-<!doctype linuxdoc system>\r
-<article>\r
-<title>Squid 3.0.RC1 release notes</title>\r
-<author>Squid Developers</author>\r
-<date>$Id: release-3.0.sgml,v 1.31 2007/12/14 05:34:16 amosjeffries Exp $</date>\r
-\r
-<abstract>\r
-This document contains the release notes for version 3.0 of Squid.\r
-Squid is a WWW Cache application developed by the National Laboratory\r
-for Applied Network Research and members of the Web Caching community.\r
-</abstract>\r
-\r
-<toc>\r
-\r
-<sect>Notice\r
-<p>\r
-The Squid Team are pleased to announce the release of Squid-3.0.RC1 for pre-release testing.\r
-\r
-This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.0/"> or the <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.\r
-\r
-A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support.\r
-While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.\r
-\r
-We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d"> for how to submit a report with a stack trace.\r
-\r
-<sect>Known issues\r
-<p>\r
-Although this release is deemed good enough for testing in many setups, please note the existence of <url url="http://www.squid-cache.org/bugs/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&target_milestone=3.0&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=bugs.bug_severity&field0-0-0=noop&type0-0-0=noop&value0-0-0=" name="open bugs against Squid-3.0">.\r
-\r
-<sect>Changes since earlier releases of Squid-3.0\r
-<p>\r
-The 3.0 change history can be <url url="http://www.squid-cache.org/Versions/v3/3.0/changesets/" name="viewed here">.\r
-\r
-<sect>Changes since Squid-2.6\r
-\r
-<sect1>Major new features\r
-<p>\r
-Squid 3.0 represents a major rewrite of Squid and has a number of new features.\r
-\r
-The most important of these are:\r
-\r
-<itemize>\r
- <item>Code converted to C++, with significant internal restructuring and rewrites.\r
- <item>ICAP implementation (RFC 3507 and www.icap-forum.org)\r
- <item>Edge Side Includes (ESI) implementation (www.esi.org)\r
-</itemize>\r
-\r
-Most user-facing changes are reflected in squid.conf (see below).\r
-\r
-<sect2>Internet Content Adaptation Protocol (ICAP)\r
-\r
-<p>Squid 3.0 supports ICAP/1.0. To enable ICAP support, use the --enable-icap-client ./configure option and icap_enable squid.conf option. You will also need to configure ICAP services in your squid.conf using icap_service, icap_class, and icap_access options. The following example instructs Squid to talk to two ICAP services, one for request and one for response adaptation:\r
-\r
-<verb>\r
-icap_enable on\r
-icap_service service_req reqmod_precache 1 icap://127.0.0.1:1344/request\r
-icap_service service_resp respmod_precache 0 icap://127.0.0.1:1344/response\r
-icap_class class_req service_req\r
-icap_class class_resp service_resp\r
-icap_access class_req allow all\r
-icap_access class_resp allow all\r
-</verb>\r
-\r
-<p>Please see squid.conf.default for more details about these and many other icap_* options.\r
-\r
-<p>Squid supports pre-cache request and pre-cache response vectoring points. The following ICAP features are supported: message preview, 204 responses outside of preview, request satisfaction, X-Transfer-* negotiation, persistent ICAP connections, client IP/credentials sharing, and optional bypass of certain service failures.\r
-\r
-<p>No more than one ICAP service can be applied to an HTTP message. In other words, chaining or load balancing multiple services is not yet supported.\r
-\r
-<p>Proxy-directed data trickling and patience pages are not supported yet.\r
