1 <!doctype linuxdoc system>
3 <title>Squid 3.0.STABLE10 release notes</title>
4 <author>Squid Developers</author>
7 This document contains the release notes for version 3.0 of Squid.
8 Squid is a WWW Cache application developed by the National Laboratory
9 for Applied Network Research and members of the Web Caching community.
16 The Squid Team are pleased to announce the release of Squid-3.0.STABLE10.
18 This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.0/"> or the <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
20 A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support and additional Languages.
22 We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d"> for how to submit a report with a stack trace.
26 Although this release is deemed good enough for use in many setups, please note the existence of <url url="http://www.squid-cache.org/bugs/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&target_milestone=3.0&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=bugs.bug_severity&field0-0-0=noop&type0-0-0=noop&value0-0-0=" name="open bugs against Squid-3.0">.
28 <sect>Changes since earlier STABLE releases of Squid-3.0
30 The 3.0 change history can be <url url="http://www.squid-cache.org/Versions/v3/3.0/changesets/" name="viewed here">.
32 <sect>Changes since Squid-2.6
34 <sect1>Major new features
36 Squid 3.0 represents a major rewrite of Squid and has a number of new features.
38 The most important of these are:
41 <item>Code converted to C++, with significant internal restructuring and rewrites.
42 <item>ICAP implementation (RFC 3507 and www.icap-forum.org)
43 <item>Edge Side Includes (ESI) implementation (www.esi.org)
46 Most user-facing changes are reflected in squid.conf (see below).
48 <sect2>Internet Content Adaptation Protocol (ICAP)
50 <p>Squid 3.0 supports ICAP/1.0. To enable ICAP support, use the --enable-icap-client ./configure option and icap_enable squid.conf option. You will also need to configure ICAP services in your squid.conf using icap_service, icap_class, and icap_access options. The following example instructs Squid to talk to two ICAP services, one for request and one for response adaptation:
54 icap_service service_req reqmod_precache 1 icap://127.0.0.1:1344/request
55 icap_service service_resp respmod_precache 0 icap://127.0.0.1:1344/response
56 icap_class class_req service_req
57 icap_class class_resp service_resp
58 icap_access class_req allow all
59 icap_access class_resp allow all
62 <p>Please see squid.conf.default for more details about these and many other icap_* options.
64 <p>Squid supports pre-cache request and pre-cache response vectoring points. The following ICAP features are supported: message preview, 204 responses outside of preview, request satisfaction, X-Transfer-* negotiation, persistent ICAP connections, client IP/credentials sharing, and optional bypass of certain service failures.
66 <p>No more than one ICAP service can be applied to an HTTP message. In other words, chaining or load balancing multiple services is not yet supported.
68 <p>Proxy-directed data trickling and patience pages are not supported yet.
70 <p>Following ICAP requirements, Squid never performs HTTP message adaptation without a successful and fresh ICAP OPTIONS response on file. A REQMOD or RESPMOD request will not be sent to a configured ICAP service until Squid receives a valid OPTIONS response from that service. If a service malfunctions or goes down, Squid may stop talking to the service for a while. Several squid.conf options can be used to tune the failure bypass algorithm (e.g., icap_service_failure_limit and icap_service_revival_delay).
72 <p>The bypass parameter of the icap_service squid.conf option determines whether Squid will try to bypass service failures. Most connectivity and preview-stage failures can be bypassed.
74 <p>More information about ICAP can be found from the ICAP-forum website <url url="http://www.icap-forum.org">
76 <sect2>Edge Side Includes (ESI)
78 <p>ESI is an open specification of an markup language enabling reverse proxies
79 to perform some simple XML based processing, offloading the final page assembly from the webserver and similar tasks.
81 <p>More information about ESI can be found from the ESI website <url url="http://www.esi.org">
83 <sect1>2.6 features not found in Squid-3.0
85 Some of the features found in Squid-2.6 is not available in Squid-3.
86 Some have been dropped as they are not needed. Some have not yet been forward-ported to Squid-3 and may appear in a later release.
89 <item>refresh_stale_hit option. Not yet ported.
90 <item>ability to follow X-Forwarded-For. Not yet ported.
91 <item>Full caching of Vary/ETag using If-None-Match. Only basic Vary cache supported. Not yet ported.
92 <item>Mapping of server error messages. Not yet ported.
93 <item>http_access2 access directive. Not yet ported.
94 <item>Location header rewrites. Not yet ported.
95 <item>wais_relay. Feature dropped as it's equivalent to cache_peer + cache_peer_access.
96 <item>urlgroup. Not yet ported.
97 <item>collapsed forwarding. Not yet ported.
