+Changes to squid-3.1.17 (03 Dec 2011):
+
+ - Bug 3432: Crash logging FTP errors
+ - Bug 3428: Active FTP data channel accepted twice
+ - Bug 3423: access violation in URL parser
+ - Bug 3422: Buffer overflow in recv-announce
+ - Bug 3412: External ACL Uses Invalid Cache Entry
+ - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
+ - Bug 3398: persistent server connection closed after PUT/DELETE
+ - Bug 3299: dnsserver: various undefined references
+ - Bug 3077: '\' in url query strings cause Digest authentication to fail
+ - Bug 2910: MemBuf may grow beyond max_capacity
+ - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption
+ - Bug 1243: Build overrides configured AR setting
+ - Avoid crashes when processing bad X509 common names (CN).
+ - Support %% in external ACL format
+ - ... and several other compile error fixes
+ - ... and several documentation fixes
+
Changes to squid-3.1.16 (14 Oct 2011):
- Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED
dnl
dnl $Id$
dnl
-AC_INIT([Squid Web Proxy],[3.1.16-BZR],[http://www.squid-cache.org/bugs/],[squid])
+AC_INIT([Squid Web Proxy],[3.1.17-BZR],[http://www.squid-cache.org/bugs/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
- <TITLE>Squid 3.1.16 release notes</TITLE>
+ <TITLE>Squid 3.1.17 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 3.1.16 release notes</H1>
+<H1>Squid 3.1.17 release notes</H1>
<H2>Squid Developers</H2>
<HR>
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-3.1.16</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.1.17</P>
<P>This new release is available for download from
<A HREF="http://www.squid-cache.org/Versions/v3/3.1/">http://www.squid-cache.org/Versions/v3/3.1/</A> or the
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
</PRE>
</P>
+<DT><B>client_request_buffer_max_size</B><DD>
+<P>New directive added with squid-3.1.10 to set limits on the amount of buffer space allocated
+for receiving upload and request data from clients.</P>
+
<DT><B>delay_pool_uses_indirect_client</B><DD>
<P>Whether to use any result found by follow_x_forwarded_for in delay_pool assignment.
Default: ON
</PRE>
</P>
-<DT><B>client_request_buffer_max_size</B><DD>
-<P>New directive added with squid-3.1.10 to set limits on the amount of buffer space allocated
-for receiving upload and request data from clients.</P>
-
<DT><B>dns_v4_fallback</B><DD>
<P>New option to prevent Squid from always looking up IPv4 regardless of whether IPv6 addresses are found.
Squid will follow a policy of prefering IPv6 links, keeping the IPv4 only as a safety net behind IPv6.
<P>Controls how many different forward paths Squid will try
before giving up. Default: 10</P>
-<DT><B>reply_header_replace</B><DD>
-<P>This option allows you to change the contents of reply headers.
-<PRE>
- In Squid 2 header_replace (now deprecated) worked for both requests
- and replies, while in Squid 3 it only did respect request headers.
- This option brings back the functionality to replace the contents of
- reply headers. Consult the documentation for usage details.
-
-</PRE>
-</P>
-
-<DT><B>request_header_replace</B><DD>
-<P>This option allows you to change the contents of request headers.
-<PRE>
- To be consistent with the naming changes of header_access in Squid 3
- (header_access has been split into two options request_header_access
- and reply_header_access), header_replace (now deprecated) is being
- replaced by request_header_replace.
-
-</PRE>
-</P>
-
<DT><B>icap_log</B><DD>
<P>New option to write ICAP log files record ICAP transaction summaries, one line per
transaction. Similar to access.log.
</PRE>
</P>
+<DT><B>qos_flows local-hit= sibling-hit= parent-hit=</B><DD>
+<P>
+<PRE>
+ Allows you to select a TOS/DSCP value to mark outgoing
+ connections with, based on where the reply was sourced.