-\r
-<p>Following ICAP requirements, Squid never performs HTTP message adaptation without a successful and fresh ICAP OPTIONS response on file. A REQMOD or RESPMOD request will not be sent to a configured ICAP service until Squid receives a valid OPTIONS response from that service. If a service malfunctions or goes down, Squid may stop talking to the service for a while. Several squid.conf options can be used to tune the failure bypass algorithm (e.g., icap_service_failure_limit and icap_service_revival_delay). \r
-\r
-<p>The bypass parameter of the icap_service squid.conf option determines whether Squid will try to bypass service failures. Most connectivity and preview-stage failures can be bypassed.\r
-\r
-<p>More information about ICAP can be found from the ICAP-forum website <url url="http://www.icap-forum.org">\r
-\r
-<sect2>Edge Side Includes (ESI)\r
-\r
-<p>ESI is an open specification of an markup language enabling reverse proxies\r
-to perform some simple XML based processing, offloading the final page assembly from the webserver and similar tasks.\r
-\r
-<p>More information about ESI can be found from the ESI website <url url="http://www.esi.org">\r
-\r
-<sect1>2.6 features not found in Squid-3.0\r
-<p>\r
-Some of the features found in Squid-2.6 is not available in Squid-3.\r
-Some has been dropped as they are not needed. Some has not yet been forward-ported to Squid-3 and may appear in a later release.\r
-\r
-<itemize>\r
- <item>refresh_stale_hit option. Not yet ported.\r
- <item>ability to follow X-Forwarded-For. Not yet ported.\r
- <item>Full caching of Vary/ETag using If-None-Match. Only basic Vary cache supported. Not yet ported.\r
- <item>Mapping of server error messages. Not yet ported.\r
- <item>http_access2 access directive. Not yet ported.\r
- <item>Location header rewrites. Not yet ported.\r
- <item>umask directive. Not yet ported.\r
- <item>wais_relay. Feature dropped as it's equivalent to cache_peer + cache_peer_access.\r
- <item>urlgroup. Not yet ported.\r
- <item>collapsed forwarding. Not yet ported.\r
- <item>stable Windows support. Irregularly maintained.\r
-</itemize>\r
-\r
-<sect1>Logging changes\r
-<sect2>access.log\r
-<p>The TCP_REFRESH_HIT and TCP_REFRESH_MISS log types have been replaced because they were misleading (all refreshes need to query the origin server, so they could never be hits). The following log types have been introduced to replace them:\r
-\r
-<descrip>\r
- <tag>TCP_REFRESH_UNMODIFIED</tag>\r
- <p>The requested object was cached but STALE. The IMS query for the object resulted in "304 not modified".\r
- <tag>TCP_REFRESH_MODIFIED</tag>\r
- <p>The requested object was cached but STALE. The IMS query returned the new content.\r
-</descrip>\r
-<p>See <url url="http://www.squid-cache.org/Doc/FAQ/FAQ-6.html#ss6.7"> for a definition of all log types.\r
-\r
-\r
-\r
-\r
-<sect1>Changes to squid.conf\r
-<p>\r
-There have been many changes to Squid's configuration file since Squid-2.6.\r
-\r
-This section gives a thorough account of those changes in three categories:\r
-\r
-<itemize>\r
- <item><ref id="newtags" name="New tags">\r
- <item><ref id="modifiedtags" name="Changes to existing tags">\r
- <item><ref id="removedtags" name="Removed tags">\r
-</itemize>\r
-\r
-<p>\r
-\r
-\r
-\r
-<sect2>New tags<label id="newtags">\r
-\r
-<p>\r
-<descrip>\r
- <tag>minimum_icp_query_timeout (msec)</tag>\r
- <verb>\r
-Default: 5\r
-\r
-Normally the ICP query timeout is determined dynamically. But\r
-sometimes it can lead to very small timeouts, even lower than\r
