<p>Disable error page localization for visitors.
<p>error_directory option is required if this option is used.
- <tag>--disable-caps</tag>
- <p>Build without libcap support. The default is to auto-detect system capabilities
- and enable support when possible.
- <p>NOTE: Disabling this or building without libcap support will break TPROXY support.
-
<tag>--disable-ipv6</tag>
<p>Build without IPv6 support. The default is to auto-detect system capabilities
and build with IPv6 when possible.
to the squid developers before doing so.
<tag>--disable-translation</tag>
- <p>Prevent Squid generating localized error page templates and manuals.
+ <p>Prevent Squid generating localized error page templates and manuals when built.
Which is usually tried, but may not be needed.
<p>This is an optimization for building fast when localization is not needed
or localization tools are not available.
<p>Absolute path to po2html executable.
Default is to automatically detect the binary.
+ <tag>--without-libcap</tag>
+ <p>Build without libcap support. The default is to auto-detect system capabilities
+ and enable support when possible.
+ <p>NOTE: Disabling this or building without libcap support will break TPROXY support.
+
</descrip>
<sect1>Changes to existing options<label id="modifiedoptions">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
- <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.65">
+ <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
<TITLE>Squid 3.2.0.0 release notes</TITLE>
</HEAD>
<BODY>
<LI>ncsa_auth - basic_ncsa_auth - Authenticate with NCSA httpd-style password file.</LI>
<LI>pam_auth - basic_pam_auth - Authenticate with the system PAM infrastructure.</LI>
<LI>pop3.pl - basic_pop3_auth.pl - Authenticate with a mail server POP3/SMTP credentials</LI>
-<LI>squid_sasl_auth - basic_sasl_auth - Authenticate with SASL ???</LI>
-<LI>smb_auth - basic_smb_auth - Authenticate with Samba SMB ???</LI>
+<LI>squid_sasl_auth - basic_sasl_auth - Authenticate with SASL.</LI>
+<LI>smb_auth - basic_smb_auth - Authenticate with Samba SMB.</LI>
<LI>yp_auth - basic_nis_auth - Authenticate with NIS security system.</LI>
<LI>mswin_sspi - basic_sspi_auth - Authenticate with a Windows Domain Controller using SSPI.</LI>
-<LI>MSNT-muti-domain - basic_msnt_multi_domain_auth.pl - Authenticate with any one of multiple Windows Domain Controllers.</LI>
+<LI>MSNT-multi-domain - basic_msnt_multi_domain_auth.pl - Authenticate with any one of multiple Windows Domain Controllers.</LI>
<LI>squid_radius_auth - basic_radius_auth - Authenticate with RADIUS.</LI>
</UL>
</P>
<P>
<UL>
-<LI>(none yet converted)</LI>
+<LI>digest_pw_auth - digest_file_auth - Authenticate against credentials stored in a simple text file.</LI>
</UL>
</P>
<P>
<DL>
+<DT><B>adapted_http_access</B><DD>
+<P>Access control based on altered HTTP request following adaptation alterations (ICAP, eCAP, URL rewriter).
+An upgraded drop-in replacement for <EM>http_access2</EM> found in Squid-2.</P>
+
<DT><B>eui_lookup</B><DD>
-<P> Whether to lookup the EUI or MAC address of a connected client.</P>
+<P>Whether to lookup the EUI or MAC address of a connected client.</P>
<DT><B>memory_cache_mode</B><DD>
-<P> Controls which objects to keep in the memory cache (cache_mem)
+<P>Controls which objects to keep in the memory cache (cache_mem)
<PRE>
'always' Keep most recently fetched objects in memory (default)
</P>
<DT><B>logfile_daemon</B><DD>
-<P>Ported from 2.7</P>
+<P>Ported from 2.7. Specify the file I/O daemon helper to run for logging.</P>
+
+<DT><B>tproxy_uses_indirect_client</B><DD>
+<P>Controls whether the indirect client address found in the X-Forwarded-For
+header is used for spoofing instead of the directly connected client address.