+
+ TOS values really only have local significance - so you should
+ know what you're specifying. For more information, see RFC2474,
+ RFC2475, and RFC3260.
+
+ The TOS/DSCP byte must be exactly that - octet value 0x00-0xFF.
+ Note that in practice often only values up to 0x3F are usable
+ as the two highest bits have been redefined for use by ECN
+ (RFC3168).
+
+ This setting is configured by setting the source TOS values:
+
+ local-hit=0xFF Value to mark local cache hits.
+
+ sibling-hit=0xFF Value to mark hits from sibling peers.
+
+ parent-hit=0xFF Value to mark hits from parent peers.
+
+
+ NOTE: 'miss' preserve feature is only possible on Linux at this time.
+
+ For the following to work correctly, you will need to patch your
+ linux kernel with the TOS preserving ZPH patch.
+ The kernel patch can be downloaded from http://zph.bratcheda.org
+
+ disable-preserve-miss
+ If set, any HTTP response towards clients will
+ have the TOS value of the response comming from the
+ remote server masked with the value of miss-mask.
+ miss-mask=0xFF
+ Allows you to mask certain bits in the TOS received from the
+ remote server, before copying the value to the TOS sent
+ towards clients.
+ Default: 0xFF (TOS from server is not changed).
+
+</PRE>
+</P>
+
+<DT><B>reply_header_replace</B><DD>
+<P>This option allows you to change the contents of reply headers.
+<PRE>
+ In Squid 2 header_replace (now deprecated) worked for both requests
+ and replies, while in Squid 3 it only did respect request headers.
+ This option brings back the functionality to replace the contents of
+ reply headers. Consult the documentation for usage details.
+
+</PRE>
+</P>
+
+<DT><B>request_header_replace</B><DD>
+<P>This option allows you to change the contents of request headers.
+<PRE>
+ To be consistent with the naming changes of header_access in Squid 3
+ (header_access has been split into two options request_header_access
+ and reply_header_access), header_replace (now deprecated) is being
+ replaced by request_header_replace.
+
+</PRE>
+</P>
+
<DT><B>ssl_bump</B><DD>
<P>New Access control for which CONNECT requests to an http_port
marked with an ssl-bump flag are actually "bumped". Please
</PRE>
</P>
-<DT><B>qos_flows local-hit= sibling-hit= parent-hit=</B><DD>
-<P>
-<PRE>
- Allows you to select a TOS/DSCP value to mark outgoing
- connections with, based on where the reply was sourced.
-
- TOS values really only have local significance - so you should
- know what you're specifying. For more information, see RFC2474,
- RFC2475, and RFC3260.
-
- The TOS/DSCP byte must be exactly that - octet value 0x00-0xFF.
- Note that in practice often only values up to 0x3F are usable
- as the two highest bits have been redefined for use by ECN
- (RFC3168).
-
- This setting is configured by setting the source TOS values:
-
- local-hit=0xFF Value to mark local cache hits.
-
- sibling-hit=0xFF Value to mark hits from sibling peers.
-
- parent-hit=0xFF Value to mark hits from parent peers.
-
-
- NOTE: 'miss' preserve feature is only possible on Linux at this time.
-
- For the following to work correctly, you will need to patch your
- linux kernel with the TOS preserving ZPH patch.
- The kernel patch can be downloaded from http://zph.bratcheda.org
-
- disable-preserve-miss
- If set, any HTTP response towards clients will
- have the TOS value of the response comming from the
- remote server masked with the value of miss-mask.
- miss-mask=0xFF
- Allows you to mask certain bits in the TOS received from the
- remote server, before copying the value to the TOS sent
- towards clients.
- Default: 0xFF (TOS from server is not changed).
