Squid 3.2.0.0 release notes

From 2bf4e8fa5da9ccac5efd5a7383f2c497c0700a21 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Wed, 26 May 2010 14:03:36 +1200 Subject: [PATCH] Updated documentation --- doc/release-notes/release-3.1.sgml | 12 +++---- doc/release-notes/release-3.2.html | 55 +++++++++++++++++++----------- doc/release-notes/release-3.2.sgml | 20 ++++++++--- src/cf.data.pre | 17 +++++---- 4 files changed, 67 insertions(+), 37 deletions(-) diff --git a/doc/release-notes/release-3.1.sgml b/doc/release-notes/release-3.1.sgml index 65ebebc377..5d45706af6 100644 --- a/doc/release-notes/release-3.1.sgml +++ b/doc/release-notes/release-3.1.sgml @@ -1365,11 +1365,6 @@ This section gives an account of those changes in three categories:

Disable error page localization for visitors.

error_directory option is required if this option is used. - --disable-caps -

Build without libcap support. The default is to auto-detect system capabilities - and enable support when possible. -

NOTE: Disabling this or building without libcap support will break TPROXY support. - --disable-ipv6

Build without IPv6 support. The default is to auto-detect system capabilities and build with IPv6 when possible. @@ -1385,7 +1380,7 @@ This section gives an account of those changes in three categories: to the squid developers before doing so. --disable-translation -

Prevent Squid generating localized error page templates and manuals. +

Prevent Squid generating localized error page templates and manuals when built. Which is usually tried, but may not be needed.

This is an optimization for building fast when localization is not needed or localization tools are not available. @@ -1415,6 +1410,11 @@ This section gives an account of those changes in three categories:

Absolute path to po2html executable. Default is to automatically detect the binary. + --without-libcap +

Build without libcap support. The default is to auto-detect system capabilities + and enable support when possible. +

NOTE: Disabling this or building without libcap support will break TPROXY support. + Changes to existing options diff --git a/doc/release-notes/release-3.2.html b/doc/release-notes/release-3.2.html index f1c7e741bc..e3ae0aafdd 100644 --- a/doc/release-notes/release-3.2.html +++ b/doc/release-notes/release-3.2.html @@ -1,7 +1,7 @@ - + Squid 3.2.0.0 release notes @@ -164,11 +164,11 @@ For several helpers the directory name used in --enable-X-helpers configure opti

ncsa_auth - basic_ncsa_auth - Authenticate with NCSA httpd-style password file.

pam_auth - basic_pam_auth - Authenticate with the system PAM infrastructure.

pop3.pl - basic_pop3_auth.pl - Authenticate with a mail server POP3/SMTP credentials

squid_sasl_auth - basic_sasl_auth - Authenticate with SASL ???

smb_auth - basic_smb_auth - Authenticate with Samba SMB ???

squid_sasl_auth - basic_sasl_auth - Authenticate with SASL.

smb_auth - basic_smb_auth - Authenticate with Samba SMB.

yp_auth - basic_nis_auth - Authenticate with NIS security system.

mswin_sspi - basic_sspi_auth - Authenticate with a Windows Domain Controller using SSPI.

MSNT-muti-domain - basic_msnt_multi_domain_auth.pl - Authenticate with any one of multiple Windows Domain Controllers.

MSNT-multi-domain - basic_msnt_multi_domain_auth.pl - Authenticate with any one of multiple Windows Domain Controllers.

squid_radius_auth - basic_radius_auth - Authenticate with RADIUS.

@@ -177,7 +177,7 @@ For several helpers the directory name used in --enable-X-helpers configure opti

(none yet converted)
digest_pw_auth - digest_file_auth - Authenticate against credentials stored in a simple text file.

@@ -252,11 +252,15 @@ This move begins the Localization of the internal administrator facing manuals.<

adapted_http_access

Access control based on altered HTTP request following adaptation alterations (ICAP, eCAP, URL rewriter). +An upgraded drop-in replacement for http_access2 found in Squid-2.

eui_lookup

Whether to lookup the EUI or MAC address of a connected client.

memory_cache_mode

Controls which objects to keep in the memory cache (cache_mem) +

Controls which objects to keep in the memory cache (cache_mem)

         'always'  Keep most recently fetched objects in memory (default)
         
@@ -270,7 +274,12 @@ This move begins the Localization of the internal administrator facing manuals.<
 
 
 logfile_daemon

-Ported from 2.7
+Ported from 2.7. Specify the file I/O daemon helper to run for logging.
+
+
tproxy_uses_indirect_client

+Controls whether the indirect client address found in the X-Forwarded-For
+header is used for spoofing instead of the directly connected client address.
+Requires both --enable-follow-x-forwarded-for and --enable-linux-netfilter

@@ -280,6 +289,11 @@ This move begins the Localization of the internal administrator facing manuals.<

access_log

New daemon module to send each log line as text data to a file I/O daemon.

New tcp module to send each log line as text data to a TCP receiver.

New udp module to send each log line as text data to a UDP receiver.

acl random

New type random. Pseudo-randomly match requests based on a configured probability.

@@ -363,6 +377,9 @@ Both EUI forms are logged in the same field. Type can be identified by length or

Enable Support for handling EUI operations. This includes ARP lookups for MAC (EUI-48) addresses and the ACL arp type tests.

--enable-log-daemon-auth-helpers

Build helpers for logging I/O.