+Requires both --enable-follow-x-forwarded-for and --enable-linux-netfilter</P>
</DL>
</P>
<P>
<DL>
+<DT><B>access_log</B><DD>
+<P>New <EM>daemon</EM> module to send each log line as text data to a file I/O daemon.</P>
+<P>New <EM>tcp</EM> module to send each log line as text data to a TCP receiver.</P>
+<P>New <EM>udp</EM> module to send each log line as text data to a UDP receiver.</P>
+
<DT><B>acl random</B><DD>
<P>New type <EM>random</EM>. Pseudo-randomly match requests based on a configured probability.</P>
<P>Enable Support for handling EUI operations.
This includes ARP lookups for MAC (EUI-48) addresses and the ACL arp type tests.</P>
+<DT><B>--enable-log-daemon-auth-helpers</B><DD>
+<P>Build helpers for logging I/O.</P>
+
<DT><B>--enable-url-rewrite-helpers</B><DD>
<P>Build helpers for some basic URL-rewrite actions. For use by url_rewrite_program.
If omitted or set to =all then all bundled helpers that are able to build will be built.
<DT><B>auth_param</B><DD>
<P><EM>blankpassword</EM> option for basic scheme removed.</P>
+<DT><B>cache_peer</B><DD>
+<P><EM>http11</EM> Obsolete.</P>
+
<DT><B>external_acl_type</B><DD>
<P>Format tag <EM>%{Header}</EM> replaced by <EM>%>{Header}</EM></P>
<P>Format tag <EM>%{Header:member}</EM> replaced by <EM>%>{Header:member}</EM></P>
<DT><B>http_port</B><DD>
<P><EM>no-connection-auth</EM> replaced by <EM>connection-auth=[on|off]</EM>. Default is ON.</P>
<P><EM>transparent</EM> option replaced by <EM>intercept</EM></P>
+<P><EM>http11</EM> obsolete.</P>
+
+<DT><B>http_access2</B><DD>
+<P>Replaced by <EM>adapted_http_access</EM></P>
<DT><B>httpd_accel_no_pmtu_disc</B><DD>
<P>Replaced by <EM>http_port disable-pmtu-discovery=</EM> option</P>
<DT><B>redirector_bypass</B><DD>
<P>Replaced by <EM>url_rewrite_bypass</EM></P>
+<DT><B>server_http11</B><DD>
+<P>Obsolete.</P>
+
<DT><B>upgrade_http0.9</B><DD>
<P>Obsolete.</P>
<P>COSS <EM>maxfullbufs=</EM> option not yet ported from 2.6</P>
<DT><B>cache_peer</B><DD>
-<P><EM>multicast-siblings</EM> not yet ported from 2.7</P>
<P><EM>idle=</EM> not yet ported from 2.7</P>
-<P><EM>http11</EM> not yet ported from 2.7</P>
<P><EM>monitorinterval=</EM> not yet ported from 2.6</P>
<P><EM>monitorsize=</EM> not yet ported from 2.6</P>
<P><EM>monitortimeout=</EM> not yet ported from 2.6</P>
<DT><B>external_refresh_check</B><DD>
<P>Not yet ported from 2.7</P>
-<DT><B>http_access2</B><DD>
-<P>Not yet ported from 2.6</P>
-
<DT><B>http_port</B><DD>
<P><EM>act-as-origin</EM> not yet ported from 2.7</P>
-<P><EM>http11</EM> not yet ported from 2.7</P>
<P><EM>urlgroup=</EM> not yet ported from 2.6</P>
-<DT><B>ignore_expect_100</B><DD>
-<P>Not yet ported from 2.7</P>
-
<DT><B>ignore_ims_on_miss</B><DD>
<P>Not yet ported from 2.7</P>
<DT><B>refresh_stale_hit</B><DD>
<P>Not yet ported from 2.7</P>
-<DT><B>server_http11</B><DD>
-<P>Not yet ported from 2.7</P>
-
<DT><B>storeurl_access</B><DD>
<P>Not yet ported from 2.7</P>
<sect1>New tags<label id="newtags">
<p>
<descrip>
+ <tag>adapted_http_access</tag>
+ <p>Access control based on altered HTTP request following adaptation alterations (ICAP, eCAP, URL rewriter).
