<p><em>children-idle=N</em> determines how many helper to retain as buffer against sudden traffic loads.
<p>Deprecated <em>children=N</em> in favor of <em>children-max=N</em>.
- <tag>http_port act-as-origin</tag>
+ <tag>http_port act-as-origin vhost no-vhost</tag>
<p><em>act-as-origin</em> ported from 2.7.
This option corrects several HTTP header issues when operating as a reverse proxy and cache.
Notably the externally visible aging of objects stored in the server-side cache.
+ <p><em>vhost</em> is deprecated. <em>accel</em> mode, reverse proxy, now defaults to always enable HTTP/1.1 virtual domain support.
+ <p><em>no-vhost</em> option is added to disable the new reverse proxy behaviour.
<tag>icap_send_client_ip</tag>
<p>Deprecated in favor of adaptation_send_client_ip
debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: Accelerator mode requires its own port. It cannot be shared with other modes.");
self_destruct();
}
- s->accel = 1;
+ s->accel = s->vhost = 1;
} else if (strcmp(token, "transparent") == 0 || strcmp(token, "intercept") == 0) {
if (s->accel || s->spoof_client_ip) {
debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: Intercept mode requires its own interception port. It cannot be shared with other modes.");
s->defaultsite = xstrdup(token + 12);
} else if (strcmp(token, "vhost") == 0) {
if (!s->accel) {
- debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: vhost option requires Acceleration mode flag.");
- self_destruct();
+ debugs(3, DBG_CRITICAL, "WARNING: http(s)_port: vhost option is deprecated. Use 'accel' mode flag instead.");
+ }
+ s->accel = s->vhost = 1;
+ } else if (strcmp(token, "no-vhost") == 0) {
+ if (!s->accel) {
+ debugs(3, DBG_IMPORTANT, "ERROR: http(s)_port: no-vhost option requires Acceleration mode flag.");
}
- s->vhost = 1;
+ s->vhost = 0;
} else if (strcmp(token, "vport") == 0) {
if (!s->accel) {
debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: vport option requires Acceleration mode flag.");
connections using the client IP address.
NP: disables authentication and maybe IPv6 on the port.
- accel Accelerator mode. Also needs at least one of
- vhost / vport / defaultsite.
+ accel Accelerator mode. Using the HTTP/1.1 Host header for
+ virtual domain support. Also uses the port as specified
+ in Host: header unless overridden by the vport option.
ssl-bump Intercept each CONNECT request matching ssl_bump ACL,
establish secure connection with the client and with
Accelerator Mode Options:
+ act-as-origin
+ Act as if this Squid is the origin server.
+ This currently means generate new Date: and Expires:
+ headers on HIT instead of adding Age:.
+
allow-direct Allow direct forwarding in accelerator mode. Normally
accelerated requests are denied direct forwarding as if
never_direct was used.
+ WARNING: this option opens accelerator mode to security
+ vulnerabilities usually only affecting in interception mode.
+
defaultsite=domainname
What to use for the Host: header if it is not present
in a request. Determines what site (not origin server)
accelerators should consider the default.
- Implies accel.
- vhost Using the Host header for virtual domain support.
- Also uses the port as specified in Host: header unless
- overridden by the vport option.
+ ignore-cc Ignore request Cache-Control headers.
- vport Virtual host port support. Using the http_port number
- instead of the port passed on Host: headers.
+ WARNING: This option violates HTTP specifications if
+ used in non-accelerator setups.
- vport=NN Virtual host port support. Using the specified port
- number instead of the port passed on Host: headers.
+ no-vhost Disable using HTTP/1.1 Host header for virtual domain support.
protocol= Protocol to reconstruct accelerated requests with.
Defaults to http://.
- act-as-origin
- Act as if this Squid is the origin server.
- This currently means generate new Date: and Expires:
- headers on HIT instead of adding Age:.
-
- ignore-cc Ignore request Cache-Control headers.
+ vport Virtual host port support. Using the http_port number
+ instead of the port passed on Host: headers.
- Warning: This option violates HTTP specifications if
- used in non-accelerator setups.
+ vport=NN Virtual host port support. Using the specified port
+ number instead of the port passed on Host: headers.
SSL Bump Mode Options: