<!doctype linuxdoc system>
<article>
-<title>Squid 3.2.0.13 release notes</title>
+<title>Squid 3.2.13 release notes</title>
<author>Squid Developers</author>
<abstract>
<sect>Notice
<p>
-The Squid Team are pleased to announce the release of Squid-3.2.0.13 for testing.
+The Squid Team are pleased to announce the release of Squid-3.2.13.
-This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.2/"> or the <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
+This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.2/"> or the
+ <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
-While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
+<p>A large number of the show-stopper bugs have been fixed along with general improvements to the IPv6 support.
+While this release is not fully bug-free we believe it is ready for use in production on many systems.
-We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/BugReporting"> for how to submit a
+<p>We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/BugReporting"> for how to submit a
report with a stack trace.
<sect1>Known issues
<p>
-Although this release is deemed good enough for use in many setups, please note the existence of <url url="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&target_milestone=3.2&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=bugs.bug_severity&field0-0-0=noop&type0-0-0=noop&value0-0-0=" name="open bugs against Squid-3.2">.
+Although this release is deemed good enough for use in many setups, please note the existence of
+<url url="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&product=Squid&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&version=3.2" name="open bugs against Squid-3.2">.
+
+<p>Some issues to note as currently known in this release which are not able to be fixed in the 3.2 series are:
+
+<itemize>
+ <item>TCP logging of access.log does not recover from broken connections well.
+ <item>SSL-Bump not re-wrapping decrypted traffic in CONNECT for peers.
+ <item>Cache Manager reports in txt/plain format even when requested directly via browser.
+</itemize>
+
+<p>Currently known issues which only depends on available developer time and may still be resolved in a future 3.2 release are:
+
+<itemize>
+ <item>SMP Support still has a number of important bugs needing to be resolved. see the bugs list above for details.
+ <item>Windows support is still incomplete.
+ <item>The lack of some features available in Squid-2.x series. See the regression sections below for full details.
+</itemize>
+
<sect1>Changes since earlier releases of Squid-3.2
<p>
<p>The most important of these new features are:
<itemize>
- <item>Fixed CVE-2009-0801 : NAT interception vulnerability to malicious clients.
+ <item>CVE-2009-0801 : NAT interception vulnerability to malicious clients.
+ <item>NCSA helper DES algorithm password limits
<item>SMP scalability
<item>Helper Multiplexer and On-Demand
<item>Helper Name Changes
<item>Multi-Lingual manuals
- <item>Solaris 10 pthreads Support (Experimental)
+ <item>Solaris 10 pthreads Support
<item>Surrogate/1.0 protocol extensions to HTTP
<item>Logging Infrastructure Updated
<item>Client Bandwidth Limits
Most user-facing changes are reflected in squid.conf (see below).
-<sect1>Fixed CVE-2009-0801 : NAT interception vulnerability to malicious clients.
+<sect1>CVE-2009-0801 : NAT interception vulnerability to malicious clients.
<p>Details in Advisory <url url="http://www.squid-cache.org/Advisories/SQUID-2011_1.txt" name="SQUID-2011:1">
<p>Squid locates the authority-URL details available in an HTTP request as
DNS entries.
<p>When the Host: authority contradicts another authority source Squid will log
- "SECURITY ALERT: Host: header forgery detected" and respond with a 409 Conflict
- error status page.
+ "SECURITY ALERT: Host: header forgery detected". The response will then be determined
+ by the <url url="http://www.squid-cache.org/Doc/config/host_verify_strict/" name="host_verify_strict">
+ directive. Squid will respond with 409 Conflict error response when strict validation
+ fails and handles the request normally when strict validation succeeds or is OFF (default).
+
+<p>Relaying of messages which FAIL non-strict Host: validation are permitted through Squid but
+ only to the original destination IP the client was requesting or to explicit peers. This means
+ DNS lookups to locate alternative DIRECT destinations will not be done.