-the normal latency variance on your link due to traffic.\r
-Use this option to put an lower limit on the dynamic timeout\r
-value. Do NOT use this option to always use a fixed (instead\r
-of a dynamic) timeout value. To set a fixed timeout see the\r
-'icp_query_timeout' directive.\r
- </verb>\r
- <tag>background_ping_rate</tag>\r
- <verb>\r
-Default: 10 seconds\r
-\r
-Controls how often the ICP pings are sent to siblings that\r
-have background-ping set.\r
- </verb>\r
-\r
- <tag>httpd_accel_surrogate_id</tag>\r
- <verb>\r
-Default: unset\r
-\r
-Surrogates (http://www.esi.org/architecture_spec_1.0.html)\r
-need an identification token to allow control targeting. Because\r
-a farm of surrogates may all perform the same tasks, they may share\r
-an identification token.\r
- </verb>\r
-\r
- <tag>http_accel_surrogate_remote on|off</tag>\r
- <verb>\r
-Default: off\r
-\r
-Remote surrogates (such as those in a CDN) honour Surrogate-Control: no-store-remote.\r
-Set this to on to have squid behave as a remote surrogate.\r
- </verb>\r
-\r
- <tag>esi_parser libxml2|expat|custom</tag>\r
- <verb>\r
-Default: custom\r
-\r
-ESI markup is not strictly XML compatible. The custom ESI parser\r
-will give higher performance, but cannot handle non ASCII character\r
-encodings.\r
- </verb>\r
-\r
- <tag>email_err_data on|off</tag>\r
- <verb>\r
-Default: on\r
-\r
-If enabled, information about the occurred error will be\r
-included in the mailto links of the ERR pages (if %W is set)\r
-so that the email body contains the data.\r
-Syntax is <A HREF="mailto:%w%W">%w</A>\r
- </verb>\r
-\r
- <tag>refresh_all_ims on|off</tag>\r
- <verb>\r
-Default: off\r
-\r
-When you enable this option, squid will always check\r
-the origin server for an update when a client sends an\r
-If-Modified-Since request. Many browsers use IMS\r
-requests when the user requests a reload, and this\r
-ensures those clients receive the latest version.\r
-\r
-By default (off), squid may return a Not Modified response\r
-based on the age of the cached version.\r
- </verb>\r
- <tag>request_header_access</tag>\r
- <p>Replaces the header_access directive of Squid-2.6 and earlier, but applies to requests only.\r
- <tag>reply_header_access</tag>\r
- <p>Replaces the header_access directive of Squid-2.6 and earlier, but applies to replies only.\r
-\r
- <tag>icap_enable on|off</tag>\r
- <verb>\r
-Default: off\r
-\r
-If you want to enable the ICAP module support, set this to on.\r
- </verb>\r
- <tag>icap_preview_enable on|off</tag>\r
- <verb>\r
-Default: off\r
-\r
-Set this to 'on' if you want to enable the ICAP preview\r
-feature in Squid.\r
- </verb>\r
- <tag>icap_preview_size</tag>\r
- <verb>\r
-Default: -1\r
-\r
-The default size of preview data to be sent to the ICAP server.\r
--1 means no preview. This value might be overwritten on a per server\r
-basis by OPTIONS requests.\r
- </verb>\r
- <tag>icap_default_options_ttl (seconds)</tag>\r
- <verb>\r
-Default: 60\r
-\r
-The default TTL value for ICAP OPTIONS responses that don't have\r
-an Options-TTL header.\r
- </verb>\r
- <tag>icap_persistent_connections on|off</tag>\r
- <verb>\r
-Default: on\r
-\r
-Whether or not Squid should use persistent connections to\r
-an ICAP server.\r
- </verb>\r
- <tag>icap_send_client_ip on|off</tag>\r
- <verb>\r
-Default: off\r
-\r
-This adds the header "X-Client-IP" to ICAP requests.\r
- </verb>\r
- <tag>icap_send_client_username on|off</tag>\r
- <verb>\r
-Default: off\r
-\r
-This adds the header "X-Client-Username" to ICAP requests\r
