]>
Commit | Line | Data |
---|---|---|
934b03fc | 1 | NAME: http_port ascii_port |
2 | TYPE: ushortlist | |
f53b06f9 | 3 | DEFAULT: none |
4 | DEFAULT_IF_NONE: 3128 | |
934b03fc | 5 | LOC: Config.Port.http |
6 | DOC_START | |
7 | The port number where squid will listen for HTTP client | |
8 | requests. Default is 3128, for httpd-accel mode use port 80. | |
9 | May be overridden with -a on the command line. | |
10 | ||
11 | You may specify multiple ports here, but they MUST all be on | |
12 | a single line. | |
13 | ||
14 | http_port 3128 | |
15 | DOC_END | |
16 | ||
17 | ||
18 | NAME: icp_port udp_port | |
19 | TYPE: ushort | |
20 | DEFAULT: 3130 | |
21 | LOC: Config.Port.icp | |
22 | DOC_START | |
23 | The port number where squid send and receive ICP requests to | |
24 | and from neighbor caches. Default is 3130. To disable use | |
25 | "0". May be overridden with -u on the command line. | |
26 | ||
27 | icp_port 3130 | |
28 | DOC_END | |
29 | ||
30 | ||
31 | NAME: mcast_groups | |
32 | TYPE: wordlist | |
33 | LOC: Config.mcast_group_list | |
1273d501 | 34 | DEFAULT: none |
934b03fc | 35 | DOC_START |
36 | This tag specifies a list of multicast groups which your | |
37 | server should join to receive multicasted ICP requests. | |
38 | ||
39 | NOTE! Be very careful what you put here! Be sure you | |
40 | understand the difference between an ICP _query_ and an ICP | |
41 | _reply_. This option is to be set only if you want to RECEIVE | |
42 | multicast queries. Do NOT set this option to SEND multicast | |
a95856a0 | 43 | ICP (use cache_peer for that). ICP replies are always sent via |
934b03fc | 44 | unicast, so this option does not affect whether or not you will |
45 | receive replies from multicast group members. | |
46 | ||
47 | You must be very careful to NOT use a multicast address which | |
48 | is already in use by another group of caches. NLANR has been | |
49 | assigned a block of multicast address space for use in Web | |
50 | Caching. Plese write to us at nlanr-cache@nlanr.net to receive | |
51 | an address for your own use. | |
52 | ||
53 | Usage: mcast_groups 239.128.16.128 224.0.1.20 | |
54 | ||
55 | By default, squid doesn't listen on any multicast groups. | |
56 | ||
57 | mcast_groups 239.128.16.128 | |
58 | DOC_END | |
59 | ||
60 | ||
61 | NAME: tcp_incoming_address bind_address | |
62 | TYPE: address | |
63 | LOC: Config.Addrs.tcp_incoming | |
270b86af | 64 | DEFAULT: 0.0.0.0 |
934b03fc | 65 | DOC_NONE |
66 | ||
67 | NAME: tcp_outgoing_address outbound_address | |
68 | TYPE: address | |
69 | LOC: Config.Addrs.tcp_outgoing | |
270b86af | 70 | DEFAULT: 255.255.255.255 |
934b03fc | 71 | DOC_NONE |
72 | ||
73 | NAME: udp_incoming_address | |
74 | TYPE: address | |
75 | LOC:Config.Addrs.udp_incoming | |
270b86af | 76 | DEFAULT: 0.0.0.0 |
934b03fc | 77 | DOC_NONE |
78 | ||
79 | NAME: udp_outgoing_address | |
80 | TYPE: address | |
81 | LOC: Config.Addrs.udp_outgoing | |
270b86af | 82 | DEFAULT: 255.255.255.255 |
934b03fc | 83 | DOC_START |
84 | Usage: tcp_incoming_address 10.20.30.40 | |
85 | udp_outgoing_address fully.qualified.domain.name | |
86 | ||
934b03fc | 87 | tcp_incoming_address is used for the HTTP socket which accepts |
88 | connections from clients and other caches. | |
89 | tcp_outgoing_address is used for connections made to remote | |
90 | servers and other caches. | |
91 | udp_incoming_address is used for the ICP socket receiving packets | |
92 | from other caches. | |
93 | udp_outgoing_address is used for ICP packets sent out to other | |
94 | caches. | |
95 | ||
96 | The defaults behaviour is to not bind to any specific address. | |
97 | ||
98 | NOTE, udp_incoming_address and udp_outgoing_address can not have | |
99 | the same value since they both use port 3130. | |
100 | ||
101 | tcp_incoming_address 0.0.0.0 | |
102 | tcp_outgoing_address 0.0.0.0 | |
103 | udp_incoming_address 0.0.0.0 | |
104 | udp_outgoing_address 0.0.0.0 | |
105 | DOC_END | |
106 | ||
107 | ||
108 | # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM | |
109 | #----------------------------------------------------------------------------- | |
110 | ||
40a1495e | 111 | NAME: cache_peer |
112 | TYPE: peer | |
1273d501 | 113 | DEFAULT: none |
0153d498 | 114 | LOC: Config.peers |
934b03fc | 115 | DOC_START |
116 | To specify other caches in a hierarchy, use the format: | |
117 | ||
118 | hostname type http_port icp_port | |
119 | ||
120 | For example, | |
121 | ||
122 | # proxy icp | |
123 | # hostname type port port options | |
124 | # -------------------- -------- ----- ----- ----------- | |
a95856a0 | 125 | cache_peer bigserver.usc.edu parent 3128 3130 [proxy-only] |
126 | cache_peer littleguy1.usc.edu sibling 3128 3130 [proxy-only] | |
127 | cache_peer littleguy1.usc.edu sibling 3128 3130 [proxy-only] | |
934b03fc | 128 | |
129 | type: either 'parent', 'sibling', or 'multicast'. | |
130 | ||
131 | proxy_port: The port number where the cache listens for proxy | |
132 | requests. | |
133 | ||
134 | icp_port: Used for querying neighbor caches about | |
135 | objects. To have a non-ICP neighbor | |
136 | specify '7' for the ICP port and make sure the | |
137 | neighbor machine has the UDP echo port | |
138 | enabled in its /etc/inetd.conf file. | |
139 | ||
140 | options: proxy-only | |
141 | weight=n | |
142 | ttl=n | |
143 | no-query | |
144 | default | |
145 | round-robin | |
146 | multicast-responder | |
b3264694 | 147 | closest-only |
934b03fc | 148 | |
149 | use 'proxy-only' to specify that objects fetched | |
150 | from this cache should not be saved locally. | |
151 | ||
152 | use 'weight=n' to specify a weighted parent. | |
153 | The weight must be an integer. The default weight | |
154 | is 1, larger weights are favored more. | |
155 | ||
156 | use 'ttl=n' to specify a IP multicast TTL to use | |
157 | when sending an ICP request to this address. | |
158 | Only useful when sending to a multicast group. | |
159 | Because we don't accept ICP replies from random | |
160 | hosts, you must configure other group members as | |
161 | peers with the 'multicast-responder' option below. | |
162 | ||
163 | use 'no-query' to NOT send ICP queries to this | |
164 | neighbor. | |
165 | ||
166 | use 'default' if this is a parent cache which can | |
167 | be used as a "last-resort." You should probably | |
168 | only use 'default' in situations where you cannot | |
169 | use ICP with your parent cache(s). | |
170 | ||
171 | use 'round-robin' to define a set of parents which | |
172 | should be used in a round-robin fashion in the | |
173 | absence of any ICP queries. | |
174 | ||
175 | 'multicast-responder' indicates that the named peer | |
176 | is a member of a multicast group. ICP queries will | |
177 | not be sent directly to the peer, but ICP replies | |
178 | will be accepted from it. | |
179 | ||
b3264694 | 180 | 'closest-only' indicates that, for ICP_OP_MISS |
181 | replies, we'll only forward CLOSEST_PARENT_MISSes | |
182 | and never FIRST_PARENT_MISSes. | |
183 | ||
934b03fc | 184 | NOTE: non-ICP neighbors must be specified as 'parent'. |
185 | ||
a95856a0 | 186 | cache_peer hostname type 3128 3130 |
934b03fc | 187 | DOC_END |
188 | ||
189 | ||
190 | NAME: cache_host_domain | |
191 | TYPE: hostdomain | |
f1dc9b30 | 192 | DEFAULT: none |
193 | LOC: none | |
934b03fc | 194 | DOC_START |
195 | Use to limit the domains for which a neighbor cache will be queried. | |
196 | Usage: | |
197 | ||
198 | cache_host_domain cache-host domain [domain ...] | |
199 | cache_host_domain cache-host !domain | |
200 | ||
201 | For example, specifying | |
202 | ||
203 | cache_host_domain bigserver.usc.edu .edu | |
204 | ||
205 | has the effect such that UDP query packets are sent to | |
206 | 'bigserver' only when the requested object exists on a | |
207 | server in the .edu domain. Prefixing the domainname | |
208 | with '!' means that the cache will be queried for objects | |
209 | NOT in that domain. | |
210 | ||
211 | NOTE: * Any number of domains may be given for a cache-host, | |
212 | either on the same or separate lines. | |
213 | * When multiple domains are given for a particular | |
214 | cache-host, the first matched domain is applied. | |
215 | * Cache hosts with no domain restrictions are queried | |
216 | for all requests. | |
217 | * There are no defaults. | |
218 | * There is also a 'cache_host_acl' tag in the ACL | |
219 | section. | |
220 | DOC_END | |
221 | ||
222 | ||