+ An upgraded drop-in replacement for <em>http_access2</em> found in Squid-2.
+
<tag>eui_lookup</tag>
- <p> Whether to lookup the EUI or MAC address of a connected client.
+ <p>Whether to lookup the EUI or MAC address of a connected client.
<tag>memory_cache_mode</tag>
- <p> Controls which objects to keep in the memory cache (cache_mem)
+ <p>Controls which objects to keep in the memory cache (cache_mem)
<verb>
'always' Keep most recently fetched objects in memory (default)
</verb>
<tag>logfile_daemon</tag>
- <p>Ported from 2.7
+ <p>Ported from 2.7. Specify the file I/O daemon helper to run for logging.
<tag>tproxy_uses_indirect_client</tag>
<p>Controls whether the indirect client address found in the X-Forwarded-For
<sect1>Changes to existing tags<label id="modifiedtags">
<p>
<descrip>
+ <tag>access_log</tag>
+ <p>New <em>daemon</em> module to send each log line as text data to a file I/O daemon.
+ <p>New <em>tcp</em> module to send each log line as text data to a TCP receiver.
+ <p>New <em>udp</em> module to send each log line as text data to a UDP receiver.
+
<tag>acl random</tag>
<p>New type <em>random</em>. Pseudo-randomly match requests based on a configured probability.
<p>Enable Support for handling EUI operations.
This includes ARP lookups for MAC (EUI-48) addresses and the ACL arp type tests.
+ <tag>--enable-log-daemon-auth-helpers</tag>
+ <p>Build helpers for logging I/O.
+
<tag>--enable-url-rewrite-helpers</tag>
<p>Build helpers for some basic URL-rewrite actions. For use by url_rewrite_program.
If omitted or set to =all then all bundled helpers that are able to build will be built.
<tag>http_port</tag>
<p><em>no-connection-auth</em> replaced by <em>connection-auth=[on|off]</em>. Default is ON.
<p><em>transparent</em> option replaced by <em>intercept</em>
+ <p><em>http11</em> obsolete.
<tag>http_access2</tag>
<p>Replaced by <em>adapted_http_access</em>
<tag>http_port</tag>
<p><em>act-as-origin</em> not yet ported from 2.7
- <p><em>http11</em> not yet ported from 2.7
<p><em>urlgroup=</em> not yet ported from 2.6
<tag>ignore_ims_on_miss</tag>
If a request reaches us from a source that is allowed by this
configuration item, then we consult the X-Forwarded-For header
to see where that host received the request from. If the
- X-Forwarded-For header contains multiple addresses, and if
- acl_uses_indirect_client is on, then we continue backtracking
- until we reach an address for which we are not allowed to
- follow the X-Forwarded-For header, or until we reach the first
- address in the list. (If acl_uses_indirect_client is off, then
- it's impossible to backtrack through more than one level of
- X-Forwarded-For addresses.)
+ X-Forwarded-For header contains multiple addresses, we continue
+ backtracking until we reach an address for which we are not allowed
+ to follow the X-Forwarded-For header, or until we reach the first
+ address in the list. For the purpose of ACL used in the
+ follow_x_forwarded_for directive the src ACL type always matches
+ the address we are testing and srcdomain matches its rDNS.
The end result of this process is an IP address that we will
refer to as the indirect client address. This address may
Place: The destination host name or IP and port.
Place Format: \\host:port
+ tcp To send each log line as text data to a TCP receiver.
+ Place: The destination host name or IP and port.
+ Place Format: \\host:port
+
Default:
access_log daemon:@DEFAULT_ACCESS_LOG@ squid
DOC_END
projects / thirdparty / squid.git / commitdiff
