]> git.ipfire.org Git - thirdparty/squid.git/blame - src/cf.data.pre
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
cleanup, warn if Config.Snmp.agentInfo == NULL
[thirdparty/squid.git] / src / cf.data.pre
CommitLineData
3a278cb8 1
0f74202c 2COMMENT_START
3 WELCOME TO SQUID 1.2
4 --------------------
3a278cb8 5
0f74202c 6 This is the default squid configuration file. You may wish
7 to look at http://cache.is.co.za/squid/ for documentation,
8 or the squid home page (http://squid.nlanr.net/) for the FAQ
3a278cb8 9
0f74202c 10COMMENT_END
3a278cb8 11
0f74202c 12COMMENT_START
3a278cb8 13 NETWORK OPTIONS
14 -----------------------------------------------------------------------------
0f74202c 15COMMENT_END
3a278cb8 16
934b03fc 17NAME: http_port ascii_port
18TYPE: ushortlist
f53b06f9 19DEFAULT: none
20DEFAULT_IF_NONE: 3128
934b03fc 21LOC: Config.Port.http
22DOC_START
23 The port number where squid will listen for HTTP client
24 requests. Default is 3128, for httpd-accel mode use port 80.
25 May be overridden with -a on the command line.
26
27 You may specify multiple ports here, but they MUST all be on
28 a single line.
29
30http_port 3128
31DOC_END
32
33
34NAME: icp_port udp_port
35TYPE: ushort
36DEFAULT: 3130
37LOC: Config.Port.icp
38DOC_START
39 The port number where squid send and receive ICP requests to
40 and from neighbor caches. Default is 3130. To disable use
41 "0". May be overridden with -u on the command line.
42
43icp_port 3130
44DOC_END
45
46
47NAME: mcast_groups
48TYPE: wordlist
49LOC: Config.mcast_group_list
1273d501 50DEFAULT: none
934b03fc 51DOC_START
52 This tag specifies a list of multicast groups which your
53 server should join to receive multicasted ICP requests.
54
55 NOTE! Be very careful what you put here! Be sure you
56 understand the difference between an ICP _query_ and an ICP
57 _reply_. This option is to be set only if you want to RECEIVE
58 multicast queries. Do NOT set this option to SEND multicast
a95856a0 59 ICP (use cache_peer for that). ICP replies are always sent via
934b03fc 60 unicast, so this option does not affect whether or not you will
61 receive replies from multicast group members.
62
63 You must be very careful to NOT use a multicast address which
64 is already in use by another group of caches. NLANR has been
65 assigned a block of multicast address space for use in Web
66 Caching. Plese write to us at nlanr-cache@nlanr.net to receive
67 an address for your own use.
68
69 Usage: mcast_groups 239.128.16.128 224.0.1.20
70
71 By default, squid doesn't listen on any multicast groups.
72
73mcast_groups 239.128.16.128
74DOC_END
75
76
77NAME: tcp_incoming_address bind_address
78TYPE: address
79LOC: Config.Addrs.tcp_incoming
270b86af 80DEFAULT: 0.0.0.0
934b03fc 81DOC_NONE
82
83NAME: tcp_outgoing_address outbound_address
84TYPE: address
85LOC: Config.Addrs.tcp_outgoing
270b86af 86DEFAULT: 255.255.255.255
934b03fc 87DOC_NONE
88
89NAME: udp_incoming_address
90TYPE: address
91LOC:Config.Addrs.udp_incoming
270b86af 92DEFAULT: 0.0.0.0
934b03fc 93DOC_NONE
94
95NAME: udp_outgoing_address
96TYPE: address
97LOC: Config.Addrs.udp_outgoing
270b86af 98DEFAULT: 255.255.255.255
934b03fc 99DOC_START
100 Usage: tcp_incoming_address 10.20.30.40
101 udp_outgoing_address fully.qualified.domain.name
102
934b03fc 103 tcp_incoming_address is used for the HTTP socket which accepts
104 connections from clients and other caches.
105 tcp_outgoing_address is used for connections made to remote
106 servers and other caches.
107 udp_incoming_address is used for the ICP socket receiving packets
108 from other caches.
109 udp_outgoing_address is used for ICP packets sent out to other
110 caches.
111
112 The defaults behaviour is to not bind to any specific address.
113
114 NOTE, udp_incoming_address and udp_outgoing_address can not have
115 the same value since they both use port 3130.
116
117tcp_incoming_address 0.0.0.0
118tcp_outgoing_address 0.0.0.0
119udp_incoming_address 0.0.0.0
120udp_outgoing_address 0.0.0.0
121DOC_END
122
0f74202c 123COMMENT_START
3a278cb8 124 OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
125 -----------------------------------------------------------------------------
0f74202c 126COMMENT_END
934b03fc 127
40a1495e 128NAME: cache_peer
129TYPE: peer
1273d501 130DEFAULT: none
0153d498 131LOC: Config.peers
934b03fc 132DOC_START
133 To specify other caches in a hierarchy, use the format:
134
135 hostname type http_port icp_port
136
137 For example,
138
139 # proxy icp
140 # hostname type port port options
141 # -------------------- -------- ----- ----- -----------
a95856a0 142 cache_peer bigserver.usc.edu parent 3128 3130 [proxy-only]
143 cache_peer littleguy1.usc.edu sibling 3128 3130 [proxy-only]
144 cache_peer littleguy1.usc.edu sibling 3128 3130 [proxy-only]
934b03fc 145
146 type: either 'parent', 'sibling', or 'multicast'.
147
148 proxy_port: The port number where the cache listens for proxy
149 requests.
150
151 icp_port: Used for querying neighbor caches about
152 objects. To have a non-ICP neighbor
153 specify '7' for the ICP port and make sure the
154 neighbor machine has the UDP echo port
155 enabled in its /etc/inetd.conf file.
156
157 options: proxy-only
158 weight=n
159 ttl=n
160 no-query
161 default
162 round-robin
163 multicast-responder
b3264694 164 closest-only
934b03fc 165
166 use 'proxy-only' to specify that objects fetched
167 from this cache should not be saved locally.
168
169 use 'weight=n' to specify a weighted parent.
170 The weight must be an integer. The default weight
171 is 1, larger weights are favored more.
172
173 use 'ttl=n' to specify a IP multicast TTL to use
174 when sending an ICP request to this address.
175 Only useful when sending to a multicast group.
176 Because we don't accept ICP replies from random
177 hosts, you must configure other group members as
178 peers with the 'multicast-responder' option below.
179
180 use 'no-query' to NOT send ICP queries to this
181 neighbor.
182
183 use 'default' if this is a parent cache which can
184 be used as a "last-resort." You should probably
185 only use 'default' in situations where you cannot
186 use ICP with your parent cache(s).
187
188 use 'round-robin' to define a set of parents which
189 should be used in a round-robin fashion in the
190 absence of any ICP queries.
191
192 'multicast-responder' indicates that the named peer
193 is a member of a multicast group. ICP queries will
194 not be sent directly to the peer, but ICP replies
195 will be accepted from it.
196
b3264694 197 'closest-only' indicates that, for ICP_OP_MISS
198 replies, we'll only forward CLOSEST_PARENT_MISSes
199 and never FIRST_PARENT_MISSes.
200
934b03fc 201 NOTE: non-ICP neighbors must be specified as 'parent'.
202
a95856a0 203cache_peer hostname type 3128 3130
934b03fc 204DOC_END
205
206
207NAME: cache_host_domain
208TYPE: hostdomain
f1dc9b30 209DEFAULT: none
210LOC: none
934b03fc 211DOC_START
212 Use to limit the domains for which a neighbor cache will be queried.
213 Usage:
214
215 cache_host_domain cache-host domain [domain ...]
216 cache_host_domain cache-host !domain
217
218 For example, specifying
219
220 cache_host_domain bigserver.usc.edu .edu
221
222 has the effect such that UDP query packets are sent to
223 'bigserver' only when the requested object exists on a
224 server in the .edu domain. Prefixing the domainname
225 with '!' means that the cache will be queried for objects
226 NOT in that domain.
227
228 NOTE: * Any number of domains may be given for a cache-host,
229 either on the same or separate lines.
230 * When multiple domains are given for a particular
231 cache-host, the first matched domain is applied.
232 * Cache hosts with no domain restrictions are queried
233 for all requests.
234 * There are no defaults.
235 * There is also a 'cache_host_acl' tag in the ACL
236 section.