+
+<p>Known Issue: When non-strict validation fails Squid will relay the request, but can only do
+ so safely to the original destination IP the client was contacting. The client original
+ destination IP is lost when relaying to peers in a hierarchy. This means the upstream peers
+ are still at risk of causing same-origin bypass CVE-2009-0801 vulnerability.
+ Developer time is required to implement safe transit of these requests.
+ Please contact squid-dev if you are able to assist or sponsor the development.
+
+
+<sect1>NCSA helper DES algorithm password limits
+<p>Details in Advisory <url url="http://www.squid-cache.org/Advisories/SQUID-2011_2.txt" name="SQUID-2011:2">
+
+<p>The DES algorithm used by the NCSA Basic authentication helper has an
+ limit of 8 bytes but some implementations do not error when truncating
+ longer passwords down to this unsafe level.
+
+<p>This both significantly lowers the threshold of difficulty decrypting
+ captured password files and hides from users the fact that the extra bits
+ of their chosen long password is not being utilized.
+
+<p>The NCSA helper bundled with Squid will prevent passwords longer than 8
+ characters being sent to the DES algorithm. The MD5 hash algorithm which
+ supports longer than 8 character passwords is also supported by this helper
+ and should be used instead.
<sect1>SMP scalability
path and parameters as its own command parameters. The <em>concurrency</em> setting already
existing in Squid is used to configure how many child helpers it may run.
-<p>For example, a traditional configration is
+<p>For example, a traditional configuration is
<verb>
url_rewrite_program /your/redirector.sh
url_rewrite_children 5
<p>The on-demand helpers feature allows greater flexibility and resolves this problem by allowing
maximum, initial and idle thresholds to be configured. Squid will start the initial set during
start and reconfigure phases. However over the operational use new helpers up to the maxium will
- be started as load demands. The idle threshold determins how many more helpers to start if the
+ be started as load demands. The idle threshold determines how many more helpers to start if the
currently running set is not enough to handle current request loads.
-<p>For example, a traditional configration is
+<p>For example, a traditional configuration is
<verb>
auth_param ntlm /usr/libexec/squid/ntlm_auth
auth_param ntlm children 200
<sect2>External ACL helpers
<p><itemize>
<item>mswin_check_ad_group - ext_ad_group_acl - Check logged in users Group membership using Active Directory.
- <item>ip_user_check - ext_file_userip_acl - Restrict users to cetain IP addresses, using a text file backend.
+ <item>ip_user_check - ext_file_userip_acl - Restrict users to certain IP addresses, using a text file backend.
<item>squid_kerb_ldap - ext_kerberos_ldap_group_acl - Check logged in Kerberos or NTLM users Group membership using LDAP.
<item>squid_ldap_group - ext_ldap_group_acl - Check logged in users Group membership using LDAP.
<item>mswin_check_lm_group - ext_lm_group_acl - Check logged in users Group membership using LanManager.
<item>squid_session - ext_session_acl - Maintain a session cache of client identifiers (usually IP address).
+ This helper has also gone through a version update and now uses more current BerkeleyDB 4.1+ APIs.
<item>squid_unix_group - ext_unix_group_acl - Check logged in users Group membership using local UNIX groups.
<item>wbinfo_group.pl - ext_wbinfo_group_acl - Check logged in users Group membership using wbinfo.
</itemize>
<p>The man(8) and man(1) pages bundled with Squid are now provided online for all
versions and beginning with 3.2 they are available in languages other than English (where translated).
-<p>Details in <url url="http://wiki.squid-cache.org/Features/QualityOfService" name="The Squid wiki">
+<p>Details in <url url="http://wiki.squid-cache.org/Translations" name="The Squid wiki">
<p>3.1 began the Internationalization of Squid with the public facing error pages.
This move begins the Localization of the internal administrator facing manuals.
