1 Squid 3.0.RC1 release notesSquid Developers$Id$
2 Squid is a WWW Cache application developed by the National Laboratory
3 for Applied Network Research and members of the Web Caching community.Notice
6 The Squid Team are pleased to announce the release of Squid-3.0.RC1 for pre-release testing.
8 This new release is available for download from or the \&.
10 A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support.
11 While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
13 We welcome feedback and bug reports. If you find a bug, please see for how to submit a report with a stack trace.
18 Although this release is deemed good enough for testing in many setups, please note the existence of \&.
20 Changes since earlier PRE releases of Squid-3.0
23 The 3.0 change history can be \&.
25 Changes since Squid-2.6
27 .SH Major new features
30 Squid 3.0 represents a major rewrite of Squid and has a number of new features.
32 The most important of these are:
39 Code converted to C++, with significant internal restructuring and rewrites.
42 ICAP implementation (RFC 3507 and www.icap-forum.org)
45 Edge Side Includes (ESI) implementation (www.esi.org)
49 Most user-facing changes are reflected in squid.conf (see below).
51 Internet Content Adaptation Protocol (ICAP)
54 Squid 3.0 supports ICAP/1.0. To enable ICAP support, use the --enable-icap-client ./configure option and icap_enable squid.conf option. You will also need to configure ICAP services in your squid.conf using icap_service, icap_class, and icap_access options. The following example instructs Squid to talk to two ICAP services, one for request and one for response adaptation:
61 icap_service service_req reqmod_precache 1 icap://127.0.0.1:1344/request
62 icap_service service_resp respmod_precache 0 icap://127.0.0.1:1344/response
63 icap_class class_req service_req
64 icap_class class_resp service_resp
65 icap_access class_req allow all
66 icap_access class_resp allow all
74 Please see squid.conf.default for more details about these and many other icap_* options.
77 Squid supports pre-cache request and pre-cache response vectoring points. The following ICAP features are supported: message preview, 204 responses outside of preview, request satisfaction, X-Transfer-* negotiation, persistent ICAP connections, client IP/credentials sharing, and optional bypass of certain service failures.
80 No more than one ICAP service can be applied to an HTTP message. In other words, chaining or load balancing multiple services is not yet supported.
83 Proxy-directed data trickling and patience pages are not supported yet.
86 Following ICAP requirements, Squid never performs HTTP message adaptation without a successful and fresh ICAP OPTIONS response on file. A REQMOD or RESPMOD request will not be sent to a configured ICAP service until Squid receives a valid OPTIONS response from that service. If a service malfunctions or goes down, Squid may stop talking to the service for a while. Several squid.conf options can be used to tune the failure bypass algorithm (e.g., icap_service_failure_limit and icap_service_revival_delay).
89 The bypass parameter of the icap_service squid.conf option determines whether Squid will try to bypass service failures. Most connectivity and preview-stage failures can be bypassed.
92 More information about ICAP can be found from the ICAP-forum website
94 Edge Side Includes (ESI)
97 ESI is an open specification of an markup language enabling reverse proxies
98 to perform some simple XML based processing, offloading the final page assembly from the webserver and similar tasks.
101 More information about ESI can be found from the ESI website
103 .SH 2.6 features not found in Squid-3.0
106 Some of the features found in Squid-2.6 is not available in Squid-3.
107 Some has been dropped as they are not needed. Some has not yet been forward-ported to Squid-3 and may appear in a later release.
114 refresh_stale_hit option. Not yet ported.
117 ability to follow X-Forwarded-For. Not yet ported.
120 Full caching of Vary/ETag using If-None-Match. Only basic Vary cache supported. Not yet ported.
123 Mapping of server error messages. Not yet ported.
126 http_access2 access directive. Not yet ported.
129 Location header rewrites. Not yet ported.
132 umask directive. Not yet ported.
135 wais_relay. Feature dropped as it's equivalent to cache_peer + cache_peer_access.
138 urlgroup. Not yet ported.
141 collapsed forwarding. Not yet ported.
144 stable Windows support. Irregularly maintained.