237DOC_END
238
239
240NAME: neighbor_type_domain
241TYPE: hostdomaintype
f1dc9b30 242DEFAULT: none
243LOC: none
934b03fc 244DOC_START
245 usage: neighbor_type_domain parent|sibling domain domain ...
246
247 Modifying the neighbor type for specific domains is now
248 possible. You can treat some domains differently than the the
a95856a0 249 default neighbor type specified on the 'cache_peer' line.
934b03fc 250 Normally it should only be necessary to list domains which
251 should be treated differently because the default neighbor type
252 applies for hostnames which do not match domains listed here.
253
254EXAMPLE:
a95856a0 255 cache_peer parent cache.foo.org 3128 3130
934b03fc 256 neighbor_type_domain cache.foo.org sibling .com .net
257 neighbor_type_domain cache.foo.org sibling .au .de
258DOC_END
259
260NAME: single_parent_bypass
261COMMENT: on|off
262TYPE: onoff
f1dc9b30 263DEFAULT: off
17a0a4ee 264LOC: Config.onoff.single_parent_bypass
934b03fc 265DOC_START
266 This tag specifies that it is okay to bypass the hierarchy
267 "Pinging" when there is only a single parent for a given URL.
268
269 Usage: single_parent_bypass on|off
270
271 Before actually sending ICP "ping" packets to parents and
272 neighbors, we figure out which hosts would be pinged based
273 on the cache_host_domain rules, etc. Often it may be the
274 case that only a single parent cache would be pinged.
275
276 Since there is only a single parent, there is a very good
277 chance that we will end up fetching the object from that
278 parent. For this reason, it may be beneficial to avoid
279 the ping and just fetch the object anyway.
280
281 However, if we avoid the ping, we will be assuming that the
282 parent host is reachable and that the cache process is running.
283 By using the ping, we can be reasonably sure that the parent
284 host will be able to handle our request. If the ping fails then
285 it may be possible to fetch the object directly from the source.
286
287 To favor the resiliency provided by the ping algorithm,
288 single_parent_bypass is 'off' by default.
289
290single_parent_bypass off
291DOC_END
292
293
294NAME: source_ping
295COMMENT: on|off
296TYPE: onoff
f1dc9b30 297DEFAULT: off
17a0a4ee 298LOC: Config.onoff.source_ping
934b03fc 299DOC_START
300 If source_ping is enabled, then squid will include the source
301 provider site in its selection algorithm. This is accomplished
302 by sending ICP "HIT" packets to the UDP echo port of the source
303 host. Note that using source_ping may send a fair amount of UDP
304 traffic out on the Internet and may irritate paranoid network
305 administrators.
306
307 Note that source_ping is incompatible with inside_firewall.
308 For hosts beyond the firewall, source_ping packets will never
309 be sent.
310
311 By default, source_ping is off.
312
313source_ping off
314DOC_END
315
316
317NAME: neighbor_timeout neighbour_timeout
318COMMENT: (seconds)
9e975e4e 319DEFAULT: 2 seconds
f1dc9b30 320TYPE: time_t
934b03fc 321LOC: Config.neighborTimeout
322DOC_START
323 This controls how long to wait for replies from neighbor caches.
324 If none of the parent or neighbor caches reply before this many
325 seconds (due to dropped packets or slow links), then the object
326 request will be satisfied from the default source. The default
327 timeout is two seconds.
328
329neighbor_timeout 2 seconds
330DOC_END
331
332
333NAME: hierarchy_stoplist
334TYPE: wordlist
1273d501 335DEFAULT: none
934b03fc 336LOC: Config.hierarchy_stoplist
337DOC_START
338 A list of words which, if found in a URL, cause the object to
339 be handled directly by this cache. In other words, use this
340 to not query neighbor caches for certain objects. You may
341 list this option multiple times.
342
343 The default is to directly fetch URLs containing 'cgi-bin' or '?'.
344
345hierarchy_stoplist cgi-bin ?
346DOC_END
347
348
349NAME: cache_stoplist
350TYPE: wordlist
1273d501 351DEFAULT: none
934b03fc 352LOC: Config.cache_stoplist
353DOC_START
354 A list of words which, if found in a URL, cause the object to
355 immediately removed from the cache. In other words, use this
356 to force certain objects to never be cached. You may list this
357 option multiple times.
358
359 The default is to not cache URLs containing 'cgi-bin' or '?'.
360
361cache_stoplist cgi-bin ?
362DOC_END
363
364
365NAME: cache_stoplist_pattern
934b03fc 366TYPE: regexlist
367LOC: Config.cache_stop_relist
1273d501 368DEFAULT: none
934b03fc 369DOC_START
370 Just like 'cache_stoplist' but you can use regular expressions
371 instead of simple string matching. There is no default.
0153d498 372 Insert -i to get case-insensitive regular expressions.
934b03fc 373
374cache_stoplist_pattern
375DOC_END
376
377
0f74202c 378COMMENT_START
3a278cb8 379 OPTIONS WHICH AFFECT THE CACHE SIZE
380 -----------------------------------------------------------------------------
0f74202c 381COMMENT_END
934b03fc 382
383NAME: cache_mem
9906e724 384COMMENT: (bytes)
1b635117 385TYPE: b_size_t
9906e724 386DEFAULT: 8 MB
934b03fc 387LOC: Config.Mem.maxSize
388DOC_START
389 Maximum amout of VM used to store objects in memory.
390 This includes:
391 in-transit objects,
392 negative-cached objects,
393 "hot" objects
394 The value of cache_mem is an upper limit on the size of the
395 "in-memory object data" pool. This is a pool of 4k pages used
396 to hold object data.
397
398 In-transit objects have priority over the others. When
399 additional space is needed for incoming data, negative-cached
400 and hot objects will be released. In other words, the
401 negative-cached and hot objects will fill up any unused space
402 not needed for in-transit objects.
403
404 The values of cache_mem_low and cache_mem_high (below) can be
405 used to tune the use of the memory pool. When the high mark is
406 reached, in-transit and hot objects will be released to clear
407 space. When an object transfer is completed, it will remain in
408 memory only if the current memory usage is below the low water
409 mark.
410
411 The default is 8 Megabytes.
412
9906e724 413cache_mem 8 MB
934b03fc 414DOC_END
415
416
417NAME: cache_swap_low
418COMMENT: (percent, 0-100)
419TYPE: int
420DEFAULT: 90
421LOC: Config.Swap.lowWaterMark
422DOC_NONE
423
424NAME: cache_swap_high
425COMMENT: (percent, 0-100)
426TYPE: int
427DEFAULT: 95
428LOC: Config.Swap.highWaterMark
429DOC_START
430 The low- and high-water marks for cache LRU replacement.
431 LRU replacement begins when the high-water mark is reached
432 and ends when enough objects have been removed and the low-water
433 mark is reached. Defaults are 90% and 95%.
434
435cache_swap_low 90
436cache_swap_high 95
437DOC_END
438
439
440NAME: cache_mem_low
441COMMENT: (in percent, 0-100)
442TYPE: int
443DEFAULT: 75
444LOC: Config.Mem.lowWaterMark
445DOC_NONE
446
447NAME: cache_mem_high
448COMMENT: (in percent, 0-100)
449TYPE: int
450DEFAULT: 95
451LOC: Config.Mem.highWaterMark
452DOC_START
453 The low- and high-water mark for cache memory storage. When
454 the amount of RAM used by the hot-object RAM cache reaches this
455 point, the cache starts throwing objects out of the RAM cache
456 (but they remain on disk). Defaults are 75% and 90%.
457
458cache_mem_low 75
459cache_mem_high 90
460DOC_END
461
462
463NAME: maximum_object_size
9e975e4e 464COMMENT: (bytes)
1b635117 465TYPE: b_size_t
9906e724 466DEFAULT: 4096 KB
934b03fc 467LOC: Config.Store.maxObjectSize
468DOC_START
469 Objects larger than this size will NOT be saved on disk. The
470 value is specified in kilobytes, and the default is 4MB.