<sect1>Solaris 10 pthreads Support (Experimental)
<p>Automatic detection and use of the pthreads library available from Solaris 10
-<p>The result of this addition means that faster more efficient AUFS cache storage mechanisims
- are now available in Solaris 10.
+<p>The result of this addition means that faster more efficient AUFS cache storage mechanism
+ is now available in Solaris 10.
<p>Support is experimental at this stage due to lack of feedback on the results of enabling it.
We recommend giving AUFS a try for faster disk storage and encourage feedback.
feature support in Squid. This release opens Surrogate support to all reverse proxies.
<p>Reverse proxy requests sent on to the web server include the HTTP header <em>Surrogate-Capabilities:</em>
- specifying the capabilities of the reverse proxy along with an ID which can be used to target reponses with
+ specifying the capabilities of the reverse proxy along with an ID which can be used to target responses with
a <em>Surrogate-Control:</em> HTTP header used instead of the <em>Cache-Control:</em> header.
<p>The default surrogate ID is generated automatically from the Squid site-unique hostname as found by the
automatic detection or manual configuration of <em>visible_hostname</em> although can be configured
separately with the <em>httpd_accel_surrogate_id</em> option.
-<p><em>Security Considerations:</em> Websites sould be careful of accepting any surrogate ID.
+<p><em>Security Considerations:</em> Websites should be careful of accepting any surrogate ID.
Older releases of Squid leak the Surrogate-Control headers to external servers.
This 3.2 series of Squid will now prevent this leakage of its own ID destined responses, however it is possible
and for some uses desirable to receive external reverse-proxies <em>Surrogate-Capabilities:</em> headers.
direct filesystem logging (stdio, daemon) to network logging (syslog, UDP and TCP). The daemon logging
interface allows for a custom helper to be written to process logs in real-time.
-<p>Upgrading: the <em>access_log</em> was previously logge via what is now called the <em>stdio</em> module.
+<p>Upgrading: the <em>access_log</em> and <em>cache_store_log</em> were previously logged via what is
+ now called the <em>stdio</em> module.
This is still supported and used by default if no module is named. For best performance particularly in SMP
environments we recommend the <em>daemon</em> be used. The provided <em>log_file_daemon</em> helper
performs the traditional logging to local filesystem.
logging a single cache.log at relatively high debug levels on a high-traffic system. Or one which is
required to store a long period of access.log and needs to conserve disk space.
-<p>The referer_log and useragent_log directives have been converted to built-in log formats.
- These logs are now created using an access_log line with the format "referrer" or "useragent".
+<p>The <em>referer_log</em> and <em>useragent_log</em> directives have been converted to built-in log formats.
+ These logs are now created using an <em>access_log</em> line with the format "referrer" or "useragent".
+ They also now log all client requests, if there was no Referer or User-Agent header a dash (-) is logged.
+
+<p>Known Issue: The TCP logging module does not recover from broken connections well.
+ At present it will restart the affected Squid instance if the TCP connection is broken.
<sect1> Client Bandwidth Limits
<p>Support for libecap version 0.2.0 has been added with this series of Squid. Bringing
better support for body handling, and logging.
+<p>Known Issue: Due to API changes in libecap this release of Squid will not build
+ against any older libecap releases.
+
<sect1>Cache Manager access changes
<p>The Squid Cache Manager has previously only been accessible under the cache_object://
<p>The cache manager is available under the path prefix /squid-internal-mgr/. For example
the URL http://example/com/squid-internal-mgr/menu will bring up the manager menu. This
means there are some configuration changes required to lock down manager access.
- The <em>manager</em> ACL needs changing to:
+ The <em>manager</em> ACL needs changing. A built-in definition is now used, equivalent
+ to the following regex pattern:
<verb>
- acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+ ^(cache_object://|https?://[^/]+/squid-internal-mgr/)
</verb>
+<p>The manager prefix /squid-internal-mgr/ with no action attempts to load an optional
+ template MGR_INDEX which may be installed amongst in the Squid error templates.