223 | NAME: neighbor_type_domain | |
224 | TYPE: hostdomaintype | |
f1dc9b30 | 225 | DEFAULT: none |
226 | LOC: none | |
934b03fc | 227 | DOC_START |
228 | usage: neighbor_type_domain parent|sibling domain domain ... | |
229 | ||
230 | Modifying the neighbor type for specific domains is now | |
231 | possible. You can treat some domains differently than the the | |
a95856a0 | 232 | default neighbor type specified on the 'cache_peer' line. |
934b03fc | 233 | Normally it should only be necessary to list domains which |
234 | should be treated differently because the default neighbor type | |
235 | applies for hostnames which do not match domains listed here. | |
236 | ||
237 | EXAMPLE: | |
a95856a0 | 238 | cache_peer parent cache.foo.org 3128 3130 |
934b03fc | 239 | neighbor_type_domain cache.foo.org sibling .com .net |
240 | neighbor_type_domain cache.foo.org sibling .au .de | |
241 | DOC_END | |
242 | ||
243 | NAME: single_parent_bypass | |
244 | COMMENT: on|off | |
245 | TYPE: onoff | |
f1dc9b30 | 246 | DEFAULT: off |
17a0a4ee | 247 | LOC: Config.onoff.single_parent_bypass |
934b03fc | 248 | DOC_START |
249 | This tag specifies that it is okay to bypass the hierarchy | |
250 | "Pinging" when there is only a single parent for a given URL. | |
251 | ||
252 | Usage: single_parent_bypass on|off | |
253 | ||
254 | Before actually sending ICP "ping" packets to parents and | |
255 | neighbors, we figure out which hosts would be pinged based | |
256 | on the cache_host_domain rules, etc. Often it may be the | |
257 | case that only a single parent cache would be pinged. | |
258 | ||
259 | Since there is only a single parent, there is a very good | |
260 | chance that we will end up fetching the object from that | |
261 | parent. For this reason, it may be beneficial to avoid | |
262 | the ping and just fetch the object anyway. | |
263 | ||
264 | However, if we avoid the ping, we will be assuming that the | |
265 | parent host is reachable and that the cache process is running. | |
266 | By using the ping, we can be reasonably sure that the parent | |
267 | host will be able to handle our request. If the ping fails then | |
268 | it may be possible to fetch the object directly from the source. | |
269 | ||
270 | To favor the resiliency provided by the ping algorithm, | |
271 | single_parent_bypass is 'off' by default. | |
272 | ||
273 | single_parent_bypass off | |
274 | DOC_END | |
275 | ||
276 | ||
277 | NAME: source_ping | |
278 | COMMENT: on|off | |
279 | TYPE: onoff | |
f1dc9b30 | 280 | DEFAULT: off |
17a0a4ee | 281 | LOC: Config.onoff.source_ping |
934b03fc | 282 | DOC_START |
283 | If source_ping is enabled, then squid will include the source | |
284 | provider site in its selection algorithm. This is accomplished | |
285 | by sending ICP "HIT" packets to the UDP echo port of the source | |
286 | host. Note that using source_ping may send a fair amount of UDP | |
287 | traffic out on the Internet and may irritate paranoid network | |
288 | administrators. | |
289 | ||
290 | Note that source_ping is incompatible with inside_firewall. | |
291 | For hosts beyond the firewall, source_ping packets will never | |
292 | be sent. | |
293 | ||
294 | By default, source_ping is off. | |
295 | ||
296 | source_ping off | |
297 | DOC_END | |
298 | ||
299 | ||
300 | NAME: neighbor_timeout neighbour_timeout | |
301 | COMMENT: (seconds) | |
9e975e4e | 302 | DEFAULT: 2 seconds |
f1dc9b30 | 303 | TYPE: time_t |
934b03fc | 304 | LOC: Config.neighborTimeout |
305 | DOC_START | |
306 | This controls how long to wait for replies from neighbor caches. | |
307 | If none of the parent or neighbor caches reply before this many | |
308 | seconds (due to dropped packets or slow links), then the object | |
309 | request will be satisfied from the default source. The default | |
310 | timeout is two seconds. | |
311 | ||
312 | neighbor_timeout 2 seconds | |
313 | DOC_END | |
314 | ||
315 | ||
316 | NAME: hierarchy_stoplist | |
317 | TYPE: wordlist | |
1273d501 | 318 | DEFAULT: none |
934b03fc | 319 | LOC: Config.hierarchy_stoplist |
320 | DOC_START | |
321 | A list of words which, if found in a URL, cause the object to | |
322 | be handled directly by this cache. In other words, use this | |
323 | to not query neighbor caches for certain objects. You may | |
324 | list this option multiple times. | |
325 | ||
326 | The default is to directly fetch URLs containing 'cgi-bin' or '?'. | |
327 | ||
328 | hierarchy_stoplist cgi-bin ? | |
329 | DOC_END | |
330 | ||
331 | ||
332 | NAME: cache_stoplist | |
333 | TYPE: wordlist | |
1273d501 | 334 | DEFAULT: none |
934b03fc | 335 | LOC: Config.cache_stoplist |
336 | DOC_START | |
337 | A list of words which, if found in a URL, cause the object to | |
338 | immediately removed from the cache. In other words, use this | |
339 | to force certain objects to never be cached. You may list this | |
340 | option multiple times. | |
341 | ||
342 | The default is to not cache URLs containing 'cgi-bin' or '?'. | |
343 | ||
344 | cache_stoplist cgi-bin ? | |
345 | DOC_END | |
346 | ||
347 | ||
348 | NAME: cache_stoplist_pattern | |
934b03fc | 349 | TYPE: regexlist |
350 | LOC: Config.cache_stop_relist | |
1273d501 | 351 | DEFAULT: none |
934b03fc | 352 | DOC_START |
353 | Just like 'cache_stoplist' but you can use regular expressions | |
354 | instead of simple string matching. There is no default. | |
0153d498 | 355 | Insert -i to get case-insensitive regular expressions. |
934b03fc | 356 | |
357 | cache_stoplist_pattern | |
358 | DOC_END | |
359 | ||
360 | ||
361 | # OPTIONS WHICH AFFECT THE CACHE SIZE | |
362 | #----------------------------------------------------------------------------- | |
363 | ||
364 | ||
365 | NAME: cache_mem | |
9906e724 | 366 | COMMENT: (bytes) |
1b635117 | 367 | TYPE: b_size_t |
9906e724 | 368 | DEFAULT: 8 MB |
934b03fc | 369 | LOC: Config.Mem.maxSize |
370 | DOC_START | |
371 | Maximum amout of VM used to store objects in memory. | |
372 | This includes: | |
373 | in-transit objects, | |
374 | negative-cached objects, | |
375 | "hot" objects | |
376 | The value of cache_mem is an upper limit on the size of the | |
377 | "in-memory object data" pool. This is a pool of 4k pages used | |
378 | to hold object data. | |
379 | ||
380 | In-transit objects have priority over the others. When | |
381 | additional space is needed for incoming data, negative-cached | |
382 | and hot objects will be released. In other words, the | |
383 | negative-cached and hot objects will fill up any unused space | |
384 | not needed for in-transit objects. | |
385 | ||
386 | The values of cache_mem_low and cache_mem_high (below) can be | |
387 | used to tune the use of the memory pool. When the high mark is | |
388 | reached, in-transit and hot objects will be released to clear | |
389 | space. When an object transfer is completed, it will remain in | |
390 | memory only if the current memory usage is below the low water | |
391 | mark. | |
392 | ||
393 | The default is 8 Megabytes. | |
394 | ||
9906e724 | 395 | cache_mem 8 MB |
934b03fc | 396 | DOC_END |
397 | ||
398 | ||
399 | NAME: cache_swap_low | |
400 | COMMENT: (percent, 0-100) | |
401 | TYPE: int | |
402 | DEFAULT: 90 | |
403 | LOC: Config.Swap.lowWaterMark | |
404 | DOC_NONE | |
405 | ||
406 | NAME: cache_swap_high | |
407 | COMMENT: (percent, 0-100) | |
408 | TYPE: int | |
409 | DEFAULT: 95 | |
410 | LOC: Config.Swap.highWaterMark | |
411 | DOC_START | |
412 | The low- and high-water marks for cache LRU replacement. | |
413 | LRU replacement begins when the high-water mark is reached | |
414 | and ends when enough objects have been removed and the low-water | |
415 | mark is reached. Defaults are 90% and 95%. | |
416 | ||
417 | cache_swap_low 90 | |
418 | cache_swap_high 95 | |
419 | DOC_END | |
420 | ||
421 | ||
422 | NAME: cache_mem_low | |
423 | COMMENT: (in percent, 0-100) | |
424 | TYPE: int | |
425 | DEFAULT: 75 | |
426 | LOC: Config.Mem.lowWaterMark | |
427 | DOC_NONE | |
428 | ||
429 | NAME: cache_mem_high | |
430 | COMMENT: (in percent, 0-100) | |
431 | TYPE: int | |
432 | DEFAULT: 95 | |
433 | LOC: Config.Mem.highWaterMark | |
434 | DOC_START | |
435 | The low- and high-water mark for cache memory storage. When | |
436 | the amount of RAM used by the hot-object RAM cache reaches this | |
437 | point, the cache starts throwing objects out of the RAM cache | |
438 | (but they remain on disk). Defaults are 75% and 90%. | |
439 | ||
