connections using the client IP address.
NP: disables authentication and maybe IPv6 on the port.
- accel Accelerator mode. Using the HTTP/1.1 Host header for
- virtual domain support. Also uses the port as specified
- in Host: header unless overridden by the vport option.
+ accel Accelerator / reverse proxy mode
ssl-bump Intercept each CONNECT request matching ssl_bump ACL,
establish secure connection with the client and with
Accelerator Mode Options:
- act-as-origin
- Act as if this Squid is the origin server.
- This currently means generate new Date: and Expires:
- headers on HIT instead of adding Age:.
-
- allow-direct Allow direct forwarding in accelerator mode. Normally
- accelerated requests are denied direct forwarding as if
- never_direct was used.
-
- WARNING: this option opens accelerator mode to security
- vulnerabilities usually only affecting in interception mode.
-
defaultsite=domainname
What to use for the Host: header if it is not present
in a request. Determines what site (not origin server)
accelerators should consider the default.
- ignore-cc Ignore request Cache-Control headers.
-
- WARNING: This option violates HTTP specifications if
- used in non-accelerator setups.
-
no-vhost Disable using HTTP/1.1 Host header for virtual domain support.
protocol= Protocol to reconstruct accelerated requests with.
- Defaults to http://.
+ Defaults to http for http_port and https for
+ https_port
vport Virtual host port support. Using the http_port number
instead of the port passed on Host: headers.
vport=NN Virtual host port support. Using the specified port
number instead of the port passed on Host: headers.
+ act-as-origin
+ Act as if this Squid is the origin server.
+ This currently means generate new Date: and Expires:
+ headers on HIT instead of adding Age:.
+
+ ignore-cc Ignore request Cache-Control headers.
+
+ WARNING: This option violates HTTP specifications if
+ used in non-accelerator setups.
+
+ allow-direct Allow direct forwarding in accelerator mode. Normally
+ accelerated requests are denied direct forwarding as if
+ never_direct was used.
+
+ WARNING: this option opens accelerator mode to security
+ vulnerabilities usually only affecting in interception
+ mode. Make sure to protect forwarding with suitable
+ http_access rules when using this.
+
SSL Bump Mode Options:
DEFAULT: none
LOC: Config.Sockaddr.https
DOC_START
- Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...]
+ Usage: [ip:]port cert=certificate.pem [key=key.pem] [mode] [options...]
The socket address where Squid will listen for HTTPS client
requests.
You may specify multiple socket addresses on multiple lines,
each with their own SSL certificate and/or options.
- Options:
+ Modes:
- accel Accelerator mode. Also needs at least one of
- defaultsite or vhost.
+ accel Accelerator / reverse proxy mode
- defaultsite= The name of the https site presented on
- this port. Implies accel.
+ Omitting the mode flag causes default forward proxy mode to be used.
- vhost Accelerator mode using Host header for virtual
- domain support. Requires a wildcard certificate
- or other certificate valid for more than one domain.
- Implies accel.
- protocol= Protocol to reconstruct accelerated requests with.
- Defaults to https.
+ See http_port for a list of generic options
+
+
+ SSL Options:
cert= Path to SSL certificate (PEM format).
sslcontext= SSL session ID context identifier.
- vport Accelerator with IP based virtual host support.
-
- vport=NN As above, but uses specified port number rather
- than the https_port number. Implies accel.
-
- name= Specifies a internal name for the port. Defaults to
- the port specification (port or addr:port)
-
DOC_END
NAME: tcp_outgoing_tos tcp_outgoing_ds tcp_outgoing_dscp
projects / thirdparty / squid.git / commitdiff