98 <item>stable Windows support. Irregularly maintained.
101 <sect1>Logging changes
103 <p>The TCP_REFRESH_HIT and TCP_REFRESH_MISS log types have been replaced because they were misleading (all refreshes need to query the origin server, so they could never be hits). The following log types have been introduced to replace them:
106 <tag>TCP_REFRESH_UNMODIFIED</tag>
107 <p>The requested object was cached but STALE. The IMS query for the object resulted in "304 not modified".
108 <tag>TCP_REFRESH_MODIFIED</tag>
109 <p>The requested object was cached but STALE. The IMS query returned the new content.
111 <p>See <url url="http://www.squid-cache.org/Doc/FAQ/FAQ-6.html#ss6.7"> for a definition of all log types.
114 <sect>Windows support
115 <P>This Squid version can run on Windows as a system service using the Cygwin emulation environment,
116 or can be compiled in Windows native mode using the MinGW + MSYS development environment. Windows NT 4 SP4 and later are supported.<newline>
117 On Windows 2000 and later the service is configured to use the Windows Service Recovery option
118 restarting automatically after 60 seconds.
123 Some new command line options were added for the Windows service support:<newline>
125 The service installation is made with -i command line switch, it's possible to use -f switch at
126 the same time for specify a different config-file settings for the Squid Service that will be
127 stored on the Windows Registry.
129 A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed.
130 <em/"Squid"/ is the default when the switch is not used.
132 So, to install the service, the syntax is:
134 <verb>squid -i [-f file] [-n name]</verb>
136 Service uninstallation is made with -r command line switch with the appropriate -n switch.
138 The -k switch family must be used with the appropriate -f and -n switches, so the syntax is:
140 <verb>squid -k command [-f file] -n service-name</verb>
141 where <em/service-name/ is the name specified with -n options at service install time.
143 To use the Squid original command line, the new -O switch must be used ONCE, the syntax is:
145 <verb>squid -O cmdline [-n service-name]</verb>
146 If multiple service command line options must be specified, use quote. The -n switch is
147 needed only when a non default service name is in use.
149 Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are
150 specific to Windows services functionality and Squid is not designed for understand they.
152 In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130":
154 <verb>squid -O "-D -u 3130" -n squidsvc</verb>
158 <tag>PSAPI.DLL (Process Status Helper) Considerations</tag>
160 The process status helper functions make it easier for you to obtain information about
161 processes and device drivers running on Microsoft® Windows NT®/Windows® 2000. These
162 functions are available in PSAPI.DLL, which is distributed in the Microsoft® Platform
163 Software Development Kit (SDK). The same information is generally available through the
164 performance data in the registry, but it is more difficult to get to it. PSAPI.DLL is
165 freely redistributable.
167 PSAPI.DLL is available only on Windows NT, 2000, XP and 2003. The implementation in Squid is
168 aware of this, and try to use it only on the right platform.
170 On Windows NT PSAPI.DLL can be found as component of many applications, if you need it,
171 you can find it on Windows NT Resource KIT. If you have problem, it can be
172 downloaded from here:
173 <url url="http://download.microsoft.com/download/platformsdk/Redist/4.0.1371.1/NT4/EN-US/psinst.EXE" name="http://download.microsoft.com/download/platformsdk/Redist/4.0.1371.1/NT4/EN-US/psinst.EXE">
175 On Windows 2000 and later it is available installing the Windows Support Tools, located on the
176 Support\Tools folder of the installation Windows CD-ROM.
180 <tag>Registry DNS lookup</tag>
181 On Windows platforms, if no value is specified in the <em/dns_nameservers/ option on
182 squid.conf or in the /etc/resolv.conf file, the list of DNS name servers are
183 taken from the Windows registry, both static and dynamic DHCP configurations
188 <tag>Compatibility Notes</tag>
190 <item>It's recommended to use '/' char in Squid paths instead of '\'
191 <item>Paths with spaces (like 'C:\Programs Files\Squid) are NOT supported by Squid
192 <item>When using ACL like 'acl aclname acltype "file"' the file must be in DOS text
193 format (CR+LF) and the full Windows path must be specified, for example:
195 <verb>acl blocklist url_regex -i "c:/squid/etc/blocked1.txt"</verb>
197 <item>The Windows equivalent of '/dev/null' is 'NUL'
198 <item>Squid doesn't know how to run external helpers based on scripts, like .bat, .cmd,
199 .vbs, .pl, etc. So in squid.conf the interpreter path must be always specified, for example:
201 <verb>redirect_program c:/perl/bin/perl.exe c:/squid/libexec/redir.pl
202 redirect_program c:/winnt/system32/cmd.exe /C c:/squid/libexec/redir.cmd</verb>
203 <item>When Squid runs in command line mode, the launching user account must have administrative privilege on the system
204 <item>"Start parameters" in the Windows 2000/XP/2003 Service applet cannot be used
205 <item>Building with MinGW, when the configure option --enable-truncate is used, Squid cannot run on Windows NT, only Windows 2000 and later are supported
210 <tag>Known Limitations</tag>
212 <item>Squid features not operational:<newline>
214 <item>DISKD: still needs to be ported<newline>
215 <item>WCCP: cannot work because user space GRE support on Windows is missing<newline>
216 <item>Transparent Proxy: missing Windows non commercial interception driver<newline>
218 <item>Some code sections can make blocking calls.