440 | cache_mem_low 75 | |
441 | cache_mem_high 90 | |
442 | DOC_END | |
443 | ||
444 | ||
445 | NAME: maximum_object_size | |
9e975e4e | 446 | COMMENT: (bytes) |
1b635117 | 447 | TYPE: b_size_t |
9906e724 | 448 | DEFAULT: 4096 KB |
934b03fc | 449 | LOC: Config.Store.maxObjectSize |
450 | DOC_START | |
451 | Objects larger than this size will NOT be saved on disk. The | |
452 | value is specified in kilobytes, and the default is 4MB. | |
453 | ||
9906e724 | 454 | maximum_object_size 4096 KB |
934b03fc | 455 | DOC_END |
456 | ||
457 | ||
458 | NAME: ipcache_size | |
459 | COMMENT: (number of entries) | |
460 | TYPE: int | |
461 | DEFAULT: 1024 | |
462 | LOC: Config.ipcache.size | |
463 | DOC_NONE | |
464 | ||
465 | NAME: ipcache_low | |
466 | COMMENT: (percent) | |
467 | TYPE: int | |
468 | DEFAULT: 90 | |
469 | LOC: Config.ipcache.low | |
470 | DOC_NONE | |
471 | ||
472 | NAME: ipcache_high | |
473 | COMMENT: (percent) | |
474 | TYPE: int | |
475 | DEFAULT: 95 | |
476 | LOC: Config.ipcache.high | |
477 | DOC_START | |
478 | The size, low-, and high-water marks for the IP cache. | |
479 | ||
480 | ipcache_size 1024 | |
481 | ipcache_low 90 | |
482 | ipcache_high 95 | |
483 | DOC_END | |
484 | ||
485 | ||
486 | # LOGFILE PATHNAMES AND CACHE DIRECTORIES | |
487 | #----------------------------------------------------------------------------- | |
488 | ||
489 | NAME: cache_dir | |
490 | TYPE: cachedir | |
f1dc9b30 | 491 | DEFAULT: none |
f53b06f9 | 492 | DEFAULT_IF_NONE: @DEFAULT_SWAP_DIR@ 100 256 16 |
f1dc9b30 | 493 | LOC: Config.cacheSwap |
934b03fc | 494 | DOC_START |
495 | Directory for on-disk cache storage. The cache will change into | |
496 | this directory when running. The default is | |
497 | /usr/local/squid/cache. | |
498 | ||
499 | You can specify multiple cache_dir lines to spread the | |
500 | cache among different disk partitions. | |
501 | ||
a95856a0 | 502 | cache_dir /usr/local/squid/cache 1000 16 256 |
934b03fc | 503 | DOC_END |
504 | ||
505 | ||
506 | NAME: cache_access_log | |
507 | TYPE: string | |
d0b98f84 | 508 | DEFAULT: @DEFAULT_ACCESS_LOG@ |
934b03fc | 509 | LOC: Config.Log.access |
510 | DOC_START | |
511 | Logs the client request activity. Contains an entry for | |
512 | every HTTP and ICP request received. | |
513 | ||
514 | cache_access_log /usr/local/squid/logs/access.log | |
515 | DOC_END | |
516 | ||
517 | ||
518 | NAME: cache_log | |
519 | TYPE: string | |
0153d498 | 520 | DEFAULT: @DEFAULT_CACHE_LOG@ |
934b03fc | 521 | LOC: Config.Log.log |
522 | DOC_START | |
523 | Cache logging file. Set logging levels with "debug_options" below. | |
524 | ||
0153d498 | 525 | cache_log @DEFAULT_CACHE_LOG@ |
934b03fc | 526 | DOC_END |
527 | ||
528 | ||
529 | NAME: cache_store_log | |
530 | TYPE: string | |
0153d498 | 531 | DEFAULT: @DEFAULT_STORE_LOG@ |
934b03fc | 532 | LOC: Config.Log.store |
533 | DOC_START | |
534 | Logs the activities of the storage manager. Shows which | |
535 | objects are ejected from the cache, and which objects are | |
536 | saved and for how long. To disable, enter "none". | |
537 | ||
0153d498 | 538 | cache_store_log @DEFAULT_STORE_LOG@ |
934b03fc | 539 | DOC_END |
540 | ||
541 | ||
542 | NAME: cache_swap_log | |
543 | TYPE: string | |
544 | LOC: Config.Log.swap | |
1273d501 | 545 | DEFAULT: none |
934b03fc | 546 | DOC_START |
d0d3ec94 | 547 | Location for the cache "swap.log." This log file holds the |
934b03fc | 548 | metadata of objects saved on disk. It is used to rebuild the |
549 | cache during startup. Normally this file resides in the first | |
550 | 'cache_dir' directory, but you may specify an alternate | |
551 | pathname here. Note you must give a full filename, not just | |
552 | a directory. | |
553 | ||
554 | cache_swap_log | |
555 | DOC_END | |
556 | ||
557 | ||
558 | NAME: emulate_httpd_log | |
559 | COMMENT: on|off | |
560 | TYPE: onoff | |
f1dc9b30 | 561 | DEFAULT: off |
17a0a4ee | 562 | LOC: Config.onoff.common_log |
934b03fc | 563 | DOC_START |
564 | The Cache can emulate the log file format which many 'httpd' | |
565 | programs use. To disable/enable this emulation, set | |
566 | emulate_httpd_log to 'off' or 'on'. The default | |
567 | is to use the native log format. | |
568 | ||
569 | emulate_httpd_log off | |
570 | DOC_END | |
571 | ||
572 | ||
573 | NAME: mime_table | |
0153d498 | 574 | TYPE: pathname_stat |
575 | DEFAULT: @DEFAULT_MIME_TABLE@ | |
934b03fc | 576 | LOC: Config.mimeTablePathname |
577 | DOC_START | |
578 | Pathname to Squid's MIME table which has the format | |
579 | ||
580 | regex content-type icon content-encoding transfer-mode | |
581 | ||
0153d498 | 582 | mime_table @DEFAULT_MIME_TABLE@ |
934b03fc | 583 | DOC_END |
584 | ||
585 | ||
586 | NAME: log_mime_hdrs | |
587 | COMMENT: on|off | |
588 | TYPE: onoff | |
17a0a4ee | 589 | LOC: Config.onoff.log_mime_hdrs |
f1dc9b30 | 590 | DEFAULT: off |
934b03fc | 591 | DOC_START |
592 | The Cache can record both the request and the response | |
593 | MIME headers for each HTTP transaction. The headers are | |
594 | encoded safely and will appear as two bracketed fields | |
595 | at the end of the access log (for either the native | |
596 | or httpd-emulated log formats). To enable this logging | |
597 | set log_mime_hdrs to 'on'. | |
598 | ||
599 | NOTE: support for this may require you to define | |
600 | LOG_FULL_HEADERS before compiling. | |
601 | ||
602 | log_mime_hdrs off | |
603 | DOC_END | |
604 | ||
605 | ||
606 | NAME: useragent_log | |
607 | TYPE: string | |
608 | LOC: Config.Log.useragent | |
f1dc9b30 | 609 | DEFAULT: none |
934b03fc | 610 | DOC_START |
611 | If compiled with "-DUSE_USERAGENT_LOG=1" Squid will write | |
612 | the User-Agent field from HTTP requests to the filename | |
613 | specified here. By default useragent_log is disabled. | |
614 | ||
615 | useragent_log none | |
616 | DOC_END | |
617 | ||
618 | ||
619 | NAME: pid_filename | |
620 | TYPE: string | |
0153d498 | 621 | DEFAULT: @DEFAULT_PID_FILE@ |
934b03fc | 622 | LOC: Config.pidFilename |
623 | DOC_START | |
624 | A pathname to write the process-id to. To disable, enter "none". | |
625 | ||
0153d498 | 626 | pid_filename @DEFAULT_PID_FILE@ |
934b03fc | 627 | DOC_END |
628 | ||
629 | ||
630 | NAME: debug_options | |
f1dc9b30 | 631 | TYPE: eol |
934b03fc | 632 | DEFAULT: ALL,1 |
633 | LOC: Config.debugOptions | |
634 | DOC_START | |
635 | Logging options are set as section,level where each source file | |
636 | is assigned a unique section. Lower levels result in less | |
637 | output, Full debugging (level 9) can result in a very large | |
638 | log file, so be careful. The magic word "ALL" sets debugging | |
639 | levels for all sections. We recommend normally running with | |
640 | "ALL,1". | |
641 | ||
642 | debug_options ALL,1 | |
643 | DOC_END | |
644 | ||
645 | ||
646 | NAME: ident_lookup | |
647 | COMMENT: on|off | |
648 | TYPE: onoff | |
f1dc9b30 | 649 | DEFAULT: off |
17a0a4ee | 650 | LOC: Config.onoff.ident_lookup |
934b03fc | 651 | DOC_START |
652 | If you wish to make an RFC931/ident lookup of the client username | |
653 | for each connection, enable this. It is off by default. | |
654 | ||
655 | ident_lookup off | |
656 | DOC_END | |
657 | ||
658 | ||
659 | NAME: log_fqdn | |
660 | COMMENT: on|off | |
661 | TYPE: onoff | |
f1dc9b30 | 662 | DEFAULT: off |
17a0a4ee | 663 | LOC: Config.onoff.log_fqdn |
934b03fc | 664 | DOC_START |
665 | Turn this on if you wish to log fully qualified domain names | |
666 | in the access.log. | |
667 | ||
668 | log_fqdn off | |
669 | DOC_END | |
670 | ||
671 | ||
672 | NAME: client_netmask | |
673 | TYPE: address | |
674 | LOC: Config.Addrs.client_netmask | |
f1dc9b30 | 675 | DEFAULT: 255.255.255.255 |
934b03fc | 676 | DOC_START |
677 | A netmask for client addresses in logfiles and cachemgr output. | |
678 | Change this to protect the privacy of your cache clients. | |
679 | ||
680 | client_netmask 255.255.255.255 | |
681 | DOC_END | |
682 | ||
683 | ||
684 | # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS | |
685 | #----------------------------------------------------------------------------- | |
686 | ||
687 | # TAG: ftpget_program | |
688 | # Where to find the 'ftpget' program that retrieves FTP data (HTTP | |
689 | # and Gopher protocol support are built into the cache). | |
690 | # | |
691 | # To disable ftpget and the ability to retrieve FTP objects, set | |
692 | # this to "none". Note that ftpget is automatically disabled for | |