-
-</PRE>
-</P>
-
</DL>
</P>
<DT><B>cache_store_log</B><DD>
<P>Default changed to OFF. Matching long-standing developer recommendations.</P>
+<DT><B>debug_options rotate=</B><DD>
+<P>New parameter rotate=N to control number of cache.log rotations independent of other logs.</P>
+
+<DT><B>deny_info</B><DD>
+<P>Support 307 status for redirecting CONNECT tunnels with HTTPS traffic.</P>
+
<DT><B>error_directory</B><DD>
<P>Now an optional entry in squid.conf. If present it will force all visitors to receive the error pages
contained in the directory it points at. If absent, error page localization will be given a chance.
</PRE>
</P>
-<DT><B>debug_options rotate=</B><DD>
-<P>New parameter rotate=N to control number of cache.log rotations independent of other logs.</P>
-
-<DT><B>deny_info</B><DD>
-<P>Support 307 status for redirecting CONNECT tunnels with HTTPS traffic.</P>
-
<DT><B>external_acl_type</B><DD>
<P>New options 'ipv4' and 'ipv6' are added to set the IPv4/v6 protocol between Squid and its helpers.
-Please be aware of some limits to these options. These options only affet the transport protocol used
-to send data to and from the helpers. Squid in IPv6-mode may still send %SRC addresses in IPv4 or IPv6
+Please be aware of some limits to these options. These options only affect the transport protocol used
+to send data to and from the helpers. IPv6 enabled Squid will still send %SRC addresses in IPv4 or IPv6
format, so all helpers will need to be checked and converted to cope with such information cleanly.
<PRE>
- ipv4 / ipv6 IP-mode used to communicate to this helper.
- For compatability with older configurations and helpers
- the default is 'ipv4'.
+ ipv4 / ipv6 IP transport used to communicate to this helper over localhost.
+ For compatability with systems lacking IPv6 support in the system kernel the default is 'ipv4'.
</PRE>
</P>
%<{Hdr:;member} HTTP reply header list member using ; as
list separator. ; can be any non-alphanumeric
character.
+ %% The percent symbol
</PRE>
</P>
<!doctype linuxdoc system>
<article>
-<title>Squid 3.1.16 release notes</title>
+<title>Squid 3.1.17 release notes</title>
<author>Squid Developers</author>
<abstract>
<sect>Notice
<p>
-The Squid Team are pleased to announce the release of Squid-3.1.16
+The Squid Team are pleased to announce the release of Squid-3.1.17
This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.1/"> or the <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
supported, there will be no need to buffer a chunked request.
</verb>
+ <tag>client_request_buffer_max_size</tag>
+ <p>New directive added with squid-3.1.10 to set limits on the amount of buffer space allocated
+ for receiving upload and request data from clients.
+
<tag>delay_pool_uses_indirect_client</tag>
<p>Whether to use any result found by follow_x_forwarded_for in delay_pool assignment.
Default: ON
direct client address in delay pools.
</verb>
- <tag>client_request_buffer_max_size</tag>
- <p>New directive added with squid-3.1.10 to set limits on the amount of buffer space allocated
- for receiving upload and request data from clients.
-
<tag>dns_v4_fallback</tag>
<p>New option to prevent Squid from always looking up IPv4 regardless of whether IPv6 addresses are found.
Squid will follow a policy of prefering IPv6 links, keeping the IPv4 only as a safety net behind IPv6.
<p>Controls how many different forward paths Squid will try
before giving up. Default: 10
- <tag>reply_header_replace</tag>
- <p>This option allows you to change the contents of reply headers.
- <verb>
- In Squid 2 header_replace (now deprecated) worked for both requests
- and replies, while in Squid 3 it only did respect request headers.
- This option brings back the functionality to replace the contents of
- reply headers. Consult the documentation for usage details.
- </verb>
-
- <tag>request_header_replace</tag>
- <p>This option allows you to change the contents of request headers.
- <verb>
- To be consistent with the naming changes of header_access in Squid 3
- (header_access has been split into two options request_header_access
- and reply_header_access), header_replace (now deprecated) is being
- replaced by request_header_replace.