219 <item>Some external helpers may not work.
220 <item>File Descriptors number hard-limited to 2048 when building with MinGW.
225 <tag>Building Squid on Windows</tag>
226 A reasonably recent release of <url url="http://www.cygwin.com/" name="Cygwin"> or <url url="http://www.mingw.org/" name="MinGW"> is needed.<newline>
227 The usage of the Cygwin environment is very similar to other Unix/Linux environments, and -devel version of libraries must be installed.<newline>
228 For the MinGW environment, the packages MSYS, MinGW and msysDTK must be installed. Some additional libraries and tools must be downloaded separately:<newline><newline>
229 OpenSSL: <url url="http://www.slproweb.com/products/Win32OpenSSL.html" name="Shining Light Productions Win32 OpenSSL"><newline>
230 libcrypt: <url url="http://sourceforge.net/projects/mingwrep/" name="MinGW packages repository"><newline>
231 db-1.85: <url url="http://tinycobol.org/download.html" name="TinyCOBOL download area"><newline>
232 uudecode: <url url="http://unxutils.sourceforge.net/" name="Native Win32 ports of some GNU utilities"><newline><newline>
233 When running configure, --disable-wccp and --disable-wccpv2 options should always specified to avoid compile errors.<newline>
235 <item>New configure options:<newline>
237 <item>--enable-win32-service<newline>
239 <item>Updated configure options:<newline>
241 <item>--enable-arp-acl<newline>
242 <item>--enable-default-hostsfile<newline>
244 <item>Unsupported configure options:<newline>
246 <item>--enable-coss-aio-ops: On Windows Posix AIO is not available<newline>
247 <item>--with-large-files: No suitable build environment is available on both Cygwin and MinGW, but --enable-large-cache-files works fine<newline>
249 <item>Recommended configure minimal options for Windows:<newline>
251 <item>--prefix=c:/squid --disable-wccp --disable-wccpv2 --enable-win32-service --enable-default-hostsfile=none
255 Before build Squid with SSL support, some operations are needed (in the following example OpenSSL is installed in C:\OpenSSL and MinGW in C:\MinGW):
257 <item>Copy C:\OpenSSL\lib\MinGW content to C:\MinGW\lib<newline>
258 <item>Copy C:\OpenSSL\include\openssl content to C:\MinGW\include\openssl<newline>
259 <item>Rename C:\MinGW\lib\ssleay32.a to C:\MinGW\lib\libssleay32.a<newline>
265 <tag>Using cache manager on Windows:</tag>
266 On Windows, cache manager (cachemgr.cgi) can be used with Microsoft IIS or Apache.<newline>
267 Some specific configuration could be needed:<newline>
269 <item>IIS 6 (Windows 2003):<newline>
271 <item>On IIS 6.0 all CGI extensions are denied by default for security reason, so the following configuration is needed:<newline>
273 <item>Create a cgi-bin Directory
274 <item>Define the cgi-bin IIS Virtual Directory with read and CGI execute IIS
275 permissions, ASP scripts are not needed. This automatically defines a
276 cgi-bin IIS web application
277 <item>Copy cachemgr.cgi into cgi-bin directory and look to file permissions:
278 the IIS system account and SYSTEM must be able to read and execute the file
279 <item>In IIS manager go to Web Service extensions and add a new Web Service
280 Extension called <em/"Squid Cachemgr"/, add the cachemgr.cgi file and set the
281 extension status to <em/Allowed/
284 <item>Apache:<newline>
286 <item>On Windows, cachemgr.cgi needs to create a temporary file, so Apache must be instructed
287 to pass the TMP and TEMP Windows environment variables to CGI applications:<newline>
289 ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"
290 <Location /squid/cgi-bin/cachemgr.cgi>
293 Allow from workstation.example.com
302 <sect>Changes to squid.conf since Squid-2.6
303 <p>There have been many changes to Squid's configuration file since Squid-2.6.