693 | # http_accel mode. | |
694 | # | |
695 | #ftpget_program @DEFAULT_FTPGET@ | |
696 | ||
697 | # TAG: ftpget_options | |
698 | # Options for the 'ftpget' program. Please run 'ftpget' without | |
699 | # any arguments to see a list of options. The default is | |
700 | # no options. An example is | |
701 | # | |
702 | # ftpget_options -n 60 -R -W | |
703 | # | |
704 | #ftpget_options | |
705 | ||
706 | NAME: ftp_user | |
707 | TYPE: string | |
708 | DEFAULT: squid@ | |
709 | LOC: Config.Ftp.anon_user | |
710 | DOC_START | |
711 | If you want the anonymous login password to be more informative | |
712 | (and enable the use of picky ftp servers), set this to something | |
713 | resonable for your domain, like wwwuser@somewhere.net | |
714 | ||
715 | The reason why this is domainless by default is that the | |
716 | request can be made on the behalf of a user in any domain, | |
717 | depending on how the cache is used. | |
718 | Some ftp server also validate that the email address is valid | |
719 | (for example perl.com). | |
720 | ||
721 | ftp_user squid@ | |
722 | DOC_END | |
723 | ||
365cb147 | 724 | NAME: ftp_list_width |
1b635117 | 725 | TYPE: size_t |
365cb147 | 726 | DEFAULT: 32 |
727 | LOC: Config.Ftp.list_width | |
728 | DOC_START | |
729 | ftp_list_width 32 | |
730 | DOC_END | |
731 | ||
934b03fc | 732 | |
733 | NAME: cache_dns_program | |
0153d498 | 734 | TYPE: pathname_stat |
735 | DEFAULT: @DEFAULT_DNSSERVER@ | |
934b03fc | 736 | LOC: Config.Program.dnsserver |
737 | DOC_START | |
738 | Specify the location of the executable for dnslookup process. | |
739 | ||
0153d498 | 740 | cache_dns_program @DEFAULT_DNSSERVER@ |
934b03fc | 741 | DOC_END |
742 | ||
743 | ||
744 | NAME: dns_children | |
745 | TYPE: int | |
746 | DEFAULT: 5 | |
747 | LOC: Config.dnsChildren | |
748 | DOC_START | |
749 | The number of processes spawn to service DNS name lookups. | |
750 | For heavily loaded caches on large servers, you should | |
751 | probably increase this value to at least 10. The maximum | |
752 | is 32. The default is 5. | |
753 | ||
754 | To disable dnsservers, set this to 0. NOTE, this is very | |
755 | strongly discouraged. If you disable dnsservers your Squid | |
756 | process will BLOCK on DNS lookups! | |
757 | ||
758 | dns_children 5 | |
759 | DOC_END | |
760 | ||
761 | ||
762 | NAME: dns_defnames | |
763 | COMMENT: on|off | |
764 | TYPE: onoff | |
f1dc9b30 | 765 | DEFAULT: off |
17a0a4ee | 766 | LOC: Config.onoff.res_defnames |
934b03fc | 767 | DOC_START |
768 | Normally the 'dnsserver' disables the RES_DEFNAMES resolver | |
769 | option (see res_init(3)). This prevents caches in a hierarchy | |
770 | from interpreting single-component hostnames locally. To allow | |
771 | dnsserver to handle single-component names, enable this | |
772 | option. | |
773 | ||
774 | dns_defnames off | |
775 | DOC_END | |
776 | ||
777 | ||
778 | NAME: unlinkd_program | |
0153d498 | 779 | TYPE: pathname_stat |
780 | DEFAULT: @DEFAULT_UNLINKD@ | |
934b03fc | 781 | LOC: Config.Program.unlinkd |
782 | DOC_START | |
783 | Specify the location of the executable for file deletion process. | |
784 | ||
0153d498 | 785 | unlinkd_program @DEFAULT_UNLINKD@ |
934b03fc | 786 | DOC_END |
787 | ||
788 | ||
789 | NAME: pinger_program | |
a95856a0 | 790 | TYPE: string |
0153d498 | 791 | DEFAULT: @DEFAULT_PINGER@ |
934b03fc | 792 | LOC: Config.Program.pinger |
793 | DOC_START | |
794 | Specify the location of the executable for the pinger process. | |
795 | ||
0153d498 | 796 | pinger_program @DEFAULT_PINGER@ |
934b03fc | 797 | DOC_END |
798 | ||
799 | ||
800 | NAME: redirect_program | |
0153d498 | 801 | TYPE: pathname_stat |
934b03fc | 802 | LOC: Config.Program.redirect |
62607543 | 803 | DEFAULT: none |
934b03fc | 804 | DOC_START |
805 | Specify the location of the executable for the URL redirector. | |
806 | Currently, you must provide your own redirector program. | |
807 | See the Release-Notes for how to write one. | |
808 | By default, the redirector is not used. | |
809 | ||
810 | redirect_program /bin/false | |
811 | DOC_END | |
812 | ||
813 | ||
814 | NAME: redirect_children | |
815 | TYPE: int | |
816 | DEFAULT: 5 | |
817 | LOC: Config.redirectChildren | |
818 | DOC_START | |
819 | The number of redirector processes to spawn. | |
820 | ||
821 | redirect_children 5 | |
822 | DOC_END | |
823 | ||
824 | ||
825 | # OPTIONS FOR TUNING THE CACHE | |
826 | #----------------------------------------------------------------------------- | |
0153d498 | 827 | NAME: wais_relay_host |
828 | TYPE: string | |
1273d501 | 829 | DEFAULT: none |
0153d498 | 830 | LOC: Config.Wais.relayHost |
831 | DOC_NONE | |
934b03fc | 832 | |
0153d498 | 833 | NAME: wais_relay_port |
834 | TYPE: ushort | |
835 | DEFAULT: 0 | |
836 | LOC: Config.Wais.relayPort | |
934b03fc | 837 | DOC_START |
838 | Relay WAIS request to host (1st arg) at port (2 arg). | |
839 | ||
0153d498 | 840 | wais_relay_host localhost |
841 | wais_relay_port 8000 | |
934b03fc | 842 | DOC_END |
843 | ||
844 | ||
845 | NAME: request_size | |
9906e724 | 846 | COMMENT: (KB) |
847 | TYPE: kb_size_t | |
848 | DEFAULT: 100 KB | |
934b03fc | 849 | LOC: Config.maxRequestSize |
850 | DOC_START | |
851 | Maximum allowed request size in kilobytes. If people are using | |
852 | POST to upload files, then set this to the largest acceptable | |
853 | filesize plus a few extra kbytes. | |
854 | ||
9906e724 | 855 | request_size 100 KB |
934b03fc | 856 | DOC_END |
857 | ||
858 | ||
859 | NAME: refresh_pattern | |
934b03fc | 860 | TYPE: refreshpattern |
f1dc9b30 | 861 | LOC: Config.Refresh |
1273d501 | 862 | DEFAULT: none |
934b03fc | 863 | DOC_START |
864 | usage: refresh_pattern regex min percent max | |
865 | ||
866 | min and max are specified in MINUTES. | |
867 | percent is an integer number. | |
868 | ||
869 | Please see the file doc/Release-Notes-1.1.txt for a full | |
870 | description of Squid's refresh algorithm. Basically a | |
871 | cached object is: | |
872 | ||
873 | FRESH if age < min | |
874 | STALE if expires < now | |
875 | STALE if age > max | |
876 | FRESH if lm-factor < percent | |
877 | ||
878 | The refresh_pattern lines are checked in the order listed here. | |
879 | The first entry which matches is used. If none of the entries | |
880 | match, then the default will be used. | |
881 | ||
882 | Default: | |
883 | refresh_pattern . 0 20% 4320 | |
884 | DOC_END | |
885 | ||
886 | ||
887 | NAME: reference_age | |
f1dc9b30 | 888 | TYPE: time_t |
934b03fc | 889 | LOC: Config.referenceAge |
f1dc9b30 | 890 | DEFAULT: 1 year |
934b03fc | 891 | DOC_START |
892 | As a part of normal operation, Squid performs Least Recently | |
893 | Used removal of cached objects. The LRU age for removal is | |
894 | computed dynamically, based on the amount of disk space in | |
895 | use. The 'reference_age' value defines the maximum LRU age. | |
896 | For example, setting reference_age to '1 week' will cause | |
897 | objects to be removed if they have not been accessed for a week | |
898 | or more. If set to zero, LRU removal is disabled, and objects | |
899 | will be removed only when disk usage is over the high water | |
900 | mark. The default value is one year. | |
901 | ||
902 | Specify a number here, followed by units of time. For example: | |
903 | 1 week | |
904 | 3.5 days | |
905 | 4 months | |
906 | 2.2 hours | |
907 | ||
f1dc9b30 | 908 | reference_age 1 month |
934b03fc | 909 | DOC_END |
910 | ||
911 | ||
0153d498 | 912 | NAME: quick_abort_min |
9906e724 | 913 | COMMENT: (KB) |
914 | TYPE: kb_size_t | |
9e975e4e | 915 | DEFAULT: -1 kb |
0153d498 | 916 | LOC: Config.quickAbort.min |
917 | DOC_NONE | |
918 | ||
919 | NAME: quick_abort_pct | |
920 | COMMENT: (percent) | |
921 | TYPE: int | |
922 | DEFAULT: 0 | |
923 | LOC: Config.quickAbort.pct | |
924 | DOC_NONE | |
925 | ||
926 | NAME: quick_abort_max | |
9906e724 | 927 | COMMENT: (KB) |
928 | TYPE: kb_size_t | |
9e975e4e | 929 | DEFAULT: 0 kb |
0153d498 | 930 | LOC: Config.quickAbort.max |
934b03fc | 931 | DOC_START |
932 | By default the cache continues to retrieve objects from | |
933 | aborted requests. This may be undesirable on slow (e.g. SLIP) | |
934 | links and/or very busy caches. Impatient users may tie up | |
935 | file descriptors by repeatedly aborting and re-requesting | |
936 | non-cachable objects. | |
937 | ||
938 | Usage: quick_abort min-kbytes percent max-kbytes | |
939 | ||
940 | When the user aborts a request, Squid will check the | |