- </verb>
-
<tag>icap_log</tag>
<p>New option to write ICAP log files record ICAP transaction summaries, one line per
transaction. Similar to access.log.
default is off when --enable-icmp is compiled in.
</verb>
+ <tag>qos_flows local-hit= sibling-hit= parent-hit=</tag>
+ <verb>
+ Allows you to select a TOS/DSCP value to mark outgoing
+ connections with, based on where the reply was sourced.
+
+ TOS values really only have local significance - so you should
+ know what you're specifying. For more information, see RFC2474,
+ RFC2475, and RFC3260.
+
+ The TOS/DSCP byte must be exactly that - octet value 0x00-0xFF.
+ Note that in practice often only values up to 0x3F are usable
+ as the two highest bits have been redefined for use by ECN
+ (RFC3168).
+
+ This setting is configured by setting the source TOS values:
+
+ local-hit=0xFF Value to mark local cache hits.
+
+ sibling-hit=0xFF Value to mark hits from sibling peers.
+
+ parent-hit=0xFF Value to mark hits from parent peers.
+
+
+ NOTE: 'miss' preserve feature is only possible on Linux at this time.
+
+ For the following to work correctly, you will need to patch your
+ linux kernel with the TOS preserving ZPH patch.
+ The kernel patch can be downloaded from http://zph.bratcheda.org
+
+ disable-preserve-miss
+ If set, any HTTP response towards clients will
+ have the TOS value of the response comming from the
+ remote server masked with the value of miss-mask.
+ miss-mask=0xFF
+ Allows you to mask certain bits in the TOS received from the
+ remote server, before copying the value to the TOS sent
+ towards clients.
+ Default: 0xFF (TOS from server is not changed).
+ </verb>
+
+ <tag>reply_header_replace</tag>
+ <p>This option allows you to change the contents of reply headers.
+ <verb>
+ In Squid 2 header_replace (now deprecated) worked for both requests
+ and replies, while in Squid 3 it only did respect request headers.
+ This option brings back the functionality to replace the contents of
+ reply headers. Consult the documentation for usage details.
+ </verb>
+
+ <tag>request_header_replace</tag>
+ <p>This option allows you to change the contents of request headers.
+ <verb>
+ To be consistent with the naming changes of header_access in Squid 3
+ (header_access has been split into two options request_header_access
+ and reply_header_access), header_replace (now deprecated) is being
+ replaced by request_header_replace.
+ </verb>
+
<tag>ssl_bump</tag>
<p>New Access control for which CONNECT requests to an http_port
marked with an ssl-bump flag are actually "bumped". Please
the connection may be insecure.
</verb>
- <tag>qos_flows local-hit= sibling-hit= parent-hit=</tag>
- <verb>
- Allows you to select a TOS/DSCP value to mark outgoing
- connections with, based on where the reply was sourced.
-
- TOS values really only have local significance - so you should
- know what you're specifying. For more information, see RFC2474,
- RFC2475, and RFC3260.
-
- The TOS/DSCP byte must be exactly that - octet value 0x00-0xFF.
- Note that in practice often only values up to 0x3F are usable
- as the two highest bits have been redefined for use by ECN
- (RFC3168).
-
- This setting is configured by setting the source TOS values:
-
- local-hit=0xFF Value to mark local cache hits.
-
- sibling-hit=0xFF Value to mark hits from sibling peers.
-
- parent-hit=0xFF Value to mark hits from parent peers.
-
-
- NOTE: 'miss' preserve feature is only possible on Linux at this time.
-
- For the following to work correctly, you will need to patch your
- linux kernel with the TOS preserving ZPH patch.
- The kernel patch can be downloaded from http://zph.bratcheda.org
-
- disable-preserve-miss
- If set, any HTTP response towards clients will
- have the TOS value of the response comming from the
- remote server masked with the value of miss-mask.
- miss-mask=0xFF
- Allows you to mask certain bits in the TOS received from the
- remote server, before copying the value to the TOS sent
- towards clients.