153 The TCP_REFRESH_HIT and TCP_REFRESH_MISS log types have been replaced because they were misleading (all refreshes need to query the origin server, so they could never be hits). The following log types have been introduced to replace them:
158 .IP "TCP_REFRESH_UNMODIFIED"
161 The requested object was cached but STALE. The IMS query for the object resulted in \&"304 not modified\&".
162 .IP "TCP_REFRESH_MODIFIED"
165 The requested object was cached but STALE. The IMS query returned the new content.
169 See for a definition of all log types.
174 .SH Changes to squid.conf
177 There have been many changes to Squid's configuration file since Squid-2.6.
179 This section gives a thorough account of those changes in three categories:
203 .IP "minimum_icp_query_timeout (msec)"
212 Normally the ICP query timeout is determined dynamically. But
213 sometimes it can lead to very small timeouts, even lower than
214 the normal latency variance on your link due to traffic.
215 Use this option to put an lower limit on the dynamic timeout
216 value. Do NOT use this option to always use a fixed (instead
217 of a dynamic) timeout value. To set a fixed timeout see the
218 \&'icp_query_timeout' directive.
225 .IP "background_ping_rate"
234 Controls how often the ICP pings are sent to siblings that
235 have background-ping set.
243 .IP "httpd_accel_surrogate_id"
252 Surrogates (http://www.esi.org/architecture_spec_1.0.html)
253 need an identification token to allow control targeting. Because
254 a farm of surrogates may all perform the same tasks, they may share
255 an identification token.
263 .IP "http_accel_surrogate_remote on\(broff"
272 Remote surrogates (such as those in a CDN) honour Surrogate-Control: no-store-remote.
273 Set this to on to have squid behave as a remote surrogate.
281 .IP "esi_parser libxml2\(brexpat\(brcustom"
290 ESI markup is not strictly XML compatible. The custom ESI parser
291 will give higher performance, but cannot handle non ASCII character
300 .IP "email_err_data on\(broff"
309 If enabled, information about the occurred error will be
310 included in the mailto links of the ERR pages (if %W is set)
311 so that the email body contains the data.
312 Syntax is <A HREF=\&"mailto:%w%W\&">%w</A>
320 .IP "refresh_all_ims on\(broff"
329 When you enable this option, squid will always check
330 the origin server for an update when a client sends an
331 If-Modified-Since request. Many browsers use IMS
332 requests when the user requests a reload, and this
333 ensures those clients receive the latest version.
335 By default (off), squid may return a Not Modified response
336 based on the age of the cached version.
343 .IP "request_header_access"
346 Replaces the header_access directive of Squid-2.6 and earlier, but applies to requests only.
347 .IP "reply_header_access"
350 Replaces the header_access directive of Squid-2.6 and earlier, but applies to replies only.
352 .IP "icap_enable on\(broff"
361 If you want to enable the ICAP module support, set this to on.
368 .IP "icap_preview_enable on\(broff"
377 Set this to 'on' if you want to enable the ICAP preview
385 .IP "icap_preview_size"
394 The default size of preview data to be sent to the ICAP server.
395 -1 means no preview. This value might be overwritten on a per server
396 basis by OPTIONS requests.
403 .IP "icap_default_options_ttl (seconds)"
412 The default TTL value for ICAP OPTIONS responses that don't have
413 an Options-TTL header.
420 .IP "icap_persistent_connections on\(broff"
429 Whether or not Squid should use persistent connections to
437 .IP "icap_send_client_ip on\(broff"
446 This adds the header \&"X-Client-IP\&" to ICAP requests.
453 .IP "icap_send_client_username on\(broff"
462 This adds the header \&"X-Client-Username\&" to ICAP requests
463 if proxy access is authentified.
479 Defines a single ICAP service
481 icap_service servicename vectoring_point bypass service_url
483 vectoring_point = reqmod_precache|reqmod_postcache|respmod_precache|respmod_postcache
484 This specifies at which point of request processing the ICAP
485 service should be plugged in.
487 If set to 1 and the ICAP server cannot be reached, the request will go
488 through without being processed by an ICAP server
489 service_url = icap://servername:port/service
491 Note: reqmod_precache and respmod_postcache is not yet implemented
494 icap_service service_1 reqmod_precache 0 icap://icap1.mydomain.net:1344/reqmod
495 icap_service service_2 respmod_precache 0 icap://icap2.mydomain.net:1344/respmod
511 Defines an ICAP service chain. If there are multiple services per
512 vectoring point, they are processed in the specified order.