941 | quick_abort values to the amount of data transfered until | |
942 | then. | |
943 | ||
944 | If the transfer has less than 'min-kbytes' remaining, it | |
945 | will finish the retrieval. Setting minlength to -1 will | |
946 | disable the quick_abort feature. | |
947 | ||
948 | If the transfer has more than 'max-kbytes' remaining, it | |
949 | will abort the retrieval. | |
950 | ||
951 | If more than 'percent' of the transfer has completed, it will | |
952 | finish the retrieval. | |
953 | ||
0153d498 | 954 | quick_abort_min -1 |
955 | quick_abort_pct 0 | |
956 | quick_abort_max 0 | |
934b03fc | 957 | DOC_END |
958 | ||
959 | ||
960 | NAME: negative_ttl | |
961 | COMMENT: (in minutes) | |
f1dc9b30 | 962 | TYPE: time_t |
934b03fc | 963 | LOC: Config.negativeTtl |
9e975e4e | 964 | DEFAULT: 5 minutes |
934b03fc | 965 | DOC_START |
966 | Time-to-Live (TTL) for failed requests. Certain types of | |
967 | failures (such as "connection refused" and "404 Not Found") are | |
968 | negatively-cached for a small amount of time. The default is 5 | |
969 | minutes. Note that this is different from negative caching of | |
970 | DNS lookups. | |
971 | ||
972 | negative_ttl 5 minutes | |
973 | DOC_END | |
974 | ||
975 | ||
976 | NAME: positive_dns_ttl | |
977 | COMMENT: (in minutes) | |
f1dc9b30 | 978 | TYPE: time_t |
934b03fc | 979 | LOC: Config.positiveDnsTtl |
9e975e4e | 980 | DEFAULT: 6 hours |
934b03fc | 981 | DOC_START |
982 | Time-to-Live (TTL) for positive caching of successful DNS lookups. | |
983 | Default is 6 hours (360 minutes). If you want to minimize the | |
984 | use of Squid's ipcache, set this to 1, not 0. | |
985 | ||
9e975e4e | 986 | positive_dns_ttl 6 hours |
934b03fc | 987 | DOC_END |
988 | ||
989 | ||
990 | NAME: negative_dns_ttl | |
991 | COMMENT: (in minutes) | |
f1dc9b30 | 992 | TYPE: time_t |
934b03fc | 993 | LOC: Config.negativeDnsTtl |
9e975e4e | 994 | DEFAULT: 5 minutes |
934b03fc | 995 | DOC_START |
996 | Time-to-Live (TTL) for negative caching of failed DNS lookups. | |
997 | ||
998 | negative_dns_ttl 5 minutes | |
999 | DOC_END | |
1000 | ||
1001 | ||
1002 | # TIMEOUTS | |
1003 | #----------------------------------------------------------------------------- | |
1004 | ||
1005 | NAME: connect_timeout | |
1006 | COMMENT: (in seconds) | |
f1dc9b30 | 1007 | TYPE: time_t |
934b03fc | 1008 | LOC: Config.Timeout.connect |
9e975e4e | 1009 | DEFAULT: 2 minutes |
934b03fc | 1010 | DOC_START |
1011 | Some systems (notably Linux) can not be relied upon to properly | |
1012 | time out connect(2) requests. Therefore the squid process | |
1013 | enforces its own timeout on server connections. This parameter | |
1014 | specifies how long to wait for the connect to complete. The | |
1015 | default is two minutes (120 seconds). | |
1016 | ||
1017 | connect_timeout 120 seconds | |
1018 | DOC_END | |
1019 | ||
1020 | ||
1021 | NAME: read_timeout | |
1022 | COMMENT: (in minutes) | |
f1dc9b30 | 1023 | TYPE: time_t |
934b03fc | 1024 | LOC: Config.Timeout.read |
9e975e4e | 1025 | DEFAULT: 15 minutes |
934b03fc | 1026 | DOC_START |
1027 | The read_timeout is applied on server-side connections. After | |
1028 | each successful read(), the timeout will be extended by this | |
1029 | amount. If no data is read again after this amount of time, | |
1030 | the request is aborted and logged with ERR_READ_TIMEOUT. The | |
1031 | default is 15 minutes. | |
1032 | ||
1033 | read_timeout 15 minutes | |
1034 | DOC_END | |
1035 | ||
1036 | ||
1037 | NAME: defer_timeout | |
1038 | COMMENT: (in minutes) | |
f1dc9b30 | 1039 | TYPE: time_t |
934b03fc | 1040 | LOC: Config.Timeout.defer |
9e975e4e | 1041 | DEFAULT: 1 hour |
934b03fc | 1042 | DOC_START |
1043 | If your clients are behind slow (e.g. PPP/SLIP) connections, | |
1044 | then data may come in from the server-side faster than it can | |
1045 | be written to the client-side. When the server side gets too | |
1046 | far ahead of the client-side, subsequent reads will be deferred | |
1047 | until the client catches up. This timeout determines how long | |
1048 | to wait while in "deferred read mode." The default is one | |
1049 | hour. | |
1050 | ||
9e975e4e | 1051 | defer_timeout 1 hour |
934b03fc | 1052 | DOC_END |
1053 | ||
1054 | ||
1055 | NAME: request_timeout | |
f1dc9b30 | 1056 | TYPE: time_t |
934b03fc | 1057 | LOC: Config.Timeout.request |
9e975e4e | 1058 | DEFAULT: 30 seconds |
934b03fc | 1059 | DOC_START |
1060 | How long to wait for an HTTP request after connection | |
1061 | establishment. For persistent connections, wait this long | |
1062 | after the previous request completes. | |
1063 | ||
1064 | defer_timeout 30 seconds | |
1065 | DOC_END | |
1066 | ||
1067 | ||
1068 | NAME: client_lifetime | |
1069 | COMMENT: (in minutes) | |
f1dc9b30 | 1070 | TYPE: time_t |
934b03fc | 1071 | LOC: Config.Timeout.lifetime |
9e975e4e | 1072 | DEFAULT: 1 day |
934b03fc | 1073 | DOC_START |
1074 | The maximum amount of time that a client (browser) is allowed to | |
1075 | remain connected to the cache process. This protects the Cache | |
1076 | from having alot of sockets (and hence file descriptors) tied up | |
1077 | in a CLOSE_WAIT state from remote clients that go away without | |
1078 | properly shutting down (either because of a network failure or | |
1079 | because of a poor client implementation). The default is one | |
1080 | day, 1440 minutes. | |
1081 | ||
1082 | NOTE: The default value is intended to be much larger than any | |
1083 | client would ever need to be connected to your cache. You | |
1084 | should probably change client_lifetime only as a last resort. | |
1085 | If you seem to have many client connections tying up | |
1086 | filedescriptors, we recommend first tuning the read_timeout, | |
1087 | defer_timeout, and quick_abort values. | |
1088 | ||
1089 | client_lifetime 1 day | |
1090 | DOC_END | |
1091 | ||
603a02fd | 1092 | NAME: pconn_timeout |
1093 | TYPE: time_t | |
1094 | LOC: Config.Timeout.pconn | |
1095 | DEFAULT: 120 seconds | |
1096 | DOC_START | |
1097 | Timeout for idle persistent connections to servers and other | |
1098 | proxies. | |
1099 | pconn_timeout 120 seconds | |
1100 | DOC_END | |
1101 | ||
934b03fc | 1102 | |
1103 | NAME: shutdown_lifetime | |
1104 | COMMENT: (in seconds) | |
f1dc9b30 | 1105 | TYPE: time_t |
934b03fc | 1106 | LOC: Config.shutdownLifetime |
9e975e4e | 1107 | DEFAULT: 30 seconds |
934b03fc | 1108 | DOC_START |
1109 | When SIGTERM or SIGHUP is received, the cache is put into | |
1110 | "shutdown pending" mode until all active sockets are closed. | |
1111 | This value is the lifetime to set for all open descriptors | |
1112 | during shutdown mode. Any active clients after this many | |
1113 | seconds will receive a 'timeout' message. | |
1114 | ||
1115 | shutdown_lifetime 30 seconds | |
1116 | DOC_END | |
1117 | ||
1118 | ||
1119 | # ACCESS CONTROLS | |
1120 | #----------------------------------------------------------------------------- | |
1121 | ||
1122 | NAME: acl | |
1123 | TYPE: acl | |
f1dc9b30 | 1124 | LOC: Config.aclList |
1125 | DEFAULT: none | |
934b03fc | 1126 | DOC_START |
1127 | Defining an Access List | |
1128 | ||
1129 | acl aclname acltype string1 ... | |
1130 | acl aclname acltype "file" ... | |
1131 | ||
1132 | when using "file", the file should contain one item per line | |
1133 | ||
1134 | acltype is one of src dst srcdomain dstdomain url_pattern | |
1135 | urlpath_pattern time port proto method browser user | |
1136 | ||
1137 | acl aclname src ip-address/netmask ... (clients IP address) | |
1138 | acl aclname src addr1-addr2/netmask ... (range of addresses) | |
1139 | acl aclname dst ip-address/netmask ... (URL host's IP address) | |
1140 | acl aclname srcdomain foo.com ... (taken from reverse DNS lookup) | |
1141 | acl aclname dstdomain foo.com ... (taken from the URL) | |
1142 | acl aclname time [day-abbrevs] [h1:m1-h2:m2] | |
1143 | day-abbrevs: | |
1144 | S - Sunday | |
1145 | M - Monday | |
1146 | T - Tuesday | |
1147 | W - Wednesday | |
1148 | H - Thursday | |
1149 | F - Friday | |
1150 | A - Saturday | |
1151 | h1:m1 must be less than h2:m2 | |
1152 | acl aclname url_regex ^http:// ... # regex matching on whole URL | |
1153 | acl aclname urlpath_regex \.gif$ ... # regex matching on URL path only | |
1154 | acl aclname port 80 70 21 ... | |
1155 | acl aclname proto HTTP FTP ... | |
1156 | acl aclname method GET POST ... | |
