 | # | |
1314 | # An 'announcement' message is sent (via UDP) to the registration | |
1315 | # service by Squid. By default, the annoucement message is NOT | |
1316 | # SENT unless you enable it with 'cache_announce' below. | |
1317 | # | |
1318 | # The announcement message includes your hostname, plus the | |
1319 | # following information from this configuration file: | |
1320 | # | |
1321 | # http_port | |
1322 | # icp_port | |
1323 | # cache_mgr | |
1324 | # | |
1325 | # All current information is processed regularly and made | |
1326 | # available on the Web at http://www.nlanr.net/Cache/Tracker/. | |
1327 | ||
1328 | ||
f1dc9b30 | 1329 | NAME: announce_period |
1330 | TYPE: time_t | |
1331 | LOC: Config.Announce.period | |
9e975e4e | 1332 | DEFAULT: 1 day |
934b03fc | 1333 | DOC_START |
1334 | This is how frequently to send cache announcements. The default | |
1335 | is `0' which disables sending the announcement messages. | |
1336 | ||
1337 | To enable announcing your cache, just uncomment the line below. | |
1338 | ||
9e975e4e | 1339 | announce_period 1 day |
934b03fc | 1340 | DOC_END |
1341 | ||
1342 | ||
f1dc9b30 | 1343 | NAME: announce_host |
1344 | TYPE: string | |
1345 | DEFAULT: sd.cache.nlanr.net | |
1346 | LOC: Config.Announce.host | |
1347 | DOC_NONE | |
1348 | ||
1349 | NAME: announce_port | |
1350 | TYPE: ushort | |
1351 | DEFAULT: 3131 | |
1352 | LOC: Config.Announce.port | |
934b03fc | 1353 | DOC_START |
1354 | This is the hostname and portnumber where the registration message | |
1355 | will be sent. | |
1356 | ||
1357 | Format: announce_to host[:port] [filename] | |
1358 | ||
1359 | Hostname will default to 'sd.cache.nlanr.net' and port will default | |
1360 | to 3131. If the 'filename' argument is given, the contents of that | |
1361 | file will be included in the announce message. | |
1362 | ||
f1dc9b30 | 1363 | announce_host sd.cache.nlanr.net |
1364 | announce_port 3131 | |
934b03fc | 1365 | DOC_END |
1366 | ||
f1dc9b30 | 1367 | NAME: announce_file |
1368 | TYPE: pathname_stat | |
1369 | DEFAULT: /dev/null | |
1370 | LOC: Config.Announce.file | |
1371 | DOC_NONE | |
1372 | ||
934b03fc | 1373 | |
1374 | # HTTPD-ACCELERATOR OPTIONS | |
1375 | #----------------------------------------------------------------------------- | |
1376 | ||
f1dc9b30 | 1377 | NAME: httpd_accel_host |
1378 | TYPE: string | |
1379 | LOC: Config.Accel.host | |
1380 | DEFAULT: none | |
1381 | DOC_NONE | |
1382 | ||
1383 | NAME: httpd_accel_port | |
1384 | TYPE: ushort | |
1385 | LOC: Config.Accel.port | |
1386 | DEFAULT: 0 | |
934b03fc | 1387 | DOC_START |
1388 | If you want to run squid as an httpd accelerator, define the | |
1389 | host name and port number where the real HTTP server is. | |
1390 | ||
1391 | If you want virtual host support then specify the hostname | |
1392 | as "virtual". | |
1393 | ||
f1dc9b30 | 1394 | httpd_accel_host hostname |
1395 | httpd_accel_port port | |
934b03fc | 1396 | DOC_END |
1397 | ||
1398 | ||
1399 | NAME: httpd_accel_with_proxy | |
1400 | COMMENT: on|off | |
1401 | TYPE: onoff | |
f1dc9b30 | 1402 | DEFAULT: off |
17a0a4ee | 1403 | LOC: Config.onoff.accel_with_proxy |
934b03fc | 1404 | DOC_START |
1405 | If you want to use squid as both a local httpd accelerator | |
1406 | and as a proxy, change this to 'on'. | |
1407 | ||
1408 | httpd_accel_with_proxy off | |
1409 | DOC_END | |