-if proxy access is authentified.\r
- </verb>\r
- <tag>icap_service</tag>\r
- <verb>\r
-Default: none\r
-\r
-Defines a single ICAP service\r
-\r
-icap_service servicename vectoring_point bypass service_url\r
-\r
-vectoring_point = reqmod_precache|reqmod_postcache|respmod_precache|respmod_postcache\r
-This specifies at which point of request processing the ICAP\r
-service should be plugged in.\r
-bypass = 1|0\r
-If set to 1 and the ICAP server cannot be reached, the request will go\r
-through without being processed by an ICAP server\r
-service_url = icap://servername:port/service\r
-\r
-Note: reqmod_precache and respmod_postcache is not yet implemented\r
-\r
-Example:\r
-icap_service service_1 reqmod_precache 0 icap://icap1.mydomain.net:1344/reqmod\r
-icap_service service_2 respmod_precache 0 icap://icap2.mydomain.net:1344/respmod\r
- </verb>\r
- <tag>icap_class</tag>\r
- <verb>\r
-Default: none\r
-\r
-Defines an ICAP service chain. If there are multiple services per\r
-vectoring point, they are processed in the specified order.\r
-\r
-icap_class classname servicename...\r
-\r
-Example:\r
-icap_class class_1 service_1 service_2\r
-icap class class_2 service_1 service_3\r
- </verb>\r
- <tag>icap_access</tag>\r
- <verb>\r
-Default: none\r
-\r
-Redirects a request through an ICAP service class, depending\r
-on given acls\r
-\r
-icap_access classname allow|deny [!]aclname...\r
-\r
-The icap_access statements are processed in the order they appear in\r
-this configuration file. If an access list matches, the processing stops.\r
-For an "allow" rule, the specified class is used for the request. A "deny"\r
-rule simply stops processing without using the class. You can also use the\r
-special classname "None".\r
-\r
-For backward compatibility, it is also possible to use services\r
-directly here.\r
-\r
-Example:\r
-icap_access class_1 allow all\r
- </verb>\r
-\r
- <tag>accept_filter</tag>\r
- <verb>\r
-The name of an accept(2) filter to install on Squid's\r
-listen socket(s). This feature is perhaps specific to\r
-FreeBSD and requires support in the kernel.\r
-\r
-The 'httpready' filter delays delivering new connections\r
-to Squid until a full HTTP request has been received.\r
-See the accf_http(9) man page.\r
- </verb>\r
-</descrip>\r
-\r
-\r
-<sect2>Changes to existing tags<label id="modifiedtags">\r
-<p>\r
-<descrip>\r
- <tag>http_port</tag>\r
- <p>New options:\r
- <verb>\r
- disable-pmtu-discovery=\r
- Control Path-MTU discovery usage:\r
- off lets OS decide on what to do (default).\r
- transparent disable PMTU discovery when transparent support is enabled.\r
- always disable always PMTU discovery.\r
-\r
- In many setups of transparently intercepting proxies Path-MTU\r
- discovery can not work on traffic towards the clients. This is\r
- the case when the intercepting device does not fully track\r
- connections and fails to forward ICMP must fragment messages\r
- to the cache server. If you have such setup and experience that\r
- certain clients sporadically hang or never complete requests set\r
- disable-pmtu-discovery option to 'transparent'.\r
- </verb>\r
- <p>Removed options:\r
- <verb>\r
- urlgroup=, not yet ported to Squid-3.\r
- \r
- no-connection-auth, not yet ported to Squid-3.\r
- </verb> \r
- <tag> https_port</tag>\r
- <p>Removed options:\r
- <verb>\r
- urlgroup=, not yet ported to Squid-3.\r
- </verb>\r
- <tag>cache_peer</tag>\r
- <p>New options:\r
- <verb>\r
- basetime=n\r
-\r
- background-ping\r
-\r
- weighted-round-robin\r
-\r