1157 | acl aclname browser regexp | |
1158 | acl aclname user username ... # string match on ident output. | |
1159 | # use REQUIRED to accept any | |
1160 | # non-null ident. | |
afe95a7e | 1161 | acl aclname proxy_auth passwd_file [ refresh ] |
1162 | # 'passwd_file' is an Apache-style file of passwords for | |
1163 | # authenticated proxy access. Looks like user:password, with | |
1164 | # the password being standard crypt() format. 'refresh' is | |
1165 | # the time in seconds to check for a changes in the file | |
1166 | # (default = 300 secs). When using a proxy_auth ACL in an | |
1167 | # ACL list, make sure it is the *last* in the list and the | |
1168 | # only proxy_auth ACL in the list. NOTE: when a | |
1169 | # Proxy-Authentication header is sent but it is not needed | |
1170 | # during ACL checking the username is NOT logged in | |
1171 | # access.log. | |
934b03fc | 1172 | |
1173 | acl manager proto cache_object | |
1174 | acl localhost src 127.0.0.1/255.255.255.255 | |
1175 | acl all src 0.0.0.0/0.0.0.0 | |
1176 | ||
1177 | acl SSL_ports port 443 563 | |
1178 | acl Dangerous_ports port 7 9 19 | |
1179 | acl CONNECT method CONNECT | |
1180 | DOC_END | |
1181 | ||
1182 | NAME: http_access | |
1183 | TYPE: acl_access | |
f1dc9b30 | 1184 | LOC: Config.accessList.http |
1185 | DEFAULT: none | |
934b03fc | 1186 | DOC_START |
1187 | Allowing or Denying access based on defined access lists | |
1188 | ||
1189 | Access to the HTTP port: | |
1190 | http_access allow|deny [!]aclname ... | |
1191 | ||
1192 | Access to the ICP port: | |
1193 | icp_access allow|deny [!]aclname ... | |
1194 | ||
1195 | NOTE on default values: | |
1196 | ||
1197 | If there are no "access" lines present, the default is to allow | |
1198 | the request. | |
1199 | ||
1200 | If none of the "access" lines cause a match, the default is the | |
1201 | opposite of the last line in the list. If the last line was | |
1202 | deny, then the default is allow. Conversely, if the last line | |
1203 | is allow, the default will be deny. For these reasons, it is a | |
1204 | good idea to have an "deny all" or "allow all" entry at the end | |
1205 | of your access lists to avoid potential confusion. | |
1206 | ||
1207 | ||
1208 | Only allow access to the cache manager functions from the local host. | |
1209 | http_access deny manager !localhost | |
1210 | http_access deny CONNECT !SSL_ports | |
1211 | http_access deny Dangerous_ports | |
1212 | ||
1213 | Allow everything else | |
1214 | http_access allow all | |
1215 | DOC_END | |
1216 | ||
1217 | ||
1218 | NAME: icp_access | |
1219 | TYPE: acl_access | |
f1dc9b30 | 1220 | LOC: Config.accessList.icp |
1221 | DEFAULT: none | |
934b03fc | 1222 | DOC_START |
1223 | Reply to all ICP queries we receive | |
1224 | ||
1225 | icp_access allow all | |
1226 | DOC_END | |
1227 | ||
1228 | ||
1229 | NAME: miss_access | |
1230 | TYPE: acl_access | |
f1dc9b30 | 1231 | LOC: Config.accessList.miss |
1232 | DEFAULT: none | |
934b03fc | 1233 | DOC_START |
1234 | Use to force your neighbors to use you as a sibling instead of | |
1235 | a parent. For example: | |
1236 | ||
1237 | acl localclients src 172.16.0.0/16 | |
1238 | miss_access allow localclients | |
1239 | miss_access deny !localclients | |
1240 | ||
1241 | This means that only your local clients are allowed to fetch | |
1242 | MISSES and all other clients can only fetch HITS. | |
1243 | ||
1244 | By default, allow all clients who passed the http_access rules | |
1245 | to fetch MISSES from us. | |
1246 | ||
1247 | miss_access allow all | |
1248 | DOC_END | |
1249 | ||
1250 | ||
1251 | NAME: cache_host_acl | |
f1dc9b30 | 1252 | TYPE: peeracl |
1253 | DEFAULT: none | |
1254 | LOC: none | |
934b03fc | 1255 | DOC_START |
1256 | Just like 'cache_host_domain' but provides more flexibility by | |
1257 | using ACL's. | |
1258 | ||
1259 | cache_host_acl cache-host [!]aclname ... | |
1260 | ||
1261 | NOTE: * Any number of ACL's may be given for a cache-host, | |
1262 | either on the same or separate lines. | |
1263 | * When multiple ACL's are given for a particular | |
1264 | cache-host, the first matched ACL is applied. | |
1265 | * Cache hosts with no domain or ACL restrictions are | |
1266 | queried for all requests. | |
1267 | * There are no defaults. | |
1268 | DOC_END | |
1269 | ||
1270 | ||
1271 | # ADMINISTRATIVE PARAMETERS | |
1272 | #----------------------------------------------------------------------------- | |
1273 | ||
1274 | NAME: cache_mgr | |
1275 | TYPE: string | |
1276 | DEFAULT: webmaster | |
1277 | LOC: Config.adminEmail | |
1278 | DOC_START | |
1279 | Email-address of local cache manager who will receive | |
1280 | mail if the cache dies. The default is "webmaster." | |
1281 | ||
1282 | cache_mgr webmaster | |
1283 | DOC_END | |
1284 | ||
1285 | ||
1286 | NAME: cache_effective_user | |
0153d498 | 1287 | TYPE: string |
a95856a0 | 1288 | DEFAULT: nobody |
0153d498 | 1289 | LOC: Config.effectiveUser |
1290 | DOC_NONE | |
1291 | ||
1292 | NAME: cache_effective_group | |
1293 | TYPE: string | |
a95856a0 | 1294 | DEFAULT: nogroup |
0153d498 | 1295 | LOC: Config.effectiveGroup |
934b03fc | 1296 | DOC_START |
1297 | If the cache is run as root, it will change its effective/real | |
1298 | UID/GID to the UID/GID specified below. The default is not to | |
1299 | change UID/GID. | |
1300 | ||
0153d498 | 1301 | cache_effective_user nobody |
1302 | cache_effective_group nogroup | |
934b03fc | 1303 | DOC_END |
1304 | ||
1305 | ||
1306 | NAME: visible_hostname | |
1307 | TYPE: string | |
1308 | LOC: Config.visibleHostname | |
f1dc9b30 | 1309 | DEFAULT: none |
934b03fc | 1310 | DOC_START |
1311 | If you want to present a special hostname in error messages, etc, | |
1312 | then define this. Otherwise, the return value of gethostname() | |
1313 | will be used. | |
1314 | ||
1315 | visible_hostname www-cache.foo.org | |
1316 | DOC_END | |
1317 | ||
1318 | ||
1319 | # OPTIONS FOR THE CACHE REGISTRATION SERVICE | |
1320 | #----------------------------------------------------------------------------- | |
1321 | ||
1322 | # This section contains parameters for the (optional) cache | |
1323 | # announcement service. This service is provided to help | |
1324 | # cache administrators locate one another in order to join or | |
1325 | # create cache hierarchies. | |
1326 | # | |
1327 | # An 'announcement' message is sent (via UDP) to the registration | |
1328 | # service by Squid. By default, the annoucement message is NOT | |
1329 | # SENT unless you enable it with 'cache_announce' below. | |
1330 | # | |
1331 | # The announcement message includes your hostname, plus the | |
1332 | # following information from this configuration file: | |
1333 | # | |
1334 | # http_port | |
1335 | # icp_port | |
1336 | # cache_mgr | |
1337 | # | |
1338 | # All current information is processed regularly and made | |
1339 | # available on the Web at http://www.nlanr.net/Cache/Tracker/. | |
1340 | ||
1341 | ||
f1dc9b30 | 1342 | NAME: announce_period |
1343 | TYPE: time_t | |
1344 | LOC: Config.Announce.period | |
9e975e4e | 1345 | DEFAULT: 1 day |
934b03fc | 1346 | DOC_START |
1347 | This is how frequently to send cache announcements. The default | |
1348 | is `0' which disables sending the announcement messages. | |
1349 | ||
1350 | To enable announcing your cache, just uncomment the line below. | |
1351 | ||
9e975e4e | 1352 | announce_period 1 day |
934b03fc | 1353 | DOC_END |
1354 | ||
1355 | ||
f1dc9b30 | 1356 | NAME: announce_host |
1357 | TYPE: string | |
1358 | DEFAULT: sd.cache.nlanr.net | |
1359 | LOC: Config.Announce.host | |
1360 | DOC_NONE | |
1361 | ||
1362 | NAME: announce_port | |
1363 | TYPE: ushort | |
1364 | DEFAULT: 3131 | |
1365 | LOC: Config.Announce.port | |
934b03fc | 1366 | DOC_START |
1367 | This is the hostname and portnumber where the registration message | |
1368 | will be sent. | |
1369 | ||
1370 | Format: announce_to host[:port] [filename] | |
1371 | ||
1372 | Hostname will default to 'sd.cache.nlanr.net' and port will default | |
1373 | to 3131. If the 'filename' argument is given, the contents of that | |
1374 | file will be included in the announce message. | |
1375 | ||
f1dc9b30 | 1376 | announce_host sd.cache.nlanr.net |
1377 | announce_port 3131 | |
934b03fc | 1378 | DOC_END |
1379 | ||
f1dc9b30 | 1380 | NAME: announce_file |
1381 | TYPE: pathname_stat | |
1382 | DEFAULT: /dev/null | |
1383 | LOC: Config.Announce.file | |
1384 | DOC_NONE | |