514 icap_class classname servicename...
517 icap_class class_1 service_1 service_2
518 icap class class_2 service_1 service_3
534 Redirects a request through an ICAP service class, depending
537 icap_access classname allow|deny [!]aclname...
539 The icap_access statements are processed in the order they appear in
540 this configuration file. If an access list matches, the processing stops.
541 For an \&"allow\&" rule, the specified class is used for the request. A \&"deny\&"
542 rule simply stops processing without using the class. You can also use the
543 special classname \&"None\&".
545 For backward compatibility, it is also possible to use services
549 icap_access class_1 allow all
564 The name of an accept(2) filter to install on Squid's
565 listen socket(s). This feature is perhaps specific to
566 FreeBSD and requires support in the kernel.
568 The 'httpready' filter delays delivering new connections
569 to Squid until a full HTTP request has been received.
570 See the accf_http(9) man page.
581 Changes to existing tags
595 disable-pmtu-discovery=
596 Control Path-MTU discovery usage:
597 off lets OS decide on what to do (default).
598 transparent disable PMTU discovery when transparent support is enabled.
599 always disable always PMTU discovery.
601 In many setups of transparently intercepting proxies Path-MTU
602 discovery can not work on traffic towards the clients. This is
603 the case when the intercepting device does not fully track
604 connections and fails to forward ICMP must fragment messages
605 to the cache server. If you have such setup and experience that
606 certain clients sporadically hang or never complete requests set
607 disable-pmtu-discovery option to 'transparent'.
620 urlgroup=, not yet ported to Squid-3.
622 no-connection-auth, not yet ported to Squid-3.
638 urlgroup=, not yet ported to Squid-3.
659 use 'basetime=n' to specify a base amount to
660 be subtracted from round trip times of parents.
661 It is subtracted before division by weight in calculating
662 which parent to fectch from. If the rtt is less than the
663 base time the rtt is set to a minimal value.
665 use 'background-ping' to only send ICP queries to this
666 neighbor infrequently. This is used to keep the neighbor
667 round trip time updated and is usually used in
668 conjunction with weighted-round-robin.
670 use 'weighted-round-robin' to define a set of parents
671 which should be used in a round-robin fashion with the
672 frequency of each parent being based on the round trip
673 time. Closer parents are used more often.
674 Usually used for background-ping parents.
688 userhash, not yet ported to Squid-3
690 sourcehash, not yet ported to Squid-2
692 monitorurl, monitorsize etc, not yet ported to Squid-3
694 connection-auth=, not yet ported to Squid-3
709 no-store, replaces the older read-only option
711 min-size, not yet portedto Squid-3
724 The coss file store is experimental, and still lacks much
725 of the functionality found in 2.6.
727 overwrite-percent=n, not yet ported to Squid-3.
729 max-stripe-waste=n, not yet ported to Squid-3.
731 membufs=n, not yet ported to Squid-3.
733 maxfullbufs=n, not yet ported to Squid-3.
743 Removed Basic auth option
748 blankpasswor, not yet ported to squid-3.
749 auth_param basic concurrency 0
757 Removed digest options:
762 concurrency, not yet ported to Squid-3.
770 .IP "external_acl_type"
773 New format specifications:
780 %PATH Requested URL path
788 Removed format specifications:
793 %ACL, not yet ported to Squid-3
795 %DATA, not yet ported to Squid-3
808 tag= Apply a tag to a request (for both ERR and OK results)
809 Only sets a tag, does not alter existing tags.
817 .IP "refresh_pattern"
828 ignore-no-store ignores any ``Cache-control: no-store''
829 headers received from a server. Doing this VIOLATES
830 the HTTP standard. Enabling this feature could make you
831 liable for problems which it causes.
833 refresh-ims causes squid to contact the origin server
834 when a client issues an If-Modified-Since request. This
835 ensures that the client will receive an updated version
851 acl aclname http_status 200 301 500- 400-403 ... # status code in reply
865 acl aclname urllogin [-i] [^a-zA-Z0-9] ... # regex matching on URL login field
867 acl urlgroup group1 ...