305 <p>This section gives a detailed account of those changes in three categories:
308 <item><ref id="newtags" name="New tags">
309 <item><ref id="modifiedtags" name="Changes to existing tags">
310 <item><ref id="removedtags" name="Removed tags">
314 <sect1>New tags<label id="newtags">
317 <tag>minimum_icp_query_timeout (msec)</tag>
321 Normally the ICP query timeout is determined dynamically. But
322 sometimes it can lead to very small timeouts, even lower than
323 the normal latency variance on your link due to traffic.
324 Use this option to put an lower limit on the dynamic timeout
325 value. Do NOT use this option to always use a fixed (instead
326 of a dynamic) timeout value. To set a fixed timeout see the
327 'icp_query_timeout' directive.
330 <tag>background_ping_rate</tag>
334 Controls how often the ICP pings are sent to siblings that
335 have background-ping set.
338 <tag>httpd_accel_surrogate_id</tag>
342 Surrogates (http://www.esi.org/architecture_spec_1.0.html)
343 need an identification token to allow control targeting. Because
344 a farm of surrogates may all perform the same tasks, they may share
345 an identification token.
348 <tag>http_accel_surrogate_remote on|off</tag>
352 Remote surrogates (such as those in a CDN) honour Surrogate-Control: no-store-remote.
353 Set this to on to have squid behave as a remote surrogate.
356 <tag>esi_parser libxml2|expat|custom</tag>
360 ESI markup is not strictly XML compatible. The custom ESI parser
361 will give higher performance, but cannot handle non ASCII character
365 <tag>email_err_data on|off</tag>
369 If enabled, information about the occurred error will be
370 included in the mailto links of the ERR pages (if %W is set)
371 so that the email body contains the data.
372 Syntax is <A HREF="mailto:%w%W">%w</A>
375 <tag>refresh_all_ims on|off</tag>
379 When you enable this option, squid will always check
380 the origin server for an update when a client sends an
381 If-Modified-Since request. Many browsers use IMS
382 requests when the user requests a reload, and this
383 ensures those clients receive the latest version.
385 By default (off), squid may return a Not Modified response
386 based on the age of the cached version.
388 <tag>request_header_access</tag>
389 <p>Replaces the header_access directive of Squid-2.6 and earlier, but applies to requests only.
390 <tag>reply_header_access</tag>
391 <p>Replaces the header_access directive of Squid-2.6 and earlier, but applies to replies only.
393 <tag>icap_enable on|off</tag>
397 If you want to enable the ICAP module support, set this to on.
399 <tag>icap_preview_enable on|off</tag>
403 Set this to 'on' if you want to enable the ICAP preview
406 <tag>icap_preview_size</tag>
410 The default size of preview data to be sent to the ICAP server.
411 -1 means no preview. This value might be overwritten on a per server
412 basis by OPTIONS requests.
414 <tag>icap_default_options_ttl (seconds)</tag>
418 The default TTL value for ICAP OPTIONS responses that don't have
419 an Options-TTL header.
421 <tag>icap_persistent_connections on|off</tag>
425 Whether or not Squid should use persistent connections to
428 <tag>icap_send_client_ip on|off</tag>
432 This adds the header "X-Client-IP" to ICAP requests.
434 <tag>icap_send_client_username on|off</tag>
438 This adds the header "X-Client-Username" to ICAP requests
439 if proxy access is authentified.
441 <tag>icap_service</tag>
445 Defines a single ICAP service
447 icap_service servicename vectoring_point bypass service_url
449 vectoring_point = reqmod_precache|reqmod_postcache|respmod_precache|respmod_postcache
450 This specifies at which point of request processing the ICAP
451 service should be plugged in.
453 If set to 1 and the ICAP server cannot be reached, the request will go
454 through without being processed by an ICAP server
455 service_url = icap://servername:port/service
457 Note: reqmod_postcache and respmod_postcache is not yet implemented
460 icap_service service_1 reqmod_precache 0 icap://icap1.mydomain.net:1344/reqmod
461 icap_service service_2 respmod_precache 0 icap://icap2.mydomain.net:1344/respmod
463 <tag>icap_class</tag>
467 Defines an ICAP service chain. If there are multiple services per
468 vectoring point, they are processed in the specified order.
470 icap_class classname servicename...
473 icap_class class_1 service_1 service_2
474 icap class class_2 service_1 service_3
476 <tag>icap_access</tag>
480 Redirects a request through an ICAP service class, depending
483 icap_access classname allow|deny [!]aclname...
485 The icap_access statements are processed in the order they appear in
486 this configuration file. If an access list matches, the processing stops.