471
9906e724 472maximum_object_size 4096 KB
934b03fc 473DOC_END
474
475
476NAME: ipcache_size
477COMMENT: (number of entries)
478TYPE: int
479DEFAULT: 1024
480LOC: Config.ipcache.size
481DOC_NONE
482
483NAME: ipcache_low
484COMMENT: (percent)
485TYPE: int
486DEFAULT: 90
487LOC: Config.ipcache.low
488DOC_NONE
489
490NAME: ipcache_high
491COMMENT: (percent)
492TYPE: int
493DEFAULT: 95
494LOC: Config.ipcache.high
495DOC_START
496 The size, low-, and high-water marks for the IP cache.
497
498ipcache_size 1024
499ipcache_low 90
500ipcache_high 95
501DOC_END
502
0f74202c 503COMMENT_START
3a278cb8 504 LOGFILE PATHNAMES AND CACHE DIRECTORIES
505 -----------------------------------------------------------------------------
0f74202c 506COMMENT_END
934b03fc 507
508NAME: cache_dir
509TYPE: cachedir
f1dc9b30 510DEFAULT: none
0108d71f 511DEFAULT_IF_NONE: @DEFAULT_SWAP_DIR@ 100 16 256
f1dc9b30 512LOC: Config.cacheSwap
934b03fc 513DOC_START
514 Directory for on-disk cache storage. The cache will change into
515 this directory when running. The default is
516 /usr/local/squid/cache.
517
518 You can specify multiple cache_dir lines to spread the
519 cache among different disk partitions.
520
a95856a0 521cache_dir /usr/local/squid/cache 1000 16 256
934b03fc 522DOC_END
523
524
525NAME: cache_access_log
526TYPE: string
d0b98f84 527DEFAULT: @DEFAULT_ACCESS_LOG@
934b03fc 528LOC: Config.Log.access
529DOC_START
530 Logs the client request activity. Contains an entry for
531 every HTTP and ICP request received.
532
533cache_access_log /usr/local/squid/logs/access.log
534DOC_END
535
536
537NAME: cache_log
538TYPE: string
0153d498 539DEFAULT: @DEFAULT_CACHE_LOG@
934b03fc 540LOC: Config.Log.log
541DOC_START
542 Cache logging file. Set logging levels with "debug_options" below.
543
0153d498 544cache_log @DEFAULT_CACHE_LOG@
934b03fc 545DOC_END
546
547
548NAME: cache_store_log
549TYPE: string
0153d498 550DEFAULT: @DEFAULT_STORE_LOG@
934b03fc 551LOC: Config.Log.store
552DOC_START
553 Logs the activities of the storage manager. Shows which
554 objects are ejected from the cache, and which objects are
555 saved and for how long. To disable, enter "none".
556
0153d498 557cache_store_log @DEFAULT_STORE_LOG@
934b03fc 558DOC_END
559
560
561NAME: cache_swap_log
562TYPE: string
563LOC: Config.Log.swap
1273d501 564DEFAULT: none
934b03fc 565DOC_START
d0d3ec94 566 Location for the cache "swap.log." This log file holds the
934b03fc 567 metadata of objects saved on disk. It is used to rebuild the
568 cache during startup. Normally this file resides in the first
569 'cache_dir' directory, but you may specify an alternate
570 pathname here. Note you must give a full filename, not just
571 a directory.
572
573cache_swap_log
574DOC_END
575
576
577NAME: emulate_httpd_log
578COMMENT: on|off
579TYPE: onoff
f1dc9b30 580DEFAULT: off
17a0a4ee 581LOC: Config.onoff.common_log
934b03fc 582DOC_START
583 The Cache can emulate the log file format which many 'httpd'
584 programs use. To disable/enable this emulation, set
585 emulate_httpd_log to 'off' or 'on'. The default
586 is to use the native log format.
587
588emulate_httpd_log off
589DOC_END
590
591
592NAME: mime_table
f0b19334 593TYPE: string
0153d498 594DEFAULT: @DEFAULT_MIME_TABLE@
934b03fc 595LOC: Config.mimeTablePathname
596DOC_START
597 Pathname to Squid's MIME table which has the format
598
599 regex content-type icon content-encoding transfer-mode
600
0153d498 601mime_table @DEFAULT_MIME_TABLE@
934b03fc 602DOC_END
603
604
605NAME: log_mime_hdrs
606COMMENT: on|off
607TYPE: onoff
17a0a4ee 608LOC: Config.onoff.log_mime_hdrs
f1dc9b30 609DEFAULT: off
934b03fc 610DOC_START
611 The Cache can record both the request and the response
612 MIME headers for each HTTP transaction. The headers are
613 encoded safely and will appear as two bracketed fields
614 at the end of the access log (for either the native
615 or httpd-emulated log formats). To enable this logging
616 set log_mime_hdrs to 'on'.
617
618 NOTE: support for this may require you to define
619 LOG_FULL_HEADERS before compiling.
620
621log_mime_hdrs off
622DOC_END
623
624
625NAME: useragent_log
626TYPE: string
627LOC: Config.Log.useragent
f1dc9b30 628DEFAULT: none
934b03fc 629DOC_START
630 If compiled with "-DUSE_USERAGENT_LOG=1" Squid will write
631 the User-Agent field from HTTP requests to the filename
632 specified here. By default useragent_log is disabled.
633
634useragent_log none
635DOC_END
636
637
638NAME: pid_filename
639TYPE: string
0153d498 640DEFAULT: @DEFAULT_PID_FILE@
934b03fc 641LOC: Config.pidFilename
642DOC_START
643 A pathname to write the process-id to. To disable, enter "none".
644
0153d498 645pid_filename @DEFAULT_PID_FILE@
934b03fc 646DOC_END
647
648
649NAME: debug_options
f1dc9b30 650TYPE: eol
934b03fc 651DEFAULT: ALL,1
652LOC: Config.debugOptions
653DOC_START
654 Logging options are set as section,level where each source file
655 is assigned a unique section. Lower levels result in less
656 output, Full debugging (level 9) can result in a very large
657 log file, so be careful. The magic word "ALL" sets debugging
658 levels for all sections. We recommend normally running with
659 "ALL,1".
660
661debug_options ALL,1
662DOC_END
663
664
665NAME: ident_lookup
666COMMENT: on|off
667TYPE: onoff
f1dc9b30 668DEFAULT: off
17a0a4ee 669LOC: Config.onoff.ident_lookup
934b03fc 670DOC_START
671 If you wish to make an RFC931/ident lookup of the client username
672 for each connection, enable this. It is off by default.
673
674ident_lookup off
675DOC_END
676
677
678NAME: log_fqdn
679COMMENT: on|off
680TYPE: onoff
f1dc9b30 681DEFAULT: off
17a0a4ee 682LOC: Config.onoff.log_fqdn
934b03fc 683DOC_START
684 Turn this on if you wish to log fully qualified domain names
685 in the access.log.
686
687log_fqdn off
688DOC_END
689
690
691NAME: client_netmask
692TYPE: address
693LOC: Config.Addrs.client_netmask
f1dc9b30 694DEFAULT: 255.255.255.255
934b03fc 695DOC_START
696 A netmask for client addresses in logfiles and cachemgr output.
697 Change this to protect the privacy of your cache clients.
698
699client_netmask 255.255.255.255
700DOC_END
701
702
0f74202c 703COMMENT_START
3a278cb8 704 OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
705 -----------------------------------------------------------------------------
0f74202c 706COMMENT_END
934b03fc 707
708# TAG: ftpget_program
709# Where to find the 'ftpget' program that retrieves FTP data (HTTP
710# and Gopher protocol support are built into the cache).
711#
712# To disable ftpget and the ability to retrieve FTP objects, set
713# this to "none". Note that ftpget is automatically disabled for
714# http_accel mode.
715#
716#ftpget_program @DEFAULT_FTPGET@
717
718# TAG: ftpget_options
719# Options for the 'ftpget' program. Please run 'ftpget' without
720# any arguments to see a list of options. The default is
721# no options. An example is
722#
723# ftpget_options -n 60 -R -W
724#
725#ftpget_options
726
727NAME: ftp_user
728TYPE: string
729DEFAULT: squid@
730LOC: Config.Ftp.anon_user
731DOC_START
732 If you want the anonymous login password to be more informative
733 (and enable the use of picky ftp servers), set this to something
734 resonable for your domain, like wwwuser@somewhere.net
735
736 The reason why this is domainless by default is that the
737 request can be made on the behalf of a user in any domain,
738 depending on how the cache is used.
739 Some ftp server also validate that the email address is valid
740 (for example perl.com).