+ This template is not supplied with Squid but intended to be supplied by separate
+ cache manager applications as their front page embedding all scripts, accessors or
+ redirects required for their initial GUI display.
+
+<p>MGR_INDEX file
+<itemize>
+ <item>should contain a complete HTML page, with optional client-side scripting.
+ <item>must not contain server-side scripting.
+ <item>will have macro substitution performed on it using the same macros as used by the error page templates.
+</itemize>
+
+<p>Version 3.2 of the CGI cache manager tool now presents XHR scripted probes to detect
+ proxies presenting these manager index pagess and provides direct HTTP/HTTPS web links
+ to those managers.
+
<sect>Changes to squid.conf since Squid-3.1
<p>
<sect1>New tags<label id="newtags">
<p>
<descrip>
+ <tag>adaptation_meta</tag>
+ <p>This option allows Squid administrator to add custom ICAP request
+ headers or eCAP options to Squid ICAP requests or eCAP transactions.
+
<tag>adaptation_send_client_ip</tag>
- <p>Same as depricated icap_send_client_ip
+ <p>Same as deprecated icap_send_client_ip
but applies to both ICAP and eCAP.</p>
<tag>adaptation_send_username</tag>
- <p>Same as depricated icap_send_client_username
+ <p>Same as deprecated icap_send_client_username
but applies to both ICAP and eCAP.</p>
<tag>adaptation_uses_indirect_client</tag>
- <p>Same as depricated icap_uses_indirect_client
+ <p>Same as deprecated icap_uses_indirect_client
but applies to both ICAP and eCAP.</p>
<tag>client_delay_pools</tag>
- <p>New setting for client bandwith limits to specifies the number
+ <p>New setting for client bandwidth limits to specifies the number
of client delay pools used.
<tag>client_delay_initial_bucket_level</tag>
- <p>New setting for client bandwith limits to determine the initial
+ <p>New setting for client bandwidth limits to determine the initial
bucket size as a percentage of max_bucket_size from
client_delay_parameters.
<tag>client_delay_parameters</tag>
- <p>New setting for client bandwith limits to configures client-side
+ <p>New setting for client bandwidth limits to configures client-side
bandwidth limits.
<tag>client_delay_access</tag>
- <p>New setting for client bandwith limits to determines the
+ <p>New setting for client bandwidth limits to determines the
client-side delay pool for the request.
<tag>client_dst_passthru</tag>
destination IP to another source indicated by Host: domain DNS or
cache_peer configuration. It <em>does not</em> affect Host: validation.
+ <tag>client_idle_pconn_timeout</tag>
+ <p>Renamed from <em>persistent_request_timeout</em>.
+
<tag>cpu_affinity_map</tag>
<p>New setting for SMP support to map Squid processes onto specific CPU cores.
<tag>eui_lookup</tag>
<p>Whether to lookup the EUI or MAC address of a connected client.
+ <tag>host_verify_strict</tag>
+ <p>New option to enable super-strict HTTP and DNS information match.
+ Ensuring the HTTP URI details, DNS records, and TCP connection layers all match in a
+ three-legged security verification. Preventing domain hijacking or malicious poisoning
+ attacks by malicious scripts.
+ <p>The default is to verify only intercepted traffic, to log all issues and let failed
+ traffic through when doing so can be done safely.
+
<tag>icap_206_enable</tag>
<p>New option to toggle whether the ICAP 206 (Partial Content) responses extension.
Default is on.
<p>The else part is optional. The keywords <em>if</em>, <em>else</em> and <em>endif</em>
must be typed on their own lines, as if they were regular configuration directives.
+ <tag>logfile_daemon</tag>
+ <p>Ported from 2.7. Specify the file I/O daemon helper to run for logging.