487 For an "allow" rule, the specified class is used for the request. A "deny"
488 rule simply stops processing without using the class. You can also use the
489 special classname "None".
491 For backward compatibility, it is also possible to use services
495 icap_access class_1 allow all
498 <tag>accept_filter</tag>
500 The name of an accept(2) filter to install on Squid's
501 listen socket(s). This feature is perhaps specific to
502 FreeBSD and requires support in the kernel.
504 The 'httpready' filter delays delivering new connections
505 to Squid until a full HTTP request has been received.
506 See the accf_http(9) man page.
510 <p>New option to import entire secondary configuration files into squid.conf.
512 Squid will follow the files immediately and insert all their content
513 as if it was at that position in squid.conf. As per squid.conf some
514 options are order-specific within the config as a whole.
516 A few layers of include are allowed, but too many are confusing and
517 squid will enforce an include depth of 16 files.
520 include /path/to/file1 /path/to/file2
523 <tag>acl myportname</tag>
524 <p>New acl type myportname, matching the name of the http(s)_port where the request was accepted
526 acl aclname myportname 3128 ... # http(s)_port name
530 <p>Ported from 2.6. Behaviour identical.
532 Minimum umask which should be enforced while the proxy
533 is running, in addition to the umask set at startup.
535 For a traditional octal representation of umasks, start
542 <sect1>Changes to existing tags<label id="modifiedtags">
548 disable-pmtu-discovery=
549 Control Path-MTU discovery usage:
550 off lets OS decide on what to do (default).
551 transparent disable PMTU discovery when transparent support is enabled.
552 always disable always PMTU discovery.
554 In many setups of transparently intercepting proxies Path-MTU
555 discovery can not work on traffic towards the clients. This is
556 the case when the intercepting device does not fully track
557 connections and fails to forward ICMP must fragment messages
558 to the cache server. If you have such setup and experience that
559 certain clients sporadically hang or never complete requests set
560 disable-pmtu-discovery option to 'transparent'.
563 <tag>cache_peer</tag>
572 use 'basetime=n' to specify a base amount to
573 be subtracted from round trip times of parents.
574 It is subtracted before division by weight in calculating
575 which parent to fectch from. If the rtt is less than the
576 base time the rtt is set to a minimal value.
578 use 'background-ping' to only send ICP queries to this
579 neighbor infrequently. This is used to keep the neighbor
580 round trip time updated and is usually used in
581 conjunction with weighted-round-robin.
583 use 'weighted-round-robin' to define a set of parents
584 which should be used in a round-robin fashion with the
585 frequency of each parent being based on the round trip
586 time. Closer parents are used more often.
587 Usually used for background-ping parents.
591 <p>Common options <em>no-store</em>, replaces the older <em>read-only</em> option
593 <tag>auth_param</tag>
594 <p>Removed Basic auth option
596 blankpasswor, not yet ported to squid-3.
597 auth_param basic concurrency 0
600 <tag>external_acl_type</tag>
601 <p>New format specifications:
605 %PATH Requested URL path
607 <p>New result keywords:
609 tag= Apply a tag to a request (for both ERR and OK results)
610 Only sets a tag, does not alter existing tags.
613 <tag>refresh_pattern</tag>
619 ignore-no-store ignores any ``Cache-control: no-store''
620 headers received from a server. Doing this VIOLATES
621 the HTTP standard. Enabling this feature could make you
622 liable for problems which it causes.
624 refresh-ims causes squid to contact the origin server
625 when a client issues an If-Modified-Since request. This
626 ensures that the client will receive an updated version
631 <p>The 'all' ACL is now provided as a built-in. Warnings will be displayed if any attempt is made to redefine it.
634 acl aclname http_status 200 301 500- 400-403 ... # status code in reply
637 <tag>short_icon_urls</tag>
643 <tag>delay_class</tag>
644 <p>New delay classes:
646 class 4 Everything in a class 3 delay pool, with an
647 additional limit on a per user basis. This
648 only takes effect if the username is established
649 in advance - by forcing authentication in your
652 class 5 Requests are grouped according their tag (see
653 external_acl's tag= reply).
657 <p>New default to require the feature to be enabled in squid.conf:
659 Default: 0 (disabled)
664 <p>New default to require the feature to be enabled in squid.conf:
666 Default: 0 (disabled)
671 <p>New default to require the feature to be enabled in squid.conf:
673 Default: 0 (disabled)
680 rp Request URL-Path excluding hostname
682 et Tag returned by external acl
684 <sH Reply high offset sent
686 <sS Upstream object size
689 <tag>reply_body_max_size</tag>
692 reply_body_max_size size [acl acl...]