741
742ftp_user squid@
743DOC_END
744
365cb147 745NAME: ftp_list_width
1b635117 746TYPE: size_t
365cb147 747DEFAULT: 32
748LOC: Config.Ftp.list_width
749DOC_START
750ftp_list_width 32
751DOC_END
752
934b03fc 753
754NAME: cache_dns_program
f0b19334 755TYPE: string
0153d498 756DEFAULT: @DEFAULT_DNSSERVER@
934b03fc 757LOC: Config.Program.dnsserver
758DOC_START
759 Specify the location of the executable for dnslookup process.
760
0153d498 761cache_dns_program @DEFAULT_DNSSERVER@
934b03fc 762DOC_END
763
764
765NAME: dns_children
766TYPE: int
767DEFAULT: 5
768LOC: Config.dnsChildren
769DOC_START
770 The number of processes spawn to service DNS name lookups.
771 For heavily loaded caches on large servers, you should
772 probably increase this value to at least 10. The maximum
773 is 32. The default is 5.
774
775 To disable dnsservers, set this to 0. NOTE, this is very
776 strongly discouraged. If you disable dnsservers your Squid
777 process will BLOCK on DNS lookups!
778
779dns_children 5
780DOC_END
781
782
783NAME: dns_defnames
784COMMENT: on|off
785TYPE: onoff
f1dc9b30 786DEFAULT: off
17a0a4ee 787LOC: Config.onoff.res_defnames
934b03fc 788DOC_START
789 Normally the 'dnsserver' disables the RES_DEFNAMES resolver
790 option (see res_init(3)). This prevents caches in a hierarchy
791 from interpreting single-component hostnames locally. To allow
792 dnsserver to handle single-component names, enable this
793 option.
794
795dns_defnames off
796DOC_END
797
798
799NAME: unlinkd_program
f0b19334 800TYPE: string
0153d498 801DEFAULT: @DEFAULT_UNLINKD@
934b03fc 802LOC: Config.Program.unlinkd
803DOC_START
804 Specify the location of the executable for file deletion process.
805
0153d498 806unlinkd_program @DEFAULT_UNLINKD@
934b03fc 807DOC_END
808
809
810NAME: pinger_program
a95856a0 811TYPE: string
0153d498 812DEFAULT: @DEFAULT_PINGER@
934b03fc 813LOC: Config.Program.pinger
814DOC_START
815 Specify the location of the executable for the pinger process.
816
0153d498 817pinger_program @DEFAULT_PINGER@
934b03fc 818DOC_END
819
820
821NAME: redirect_program
f0b19334 822TYPE: string
934b03fc 823LOC: Config.Program.redirect
62607543 824DEFAULT: none
934b03fc 825DOC_START
826 Specify the location of the executable for the URL redirector.
827 Currently, you must provide your own redirector program.
828 See the Release-Notes for how to write one.
829 By default, the redirector is not used.
830
f0b19334 831redirect_program none
934b03fc 832DOC_END
833
834
835NAME: redirect_children
836TYPE: int
837DEFAULT: 5
838LOC: Config.redirectChildren
839DOC_START
840 The number of redirector processes to spawn.
841
842redirect_children 5
843DOC_END
844
0f74202c 845COMMENT_START
3a278cb8 846 OPTIONS FOR TUNING THE CACHE
847 -----------------------------------------------------------------------------
0f74202c 848COMMENT_END
934b03fc 849
0153d498 850NAME: wais_relay_host
851TYPE: string
1273d501 852DEFAULT: none
0153d498 853LOC: Config.Wais.relayHost
854DOC_NONE
934b03fc 855
0153d498 856NAME: wais_relay_port
857TYPE: ushort
858DEFAULT: 0
859LOC: Config.Wais.relayPort
934b03fc 860DOC_START
861 Relay WAIS request to host (1st arg) at port (2 arg).
862
0153d498 863wais_relay_host localhost
864wais_relay_port 8000
934b03fc 865DOC_END
866
867
868NAME: request_size
9906e724 869COMMENT: (KB)
870TYPE: kb_size_t
871DEFAULT: 100 KB
934b03fc 872LOC: Config.maxRequestSize
873DOC_START
874 Maximum allowed request size in kilobytes. If people are using
875 POST to upload files, then set this to the largest acceptable
876 filesize plus a few extra kbytes.
877
9906e724 878request_size 100 KB
934b03fc 879DOC_END
880
881
882NAME: refresh_pattern
934b03fc 883TYPE: refreshpattern
f1dc9b30 884LOC: Config.Refresh
1273d501 885DEFAULT: none
934b03fc 886DOC_START
887 usage: refresh_pattern regex min percent max
888
889 min and max are specified in MINUTES.
890 percent is an integer number.
891
892 Please see the file doc/Release-Notes-1.1.txt for a full
893 description of Squid's refresh algorithm. Basically a
894 cached object is:
895
896 FRESH if age < min
897 STALE if expires < now
898 STALE if age > max
899 FRESH if lm-factor < percent
900
901 The refresh_pattern lines are checked in the order listed here.
902 The first entry which matches is used. If none of the entries
903 match, then the default will be used.
904
905Default:
906refresh_pattern . 0 20% 4320
907DOC_END
908
909
910NAME: reference_age
f1dc9b30 911TYPE: time_t
934b03fc 912LOC: Config.referenceAge
f1dc9b30 913DEFAULT: 1 year
934b03fc 914DOC_START
915 As a part of normal operation, Squid performs Least Recently
916 Used removal of cached objects. The LRU age for removal is
917 computed dynamically, based on the amount of disk space in
918 use. The 'reference_age' value defines the maximum LRU age.
919 For example, setting reference_age to '1 week' will cause
920 objects to be removed if they have not been accessed for a week
921 or more. If set to zero, LRU removal is disabled, and objects
922 will be removed only when disk usage is over the high water
923 mark. The default value is one year.
924
925 Specify a number here, followed by units of time. For example:
926 1 week
927 3.5 days
928 4 months
929 2.2 hours
930
f1dc9b30 931reference_age 1 month
934b03fc 932DOC_END
933
934
0153d498 935NAME: quick_abort_min
9906e724 936COMMENT: (KB)
937TYPE: kb_size_t
9e975e4e 938DEFAULT: -1 kb
0153d498 939LOC: Config.quickAbort.min
940DOC_NONE
941
942NAME: quick_abort_pct
943COMMENT: (percent)
944TYPE: int
945DEFAULT: 0
946LOC: Config.quickAbort.pct
947DOC_NONE
948
949NAME: quick_abort_max
9906e724 950COMMENT: (KB)
951TYPE: kb_size_t
9e975e4e 952DEFAULT: 0 kb
0153d498 953LOC: Config.quickAbort.max
934b03fc 954DOC_START
955 By default the cache continues to retrieve objects from
956 aborted requests. This may be undesirable on slow (e.g. SLIP)
957 links and/or very busy caches. Impatient users may tie up
958 file descriptors by repeatedly aborting and re-requesting
959 non-cachable objects.
960
961 Usage: quick_abort min-kbytes percent max-kbytes
962
963 When the user aborts a request, Squid will check the
964 quick_abort values to the amount of data transfered until
965 then.
966
967 If the transfer has less than 'min-kbytes' remaining, it
968 will finish the retrieval. Setting minlength to -1 will
969 disable the quick_abort feature.
970
971 If the transfer has more than 'max-kbytes' remaining, it
972 will abort the retrieval.
973
974 If more than 'percent' of the transfer has completed, it will
975 finish the retrieval.
976
0153d498 977quick_abort_min -1
978quick_abort_pct 0
979quick_abort_max 0
934b03fc 980DOC_END
981
982
983NAME: negative_ttl
bc0eb004 984COMMENT: time-units
f1dc9b30 985TYPE: time_t
934b03fc 986LOC: Config.negativeTtl
9e975e4e 987DEFAULT: 5 minutes
934b03fc 988DOC_START
989 Time-to-Live (TTL) for failed requests. Certain types of
990 failures (such as "connection refused" and "404 Not Found") are
991 negatively-cached for a small amount of time. The default is 5
992 minutes. Note that this is different from negative caching of
993 DNS lookups.
994
995negative_ttl 5 minutes
996DOC_END
997
998
999NAME: positive_dns_ttl
bc0eb004 1000COMMENT: time-units
f1dc9b30 1001TYPE: time_t
934b03fc 1002LOC: Config.positiveDnsTtl
9e975e4e 1003DEFAULT: 6 hours
934b03fc 1004DOC_START
1005 Time-to-Live (TTL) for positive caching of successful DNS lookups.
1006 Default is 6 hours (360 minutes). If you want to minimize the
1007 use of Squid's ipcache, set this to 1, not 0.