+
<tag>max_stale</tag>
<p>Places an upper limit on how stale content Squid will serve from the cache if cache validation fails
network Only objects fetched from network is kept in memory
</verb>
- <tag>logfile_daemon</tag>
- <p>Ported from 2.7. Specify the file I/O daemon helper to run for logging.
+ <tag>memory_cache_shared</tag>
+ <p>Controls whether the memory cache is shared among SMP workers.
+ <p>Currently, entities exceeding 32KB in size cannot be shared.
+
+ <tag>server_idle_pconn_timeout</tag>
+ <p>Renamed from <em>pconn_timeout</em>.
<tag>tproxy_uses_indirect_client</tag>
<p>Controls whether the indirect client address found in the X-Forwarded-For
New installs, or installs with no logs configured explicitly will use this module by default.
<p>New <em>tcp</em> module to send each log line as text data to a TCP receiver.
<p>New <em>udp</em> module to send each log line as text data to a UDP receiver.
- <p>New format <em>referrer</em> to log with the format prevously used by referer_log directive.
- <p>New format <em>useragent</em> to log with the format prevously used by useragent_log directive.
+ <p>New format <em>referrer</em> to log with the format previously used by referer_log directive.
+ <p>New format <em>useragent</em> to log with the format previously used by useragent_log directive.
- <tag>acl : random, localip, localport</tag>
+ <tag>acl : random, urllogin</tag>
<p>New type <em>random</em>. Pseudo-randomly match requests based on a configured probability.
- <p>Renamed <em>myip</em> to <em>localip</em>. It matches the IP which the client connected to.
- <p>Renamed <em>myport</em> to <em>localport</em>. It matches the port which the client connected to.
- <p>The <em>localip</em>/<em>localport</em> differ from earlier releases where they matched a mix of
- of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port.
- This definition is now consistent across all modes of traffic received by Squid.
- <p>The <em>manager</em> ACL requires adjustment to cover new cache manager access:
+ <p>Ported <em>urllogin</em> option from Squid 2.7, to match a regex pattern on the URL login field (if any).
+ <p>The <em>manager</em> ACL requires adjustment to cover new cache manager access. So it has now been
+ built-in as a predefined ACL name matching URLs equivalent to the following regular expression:
<verb>
- acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+ ^(cache_object://|https?://[^/]+/squid-internal-mgr/)
</verb>
+ squid.conf containing the old manager definition can expect to see ACL type collisions.
<tag>auth_param</tag>
<p>New options for Basic, Digest, NTLM, Negotiate <em>children</em> settings.
- <em>startup=N</em> determins minimum number of helper processes used.
+ <em>startup=N</em> determines minimum number of helper processes used.
<em>idle=N</em> determines how many helper to retain as buffer against sudden traffic loads.
<em>concurrency=N</em> previously called <em>auth_param ... concurrency</em> as a separate option.
<p>Removed Basic, Digest, NTLM, Negotiate <em>auth_param ... concurrency</em> setting option.
+ <p>Known Issue: NTLM and Negotiate protocols do not support concurrency. When set this option is ignored.
<tag>cache_dir</tag>
<p><em>min-size</em> option ported from Squid-2
<p><em>htcp-*</em> options collapsed into <em>htcp=</em> taking an optional comma-separated list of flags.
The old form is deprecated but still accepted.
+ <tag>cache_store_log</tag>
+ <p>Now uses logging modules. Example: stdio:/file/path
+ see <em>access_log</em> for a list of supported modules and their parameters.
+
<tag>clientside_mark</tag>
<p>New configuration parameter <em>clientside_mark</em>
<p>Allows packets leaving Squid on the client side to be marked with a Netfilter mark value in the same way as the existing clientside_tos feature.
<p><em>%SRCEUI64</em> EUI-64 of clients with SLAAC address.
<p><em>%EXT_LOG</em> log= message returned by previous external ACL calls. An updated version may be returned.