- Default: 0xFF (TOS from server is not changed).
- </verb>
-
</descrip>
<tag>cache_store_log</tag>
<p>Default changed to OFF. Matching long-standing developer recommendations.
+ <tag>debug_options rotate=</tag>
+ <p>New parameter rotate=N to control number of cache.log rotations independent of other logs.
+
+ <tag>deny_info</tag>
+ <p>Support 307 status for redirecting CONNECT tunnels with HTTPS traffic.
+
<tag>error_directory</tag>
<p>Now an optional entry in squid.conf. If present it will force all visitors to receive the error pages
contained in the directory it points at. If absent, error page localization will be given a chance.
on error pages if used.
</verb>
- <tag>debug_options rotate=</tag>
- <p>New parameter rotate=N to control number of cache.log rotations independent of other logs.
-
- <tag>deny_info</tag>
- <p>Support 307 status for redirecting CONNECT tunnels with HTTPS traffic.
-
<tag>external_acl_type</tag>
<p>New options 'ipv4' and 'ipv6' are added to set the IPv4/v6 protocol between Squid and its helpers.
Please be aware of some limits to these options. These options only affet the transport protocol used
%<{Hdr:;member} HTTP reply header list member using ; as
list separator. ; can be any non-alphanumeric
character.
+ %% The percent symbol
</verb>
<tag>forwarded_for</tag>
COMMENT_START
WELCOME TO @SQUID@
----------------------------
-
- This is the default Squid configuration file. You may wish
- to look at the Squid home page (http://www.squid-cache.org/)
- for the FAQ and other documentation.
-
- The default Squid config file shows what the defaults for
- various options happen to be. If you don't need to change the
- default, you shouldn't uncomment the line. Doing so may cause
- run-time problems. In some cases "none" refers to no default
- setting at all, while in other cases it refers to a valid
- option - the comments for that keyword indicate if this is the
- case.
+
+ This is the documentation for the Squid configuration file.
+ This documentation can also be found online at:
+ http://www.squid-cache.org/Doc/config/
+
+ You may wish to look at the Squid home page and wiki for the
+ FAQ and other documentation:
+ http://www.squid-cache.org/
+ http://wiki.squid-cache.org/SquidFaq
+ http://wiki.squid-cache.org/ConfigExamples
+
+ This documentation shows what the defaults for various directives
+ happen to be. If you don't need to change the default, you should
+ leave the line out of your squid.conf in most cases.
+
+ In some cases "none" refers to no default setting at all,
+ while in other cases it refers to the value of the option
+ - the comments for that keyword indicate if this is the case.
COMMENT_END
COMMENT_START
Configuration options can be included using the "include" directive.
- Include takes a list of files to include. Quoting and wildcards is
+ Include takes a list of files to include. Quoting and wildcards are
supported.
For example,
cache_peer parent.foo.net parent 3128 3130 default
cache_peer sib1.foo.net sibling 3128 3130 proxy-only
cache_peer sib2.foo.net sibling 3128 3130 proxy-only
- cache_peer example.com parent 80 0 no-query default
+ cache_peer example.com parent 80 0 default
cache_peer cdn.example.com sibling 3128 0
type: either 'parent', 'sibling', or 'multicast'.
multicast-siblings
To be used only for cache peers of type "multicast".
ALL members of this multicast group have "sibling"
- relationship with it, not "parent". This is to a mulicast
+ relationship with it, not "parent". This is to a multicast
group when the requested object would be fetched only from
a "parent" cache, anyway. It's useful, e.g., when
configuring a pool of redundant Squid proxies, being
Will log to the specified file using the specified format (which
must be defined in a logformat directive) those entries which match
ALL the acl's specified (which must be defined in acl clauses).
+
If no acl is specified, all requests will be logged to this file.
To disable logging of a request use the filepath "none", in which case
projects / thirdparty / squid.git / commitdiff