868 # match against the urlgroup as indicated by redirectors
876 .IP "short_icon_urls"
900 class 4 Everything in a class 3 delay pool, with an
901 additional limit on a per user basis. This
902 only takes effect if the username is established
903 in advance - by forcing authentication in your
906 class 5 Requests are grouped according their tag (see
907 external_acl's tag= reply).
918 New default to require the feature to be enabled in squid.conf:
923 Default: 0 (disabled)
935 New default to require the feature to be enabled in squid.conf:
940 Default: 0 (disabled)
952 New default to require the feature to be enabled in squid.conf:
957 Default: 0 (disabled)
974 rp Request URL-Path excluding hostname
976 et Tag returned by external acl
978 <sH Reply high offset sent
980 <sS Upstream object size
994 >st Request size including HTTP headers, not yet ported to Squid-3.
996 st Request+Reply size including HTTP headers, not yet ported to Squid-3.
1004 .IP "reply_body_max_size"
1012 reply_body_max_size size [acl acl...]
1020 allow/deny no longer used.
1022 .IP "url_rewrite_program"
1025 No urlgroup support in either requests or responese
1038 .IP "broken_vary_encoding"
1041 Not yet ported to Squid-3.
1045 Not yet ported to Squid-3.
1046 .IP "collapsed_forwarding"
1049 Not yet ported to Squid-3.
1050 .IP "follow_x_forwarded_for"
1053 Not yet ported to Squid-3.
1054 .IP "*_uses_indirect_client"
1057 Not yet ported to Squid-3.
1061 Not yet ported to Squid-3.
1065 This has been replaced by request_header_access and reply_header_access
1069 Not yet ported to Squid-3.
1070 .IP "httpd_accel_no_pmtu_disc"
1073 Replaced by disable-pmtu-discovery http_port option
1074 .IP "location_rewrite_*"
1077 Not yet ported to Squid-3.
1078 .IP "refresh_stale_hit"
1081 Not yet ported to Squid-3.
1085 Not yet ported to Squid-3.
1089 equivalent to cache_peer + cache_peer_access.
1094 .SH Changes to ./configure Options
1097 There have been some changes to Squid's build configuration since Squid-2.6.
1099 This section gives an account of those changes in three categories:
1123 .IP "--enable-shared[=PKGS]"
1126 Build shared libraries. The default is to build without.
1128 .IP "--enable-static[=PKGS]"
1131 Build static libraries. The default is on.
1133 .IP "--enable-fast-install[=PKGS]"
1140 Optimize for fast installation
1148 .IP "--disable-libtool-lock"
1151 Avoid locking (might break parallel builds)
1153 .IP "--disable-optimizations"
1156 Don't compile Squid with compiler optimizations enabled.
1157 Optimization is good for production builds, but not
1158 good for debugging. During development, use
1159 --disable-optimizations to reduce compilation times
1160 and allow easier debugging. This option implicitly
1161 also enables --disable-inline
1163 .IP "--disable-inline"
1166 Don't compile trivial methods as inline. Squid
1167 is coded with much of the code able to be inlined.
1168 Inlining is good for production builds, but not
1169 good for development. During development, use
1170 --disable-inline to reduce compilation times and
1171 allow incremental builds to be quick. For
1172 production builds, or load tests, use
1173 --enable-inline to have squid make all trivial
1174 methods inlinable by the compiler.
1176 .IP "--enable-debug-cbdata"
1179 Provide some debug information in cbdata
1181 .IP "--enable-disk-io=\e\&"list of modules\e\&""
1184 Build support for the list of disk I/O modules.
1185 The default is only to build the \&"Blocking\&" module.
1186 See src/DiskIO for a list of available modules, or
1187 Programmers Guide for details on how to build your
1193 Enable ESI for accelerators. Requires libexpat.
1194 Enabling ESI will cause squid to follow the Edge
1195 Acceleration Specification (www.esi.org). This
1196 causes squid to IGNORE client Cache-Control headers.
1198 \fIDO NOT\fP use this in a squid configured as a web
1199 proxy, ONLY use it in a squid configured for
1200 webserver acceleration.