694 <p>allow/deny no longer used.
696 <tag>url_rewrite_program</tag>
697 <p>No urlgroup support in either requests or response
699 <tag>auth_param</tag>
700 <p>fake_auth helper for NTLM now accepts the '-S' parameter to strip NTLM domain off the username string.
701 This is useful for class 4 Delay Pools in Squid 3.x
705 <sect1>Removed tags<label id="removedtags">
708 <tag>header_access</tag>
709 <p>This has been replaced by request_header_access and reply_header_access
711 <tag>httpd_accel_no_pmtu_disc</tag>
712 <p>Replaced by disable-pmtu-discovery http_port option
714 <tag>wais_relay_*</tag>
715 <p>equivalent to cache_peer + cache_peer_access.
720 <sect>Changes to ./configure Options since Squid-2.6
721 <p>There have been some changes to Squid's build configuration since Squid-2.6.
723 <p>This section gives an account of those changes in three categories:
726 <item><ref id="newoptions" name="New options">
727 <item><ref id="modifiedoptions" name="Changes to existing options">
728 <item><ref id="removedoptions" name="Removed options">
733 <sect1>New options<label id="newoptions">
737 <tag>--enable-shared[=PKGS]</tag>
738 <p>Build shared libraries. The default is to build without.</p>
740 <tag>--enable-static[=PKGS]</tag>
741 <p>Build static libraries. The default is on.</p>
743 <tag>--enable-fast-install[=PKGS]</tag>
744 <verb>Optimize for fast installation
747 <tag>--disable-libtool-lock</tag>
748 <p>Avoid locking (might break parallel builds)</p>
750 <tag>--disable-optimizations</tag>
751 <p>Don't compile Squid with compiler optimizations enabled.
752 Optimization is good for production builds, but not
753 good for debugging. During development, use
754 --disable-optimizations to reduce compilation times
755 and allow easier debugging. This option implicitly
756 also enables --disable-inline</p>
758 <tag>--disable-inline</tag>
759 <p>Don't compile trivial methods as inline. Squid
760 is coded with much of the code able to be inlined.
761 Inlining is good for production builds, but not
762 good for development. During development, use
763 --disable-inline to reduce compilation times and
764 allow incremental builds to be quick. For
765 production builds, or load tests, use
766 --enable-inline to have squid make all trivial
767 methods inlinable by the compiler.</p>
769 <tag>--enable-debug-cbdata</tag>
770 <p>Provide some debug information in cbdata</p>
772 <tag>--enable-disk-io=\"list of modules\"</tag>
773 <p>Build support for the list of disk I/O modules.
774 The default is only to build the "Blocking" module.
775 See src/DiskIO for a list of available modules, or
776 Programmers Guide for details on how to build your
777 custom disk module.</p>
779 <tag>--enable-esi</tag>
780 <p>Enable ESI for accelerators. Requires libexpat.
781 Enabling ESI will cause squid to follow the Edge
782 Acceleration Specification (www.esi.org). This
783 causes squid to IGNORE client Cache-Control headers.</p>
784 <p><em>DO NOT</em> use this in a squid configured as a web
785 proxy, ONLY use it in a squid configured for
786 webserver acceleration.</p>
788 <tag>--enable-icap-client</tag>
789 <p>Enable the ICAP client.</p>
791 <tag>--disable-snmp</tag>
792 <p>Disable SNMP monitoring support which is now built by default.</p>
794 <tag>--disable-htcp</tag>
795 <p>Disable HTCP protocol support which is now built by default.</p>
797 <tag>--enable-kqueue</tag>
798 <p>Enable kqueue() support. Marked as experimental in 3.0.</p>
800 <tag>--enable-ipfw-transparent</tag>
801 <p>Enable Transparent Proxy support for systems
802 using FreeBSD IPFW style redirection.</p>
804 <tag>--disable-mempools</tag>
805 <p>Disable memPools. Note that this option now simply sets the
806 default behaviour. Specific classes can override this at runtime, and
807 only lib/MemPool.c needs to be altered to change the squid-wide
808 default for all classes.</p>
810 <tag>--enable-cpu-profiling</tag>
811 <p>This option allows you to see which internal functions
812 in Squid are consuming how much CPU. Compiles in probes
813 that measure time spent in probed functions. Needs
814 source modifications to add new probes. This is meant
815 for developers to assist in performance optimisations
816 of Squid internal functions.</p>
817 <p>If you are not developer and not interested in the stats
818 you shouldn't enable this, as overhead added, although
819 small, is still overhead. See lib/Profiler.c for more.</p>
821 <tag>--with-gnu-ld</tag>
822 <p>Assume the C compiler uses GNU ld. The default is to auto-detect.</p>
824 <tag>--with-pic</tag>
825 <p>Try to use only PIC/non-PIC objects. The default is to use both.</p>
827 <tag>--with-tags[=TAGS]</tag>
828 <p>Include additional configurations. The default is automatic.</p>
830 <tag>--with-default-user=USER</tag>
831 <p>Sets the default System User account for squid permissions.