--enable-url-rewrite-helpers

Build helpers for some basic URL-rewrite actions. For use by url_rewrite_program. If omitted or set to =all then all bundled helpers that are able to build will be built. @@ -407,6 +424,9 @@ the helper protocol usage and provide exemplar code.

auth_param

blankpassword option for basic scheme removed.

cache_peer

http11 Obsolete.

external_acl_type

Format tag %{Header} replaced by %>{Header}

Format tag %{Header:member} replaced by %>{Header:member}

@@ -417,6 +437,10 @@ the helper protocol usage and provide exemplar code.

http_port

no-connection-auth replaced by connection-auth=[on|off]. Default is ON.

transparent option replaced by intercept

http11 obsolete.

+ +

http_access2

Replaced by adapted_http_access

httpd_accel_no_pmtu_disc

Replaced by http_port disable-pmtu-discovery= option

@@ -427,6 +451,9 @@ the helper protocol usage and provide exemplar code.

redirector_bypass

Replaced by url_rewrite_bypass

server_http11

Obsolete.

upgrade_http0.9

Obsolete.

@@ -549,9 +576,7 @@ the helper protocol usage and provide exemplar code.

COSS maxfullbufs= option not yet ported from 2.6

cache_peer

multicast-siblings not yet ported from 2.7

idle= not yet ported from 2.7

http11 not yet ported from 2.7

monitorinterval= not yet ported from 2.6

monitorsize= not yet ported from 2.6

monitortimeout= not yet ported from 2.6

@@ -573,17 +598,10 @@ the helper protocol usage and provide exemplar code.

external_refresh_check

Not yet ported from 2.7

http_access2

Not yet ported from 2.6

http_port

act-as-origin not yet ported from 2.7

http11 not yet ported from 2.7

urlgroup= not yet ported from 2.6

ignore_expect_100

Not yet ported from 2.7

ignore_ims_on_miss

Not yet ported from 2.7

@@ -617,9 +635,6 @@ the helper protocol usage and provide exemplar code.

refresh_stale_hit

Not yet ported from 2.7

server_http11

Not yet ported from 2.7

storeurl_access

Not yet ported from 2.7

diff --git a/doc/release-notes/release-3.2.sgml b/doc/release-notes/release-3.2.sgml index 2712b9cde9..2cc0556f57 100644 --- a/doc/release-notes/release-3.2.sgml +++ b/doc/release-notes/release-3.2.sgml @@ -163,11 +163,15 @@ This section gives a thorough account of those changes in three categories: New tags

+ adapted_http_access +

Access control based on altered HTTP request following adaptation alterations (ICAP, eCAP, URL rewriter). + An upgraded drop-in replacement for http_access2 found in Squid-2. + eui_lookup -

Whether to lookup the EUI or MAC address of a connected client. +

Whether to lookup the EUI or MAC address of a connected client. memory_cache_mode -

Controls which objects to keep in the memory cache (cache_mem) +

Controls which objects to keep in the memory cache (cache_mem) 'always' Keep most recently fetched objects in memory (default) @@ -179,7 +183,7 @@ This section gives a thorough account of those changes in three categories: logfile_daemon -

Ported from 2.7 +

Ported from 2.7. Specify the file I/O daemon helper to run for logging. tproxy_uses_indirect_client

Controls whether the indirect client address found in the X-Forwarded-For @@ -191,6 +195,11 @@ This section gives a thorough account of those changes in three categories: Changes to existing tags

+ access_log +

New daemon module to send each log line as text data to a file I/O daemon. +

New tcp module to send each log line as text data to a TCP receiver. +

New udp module to send each log line as text data to a UDP receiver. + acl random

New type random. Pseudo-randomly match requests based on a configured probability. @@ -264,6 +273,9 @@ This section gives an account of those changes in three categories:

Enable Support for handling EUI operations. This includes ARP lookups for MAC (EUI-48) addresses and the ACL arp type tests. + --enable-log-daemon-auth-helpers +

Build helpers for logging I/O. + --enable-url-rewrite-helpers

Build helpers for some basic URL-rewrite actions. For use by url_rewrite_program. If omitted or set to =all then all bundled helpers that are able to build will be built. @@ -314,6 +326,7 @@ This section gives an account of those changes in three categories: http_port

no-connection-auth replaced by connection-auth=[on|off]. Default is ON.

transparent option replaced by intercept +

http11 obsolete. http_access2

Replaced by adapted_http_access @@ -467,7 +480,6 @@ This section gives an account of those changes in three categories: http_port

act-as-origin not yet ported from 2.7 -

http11 not yet ported from 2.7

urlgroup= not yet ported from 2.6 ignore_ims_on_miss diff --git a/src/cf.data.pre b/src/cf.data.pre index 279132fad1..d173d6556f 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -796,13 +796,12 @@ DOC_START If a request reaches us from a source that is allowed by this configuration item, then we consult the X-Forwarded-For header to see where that host received the request from. If the - X-Forwarded-For header contains multiple addresses, and if - acl_uses_indirect_client is on, then we continue backtracking - until we reach an address for which we are not allowed to - follow the X-Forwarded-For header, or until we reach the first - address in the list. (If acl_uses_indirect_client is off, then - it's impossible to backtrack through more than one level of - X-Forwarded-For addresses.) + X-Forwarded-For header contains multiple addresses, we continue + backtracking until we reach an address for which we are not allowed + to follow the X-Forwarded-For header, or until we reach the first + address in the list. For the purpose of ACL used in the + follow_x_forwarded_for directive the src ACL type always matches + the address we are testing and srcdomain matches its rDNS. The end result of this process is an IP address that we will refer to as the indirect client address. This address may @@ -2755,6 +2754,10 @@ DOC_START Place: The destination host name or IP and port. Place Format: \\host:port + tcp To send each log line as text data to a TCP receiver. + Place: The destination host name or IP and port. + Place Format: \\host:port + Default: access_log daemon:@DEFAULT_ACCESS_LOG@ squid DOC_END -- 2.47.3