- use 'basetime=n' to specify a base amount to\r
- be subtracted from round trip times of parents.\r
- It is subtracted before division by weight in calculating\r
- which parent to fectch from. If the rtt is less than the\r
- base time the rtt is set to a minimal value.\r
-\r
- use 'background-ping' to only send ICP queries to this\r
- neighbor infrequently. This is used to keep the neighbor\r
- round trip time updated and is usually used in\r
- conjunction with weighted-round-robin.\r
-\r
- use 'weighted-round-robin' to define a set of parents\r
- which should be used in a round-robin fashion with the\r
- frequency of each parent being based on the round trip\r
- time. Closer parents are used more often.\r
- Usually used for background-ping parents.\r
-\r
- </verb>\r
- <p>Removed options:\r
- <verb>\r
- userhash, not yet ported to Squid-3\r
-\r
- sourcehash, not yet ported to Squid-2\r
-\r
- monitorurl, monitorsize etc, not yet ported to Squid-3\r
-\r
- connection-auth=, not yet ported to Squid-3\r
- </verb>\r
- <tag>cache_dir</tag>\r
- <p>Common options\r
- <verb>\r
- no-store, replaces the older read-only option\r
-\r
- min-size, not yet portedto Squid-3\r
- </verb>\r
- <p>COSS file system:\r
- <verb>\r
- The coss file store is experimental, and still lacks much\r
- of the functionality found in 2.6.\r
-\r
- overwrite-percent=n, not yet ported to Squid-3.\r
-\r
- max-stripe-waste=n, not yet ported to Squid-3.\r
-\r
- membufs=n, not yet ported to Squid-3.\r
-\r
- maxfullbufs=n, not yet ported to Squid-3.\r
- </verb>\r
- <tag>auth_param</tag>\r
- <p>Removed Basic auth option\r
- <verb>\r
- blankpasswor, not yet ported to squid-3.\r
- auth_param basic concurrency 0\r
- </verb>\r
- <p>Removed digest options:\r
- <verb>\r
- concurrency, not yet ported to Squid-3.\r
- </verb>\r
-\r
- <tag>external_acl_type</tag>\r
- <p>New format specifications:\r
- <verb>\r
- %URI Requested URI\r
-\r
- %PATH Requested URL path\r
- </verb>\r
- <P>Removed format specifications:\r
- <verb>\r
- %ACL, not yet ported to Squid-3\r
-\r
- %DATA, not yet ported to Squid-3\r
- </verb>\r
- <p>New result keywords:\r
- <verb>\r
- tag= Apply a tag to a request (for both ERR and OK results)\r
- Only sets a tag, does not alter existing tags.\r
- </verb>\r
-\r
- <tag>refresh_pattern</tag>\r
- <p>New options:\r
- <verb>\r
- ignore-no-store\r
- refresh-ims\r
-\r
- ignore-no-store ignores any ``Cache-control: no-store''\r
- headers received from a server. Doing this VIOLATES\r
- the HTTP standard. Enabling this feature could make you\r
- liable for problems which it causes.\r
-\r
- refresh-ims causes squid to contact the origin server\r
- when a client issues an If-Modified-Since request. This\r
- ensures that the client will receive an updated version\r
- if one is available.\r
- </verb>\r
- <tag>acl</tag>\r
- <p>New types:\r
- <verb>\r
- acl aclname http_status 200 301 500- 400-403 ... # status code in reply\r
-\r
- </verb>\r
- <p>Removed types:\r
- <verb>\r
- acl aclname urllogin [-i] [^a-zA-Z0-9] ... # regex matching on URL login field\r
-\r
- acl urlgroup group1 ...\r
- # match against the urlgroup as indicated by redirectors\r
-\r
- </verb>\r
- <tag>short_icon_urls</tag>\r
- <p>New default:\r
- <verb>\r
- Default: on\r
- (Old default: off)\r
- </verb>\r
- <tag>delay_class</tag>\r
- <p>New delay classes:\r
- <verb>\r
- class 4 Everything in a class 3 delay pool, with an\r
- additional limit on a per user basis. This\r
- only takes effect if the username is established\r
- in advance - by forcing authentication in your\r