832 The default is 'nobody' as in other releases of squid.</p>
834 <tag>--with-cppunit-basedir=[PATH]</tag>
835 <p>Path where the cppunit headers and libraries are found
836 for unit testing. The default is automatic detection.</p>
837 <p>NOTE: Since 3.0-PRE6 and 2.6STABLE14 squid no longer comes
838 bundled with CPPUnit. Compile-time validation will be disabled
839 if it is not installed on your system.</p>
844 <sect1>Changes to existing options<label id="modifiedoptions">
848 <tag>--enable-carp</tag>
849 <p>CARP support is now built by default.
850 --disable-carp can be used to build without it.</p>
852 <tag>--enable-htcp</tag>
853 <p>HTCP protocol support is now built by default.
854 Use --disable-htcp to build without it.</p>
856 <tag>--enable-snmp</tag>
857 <p>SNMP monitoring is now build by default.
858 Use --disable-snmp to build without it.</p>
860 <tag>--enable-heap-replacement</tag>
861 <p>Please use --enable-removal-policies directive instead.</p>
863 <tag>--with-maxfd=N</tag>
864 <p>Replaced by --with-filedescriptors=N</p>
865 <p>Override maximum number of filedescriptors. Useful
866 if you build as another user who is not privileged
867 to use the number of filedescriptors you want the
868 resulting binary to support</p>
870 <tag>--enable-select</tag>
872 Automatic checks will enable best I/O loop method available.</p>
874 <tag>--enable-epoll</tag>
876 Automatic checks will enable best I/O loop method available.</p>
878 <tag>--enable-poll</tag>
880 Automatic checks will enable best I/O loop method available.</p>
882 <tag>--enable-kqueue</tag>
883 <p>kqueue support is marked Experimental in Squid 3.0. Known to have some issues under load.</p>
889 <sect1>Removed options<label id="removedoptions">
891 <p>The following configure options have been removed.
894 <tag>--enable-dlmalloc</tag>
895 <p>Most OS:es have good malloc implementations these days, and the version we used to ship with Squid was very very old..</p>
896 <tag>--enable-mempool-debug</tag>
897 <p>Debug option, not needed and therefore removed.</p>
898 <tag>--enable-forward-log</tag>
899 <p>Rarely used extra log file. Removed.</p>
900 <tag>--enable-multicast-miss</tag>
901 <p>Rarely used feature, and multicast ICP acheives almost the same result. Removed.</p>
902 <tag>--enable-coss-aio-ops</tag>
903 <p>Specific to the COSS implementation in Squid-2</p>
904 <tag>--enable-large-cache-files</tag>
905 <p>Now enabled by default. Configure option was redundant and therefore removed.
906 <tag>--enable-truncate</tag>
907 <p>Known to cause race conditions where cache objects may get corrupted, and this for at most a marginal performance improvement. Removed.</p>
912 <sect>Regressions since Squid-2.7
914 <p>Some squid.conf and ./configure options which were available in Squid-2.7 are not yet available in Squid-3.0
916 <p>If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.