1385 | ||
934b03fc | 1386 | |
1387 | # HTTPD-ACCELERATOR OPTIONS | |
1388 | #----------------------------------------------------------------------------- | |
1389 | ||
f1dc9b30 | 1390 | NAME: httpd_accel_host |
1391 | TYPE: string | |
1392 | LOC: Config.Accel.host | |
1393 | DEFAULT: none | |
1394 | DOC_NONE | |
1395 | ||
1396 | NAME: httpd_accel_port | |
1397 | TYPE: ushort | |
1398 | LOC: Config.Accel.port | |
1399 | DEFAULT: 0 | |
934b03fc | 1400 | DOC_START |
1401 | If you want to run squid as an httpd accelerator, define the | |
1402 | host name and port number where the real HTTP server is. | |
1403 | ||
1404 | If you want virtual host support then specify the hostname | |
1405 | as "virtual". | |
1406 | ||
f1dc9b30 | 1407 | httpd_accel_host hostname |
1408 | httpd_accel_port port | |
934b03fc | 1409 | DOC_END |
1410 | ||
1411 | ||
1412 | NAME: httpd_accel_with_proxy | |
1413 | COMMENT: on|off | |
1414 | TYPE: onoff | |
f1dc9b30 | 1415 | DEFAULT: off |
17a0a4ee | 1416 | LOC: Config.onoff.accel_with_proxy |
934b03fc | 1417 | DOC_START |
1418 | If you want to use squid as both a local httpd accelerator | |
1419 | and as a proxy, change this to 'on'. | |
1420 | ||
1421 | httpd_accel_with_proxy off | |
1422 | DOC_END | |
1423 | ||
1424 | ||
1425 | NAME: httpd_accel_uses_host_header | |
1426 | COMMENT: on|off | |
1427 | TYPE: onoff | |
f1dc9b30 | 1428 | DEFAULT: off |
934b03fc | 1429 | LOC: opt_accel_uses_host |
1430 | DOC_START | |
1431 | HTTP/1.1 requests include a Host: header which is basically the | |
1432 | hostname from the URL. Squid can be an accelerator for | |
1433 | different HTTP servers by looking at this header. However, | |
1434 | Squid does NOT check the value of the Host header, so it opens | |
1435 | a big security hole. We recommend that this option remain | |
1436 | disabled unless you are sure of what you are doing. | |
1437 | ||
1438 | httpd_accel_uses_host_header off | |
1439 | DOC_END | |
1440 | ||
1441 | ||
1442 | # MISCELLANEOUS | |
1443 | #----------------------------------------------------------------------------- | |
1444 | ||
1445 | NAME: dns_testnames | |
1446 | TYPE: wordlist | |
1447 | LOC: Config.dns_testname_list | |
f1dc9b30 | 1448 | DEFAULT: none |
934b03fc | 1449 | DOC_START |
1450 | The DNS tests exit as soon as the first site is successfully looked up | |
1451 | ||
1452 | If you want to disable DNS tests, do not comment out or delete this | |
1453 | list. Instead use the -D command line option | |
1454 | ||
1455 | dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu | |
1456 | DOC_END | |
1457 | ||
1458 | ||
1459 | NAME: logfile_rotate | |
1460 | TYPE: int | |
1461 | DEFAULT: 10 | |
1462 | LOC: Config.Log.rotateNumber | |
1463 | DOC_START | |
1464 | Specifies the number of logfile rotations to make upon receiving | |
1465 | a USR1 signal. The default is 10, which will rotate with | |
1466 | extensions 0 through 9. Setting logfile_rotate to 0 will | |
1467 | disable the rotation, but the logfiles are still closed and | |
1468 | re-opened. This will enable you to rename the logfiles yourself | |
1469 | just before sending a USR1 signal to the squid process. | |
1470 | ||
1471 | logfile_rotate 10 | |
1472 | DOC_END | |
1473 | ||
1474 | ||
1475 | NAME: append_domain | |
f1dc9b30 | 1476 | TYPE: string |
1477 | LOC: Config.appendDomain | |
1478 | DEFAULT: none | |
934b03fc | 1479 | DOC_START |
1480 | Appends local domain name to hostnames without any dots in them. | |
1481 | append_domain must begin with a period. | |
1482 | ||
1483 | append_domain .yourdomain.com | |
1484 | DOC_END | |
1485 | ||
1486 | ||
1487 | NAME: tcp_recv_bufsize | |
89de058c | 1488 | COMMENT: (bytes) |
1b635117 | 1489 | TYPE: b_size_t |
89de058c | 1490 | DEFAULT: 0 bytes |
934b03fc | 1491 | LOC: Config.tcpRcvBufsz |
1492 | DOC_START | |
1493 | Size of receive buffer to set for TCP sockets. Probably just | |
1494 | as easy to change your kernel's default. Set to zero to use | |
1495 | the default buffer size. | |
1496 | ||
89de058c | 1497 | tcp_recv_bufsize 0 bytes |
934b03fc | 1498 | DOC_END |
1499 | ||
934b03fc | 1500 | NAME: err_html_text |
f1dc9b30 | 1501 | TYPE: eol |
1502 | LOC: Config.errHtmlText | |
1503 | DEFAULT: none | |
934b03fc | 1504 | DOC_START |
1505 | HTML text to include in error messages. Make this a "mailto" | |
1506 | URL to your admin address, or maybe just a link to your | |
1507 | organizations Web page. | |
1508 | ||
1509 | err_html_text | |
1510 | DOC_END | |
1511 | ||
1512 | ||
1513 | NAME: deny_info | |
1514 | TYPE: denyinfo | |
1515 | LOC: Config.denyInfoList | |
f1dc9b30 | 1516 | DEFAULT: none |
934b03fc | 1517 | DOC_START |
1518 | Usage: deny_info URL acl | |
1519 | ||
1520 | This can be used to return a HTTP redirect for requests which | |
1521 | do not pass the 'http_access' rules. A single ACL will cause | |
1522 | the http_access check to fail. If a 'deny_info' line exists | |
1523 | for that ACL then Squid returns a redirect to the given URL. | |
1524 | DOC_END | |
1525 | ||
1526 | ||
1527 | NAME: udp_hit_obj | |
1528 | COMMENT: on|off | |
1529 | TYPE: onoff | |
f1dc9b30 | 1530 | DEFAULT: off |
934b03fc | 1531 | LOC: opt_udp_hit_obj |
1532 | DOC_START | |
1533 | If set, Squid will request UDP_HIT_OBJ replies from its | |
1534 | neighbors. UDP_HIT_OBJ is nice because it saves bandwidth, but | |
1535 | it can cause some other problems. For one it complicates | |
1536 | calculating hit rates. Also, problems arise because the ICP | |
1537 | query does not contain any HTTP request headers which may | |
1538 | affect the reply. | |
1539 | ||
1540 | udp_hit_obj off | |
1541 | DOC_END | |
1542 | ||
1543 | ||
1544 | NAME: udp_hit_obj_size | |
89de058c | 1545 | COMMENT: (bytes) |
1b635117 | 1546 | TYPE: b_size_t |
934b03fc | 1547 | LOC: Config.udpMaxHitObjsz |
89de058c | 1548 | DEFAULT: 0 bytes |
934b03fc | 1549 | DOC_START |
1550 | If set, Squid will limit UDP_HIT_OBJ size to be less than | |
1551 | this value. Setting this value to more than SQUID_UDP_SO_SNDBUF | |
1552 | will not work as expected. Set to zero to select the size | |
1553 | permited by the socket. | |
89de058c | 1554 | udp_hit_obj_size 0 bytes |
934b03fc | 1555 | DOC_END |
1556 | ||
1557 | ||
1558 | NAME: memory_pools | |
1559 | COMMENT: on|off | |
1560 | TYPE: onoff | |
f1dc9b30 | 1561 | DEFAULT: on |
934b03fc | 1562 | LOC: opt_mem_pools |
1563 | DOC_START | |
1564 | If set, Squid will keep pools of allocated (but unused) memory | |
1565 | available for future use. If memory is a premium on your | |
1566 | system, disable this. | |
1567 | ||
1568 | memory_pools on | |
1569 | DOC_END | |
1570 | ||
1571 | NAME: forwarded_for | |
1572 | COMMENT: on|off | |
1573 | TYPE: onoff | |
f1dc9b30 | 1574 | DEFAULT: on |
934b03fc | 1575 | LOC: opt_forwarded_for |
1576 | DOC_START | |
1577 | If set, Squid will include your system's IP address or name | |
1578 | in the HTTP requests it forwards. By default it looks like | |
1579 | this: | |
1580 | ||
1581 | X-Forwarded-For: 192.1.2.3 | |
1582 | ||
1583 | If you disable this, it will appear as | |
1584 | ||
1585 | X-Forwarded-For: unknown | |
1586 | ||
1587 | forwarded_for on | |
1588 | DOC_END | |
1589 | ||
1590 | NAME: log_icp_queries | |
1591 | COMMENT: on|off | |
1592 | TYPE: onoff | |
f1dc9b30 | 1593 | DEFAULT: on |
17a0a4ee | 1594 | LOC: Config.onoff.log_udp |
934b03fc | 1595 | DOC_START |
1596 | If set, ICP queries are logged to access.log. ICP logging | |
1597 | is enabled by default, so uncomment and change the line | |
1598 | below to disable it. | |
1599 | ||
1600 | log_icp_queries on | |
1601 | DOC_END | |
1602 | ||
88738790 | 1603 | NAME: icp_hit_stale |
1604 | COMMENT: on|off | |
1605 | TYPE: onoff | |
1606 | DEFAULT: off | |
17a0a4ee | 1607 | LOC: Config.onoff.icp_hit_stale |
88738790 | 1608 | DOC_START |
1609 | If you want to return ICP_HIT for stale cache objects, set this | |
1610 | option to 'on'. If you have sibling relationships with caches | |
1611 | in other administrative domains, this should be 'off'. If you only | |
1612 | have sibling relationships with caches under your control, then | |
1613 | it is probably okay to set this to 'on'. | |
1614 | ||
1615 | icp_hit_stale off | |
1616 | DOC_END | |
1617 | ||
934b03fc | 1618 | |
1619 | NAME: minimum_direct_hops | |
1620 | TYPE: int | |
1621 | DEFAULT: 4 | |
1622 | LOC: Config.minDirectHops | |
1623 | DOC_START | |
1624 | If using the ICMP pinging stuff, do direct fetches for sites | |