1410 | ||
1411 | ||
1412 | NAME: httpd_accel_uses_host_header | |
1413 | COMMENT: on|off | |
1414 | TYPE: onoff | |
f1dc9b30 | 1415 | DEFAULT: off |
934b03fc | 1416 | LOC: opt_accel_uses_host |
1417 | DOC_START | |
1418 | HTTP/1.1 requests include a Host: header which is basically the | |
1419 | hostname from the URL. Squid can be an accelerator for | |
1420 | different HTTP servers by looking at this header. However, | |
1421 | Squid does NOT check the value of the Host header, so it opens | |
1422 | a big security hole. We recommend that this option remain | |
1423 | disabled unless you are sure of what you are doing. | |
1424 | ||
1425 | httpd_accel_uses_host_header off | |
1426 | DOC_END | |
1427 | ||
1428 | ||
1429 | # MISCELLANEOUS | |
1430 | #----------------------------------------------------------------------------- | |
1431 | ||
1432 | NAME: dns_testnames | |
1433 | TYPE: wordlist | |
1434 | LOC: Config.dns_testname_list | |
f1dc9b30 | 1435 | DEFAULT: none |
934b03fc | 1436 | DOC_START |
1437 | The DNS tests exit as soon as the first site is successfully looked up | |
1438 | ||
1439 | If you want to disable DNS tests, do not comment out or delete this | |
1440 | list. Instead use the -D command line option | |
1441 | ||
1442 | dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu | |
1443 | DOC_END | |
1444 | ||
1445 | ||
1446 | NAME: logfile_rotate | |
1447 | TYPE: int | |
1448 | DEFAULT: 10 | |
1449 | LOC: Config.Log.rotateNumber | |
1450 | DOC_START | |
1451 | Specifies the number of logfile rotations to make upon receiving | |
1452 | a USR1 signal. The default is 10, which will rotate with | |
1453 | extensions 0 through 9. Setting logfile_rotate to 0 will | |
1454 | disable the rotation, but the logfiles are still closed and | |
1455 | re-opened. This will enable you to rename the logfiles yourself | |
1456 | just before sending a USR1 signal to the squid process. | |
1457 | ||
1458 | logfile_rotate 10 | |
1459 | DOC_END | |
1460 | ||
1461 | ||
1462 | NAME: append_domain | |
f1dc9b30 | 1463 | TYPE: string |
1464 | LOC: Config.appendDomain | |
1465 | DEFAULT: none | |
934b03fc | 1466 | DOC_START |
1467 | Appends local domain name to hostnames without any dots in them. | |
1468 | append_domain must begin with a period. | |
1469 | ||
1470 | append_domain .yourdomain.com | |
1471 | DOC_END | |
1472 | ||
1473 | ||
1474 | NAME: tcp_recv_bufsize | |
89de058c | 1475 | COMMENT: (bytes) |
1b635117 | 1476 | TYPE: b_size_t |
89de058c | 1477 | DEFAULT: 0 bytes |
934b03fc | 1478 | LOC: Config.tcpRcvBufsz |
1479 | DOC_START | |
1480 | Size of receive buffer to set for TCP sockets. Probably just | |
1481 | as easy to change your kernel's default. Set to zero to use | |
1482 | the default buffer size. | |
1483 | ||
89de058c | 1484 | tcp_recv_bufsize 0 bytes |
934b03fc | 1485 | DOC_END |
1486 | ||
0153d498 | 1487 | NAME: proxy_auth_passwd |
1488 | TYPE: string | |
1489 | LOC: Config.proxyAuth.File | |
1273d501 | 1490 | DEFAULT: none |
0153d498 | 1491 | DOC_NONE |
934b03fc | 1492 | |
0153d498 | 1493 | NAME: proxy_auth_ignore |
1494 | TYPE: regexlist | |
1495 | LOC: Config.proxyAuth.IgnoreDomains | |
1273d501 | 1496 | DEFAULT: none |
0153d498 | 1497 | DOC_START |
934b03fc | 1498 | 'passwd_file' is an apache-style file of passwords for |
1499 | authenticated proxy access Looks like user:password, with the | |