- http_access rules.\r
-\r
- class 5 Requests are grouped according their tag (see\r
- external_acl's tag= reply).\r
- </verb>\r
-\r
- <tag>htcp_port</tag>\r
- <p>New default to require the feature to be enabled in squid.conf:\r
- <verb>\r
- Default: 0 (disabled)\r
- (Old default: 4827)\r
- </verb>\r
-\r
- <tag>icp_port</tag>\r
- <p>New default to require the feature to be enabled in squid.conf:\r
- <verb>\r
- Default: 0 (disabled)\r
- (Old default: 3130)\r
- </verb>\r
-\r
- <tag>snmp_port</tag>\r
- <p>New default to require the feature to be enabled in squid.conf:\r
- <verb>\r
- Default: 0 (disabled)\r
- (Old default: 3401)\r
- </verb>\r
-\r
- <tag>logformat</tag>\r
- <p>New format tags:\r
- <verb>\r
- rp Request URL-Path excluding hostname\r
-\r
- et Tag returned by external acl\r
-\r
- <sH Reply high offset sent\r
-\r
- <sS Upstream object size\r
- </verb>\r
-\r
- <p>Removed format tags:\r
- <verb>\r
- >st Request size including HTTP headers, not yet ported to Squid-3.\r
-\r
- st Request+Reply size including HTTP headers, not yet ported to Squid-3.\r
- </verb>\r
-\r
- <tag>reply_body_max_size</tag>\r
- <p>Syntax changed:\r
- <verb>\r
- reply_body_max_size size [acl acl...]\r
- </verb>\r
- <p>allow/deny no longer used.\r
-\r
- <tag>url_rewrite_program</tag>\r
- <p>No urlgroup support in either requests or responese\r
-</descrip>\r
-\r
-\r
-\r
-\r
-<sect2>Removed tags<label id="removedtags">\r
-<p>\r
-<descrip>\r
- <tag>broken_vary_encoding</tag>\r
- <p>Not yet ported to Squid-3.\r
- <tag>cache_vary</tag>\r
- <p>Not yet ported to Squid-3.\r
- <tag>collapsed_forwarding</tag>\r
- <p>Not yet ported to Squid-3.\r
- <tag>follow_x_forwarded_for</tag>\r
- <p>Not yet ported to Squid-3.\r
- <tag>*_uses_indirect_client</tag>\r
- <p>Not yet ported to Squid-3.\r
- <tag>error_map</tag>\r
- <p>Not yet ported to Squid-3.\r
- <tag>header_access</tag>\r
- <p>This has been replaced by request_header_access and reply_header_access\r
- <tag>http_access2</tag>\r
- <p>Not yet ported to Squid-3.\r
- <tag>httpd_accel_no_pmtu_disc</tag>\r
- <p>Replaced by disable-pmtu-discovery http_port option\r
- <tag>location_rewrite_*</tag>\r
- <p>Not yet ported to Squid-3.\r
- <tag>refresh_stale_hit</tag>\r
- <p>Not yet ported to Squid-3.\r
- <tag>umask</tag>\r
- <p>Not yet ported to Squid-3.\r
- <tag>wais_relay_*</tag>\r
- <p>equivalent to cache_peer + cache_peer_access.\r
-</descrip>\r
-\r
-\r
-<sect1>Changes to ./configure Options\r
-<p>\r
-There have been some changes to Squid's build configuration since Squid-2.6.\r
-\r
-This section gives an account of those changes in three categories:\r
-\r
-<itemize>\r
- <item><ref id="newoptions" name="New options">\r
- <item><ref id="modifiedoptions" name="Changes to existing options">\r
- <item><ref id="notportedoptions" name="Not yet available options">\r
- <item><ref id="removedoptions" name="Removed options">\r
-</itemize>\r
-<p>\r
-\r
-\r
-<sect2>New options<label id="newoptions">\r
-\r
-<p>\r
-<descrip>\r
- <tag>--enable-shared[=PKGS]</tag>\r
- <p>Build shared libraries. The default is to build without.</p>\r
-\r
- <tag>--enable-static[=PKGS]</tag>\r
- <p>Build static libraries. The default is on.</p>\r
-\r
- <tag>--enable-fast-install[=PKGS]</tag>\r
- <verb>Optimize for fast installation\r
- default: yes</verb>\r
-\r
- <tag>--disable-libtool-lock</tag>\r
- <p>Avoid locking (might break parallel builds)</p>\r
-\r
- <tag>--disable-optimizations</tag>\r
- <p>Don't compile Squid with compiler optimizations enabled.\r
- Optimization is good for production builds, but not\r