1008
9e975e4e 1009positive_dns_ttl 6 hours
934b03fc 1010DOC_END
1011
1012
1013NAME: negative_dns_ttl
bc0eb004 1014COMMENT: time-units
f1dc9b30 1015TYPE: time_t
934b03fc 1016LOC: Config.negativeDnsTtl
9e975e4e 1017DEFAULT: 5 minutes
934b03fc 1018DOC_START
1019 Time-to-Live (TTL) for negative caching of failed DNS lookups.
1020
1021negative_dns_ttl 5 minutes
1022DOC_END
1023
0f74202c 1024COMMENT_START
3a278cb8 1025 TIMEOUTS
1026 -----------------------------------------------------------------------------
0f74202c 1027COMMENT_END
934b03fc 1028
1029NAME: connect_timeout
bc0eb004 1030COMMENT: time-units
f1dc9b30 1031TYPE: time_t
934b03fc 1032LOC: Config.Timeout.connect
9e975e4e 1033DEFAULT: 2 minutes
934b03fc 1034DOC_START
1035 Some systems (notably Linux) can not be relied upon to properly
1036 time out connect(2) requests. Therefore the squid process
1037 enforces its own timeout on server connections. This parameter
1038 specifies how long to wait for the connect to complete. The
1039 default is two minutes (120 seconds).
1040
1041connect_timeout 120 seconds
1042DOC_END
1043
1044
1045NAME: read_timeout
bc0eb004 1046COMMENT: time-units
f1dc9b30 1047TYPE: time_t
934b03fc 1048LOC: Config.Timeout.read
9e975e4e 1049DEFAULT: 15 minutes
934b03fc 1050DOC_START
1051 The read_timeout is applied on server-side connections. After
1052 each successful read(), the timeout will be extended by this
1053 amount. If no data is read again after this amount of time,
1054 the request is aborted and logged with ERR_READ_TIMEOUT. The
1055 default is 15 minutes.
1056
1057read_timeout 15 minutes
1058DOC_END
1059
1060
934b03fc 1061NAME: request_timeout
f1dc9b30 1062TYPE: time_t
934b03fc 1063LOC: Config.Timeout.request
9e975e4e 1064DEFAULT: 30 seconds
934b03fc 1065DOC_START
1066 How long to wait for an HTTP request after connection
1067 establishment. For persistent connections, wait this long
1068 after the previous request completes.
1069
1070defer_timeout 30 seconds
1071DOC_END
1072
1073
1074NAME: client_lifetime
bc0eb004 1075COMMENT: time-units
f1dc9b30 1076TYPE: time_t
934b03fc 1077LOC: Config.Timeout.lifetime
9e975e4e 1078DEFAULT: 1 day
934b03fc 1079DOC_START
1080 The maximum amount of time that a client (browser) is allowed to
1081 remain connected to the cache process. This protects the Cache
1082 from having alot of sockets (and hence file descriptors) tied up
1083 in a CLOSE_WAIT state from remote clients that go away without
1084 properly shutting down (either because of a network failure or
1085 because of a poor client implementation). The default is one
1086 day, 1440 minutes.
1087
1088 NOTE: The default value is intended to be much larger than any
1089 client would ever need to be connected to your cache. You
1090 should probably change client_lifetime only as a last resort.
1091 If you seem to have many client connections tying up
1092 filedescriptors, we recommend first tuning the read_timeout,
1093 defer_timeout, and quick_abort values.
1094
1095client_lifetime 1 day
1096DOC_END
1097
603a02fd 1098NAME: pconn_timeout
1099TYPE: time_t
1100LOC: Config.Timeout.pconn
1101DEFAULT: 120 seconds
1102DOC_START
1103 Timeout for idle persistent connections to servers and other
1104 proxies.
1105pconn_timeout 120 seconds
1106DOC_END
1107
934b03fc 1108
1109NAME: shutdown_lifetime
bc0eb004 1110COMMENT: time-units
f1dc9b30 1111TYPE: time_t
934b03fc 1112LOC: Config.shutdownLifetime
9e975e4e 1113DEFAULT: 30 seconds
934b03fc 1114DOC_START
1115 When SIGTERM or SIGHUP is received, the cache is put into
1116 "shutdown pending" mode until all active sockets are closed.
1117 This value is the lifetime to set for all open descriptors
1118 during shutdown mode. Any active clients after this many
1119 seconds will receive a 'timeout' message.
1120
1121shutdown_lifetime 30 seconds
1122DOC_END
1123
0f74202c 1124COMMENT_START
3a278cb8 1125 ACCESS CONTROLS
1126 -----------------------------------------------------------------------------
0f74202c 1127COMMENT_END
934b03fc 1128
1129NAME: acl
1130TYPE: acl
f1dc9b30 1131LOC: Config.aclList
1132DEFAULT: none
934b03fc 1133DOC_START
1134 Defining an Access List
1135
1136 acl aclname acltype string1 ...
1137 acl aclname acltype "file" ...
1138
1139 when using "file", the file should contain one item per line
1140
1141 acltype is one of src dst srcdomain dstdomain url_pattern
1142 urlpath_pattern time port proto method browser user
1143
1144 acl aclname src ip-address/netmask ... (clients IP address)
1145 acl aclname src addr1-addr2/netmask ... (range of addresses)
1146 acl aclname dst ip-address/netmask ... (URL host's IP address)
1147 acl aclname srcdomain foo.com ... (taken from reverse DNS lookup)
1148 acl aclname dstdomain foo.com ... (taken from the URL)
1149 acl aclname time [day-abbrevs] [h1:m1-h2:m2]
1150 day-abbrevs:
1151 S - Sunday
1152 M - Monday
1153 T - Tuesday
1154 W - Wednesday
1155 H - Thursday
1156 F - Friday
1157 A - Saturday
1158 h1:m1 must be less than h2:m2
1159 acl aclname url_regex ^http:// ... # regex matching on whole URL
1160 acl aclname urlpath_regex \.gif$ ... # regex matching on URL path only
1161 acl aclname port 80 70 21 ...
1162 acl aclname proto HTTP FTP ...
1163 acl aclname method GET POST ...
1164 acl aclname browser regexp
1165 acl aclname user username ... # string match on ident output.
1166 # use REQUIRED to accept any
1167 # non-null ident.
afe95a7e 1168 acl aclname proxy_auth passwd_file [ refresh ]
1169 # 'passwd_file' is an Apache-style file of passwords for
1170 # authenticated proxy access. Looks like user:password, with
1171 # the password being standard crypt() format. 'refresh' is
1172 # the time in seconds to check for a changes in the file
1173 # (default = 300 secs). When using a proxy_auth ACL in an
1174 # ACL list, make sure it is the *last* in the list and the
1175 # only proxy_auth ACL in the list. NOTE: when a
1176 # Proxy-Authentication header is sent but it is not needed
1177 # during ACL checking the username is NOT logged in
1178 # access.log.
934b03fc 1179
1180acl manager proto cache_object
1181acl localhost src 127.0.0.1/255.255.255.255
1182acl all src 0.0.0.0/0.0.0.0
1183
1184acl SSL_ports port 443 563
1185acl Dangerous_ports port 7 9 19
1186acl CONNECT method CONNECT
1187DOC_END
1188
1189NAME: http_access
1190TYPE: acl_access
f1dc9b30 1191LOC: Config.accessList.http
1192DEFAULT: none
934b03fc 1193DOC_START
1194 Allowing or Denying access based on defined access lists
1195
1196 Access to the HTTP port:
1197 http_access allow|deny [!]aclname ...
1198
1199 Access to the ICP port:
1200 icp_access allow|deny [!]aclname ...
1201
1202 NOTE on default values:
1203
1204 If there are no "access" lines present, the default is to allow
1205 the request.
1206
1207 If none of the "access" lines cause a match, the default is the
1208 opposite of the last line in the list. If the last line was
1209 deny, then the default is allow. Conversely, if the last line
1210 is allow, the default will be deny. For these reasons, it is a
1211 good idea to have an "deny all" or "allow all" entry at the end
1212 of your access lists to avoid potential confusion.