1500 | password being standard crypt() format. Proxy authentication | |
1501 | is disabled by default. | |
1502 | ||
0153d498 | 1503 | 'proxy_auth_ignore' is a regular-expression list of domain names |
1504 | (source or destination??) | |
1505 | for which authorization will *not* be required. | |
934b03fc | 1506 | |
1507 | NOTE, proxy_auth support is not compiled into Squid by default. | |
1508 | To use this feature you must enable the USE_PROXY_AUTH option | |
1509 | near the top of src/Makefile. | |
1510 | ||
0153d498 | 1511 | Insert -i to get case-insensitive regular expressions. |
1512 | ||
1513 | proxy_auth_passwd /dev/null | |
1514 | proxy_auth_ignore | |
934b03fc | 1515 | DOC_END |
1516 | ||
1517 | ||
1518 | NAME: err_html_text | |
f1dc9b30 | 1519 | TYPE: eol |
1520 | LOC: Config.errHtmlText | |
1521 | DEFAULT: none | |
934b03fc | 1522 | DOC_START |
1523 | HTML text to include in error messages. Make this a "mailto" | |
1524 | URL to your admin address, or maybe just a link to your | |
1525 | organizations Web page. | |
1526 | ||
1527 | err_html_text | |
1528 | DOC_END | |
1529 | ||
1530 | ||
1531 | NAME: deny_info | |
1532 | TYPE: denyinfo | |
1533 | LOC: Config.denyInfoList | |
f1dc9b30 | 1534 | DEFAULT: none |
934b03fc | 1535 | DOC_START |
1536 | Usage: deny_info URL acl | |
1537 | ||
1538 | This can be used to return a HTTP redirect for requests which | |
1539 | do not pass the 'http_access' rules. A single ACL will cause | |
1540 | the http_access check to fail. If a 'deny_info' line exists | |
1541 | for that ACL then Squid returns a redirect to the given URL. | |
1542 | DOC_END | |
1543 | ||
1544 | ||
1545 | NAME: udp_hit_obj | |
1546 | COMMENT: on|off | |
1547 | TYPE: onoff | |
f1dc9b30 | 1548 | DEFAULT: off |
934b03fc | 1549 | LOC: opt_udp_hit_obj |
1550 | DOC_START | |
1551 | If set, Squid will request UDP_HIT_OBJ replies from its | |
1552 | neighbors. UDP_HIT_OBJ is nice because it saves bandwidth, but | |
1553 | it can cause some other problems. For one it complicates | |
1554 | calculating hit rates. Also, problems arise because the ICP | |
1555 | query does not contain any HTTP request headers which may | |
1556 | affect the reply. | |
1557 | ||
1558 | udp_hit_obj off | |
1559 | DOC_END | |
1560 | ||
1561 | ||
1562 | NAME: udp_hit_obj_size | |
89de058c | 1563 | COMMENT: (bytes) |
1b635117 | 1564 | TYPE: b_size_t |
934b03fc | 1565 | LOC: Config.udpMaxHitObjsz |
89de058c | 1566 | DEFAULT: 0 bytes |
934b03fc | 1567 | DOC_START |
1568 | If set, Squid will limit UDP_HIT_OBJ size to be less than | |
1569 | this value. Setting this value to more than SQUID_UDP_SO_SNDBUF | |
1570 | will not work as expected. Set to zero to select the size | |
1571 | permited by the socket. | |
89de058c | 1572 | udp_hit_obj_size 0 bytes |
934b03fc | 1573 | DOC_END |
1574 | ||
1575 | ||
1576 | NAME: memory_pools | |
1577 | COMMENT: on|off | |
1578 | TYPE: onoff | |
f1dc9b30 | 1579 | DEFAULT: on |
934b03fc | 1580 | LOC: opt_mem_pools |
1581 | DOC_START | |
1582 | If set, Squid will keep pools of allocated (but unused) memory | |
1583 | available for future use. If memory is a premium on your | |
1584 | system, disable this. | |
1585 | ||
1586 | memory_pools on | |
1587 | DOC_END | |
1588 | ||
1589 | NAME: forwarded_for | |
1590 | COMMENT: on|off | |
1591 | TYPE: onoff | |
f1dc9b30 | 1592 | DEFAULT: on |
934b03fc | 1593 | LOC: opt_forwarded_for |