918 <sect1>Missing squid.conf options available in Squid-2.7
922 <p><em>urllogin</em> option not yet ported from 2.6
923 <p><em>urlgroup</em> option not yet ported from 2.6
925 <tag>acl_uses_indirect_client</tag>
926 <p>Not yet ported from 2.6
928 <tag>auth_param digest</tag>
929 <p><em>concurrency</em> option not yet ported from Squid-2
931 <tag>authenticate_ip_shortcircuit_access</tag>
932 <p>Not yet ported from 2.7
934 <tag>authenticate_ip_shortcircuit_ttl</tag>
935 <p>Not yet ported from 2.7
937 <tag>broken_vary_encoding</tag>
938 <p>Not yet ported from 2.6
941 <p><em>min-size</em> option not yet ported from Squid-2
942 <p><em>COSS</em> storage type is lacking stability fixes from 2.6
943 <p>COSS <em>overwrite-percent=</em> option not yet ported from 2.6
944 <p>COSS <em>max-stripe-waste=</em> option not yet ported from 2.6
945 <p>COSS <em>membufs=</em> option not yet ported from 2.6
946 <p>COSS <em>maxfullbufs=</em> option not yet ported from 2.6
948 <tag>cache_peer</tag>
949 <p><em>multicast-siblings</em> not yet ported from 2.7
950 <p><em>idle=</em> not yet ported from 2.7
951 <p><em>http11</em> not yet ported from 2.7
952 <p><em>connection-auth=</em> not yet ported from 2.6
953 <p><em>monitorinterval=</em> not yet ported from 2.6
954 <p><em>monitorsize=</em> not yet ported from 2.6
955 <p><em>monitortimeout=</em> not yet ported from 2.6
956 <p><em>monitorurl=</em> not yet ported from 2.6
958 <tag>cache_vary</tag>
959 <p>Not yet ported from 2.6
961 <tag>collapsed_forwarding</tag>
962 <p>Not yet ported from 2.6
964 <tag>delay_pool_uses_indirect_client</tag>
965 <p>Not yet ported from 2.6
968 <p>Not yet ported from 2.6
970 <tag>external_acl_type</tag>
971 <p><em>%ACL</em> format tag not yet ported from 2.6
972 <p><em>%DATA</em> format tag not yet ported from 2.6
974 <tag>external_refresh_check</tag>
975 <p>Not yet ported from 2.7
977 <tag>follow_x_forwarded_for</tag>
978 <p>Not yet ported from 2.6
980 <tag>http_access2</tag>
981 <p>Not yet ported from 2.6
984 <p><em>act-as-origin</em> not yet ported from 2.7
985 <p><em>allow-direct</em> not yet ported from 2.7
986 <p><em>http11</em> not yet ported from 2.7
987 <p><em>urlgroup=</em> not yet ported from 2.6
988 <p><em>no-connection-auth</em> not yet ported from 2.6
990 <tag>ignore_expect_100</tag>
991 <p>Not yet ported from 2.7
993 <tag>ignore_ims_on_miss</tag>
994 <p>Not yet ported from 2.7
996 <tag>location_rewrite_access</tag>
997 <p>Not yet ported from 2.6
999 <tag>location_rewrite_children</tag>
1000 <p>Not yet ported from 2.6
1002 <tag>location_rewrite_concurrency</tag>
1003 <p>Not yet ported from 2.6
1005 <tag>location_rewrite_program</tag>
1006 <p>Not yet ported from 2.6
1008 <tag>log_uses_indirect_client</tag>
1009 <p>Not yet ported from 2.6
1011 <tag>logfile_daemon</tag>
1012 <p>Not yet ported from 2.7
1014 <tag>logformat</tag>
1015 <p><em>%oa</em> tag not yet ported from 2.7
1016 <p><em>%sn</em> tag not yet ported from 2.7
1018 <tag>max_filedescriptors</tag>
1019 <p>Not yet ported from 2.7
1021 <tag>max_stale</tag>
1022 <p>Not yet ported from 2.7
1024 <tag>refresh_pattern</tag>
1025 <p><em>stale-while-revalidate=</em> not yet ported from 2.7
1026 <p><em>ignore-stale-while-revalidate=</em> not yet ported from 2.7
1027 <p><em>max-stale=</em> not yet ported from 2.7
1028 <p><em>negative-ttl=</em> not yet ported from 2.7
1030 <tag>refresh_stale_hit</tag>
1031 <p>Not yet ported from 2.7
1033 <tag>server_http11</tag>
1034 <p>Not yet ported from 2.7
1036 <tag>storeurl_access</tag>
1037 <p>Not yet ported from 2.7
1039 <tag>storeurl_rewrite_children</tag>
1040 <p>Not yet ported from 2.7
1042 <tag>storeurl_rewrite_concurrency</tag>
1043 <p>Not yet ported from 2.7
1045 <tag>storeurl_rewrite_program</tag>
1046 <p>Not yet ported from 2.7
1048 <tag>update_headers</tag>
1049 <p>Not yet ported from 2.7
1051 <tag>upgrade_http0.9</tag>
1052 <p>Not yet ported from 2.7
1054 <tag>zero_buffers</tag>
1055 <p>Not yet ported from 2.7
1059 <sect1>Missing ./configure options available in Squid-2.7
1062 <tag>--enable-devpoll</tag>
1063 <p>Support for Solaris /dev/poll</p>
1065 <tag>--enable-select-simple</tag>
1066 <p>Basic POSIX select() loop without any binary fd_set optimizations.</p>
1068 <tag>--enable-follow-x-forwarded-for</tag>
1069 <p>Support following the X-Forwarded-For HTTP header for determining the
1070 client IP address</p>
1072 <tag>--without-system-md5</tag>