1213
1214
1215 Only allow access to the cache manager functions from the local host.
1216http_access deny manager !localhost
1217http_access deny CONNECT !SSL_ports
1218http_access deny Dangerous_ports
1219
1220 Allow everything else
1221http_access allow all
1222DOC_END
1223
1224
1225NAME: icp_access
1226TYPE: acl_access
f1dc9b30 1227LOC: Config.accessList.icp
1228DEFAULT: none
934b03fc 1229DOC_START
1230 Reply to all ICP queries we receive
1231
1232icp_access allow all
1233DOC_END
1234
1235
1236NAME: miss_access
1237TYPE: acl_access
f1dc9b30 1238LOC: Config.accessList.miss
1239DEFAULT: none
934b03fc 1240DOC_START
1241 Use to force your neighbors to use you as a sibling instead of
1242 a parent. For example:
1243
1244 acl localclients src 172.16.0.0/16
1245 miss_access allow localclients
1246 miss_access deny !localclients
1247
1248 This means that only your local clients are allowed to fetch
1249 MISSES and all other clients can only fetch HITS.
1250
1251 By default, allow all clients who passed the http_access rules
1252 to fetch MISSES from us.
1253
1254miss_access allow all
1255DOC_END
1256
1257
1258NAME: cache_host_acl
f1dc9b30 1259TYPE: peeracl
1260DEFAULT: none
1261LOC: none
934b03fc 1262DOC_START
1263 Just like 'cache_host_domain' but provides more flexibility by
1264 using ACL's.
1265
1266 cache_host_acl cache-host [!]aclname ...
1267
1268 NOTE: * Any number of ACL's may be given for a cache-host,
1269 either on the same or separate lines.
1270 * When multiple ACL's are given for a particular
1271 cache-host, the first matched ACL is applied.
1272 * Cache hosts with no domain or ACL restrictions are
1273 queried for all requests.
1274 * There are no defaults.
1275DOC_END
1276
0f74202c 1277COMMENT_START
3a278cb8 1278 ADMINISTRATIVE PARAMETERS
1279 -----------------------------------------------------------------------------
0f74202c 1280COMMENT_END
934b03fc 1281
1282NAME: cache_mgr
1283TYPE: string
1284DEFAULT: webmaster
1285LOC: Config.adminEmail
1286DOC_START
1287 Email-address of local cache manager who will receive
1288 mail if the cache dies. The default is "webmaster."
1289
1290cache_mgr webmaster
1291DOC_END
1292
1293
1294NAME: cache_effective_user
0153d498 1295TYPE: string
a95856a0 1296DEFAULT: nobody
0153d498 1297LOC: Config.effectiveUser
1298DOC_NONE
1299
1300NAME: cache_effective_group
1301TYPE: string
a95856a0 1302DEFAULT: nogroup
0153d498 1303LOC: Config.effectiveGroup
934b03fc 1304DOC_START
1305 If the cache is run as root, it will change its effective/real
1306 UID/GID to the UID/GID specified below. The default is not to
1307 change UID/GID.
1308
0153d498 1309cache_effective_user nobody
1310cache_effective_group nogroup
934b03fc 1311DOC_END
1312
1313
1314NAME: visible_hostname
1315TYPE: string
1316LOC: Config.visibleHostname
f1dc9b30 1317DEFAULT: none
934b03fc 1318DOC_START
1319 If you want to present a special hostname in error messages, etc,
1320 then define this. Otherwise, the return value of gethostname()
1321 will be used.
1322
1323visible_hostname www-cache.foo.org
1324DOC_END
1325
0f74202c 1326COMMENT_START
3a278cb8 1327 OPTIONS FOR THE CACHE REGISTRATION SERVICE
1328 -----------------------------------------------------------------------------
934b03fc 1329
3a278cb8 1330 This section contains parameters for the (optional) cache
1331 announcement service. This service is provided to help
1332 cache administrators locate one another in order to join or
1333 create cache hierarchies.
934b03fc 1334
3a278cb8 1335 An 'announcement' message is sent (via UDP) to the registration
1336 service by Squid. By default, the annoucement message is NOT
1337 SENT unless you enable it with 'cache_announce' below.
1338
1339 The announcement message includes your hostname, plus the
1340 following information from this configuration file:
934b03fc 1341
3a278cb8 1342 http_port
1343 icp_port
1344 cache_mgr
1345
1346 All current information is processed regularly and made
1347 available on the Web at http://www.nlanr.net/Cache/Tracker/.
0f74202c 1348COMMENT_END
934b03fc 1349
f1dc9b30 1350NAME: announce_period
1351TYPE: time_t
1352LOC: Config.Announce.period
9e975e4e 1353DEFAULT: 1 day
934b03fc 1354DOC_START
1355 This is how frequently to send cache announcements. The default
1356 is `0' which disables sending the announcement messages.
1357
1358 To enable announcing your cache, just uncomment the line below.
1359
9e975e4e 1360announce_period 1 day
934b03fc 1361DOC_END
1362
1363
f1dc9b30 1364NAME: announce_host
1365TYPE: string
1366DEFAULT: sd.cache.nlanr.net
1367LOC: Config.Announce.host
1368DOC_NONE
1369
1370NAME: announce_port
1371TYPE: ushort
1372DEFAULT: 3131
1373LOC: Config.Announce.port
934b03fc 1374DOC_START
1375 This is the hostname and portnumber where the registration message
1376 will be sent.
1377
1378 Format: announce_to host[:port] [filename]
1379
1380 Hostname will default to 'sd.cache.nlanr.net' and port will default
1381 to 3131. If the 'filename' argument is given, the contents of that
1382 file will be included in the announce message.
1383
f1dc9b30 1384announce_host sd.cache.nlanr.net
1385announce_port 3131
934b03fc 1386DOC_END
1387
f1dc9b30 1388NAME: announce_file
f0b19334 1389TYPE: string
f1dc9b30 1390DEFAULT: /dev/null
1391LOC: Config.Announce.file
1392DOC_NONE
1393
0f74202c 1394COMMENT_START
3a278cb8 1395 HTTPD-ACCELERATOR OPTIONS
1396 -----------------------------------------------------------------------------
0f74202c 1397COMMENT_END
934b03fc 1398
f1dc9b30 1399NAME: httpd_accel_host
1400TYPE: string
1401LOC: Config.Accel.host
1402DEFAULT: none
1403DOC_NONE
1404
1405NAME: httpd_accel_port
1406TYPE: ushort
1407LOC: Config.Accel.port
5b68a4d3 1408DEFAULT: 80
934b03fc 1409DOC_START
1410 If you want to run squid as an httpd accelerator, define the
1411 host name and port number where the real HTTP server is.
1412
1413 If you want virtual host support then specify the hostname
1414 as "virtual".
1415
f1dc9b30 1416httpd_accel_host hostname
1417httpd_accel_port port
934b03fc 1418DOC_END
1419
1420
1421NAME: httpd_accel_with_proxy
1422COMMENT: on|off
1423TYPE: onoff
f1dc9b30 1424DEFAULT: off
17a0a4ee 1425LOC: Config.onoff.accel_with_proxy
934b03fc 1426DOC_START
1427 If you want to use squid as both a local httpd accelerator
1428 and as a proxy, change this to 'on'.
1429
1430httpd_accel_with_proxy off
1431DOC_END
1432
1433
1434NAME: httpd_accel_uses_host_header
1435COMMENT: on|off
1436TYPE: onoff
f1dc9b30 1437DEFAULT: off
934b03fc 1438LOC: opt_accel_uses_host
1439DOC_START
1440 HTTP/1.1 requests include a Host: header which is basically the
1441 hostname from the URL. Squid can be an accelerator for
1442 different HTTP servers by looking at this header. However,
1443 Squid does NOT check the value of the Host header, so it opens
1444 a big security hole. We recommend that this option remain
1445 disabled unless you are sure of what you are doing.
1446
1447httpd_accel_uses_host_header off
1448DOC_END
1449
0f74202c 1450COMMENT_START
3a278cb8 1451 MISCELLANEOUS
1452 -----------------------------------------------------------------------------
0f74202c 1453COMMENT_END
934b03fc 1454
1455NAME: dns_testnames
1456TYPE: wordlist
1457LOC: Config.dns_testname_list
f1dc9b30 1458DEFAULT: none
934b03fc 1459DOC_START
1460 The DNS tests exit as soon as the first site is successfully looked up
1461
1462 If you want to disable DNS tests, do not comment out or delete this
1463 list. Instead use the -D command line option
1464
1465dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu
1466DOC_END
1467
1468
1469NAME: logfile_rotate
1470TYPE: int
1471DEFAULT: 10
1472LOC: Config.Log.rotateNumber
1473DOC_START
1474 Specifies the number of logfile rotations to make upon receiving
1475 a USR1 signal. The default is 10, which will rotate with
1476 extensions 0 through 9. Setting logfile_rotate to 0 will
1477 disable the rotation, but the logfiles are still closed and
1478 re-opened. This will enable you to rename the logfiles yourself
1479 just before sending a USR1 signal to the squid process.