1594 | DOC_START | |
1595 | If set, Squid will include your system's IP address or name | |
1596 | in the HTTP requests it forwards. By default it looks like | |
1597 | this: | |
1598 | ||
1599 | X-Forwarded-For: 192.1.2.3 | |
1600 | ||
1601 | If you disable this, it will appear as | |
1602 | ||
1603 | X-Forwarded-For: unknown | |
1604 | ||
1605 | forwarded_for on | |
1606 | DOC_END | |
1607 | ||
1608 | NAME: log_icp_queries | |
1609 | COMMENT: on|off | |
1610 | TYPE: onoff | |
f1dc9b30 | 1611 | DEFAULT: on |
17a0a4ee | 1612 | LOC: Config.onoff.log_udp |
934b03fc | 1613 | DOC_START |
1614 | If set, ICP queries are logged to access.log. ICP logging | |
1615 | is enabled by default, so uncomment and change the line | |
1616 | below to disable it. | |
1617 | ||
1618 | log_icp_queries on | |
1619 | DOC_END | |
1620 | ||
88738790 | 1621 | NAME: icp_hit_stale |
1622 | COMMENT: on|off | |
1623 | TYPE: onoff | |
1624 | DEFAULT: off | |
17a0a4ee | 1625 | LOC: Config.onoff.icp_hit_stale |
88738790 | 1626 | DOC_START |
1627 | If you want to return ICP_HIT for stale cache objects, set this | |
1628 | option to 'on'. If you have sibling relationships with caches | |
1629 | in other administrative domains, this should be 'off'. If you only | |
1630 | have sibling relationships with caches under your control, then | |
1631 | it is probably okay to set this to 'on'. | |
1632 | ||
1633 | icp_hit_stale off | |
1634 | DOC_END | |
1635 | ||
934b03fc | 1636 | |
1637 | NAME: minimum_direct_hops | |
1638 | TYPE: int | |
1639 | DEFAULT: 4 | |
1640 | LOC: Config.minDirectHops | |
1641 | DOC_START | |
1642 | If using the ICMP pinging stuff, do direct fetches for sites | |
1643 | which are no more than this many hops away. | |
1644 | ||
1645 | minimum_direct_hops 4 | |
1646 | DOC_END | |
1647 | ||
1648 | ||
1649 | NAME: cachemgr_passwd | |
1650 | TYPE: cachemgrpasswd | |
86101e40 | 1651 | DEFAULT: none |
f1dc9b30 | 1652 | LOC: Config.passwd_list |
934b03fc | 1653 | DOC_START |
1654 | Specify passwords for cachemgr operations. | |
1655 | ||
1656 | Usage: cachemgr_passwd password action action ... | |
1657 | ||
1658 | valid actions are: | |
1659 | shutdown * | |
1660 | info | |
1661 | stats/objects | |
1662 | stats/vm_objects | |
1663 | stats/utilization | |
1664 | stats/ipcache | |
1665 | stats/fqdncache | |
1666 | stats/dns | |
1667 | stats/redirector | |
1668 | stats/io | |
1669 | stats/reply_headers | |
1670 | stats/filedescriptors | |
1671 | stats/netdb | |
1672 | log/status * | |
1673 | log/enable * | |
1674 | log/disable * | |
1675 | log/clear * | |
1676 | log * | |
1677 | parameter | |
1678 | server_list | |
1679 | client_list | |
1680 | squid.conf * | |
1681 | ||
1682 | * Indicates actions which will not be performed without a | |
1683 | valid password, others can be performed if not listed here. | |
1684 | ||
1685 | To disable an action, set the password to "disable". | |
1686 | To allow performing an action without a password, set the | |
1687 | password to "none". | |
1688 | ||
1689 | Use the keyword "all" to set the same password for all actions. | |
1690 | ||
1691 | cachemgr_passwd secret shutdown | |
1692 | cachemgr_passwd lesssssssecret info stats/objects | |
1693 | cachemgr_passwd disable all | |
1694 | DOC_END | |
1695 | ||
1696 | ||
1697 | # TAG: swap_level1_dirs | |
1698 | # Number of first-level directories to create for storing cached | |