<p><em>%EXT_TAG</em> tag= value returned by previous external ACL calls. Tag may not be altered once set.
- <p><em>children-max=N</em> determins maximum number of helper processes used.
- <p><em>children-startup=N</em> determins minimum number of helper processes used.
+ <p><em>children-max=N</em> determines maximum number of helper processes used.
+ <p><em>children-startup=N</em> determines minimum number of helper processes used.
<p><em>children-idle=N</em> determines how many helper to retain as buffer against sudden traffic loads.
<p>Deprecated <em>children=N</em> in favor of <em>children-max=N</em>.
<tag>refresh_pattern</tag>
<p>New option <em>max-stale=</em> to provide a maximum staleness factor. Squid won't
serve objects more stale than this even if it failed to validate the object.
+ <p>Removed option <em>ignore-no-cache</em>. Its commonly desired behaviour is obsoleted
+ by correct HTTP/1.1 Cache-Control:no-cache handling.
+
+ <tag>reply_header_access</tag>
+ <p>Added support for custom response header names.</p>
+
+ <tag>request_header_access</tag>
+ <p>Added support for custom request header names.</p>
+
+ <tag>reply_header_replace</tag>
+ <p>Added support for custom response header names.</p>
+
+ <tag>request_header_replace</tag>
+ <p>Added support for custom request header names.</p>
<tag>tcp_outgoing_address</tag>
<p>This parameter is now compatible with persistent server connections.
<tag>tcp_outgoing_tos</tag>
<p>This parameter is now compatible with persistent server connections.
- <tag>windows_ipaddrchangemonitor</tag>
- <p>Now only available to be set in Windows builds.
-
<tag>url_rewrite_children</tag>
<p>New options <em>startup=N</em>, <em>idle=N</em>, <em>concurrency=N</em>
<itemize>
<item>concurrency=N was previously called url_rewrite_concurrency as a distinct directive.
</itemize>
+ <tag>windows_ipaddrchangemonitor</tag>
+ <p>Now only available to be set in Windows builds.
+
</descrip>
<sect1>Removed tags<label id="removedtags">
<p>
<descrip>
+ <tag>dns_v4_fallback</tag>
+ <p>Obsolete. Replaced by DNS parallel lookups.
+
<tag>emulate_httpd_log</tag>
<p>Replaced by <em>common</em> format option on an <em>access_log</em> directive.
<p>The behaviour controlled by this directive is no longer possible.
It has been replaced by <em>connect_retries</em> option which operates a little differently.
+ <tag>pconn_timeout</tag>
+ <p>Renamed to <em>server_idle_pconn_timeout</em>
+
+ <tag>persistent_request_timeout</tag>
+ <p>Renamed to <em>client_idle_pconn_timeout</em>
+
<tag>referer_log</tag>
<p>Replaced by the <em>referrer</em> format option on an <em>access_log</em> directive.
<p>
<descrip>
<tag>--enable-auth</tag>
- <p>No longer takes a list of arguments. This option now is restricted to building with or without for authentication.
+ <p>No longer takes a list of arguments. This option now is restricted to building Squid with or without authentication support.
<p>The new <em>--enable-auth-X</em>/<em>--disable-auth-X</em> parameters determine which authentication protocols and helpers are built.
</descrip>
<p>Replaced by --enable-eui
<tag>--enable-auth-basic-helpers</tag>
- <p>replaced by <em>--enable-auth-basic</em>.
+ <p>Replaced by <em>--enable-auth-basic</em>.
<tag>--enable-auth-digest-helpers</tag>
- <p>replaced by <em>--enable-auth-digest</em>.
+ <p>Replaced by <em>--enable-auth-digest</em>.
<tag>--enable-auth-negotiate-helpers</tag>
- <p>replaced by <em>--enable-auth-negotiate</em>.
+ <p>Replaced by <em>--enable-auth-negotiate</em>.