1480
1481logfile_rotate 10
1482DOC_END
1483
1484
1485NAME: append_domain
f1dc9b30 1486TYPE: string
1487LOC: Config.appendDomain
1488DEFAULT: none
934b03fc 1489DOC_START
1490 Appends local domain name to hostnames without any dots in them.
1491 append_domain must begin with a period.
1492
1493append_domain .yourdomain.com
1494DOC_END
1495
1496
1497NAME: tcp_recv_bufsize
89de058c 1498COMMENT: (bytes)
1b635117 1499TYPE: b_size_t
89de058c 1500DEFAULT: 0 bytes
934b03fc 1501LOC: Config.tcpRcvBufsz
1502DOC_START
1503 Size of receive buffer to set for TCP sockets. Probably just
1504 as easy to change your kernel's default. Set to zero to use
1505 the default buffer size.
1506
89de058c 1507tcp_recv_bufsize 0 bytes
934b03fc 1508DOC_END
1509
934b03fc 1510NAME: err_html_text
f1dc9b30 1511TYPE: eol
1512LOC: Config.errHtmlText
1513DEFAULT: none
934b03fc 1514DOC_START
1515 HTML text to include in error messages. Make this a "mailto"
1516 URL to your admin address, or maybe just a link to your
1517 organizations Web page.
1518
1519err_html_text
1520DOC_END
1521
1522
1523NAME: deny_info
1524TYPE: denyinfo
1525LOC: Config.denyInfoList
f1dc9b30 1526DEFAULT: none
934b03fc 1527DOC_START
1528 Usage: deny_info URL acl
1529
1530 This can be used to return a HTTP redirect for requests which
1531 do not pass the 'http_access' rules. A single ACL will cause
1532 the http_access check to fail. If a 'deny_info' line exists
1533 for that ACL then Squid returns a redirect to the given URL.
1534DOC_END
1535
1536
1537NAME: udp_hit_obj
1538COMMENT: on|off
1539TYPE: onoff
f1dc9b30 1540DEFAULT: off
934b03fc 1541LOC: opt_udp_hit_obj
1542DOC_START
1543 If set, Squid will request UDP_HIT_OBJ replies from its
1544 neighbors. UDP_HIT_OBJ is nice because it saves bandwidth, but
1545 it can cause some other problems. For one it complicates
1546 calculating hit rates. Also, problems arise because the ICP
1547 query does not contain any HTTP request headers which may
1548 affect the reply.
1549
1550udp_hit_obj off
1551DOC_END
1552
1553
1554NAME: udp_hit_obj_size
89de058c 1555COMMENT: (bytes)
1b635117 1556TYPE: b_size_t
934b03fc 1557LOC: Config.udpMaxHitObjsz
89de058c 1558DEFAULT: 0 bytes
934b03fc 1559DOC_START
1560 If set, Squid will limit UDP_HIT_OBJ size to be less than
1561 this value. Setting this value to more than SQUID_UDP_SO_SNDBUF
1562 will not work as expected. Set to zero to select the size
1563 permited by the socket.
89de058c 1564udp_hit_obj_size 0 bytes
934b03fc 1565DOC_END
1566
1567
1568NAME: memory_pools
1569COMMENT: on|off
1570TYPE: onoff
f1dc9b30 1571DEFAULT: on
934b03fc 1572LOC: opt_mem_pools
1573DOC_START
1574 If set, Squid will keep pools of allocated (but unused) memory
1575 available for future use. If memory is a premium on your
1576 system, disable this.
1577
1578memory_pools on
1579DOC_END
1580
1581NAME: forwarded_for
1582COMMENT: on|off
1583TYPE: onoff
f1dc9b30 1584DEFAULT: on
934b03fc 1585LOC: opt_forwarded_for
1586DOC_START
1587 If set, Squid will include your system's IP address or name
1588 in the HTTP requests it forwards. By default it looks like
1589 this:
1590
1591 X-Forwarded-For: 192.1.2.3
1592
1593 If you disable this, it will appear as
1594
1595 X-Forwarded-For: unknown
1596
1597forwarded_for on
1598DOC_END
1599
1600NAME: log_icp_queries
1601COMMENT: on|off
1602TYPE: onoff
f1dc9b30 1603DEFAULT: on
17a0a4ee 1604LOC: Config.onoff.log_udp
934b03fc 1605DOC_START
1606 If set, ICP queries are logged to access.log. ICP logging
1607 is enabled by default, so uncomment and change the line
1608 below to disable it.
1609
1610log_icp_queries on
1611DOC_END
1612
88738790 1613NAME: icp_hit_stale
1614COMMENT: on|off
1615TYPE: onoff
1616DEFAULT: off
17a0a4ee 1617LOC: Config.onoff.icp_hit_stale
88738790 1618DOC_START
1619 If you want to return ICP_HIT for stale cache objects, set this
1620 option to 'on'. If you have sibling relationships with caches
1621 in other administrative domains, this should be 'off'. If you only
1622 have sibling relationships with caches under your control, then
1623 it is probably okay to set this to 'on'.
1624
1625icp_hit_stale off
1626DOC_END
1627
934b03fc 1628
1629NAME: minimum_direct_hops
1630TYPE: int
1631DEFAULT: 4
1632LOC: Config.minDirectHops
1633DOC_START
1634 If using the ICMP pinging stuff, do direct fetches for sites
1635 which are no more than this many hops away.
1636
1637minimum_direct_hops 4
1638DOC_END
1639
1640
1641NAME: cachemgr_passwd
1642TYPE: cachemgrpasswd
86101e40 1643DEFAULT: none
f1dc9b30 1644LOC: Config.passwd_list
934b03fc 1645DOC_START
1646 Specify passwords for cachemgr operations.
1647
1648 Usage: cachemgr_passwd password action action ...
1649
1650 valid actions are:
1651 shutdown *
1652 info
1653 stats/objects
1654 stats/vm_objects
1655 stats/utilization
1656 stats/ipcache
1657 stats/fqdncache
1658 stats/dns
1659 stats/redirector
1660 stats/io
1661 stats/reply_headers
1662 stats/filedescriptors
1663 stats/netdb
1664 log/status *
1665 log/enable *
1666 log/disable *
1667 log/clear *
1668 log *
1669 parameter
1670 server_list
1671 client_list
1672 squid.conf *
1673
1674 * Indicates actions which will not be performed without a
1675 valid password, others can be performed if not listed here.
1676
1677 To disable an action, set the password to "disable".
1678 To allow performing an action without a password, set the
1679 password to "none".
1680
1681 Use the keyword "all" to set the same password for all actions.
1682
1683cachemgr_passwd secret shutdown
1684cachemgr_passwd lesssssssecret info stats/objects
1685cachemgr_passwd disable all
1686DOC_END
1687
1688
1689# TAG: swap_level1_dirs
1690# Number of first-level directories to create for storing cached
1691# objects. Minimum 1, maximum 256, default 16.
1692#
1693#swap_level1_dirs 16
1694
1695# TAG: swap_level2_dirs
1696# Number of sub-directories to create under each first-level
1697# directory. Minimum 1, maximum 256, default 256.
1698#
1699#swap_level2_dirs 256
1700
1701NAME: store_avg_object_size
86101e40 1702COMMENT: (kbytes)
1703TYPE: kb_size_t
89de058c 1704DEFAULT: 20 KB
934b03fc 1705LOC: Config.Store.avgObjectSize
1706DOC_START
1707 Average object size, used to estimate number of objects your
1708 cache can hold. See doc/Release-Notes-1.1.txt. The default is
1709 20K.
1710
89de058c 1711store_avg_object_size 20 KB
934b03fc 1712DOC_END
1713
1714NAME: store_objects_per_bucket
1715TYPE: int
1716DEFAULT: 50
1717LOC: Config.Store.objectsPerBucket
1718DOC_START
1719 Target number of objects per bucket in the store hash table.
1720 Lowering this value increases the total number of buckets and
1721 also the storage maintenance rate. The default is 20.
1722
1723store_objects_per_bucket 20
1724DOC_END
1725
1726
1727NAME: http_anonymizer
1728TYPE: httpanonymizer
17a0a4ee 1729LOC: Config.onoff.anonymizer
f1dc9b30 1730DEFAULT: off
934b03fc 1731DOC_START
1732 If you want to filter out certain HTTP request headers for
1733 privacy reasons, enable this option. There are three
1734 appropriate settings:
1735 'off' All HTTP request headers are passed.