1699 | # objects. Minimum 1, maximum 256, default 16. | |
1700 | # | |
1701 | #swap_level1_dirs 16 | |
1702 | ||
1703 | # TAG: swap_level2_dirs | |
1704 | # Number of sub-directories to create under each first-level | |
1705 | # directory. Minimum 1, maximum 256, default 256. | |
1706 | # | |
1707 | #swap_level2_dirs 256 | |
1708 | ||
1709 | NAME: store_avg_object_size | |
86101e40 | 1710 | COMMENT: (kbytes) |
1711 | TYPE: kb_size_t | |
89de058c | 1712 | DEFAULT: 20 KB |
934b03fc | 1713 | LOC: Config.Store.avgObjectSize |
1714 | DOC_START | |
1715 | Average object size, used to estimate number of objects your | |
1716 | cache can hold. See doc/Release-Notes-1.1.txt. The default is | |
1717 | 20K. | |
1718 | ||
89de058c | 1719 | store_avg_object_size 20 KB |
934b03fc | 1720 | DOC_END |
1721 | ||
1722 | NAME: store_objects_per_bucket | |
1723 | TYPE: int | |
1724 | DEFAULT: 50 | |
1725 | LOC: Config.Store.objectsPerBucket | |
1726 | DOC_START | |
1727 | Target number of objects per bucket in the store hash table. | |
1728 | Lowering this value increases the total number of buckets and | |
1729 | also the storage maintenance rate. The default is 20. | |
1730 | ||
1731 | store_objects_per_bucket 20 | |
1732 | DOC_END | |
1733 | ||
1734 | ||
1735 | NAME: http_anonymizer | |
1736 | TYPE: httpanonymizer | |
17a0a4ee | 1737 | LOC: Config.onoff.anonymizer |
f1dc9b30 | 1738 | DEFAULT: off |
934b03fc | 1739 | DOC_START |
1740 | If you want to filter out certain HTTP request headers for | |
1741 | privacy reasons, enable this option. There are three | |
1742 | appropriate settings: | |
1743 | 'off' All HTTP request headers are passed. | |
1744 | 'standard' Specific headers are removed | |
1745 | 'paranoid' Only specific headers are allowed. | |
1746 | To see which headers are allowed or denied, please see the | |
1747 | http-anon.c source file. | |
1748 | ||
1749 | http_anonymizer off | |
1750 | DOC_END | |
1751 | ||
1752 | ||
1753 | NAME: client_db | |
1754 | COMMENT: on|off | |
1755 | TYPE: onoff | |
f1dc9b30 | 1756 | DEFAULT: on |
17a0a4ee | 1757 | LOC: Config.onoff.client_db |
934b03fc | 1758 | DOC_START |
1759 | If you want to disable collecting per-client statistics, then | |
1760 | turn off client_db here. | |
1761 | ||
1762 | client_db on | |
1763 | DOC_END | |
1764 | ||
1765 | ||
1766 | NAME: netdb_low | |
1767 | TYPE: int | |
1768 | DEFAULT: 900 | |
1769 | LOC: Config.Netdb.low | |
1770 | DOC_NONE | |
1771 | ||
1772 | NAME: netdb_high | |
1773 | TYPE: int | |
1774 | DEFAULT: 1000 | |
1775 | LOC: Config.Netdb.high | |
1776 | DOC_START | |
1777 | The low and high water marks for the ICMP measurement | |
1778 | database. These are counts, not percents. The defaults are | |
1779 | 900 and 1000. When the high water mark is reached, database | |
1780 | entries will be deleted until the low mark is reached. | |
1781 | ||
1782 | netdb_low 900 | |
1783 | netdb_high 1000 | |
1784 | DOC_END | |
1785 | ||
1786 | ||
1787 | NAME: netdb_ping_period | |
f1dc9b30 | 1788 | TYPE: time_t |
934b03fc | 1789 | LOC: Config.Netdb.period |
9e975e4e | 1790 | DEFAULT: 5 minutes |
934b03fc | 1791 | DOC_START |
1792 | The minimum period for measuring a site. There will be at | |
1793 | least this much delay between successive pings to the same | |
1794 | network. The default is five minutes. | |
1795 | ||