1625 | which are no more than this many hops away. | |
1626 | ||
1627 | minimum_direct_hops 4 | |
1628 | DOC_END | |
1629 | ||
1630 | ||
1631 | NAME: cachemgr_passwd | |
1632 | TYPE: cachemgrpasswd | |
86101e40 | 1633 | DEFAULT: none |
f1dc9b30 | 1634 | LOC: Config.passwd_list |
934b03fc | 1635 | DOC_START |
1636 | Specify passwords for cachemgr operations. | |
1637 | ||
1638 | Usage: cachemgr_passwd password action action ... | |
1639 | ||
1640 | valid actions are: | |
1641 | shutdown * | |
1642 | info | |
1643 | stats/objects | |
1644 | stats/vm_objects | |
1645 | stats/utilization | |
1646 | stats/ipcache | |
1647 | stats/fqdncache | |
1648 | stats/dns | |
1649 | stats/redirector | |
1650 | stats/io | |
1651 | stats/reply_headers | |
1652 | stats/filedescriptors | |
1653 | stats/netdb | |
1654 | log/status * | |
1655 | log/enable * | |
1656 | log/disable * | |
1657 | log/clear * | |
1658 | log * | |
1659 | parameter | |
1660 | server_list | |
1661 | client_list | |
1662 | squid.conf * | |
1663 | ||
1664 | * Indicates actions which will not be performed without a | |
1665 | valid password, others can be performed if not listed here. | |
1666 | ||
1667 | To disable an action, set the password to "disable". | |
1668 | To allow performing an action without a password, set the | |
1669 | password to "none". | |
1670 | ||
1671 | Use the keyword "all" to set the same password for all actions. | |
1672 | ||
1673 | cachemgr_passwd secret shutdown | |
1674 | cachemgr_passwd lesssssssecret info stats/objects | |
1675 | cachemgr_passwd disable all | |
1676 | DOC_END | |
1677 | ||
1678 | ||
1679 | # TAG: swap_level1_dirs | |
1680 | # Number of first-level directories to create for storing cached | |
1681 | # objects. Minimum 1, maximum 256, default 16. | |
1682 | # | |
1683 | #swap_level1_dirs 16 | |
1684 | ||
1685 | # TAG: swap_level2_dirs | |
1686 | # Number of sub-directories to create under each first-level | |
1687 | # directory. Minimum 1, maximum 256, default 256. | |
1688 | # | |
1689 | #swap_level2_dirs 256 | |
1690 | ||
1691 | NAME: store_avg_object_size | |
86101e40 | 1692 | COMMENT: (kbytes) |
1693 | TYPE: kb_size_t | |
89de058c | 1694 | DEFAULT: 20 KB |
934b03fc | 1695 | LOC: Config.Store.avgObjectSize |
1696 | DOC_START | |
1697 | Average object size, used to estimate number of objects your | |
1698 | cache can hold. See doc/Release-Notes-1.1.txt. The default is | |
1699 | 20K. | |
1700 | ||
89de058c | 1701 | store_avg_object_size 20 KB |
934b03fc | 1702 | DOC_END |
1703 | ||
1704 | NAME: store_objects_per_bucket | |
1705 | TYPE: int | |
1706 | DEFAULT: 50 | |
1707 | LOC: Config.Store.objectsPerBucket | |
1708 | DOC_START | |
1709 | Target number of objects per bucket in the store hash table. | |
1710 | Lowering this value increases the total number of buckets and | |
1711 | also the storage maintenance rate. The default is 20. | |
1712 | ||
1713 | store_objects_per_bucket 20 | |
1714 | DOC_END | |
1715 | ||
1716 | ||
1717 | NAME: http_anonymizer | |
1718 | TYPE: httpanonymizer | |
17a0a4ee | 1719 | LOC: Config.onoff.anonymizer |
f1dc9b30 | 1720 | DEFAULT: off |
934b03fc | 1721 | DOC_START |
1722 | If you want to filter out certain HTTP request headers for | |
1723 | privacy reasons, enable this option. There are three | |
1724 | appropriate settings: | |
1725 | 'off' All HTTP request headers are passed. | |
1726 | 'standard' Specific headers are removed | |
1727 | 'paranoid' Only specific headers are allowed. | |
1728 | To see which headers are allowed or denied, please see the | |
1729 | http-anon.c source file. | |
1730 | ||
1731 | http_anonymizer off | |
1732 | DOC_END | |
1733 | ||
1734 | ||
1735 | NAME: client_db | |
1736 | COMMENT: on|off | |
1737 | TYPE: onoff | |
f1dc9b30 | 1738 | DEFAULT: on |
17a0a4ee | 1739 | LOC: Config.onoff.client_db |
934b03fc | 1740 | DOC_START |
1741 | If you want to disable collecting per-client statistics, then | |
1742 | turn off client_db here. | |
1743 | ||
1744 | client_db on | |
1745 | DOC_END | |
1746 | ||
1747 | ||
1748 | NAME: netdb_low | |
1749 | TYPE: int | |
1750 | DEFAULT: 900 | |
1751 | LOC: Config.Netdb.low | |
1752 | DOC_NONE | |
1753 | ||
1754 | NAME: netdb_high | |
1755 | TYPE: int | |
1756 | DEFAULT: 1000 | |
1757 | LOC: Config.Netdb.high | |
1758 | DOC_START | |
1759 | The low and high water marks for the ICMP measurement | |
1760 | database. These are counts, not percents. The defaults are | |
1761 | 900 and 1000. When the high water mark is reached, database | |
1762 | entries will be deleted until the low mark is reached. | |
1763 | ||
1764 | netdb_low 900 | |
1765 | netdb_high 1000 | |
1766 | DOC_END | |
1767 | ||
1768 | ||
1769 | NAME: netdb_ping_period | |
f1dc9b30 | 1770 | TYPE: time_t |
934b03fc | 1771 | LOC: Config.Netdb.period |
9e975e4e | 1772 | DEFAULT: 5 minutes |
934b03fc | 1773 | DOC_START |
1774 | The minimum period for measuring a site. There will be at | |
1775 | least this much delay between successive pings to the same | |
1776 | network. The default is five minutes. | |
1777 | ||
1778 | netdb_ping_period 5 minutes | |
1779 | DOC_END | |
1780 | ||
1781 | ||
1782 | NAME: query_icmp | |
1783 | COMMENT: on|off | |
1784 | TYPE: onoff | |
f1dc9b30 | 1785 | DEFAULT: off |
17a0a4ee | 1786 | LOC: Config.onoff.query_icmp |
934b03fc | 1787 | DOC_START |
1788 | If you want to ask your peers to include ICMP data in their ICP | |
1789 | replies, enable this option. | |
1790 | ||
1791 | If your peer has built squid with '-DUSE_ICMP=1' then that peer | |
1792 | will send ICMP pings to origin server sites of the URLs it | |
1793 | receives. If you enable this option then the ICP replies from | |
1794 | that peer will include the ICMP data (if available). Then, | |
1795 | when choosing a parent cache, Squid will choose the parent with | |
1796 | the minimal RTT to the origin server. When this happens, the | |
1797 | hierarchy field of the access.log will be | |
1798 | "CLOSEST_PARENT_MISS". This option is off by default. | |
1799 | ||
1800 | query_icmp off | |
1801 | DOC_END | |
1802 | ||
78f1250a | 1803 | NAME: buffered_logs |
1804 | COMMENT: on|off | |
1805 | TYPE: onoff | |
1806 | DEFAULT: off | |
17a0a4ee | 1807 | LOC: Config.onoff.buffered_logs |
78f1250a | 1808 | DOC_START |
1809 | Some log files (cache.log, useragent.log) are written with | |
1810 | stdio functions, and as such they can be buffered or | |
1811 | unbuffered. By default they will be unbuffered. | |
1812 | buffered_logs off | |
1813 | DOC_END | |
1814 | ||
934b03fc | 1815 | NAME: always_direct |
1816 | TYPE: acl_access | |
1817 | LOC: Config.accessList.AlwaysDirect | |
f1dc9b30 | 1818 | DEFAULT: none |
934b03fc | 1819 | DOC_START |
1820 | XXX need docs | |
1821 | DOC_END | |
1822 | ||
1823 | NAME: never_direct | |
1824 | TYPE: acl_access | |
1825 | LOC: Config.accessList.NeverDirect | |
f1dc9b30 | 1826 | DEFAULT: none |
934b03fc | 1827 | DOC_START |
1828 | XXX need docs | |
1829 | DOC_END | |
1830 | ||
1831 | #NAME: proxy_auth_ignore | |
1832 | #TYPE: regexplist_icase | |
1833 | #LOC: Config.proxyAuth.IgnoreDomains | |
1834 | #DOC_START | |
1835 | # XXX need docs | |
1836 | #DOC_END | |
1837 | ||
88738790 | 1838 | NAME: fake_user_agent |
1839 | TYPE: eol | |
1840 | LOC: Config.fake_ua | |
1841 | DEFAULT: none | |
1842 | DOC_START | |
1843 | If you use the paranoid http_anonymizer setting, Squid will strip | |
1844 | your User-agent string from the request. Some Web servers will | |
1845 | refuse your request without a User-agent string. Use this to | |
1846 | fake one up. For example: | |
1847 | ||
1848 | fake_user_agent Nutscrape/1.0 (CP/M; 8-bit) | |
1849 | (credit to Paul Southworth pauls@etext.org for this one!) | |
1850 | ||
1851 | fake_user_agent none | |
1852 | DOC_END | |
1853 | ||
365cb147 | 1854 | NAME: icon_directory |
1855 | TYPE: pathname_stat | |
1856 | LOC: Config.icons.directory | |
1857 | DEFAULT: @DEFAULT_ICON_DIR@ | |
1858 | DOC_START | |
1859 | XXX | |
1860 | DOC_END | |
1861 | ||
9b312a19 | 1862 | NAME: error_directory |
1863 | TYPE: pathname_stat | |
1864 | LOC: Config.errorDirectory | |
1865 | DEFAULT: @DEFAULT_ERROR_DIR@ | |
1866 | DOC_START | |
1867 | XXX | |
1868 | DOC_END | |
1869 | ||
365cb147 | 1870 | NAME: icon_content_type |
1871 | TYPE: string | |
1872 | LOC: Config.icons.content_type | |
1873 | DEFAULT: image/gif | |
1874 | DOC_START | |
1875 | XXX | |
1876 | DOC_END | |
88738790 | 1877 | |
934b03fc | 1878 | EOF |