1736 'standard' Specific headers are removed
1737 'paranoid' Only specific headers are allowed.
1738 To see which headers are allowed or denied, please see the
1739 http-anon.c source file.
1740
1741http_anonymizer off
1742DOC_END
1743
1744
1745NAME: client_db
1746COMMENT: on|off
1747TYPE: onoff
f1dc9b30 1748DEFAULT: on
17a0a4ee 1749LOC: Config.onoff.client_db
934b03fc 1750DOC_START
1751 If you want to disable collecting per-client statistics, then
1752 turn off client_db here.
1753
1754client_db on
1755DOC_END
1756
1757
1758NAME: netdb_low
1759TYPE: int
1760DEFAULT: 900
1761LOC: Config.Netdb.low
1762DOC_NONE
1763
1764NAME: netdb_high
1765TYPE: int
1766DEFAULT: 1000
1767LOC: Config.Netdb.high
1768DOC_START
1769 The low and high water marks for the ICMP measurement
1770 database. These are counts, not percents. The defaults are
1771 900 and 1000. When the high water mark is reached, database
1772 entries will be deleted until the low mark is reached.
1773
1774netdb_low 900
1775netdb_high 1000
1776DOC_END
1777
1778
1779NAME: netdb_ping_period
f1dc9b30 1780TYPE: time_t
934b03fc 1781LOC: Config.Netdb.period
9e975e4e 1782DEFAULT: 5 minutes
934b03fc 1783DOC_START
1784 The minimum period for measuring a site. There will be at
1785 least this much delay between successive pings to the same
1786 network. The default is five minutes.
1787
1788netdb_ping_period 5 minutes
1789DOC_END
1790
1791
1792NAME: query_icmp
1793COMMENT: on|off
1794TYPE: onoff
f1dc9b30 1795DEFAULT: off
17a0a4ee 1796LOC: Config.onoff.query_icmp
934b03fc 1797DOC_START
1798 If you want to ask your peers to include ICMP data in their ICP
1799 replies, enable this option.
1800
1801 If your peer has built squid with '-DUSE_ICMP=1' then that peer
1802 will send ICMP pings to origin server sites of the URLs it
1803 receives. If you enable this option then the ICP replies from
1804 that peer will include the ICMP data (if available). Then,
1805 when choosing a parent cache, Squid will choose the parent with
1806 the minimal RTT to the origin server. When this happens, the
1807 hierarchy field of the access.log will be
1808 "CLOSEST_PARENT_MISS". This option is off by default.
1809
1810query_icmp off
1811DOC_END
1812
78f1250a 1813NAME: buffered_logs
1814COMMENT: on|off
1815TYPE: onoff
1816DEFAULT: off
17a0a4ee 1817LOC: Config.onoff.buffered_logs
78f1250a 1818DOC_START
1819 Some log files (cache.log, useragent.log) are written with
1820 stdio functions, and as such they can be buffered or
1821 unbuffered. By default they will be unbuffered.
1822buffered_logs off
1823DOC_END
1824
934b03fc 1825NAME: always_direct
1826TYPE: acl_access
1827LOC: Config.accessList.AlwaysDirect
f1dc9b30 1828DEFAULT: none
934b03fc 1829DOC_START
1830 XXX need docs
1831DOC_END
1832
1833NAME: never_direct
1834TYPE: acl_access
1835LOC: Config.accessList.NeverDirect
f1dc9b30 1836DEFAULT: none
934b03fc 1837DOC_START
1838 XXX need docs
1839DOC_END
1840
1841#NAME: proxy_auth_ignore
1842#TYPE: regexplist_icase
1843#LOC: Config.proxyAuth.IgnoreDomains
1844#DOC_START
1845# XXX need docs
1846#DOC_END
1847
88738790 1848NAME: fake_user_agent
1849TYPE: eol
1850LOC: Config.fake_ua
1851DEFAULT: none
1852DOC_START
1853 If you use the paranoid http_anonymizer setting, Squid will strip
1854 your User-agent string from the request. Some Web servers will
1855 refuse your request without a User-agent string. Use this to
1856 fake one up. For example:
1857
1858 fake_user_agent Nutscrape/1.0 (CP/M; 8-bit)
1859 (credit to Paul Southworth pauls@etext.org for this one!)
1860
1861fake_user_agent none
1862DOC_END
1863
365cb147 1864NAME: icon_directory
f0b19334 1865TYPE: string
365cb147 1866LOC: Config.icons.directory
1867DEFAULT: @DEFAULT_ICON_DIR@
1868DOC_START
1869 XXX
1870DOC_END
1871
9b312a19 1872NAME: error_directory
f0b19334 1873TYPE: string
9b312a19 1874LOC: Config.errorDirectory
1875DEFAULT: @DEFAULT_ERROR_DIR@
1876DOC_START
1877 XXX
1878DOC_END
1879
365cb147 1880NAME: icon_content_type
1881TYPE: string
1882LOC: Config.icons.content_type
1883DEFAULT: image/gif
1884DOC_START
1885 XXX
1886DOC_END
88738790 1887
22c653cd 1888NAME: minimum_retry_timeout
1889COMMENT: (seconds)
1890TYPE: time_t
1891LOC: Config.retry.timeout
1892DEFAULT: 5 seconds
1893DOC_START
1894 This specifies the minimum connect timeout, for when the
1895 connect timeout is reduced to compensate for the availability
1896 of multiple IP addresses.
1897
1898 When a connection to a host is initiated, and that host
1899 has several IP addresses, the default connection timeout
1900 is reduced by dividing it by the number of addresses. So,
1901 a site with 15 addresses would then have a timeout of 8
1902 seconds for each address attempted. To avoid having the
1903 timeout reduced to the point where even a working host
1904 would not have a chance to respond, this setting is provided.
1905 The default, and the minimum value, is five seconds, and
1906 the maximum value is sixty seconds, or half of connect_timeout,
1907 whichever is greater and less than connect_timeout.
1908
1909minimum_retry_timeout 5
1910DOC_END
1911
1912NAME: maximum_single_addr_tries
1913TYPE: int
1914LOC: Config.retry.maxtries
1915DEFAULT: 3
1916DOC_START
1917 This sets the maximum number of connection attempts for a
1918 host that only has one address (for multiple-address hosts,
1919 each address is tried once).
1920
1921 The default value is three tries, the (not recommended)
1922 maximum is 255 tries. A warning message will be generated
1923 if it is set to a value greater than ten.
1924
1925maximum_single_addr_tries 3
1926DOC_END
6d1c0d53 1927
4feb7b2e 1928NAME: snmp_port
1929TYPE: ushort
1930LOC: Config.Port.snmp
1931DEFAULT: 3401
1932DOC_START
1933 Port for snmp. <=0 to disable.
1934DOC_END
1935
1936NAME: snmp_config_file
1937TYPE: string
1938LOC: Config.Snmp.configFile
1939DEFAULT: @DEFAULT_SNMP_CONF@
1940DOC_START
1941 External snmp configuration file, CMU-snmpd style.
1942DOC_END
1943
1944NAME: snmp_do_queueing
1945TYPE: onoff
1946LOC: Config.Snmp.do_queueing
1947DEFAULT: on
1948DOC_START
1949 If disabled, snmp packets will not be queued but delivered
1950 immediately. This could be performant when you want to monitor a
1951 cache in trouble, but this could also bring squid to block.
1952DOC_END
1953NAME: forward_snmpd_port
1954TYPE: ushort
1955LOC: Config.Snmp.localPort
1956DEFAULT: 0
1957DOC_START
1958 This configures whether we should be forwarding SNMP requests to
1959 another snmpd. The reason for putting this piece of
1960 functionality into squid was to enable access to the system's
1961 installed snmpd with minimal changes. This option is turned off
1962 by default, check with your /etc/services for your system's snmp
1963 port (usually 161). We do not use getservbyname() to allow you
1964 to set squid into port 161 and your system's snmpd to another
1965 port by changing /etc/services. WARNING: Because of squid
1966 acting as a proxy snmpd for system you have to do security
1967 checks on THIS snmpd for all objects. Check your
1968 snmp_config_file
1969DOC_END
1970
1971NAME: snmp_mib_path
1972TYPE: string
1973LOC: Config.Snmp.mibPath
1974DEFAULT: @DEFAULT_MIB_PATH@
1975DOC_START
1976 The location of squid's mib.
1977DOC_END
1978
1979
6d1c0d53 1980EOF
Mirror of https://github.com/squid-cache/squid.git