<tag>--enable-auth-ntlm-helpers</tag>
- <p>replaced by <em>--enable-auth-ntlm</em>.
+ <p>Replaced by <em>--enable-auth-ntlm</em>.
<tag>--enable-referer-log</tag>
<p>Obsolete.
An external_acl_type helper may be used to bypass authentication if that is suitable.
<tag>cache_peer</tag>
- <p><em>http11</em> Obsolete.
+ <p>Option <em>http11</em> obsolete.
<tag>external_acl_type</tag>
<p>Format tag <em>%{Header}</em> replaced by <em>%>{Header}</em>
<p>Replaced by <em>request_header_access</em> and <em>reply_header_access</em>
<tag>http_port</tag>
- <p><em>no-connection-auth</em> replaced by <em>connection-auth=[on|off]</em>. Default is ON.
- <p><em>transparent</em> option replaced by <em>intercept</em>
- <p><em>http11</em> obsolete.
+ <p>Option <em>no-connection-auth</em> replaced by <em>connection-auth=[on|off]</em>. Default is ON.
+ <p>Option <em>transparent</em> option replaced by <em>intercept</em>
+ <p>Option <em>http11</em> obsolete.
<tag>http_access2</tag>
<p>Replaced by <em>adapted_http_access</em>
<tag>server_http11</tag>
<p>Obsolete.
+ <tag>update_headers</tag>
+ <p>Obsolete. The experimental actions enabled in 2.7 by this option have been integrated as default
+ actions for the <em>rock</em> storage type and memory caches.
+ The configuration option is no longer necessary and has been dropped.
+ NOTE: It is not yet supported by <em>ufs</em>, <em>aufs</em>, or <em>diskd</em> storage.
+
<tag>upgrade_http0.9</tag>
<p>Obsolete.
<sect1>Removed squid.conf options since Squid-2.6
<p>
<descrip>
+ <tag>acl</tag>
+ <p><em>urlgroup</em> type removed. Use <em>myportname</em> type instead.
+
<tag>cache_dir</tag>
<p><em>read-only</em> option replaced by <em>no-store</em>.
+ <tag>http_port</tag>
+ <p><em>urlgroup=</em> removed. Use <em>name=</em> feature instead.
+
+ <tag>zero_buffers</tag>
+ <p>Replaced by native support.
+
</descrip>
<sect1>Removed ./configure options since Squid-2.7
<tag>--disable-kqueue</tag>
<p>Obsolete. Disabled by default.
+ <tag>--without-system-md5</tag>
+ <p>Obsolete. Disabled by default.
+
</descrip>
<sect1>Missing squid.conf options available in Squid-2.7
<p>
<descrip>
- <tag>acl</tag>
- <p><em>urllogin</em> option not yet ported from 2.6
- <p><em>urlgroup</em> option not yet ported from 2.6
-
<tag>broken_vary_encoding</tag>
<p>Not yet ported from 2.6
<tag>external_refresh_check</tag>
<p>Not yet ported from 2.7
- <tag>http_port</tag>
- <p><em>urlgroup=</em> not yet ported from 2.6
-
<tag>ignore_ims_on_miss</tag>
<p>Not yet ported from 2.7
<tag>storeurl_rewrite_program</tag>
<p>Not yet ported from 2.7
- <tag>update_headers</tag>
- <p>Not yet ported from 2.7
-
- <tag>zero_buffers</tag>
- <p>Not yet ported from 2.7
-
</descrip>
-<sect1>Missing ./configure options available in Squid-2.7
+<sect>Copyright
<p>
-<descrip>
- <tag>--without-system-md5</tag>
-
-</descrip>
+Copyright (C) 1996-2015 The Squid Software Foundation and contributors
+<p>
+Squid software is distributed under GPLv2+ license and includes
+contributions from numerous individuals and organizations.
+Please see the COPYING and CONTRIBUTORS files for details.
</article>
projects / thirdparty / squid.git / blobdiff