1202 .IP "--enable-icap-client"
1205 Enable the ICAP client.
1207 .IP "--disable-snmp"
1210 Disable SNMP monitoring support which is now built by default.
1212 .IP "--disable-htcp"
1215 Disable HTCP protocol support which is now built by default.
1217 .IP "--enable-kqueue"
1220 Enable kqueue() support. Marked as experimental in 3.0.
1222 .IP "--enable-ipfw-transparent"
1225 Enable Transparent Proxy support for systems
1226 using FreeBSD IPFW style redirection.
1228 .IP "--disable-mempools"
1231 Disable memPools. Note that this option now simply sets the
1232 default behaviour. Specific classes can override this at runtime, and
1233 only lib/MemPool.c needs to be altered to change the squid-wide
1234 default for all classes.
1236 .IP "--enable-cpu-profiling"
1239 This option allows you to see which internal functions
1240 in Squid are consuming how much CPU. Compiles in probes
1241 that measure time spent in probed functions. Needs
1242 source modifications to add new probes. This is meant
1243 for developers to assist in performance optimisations
1244 of Squid internal functions.
1246 If you are not developer and not interested in the stats
1247 you shouldn't enable this, as overhead added, although
1248 small, is still overhead. See lib/Profiler.c for more.
1253 Assume the C compiler uses GNU ld. The default is to auto-detect.
1258 Try to use only PIC/non-PIC objects. The default is to use both.
1260 .IP "--with-tags[=TAGS]"
1263 Include additional configurations. The default is automatic.
1265 .IP "--with-default-user=USER"
1268 Sets the default System User account for squid permissions.
1269 The default is 'nobody' as in other releases of squid.
1271 .IP "--with-cppunit-basedir=[PATH]"
1274 Path where the cppunit headers and libraries are found
1275 for unit testing. The default is automatic detection.
1277 NOTE: Since 3.0-PRE6 and 2.6STABLE14 squid no longer comes
1278 bundled with CPPUnit. Compile-time validation will be disabled
1279 if it is not installed on your system.
1283 Changes to existing options
1292 CARP support is now built by default.
1293 --disable-carp can be used to build without it.
1298 HTCP protocol support is now built by default.
1299 Use --disable-htcp to build without it.
1304 SNMP monitoring is now build by default.
1305 Use --disable-snmp to build without it.
1307 .IP "--enable-heap-replacement"
1310 Please use --enable-removal-policies directive instead.
1312 .IP "--with-maxfd=N"
1315 Replaced by --with-filedescriptors=N
1317 Override maximum number of filedescriptors. Useful
1318 if you build as another user who is not privileged
1319 to use the number of filedescriptors you want the
1320 resulting binary to support
1322 .IP "--enable-select"
1326 Automatic checks will enable best I/O loop method available.
1328 .IP "--enable-epoll"
1332 Automatic checks will enable best I/O loop method available.
1338 Automatic checks will enable best I/O loop method available.
1340 .IP "--enable-kqueue"
1343 kqueue support is marked Experimental in Squid 3.0. Known to have some issues under load.
1347 Not yet available options
1350 These configure options have not yet been ported to Squid-3. If you need something to do then
1351 porting one of these from Squid-2 to Squid-3 is most welcome.
1356 .IP "--enable-devpoll"
1359 Support for Solaris /dev/poll
1361 .IP "--enable-select-simple"
1364 Basic POSIX select() loop without any binary fd_set optimizations.
1366 .IP "--enable-follow-x-forwarded-for"
1369 Support following the X-Forwarded-For HTTP header for determining the
1377 The following configure options have been removed.
1382 .IP "--enable-dlmalloc"
1385 Most OS:es have good malloc implementations these days, and the version we used to ship with Squid was very very old..
1386 .IP "--enable-mempool-debug"
1389 Debug option, not needed and therefore removed.
1390 .IP "--enable-forward-log"
1393 Rarely used extra log file. Removed.
1394 .IP "--enable-multicast-miss"
1397 Rarely used feature, and multicast ICP acheives almost the same result. Removed.
1398 .IP "--enable-coss-aio-ops"
1401 Specific to the COSS implementation in Squid-2
1402 .IP "--enable-large-cache-files"
1405 Now enabled by default. Configure option was redundant and therefore removed.
1406 .IP "--enable-truncate"
1409 Known to cause race conditions where cache objects may get corrupted, and this for at most a marginal performance improvement. Removed.