1796 | netdb_ping_period 5 minutes | |
1797 | DOC_END | |
1798 | ||
1799 | ||
1800 | NAME: query_icmp | |
1801 | COMMENT: on|off | |
1802 | TYPE: onoff | |
f1dc9b30 | 1803 | DEFAULT: off |
17a0a4ee | 1804 | LOC: Config.onoff.query_icmp |
934b03fc | 1805 | DOC_START |
1806 | If you want to ask your peers to include ICMP data in their ICP | |
1807 | replies, enable this option. | |
1808 | ||
1809 | If your peer has built squid with '-DUSE_ICMP=1' then that peer | |
1810 | will send ICMP pings to origin server sites of the URLs it | |
1811 | receives. If you enable this option then the ICP replies from | |
1812 | that peer will include the ICMP data (if available). Then, | |
1813 | when choosing a parent cache, Squid will choose the parent with | |
1814 | the minimal RTT to the origin server. When this happens, the | |
1815 | hierarchy field of the access.log will be | |
1816 | "CLOSEST_PARENT_MISS". This option is off by default. | |
1817 | ||
1818 | query_icmp off | |
1819 | DOC_END | |
1820 | ||
78f1250a | 1821 | NAME: buffered_logs |
1822 | COMMENT: on|off | |
1823 | TYPE: onoff | |
1824 | DEFAULT: off | |
17a0a4ee | 1825 | LOC: Config.onoff.buffered_logs |
78f1250a | 1826 | DOC_START |
1827 | Some log files (cache.log, useragent.log) are written with | |
1828 | stdio functions, and as such they can be buffered or | |
1829 | unbuffered. By default they will be unbuffered. | |
1830 | buffered_logs off | |
1831 | DOC_END | |
1832 | ||
934b03fc | 1833 | NAME: always_direct |
1834 | TYPE: acl_access | |
1835 | LOC: Config.accessList.AlwaysDirect | |
f1dc9b30 | 1836 | DEFAULT: none |
934b03fc | 1837 | DOC_START |
1838 | XXX need docs | |
1839 | DOC_END | |
1840 | ||
1841 | NAME: never_direct | |
1842 | TYPE: acl_access | |
1843 | LOC: Config.accessList.NeverDirect | |
f1dc9b30 | 1844 | DEFAULT: none |
934b03fc | 1845 | DOC_START |
1846 | XXX need docs | |
1847 | DOC_END | |
1848 | ||
1849 | #NAME: proxy_auth_ignore | |
1850 | #TYPE: regexplist_icase | |
1851 | #LOC: Config.proxyAuth.IgnoreDomains | |
1852 | #DOC_START | |
1853 | # XXX need docs | |
1854 | #DOC_END | |
1855 | ||
88738790 | 1856 | NAME: fake_user_agent |
1857 | TYPE: eol | |
1858 | LOC: Config.fake_ua | |
1859 | DEFAULT: none | |
1860 | DOC_START | |
1861 | If you use the paranoid http_anonymizer setting, Squid will strip | |
1862 | your User-agent string from the request. Some Web servers will | |
1863 | refuse your request without a User-agent string. Use this to | |
1864 | fake one up. For example: | |
1865 | ||
1866 | fake_user_agent Nutscrape/1.0 (CP/M; 8-bit) | |
1867 | (credit to Paul Southworth pauls@etext.org for this one!) | |
1868 | ||
1869 | fake_user_agent none | |
1870 | DOC_END | |
1871 | ||
365cb147 | 1872 | NAME: icon_directory |
1873 | TYPE: pathname_stat | |
1874 | LOC: Config.icons.directory | |
1875 | DEFAULT: @DEFAULT_ICON_DIR@ | |
1876 | DOC_START | |
1877 | XXX | |
1878 | DOC_END | |
1879 | ||
9b312a19 | 1880 | NAME: error_directory |
1881 | TYPE: pathname_stat | |
1882 | LOC: Config.errorDirectory | |
1883 | DEFAULT: @DEFAULT_ERROR_DIR@ | |
1884 | DOC_START | |
1885 | XXX | |
1886 | DOC_END | |
1887 | ||
365cb147 | 1888 | NAME: icon_content_type |
1889 | TYPE: string | |
1890 | LOC: Config.icons.content_type | |
1891 | DEFAULT: image/gif | |
1892 | DOC_START | |
1893 | XXX | |
1894 | DOC_END | |
88738790 | 1895 | |
934b03fc | 1896 | EOF |