- good for debugging. During development, use\r
- --disable-optimizations to reduce compilation times\r
- and allow easier debugging. This option implicitly\r
- also enables --disable-inline</p>\r
-\r
- <tag>--disable-inline</tag>\r
- <p>Don't compile trivial methods as inline. Squid\r
- is coded with much of the code able to be inlined.\r
- Inlining is good for production builds, but not\r
- good for development. During development, use\r
- --disable-inline to reduce compilation times and\r
- allow incremental builds to be quick. For\r
- production builds, or load tests, use\r
- --enable-inline to have squid make all trivial\r
- methods inlinable by the compiler.</p>\r
-\r
- <tag>--enable-debug-cbdata</tag>\r
- <p>Provide some debug information in cbdata</p>\r
-\r
- <tag>--enable-disk-io=\"list of modules\"</tag>\r
- <p>Build support for the list of disk I/O modules.\r
- The default is only to build the "Blocking" module.\r
- See src/DiskIO for a list of available modules, or\r
- Programmers Guide for details on how to build your\r
- custom disk module.</p>\r
-\r
- <tag>--enable-esi</tag>\r
- <p>Enable ESI for accelerators. Requires libexpat.\r
- Enabling ESI will cause squid to follow the Edge\r
- Acceleration Specification (www.esi.org). This\r
- causes squid to IGNORE client Cache-Control headers.</p>\r
- <p><em>DO NOT</em> use this in a squid configured as a web\r
- proxy, ONLY use it in a squid configured for\r
- webserver acceleration.</p>\r
-\r
- <tag>--enable-icap-client</tag>\r
- <p>Enable the ICAP client.</p>\r
-\r
- <tag>--disable-snmp</tag>\r
- <p>Disable SNMP monitoring support which is now built by default.</p>\r
-\r
- <tag>--disable-htcp</tag>\r
- <p>Disable HTCP protocol support which is now built by default.</p>\r
-\r
- <tag>--enable-kqueue</tag>\r
- <p>Enable kqueue() support. Marked as experimental in 3.0.</p>\r
-\r
- <tag>--enable-ipfw-transparent</tag>\r
- <p>Enable Transparent Proxy support for systems\r
- using FreeBSD IPFW style redirection.</p>\r
-\r
- <tag>--disable-mempools</tag>\r
- <p>Disable memPools. Note that this option now simply sets the\r
- default behaviour. Specific classes can override this at runtime, and\r
- only lib/MemPool.c needs to be altered to change the squid-wide\r
- default for all classes.</p>\r
-\r
- <tag>--enable-cpu-profiling</tag>\r
- <p>This option allows you to see which internal functions\r
- in Squid are consuming how much CPU. Compiles in probes\r
- that measure time spent in probed functions. Needs\r
- source modifications to add new probes. This is meant\r
- for developers to assist in performance optimisations\r
- of Squid internal functions.</p>\r
- <p>If you are not developer and not interested in the stats\r
- you shouldn't enable this, as overhead added, although\r
- small, is still overhead. See lib/Profiler.c for more.</p>\r
-\r
- <tag>--with-gnu-ld</tag>\r
- <p>Assume the C compiler uses GNU ld. The default is to auto-detect.</p>\r
-\r
- <tag>--with-pic</tag>\r
- <p>Try to use only PIC/non-PIC objects. The default is to use both.</p>\r
-\r
- <tag>--with-tags[=TAGS]</tag>\r
- <p>Include additional configurations. The default is automatic.</p>\r
-\r
- <tag>--with-default-user=USER</tag>\r
- <p>Sets the default System User account for squid permissions.\r
- The default is 'nobody' as in other releases of squid.</p>\r
-\r
- <tag>--with-cppunit-basedir=[PATH]</tag>\r
- <p>Path where the cppunit headers and libraries are found\r
- for unit testing. The default is automatic detection.</p>\r
- <p>NOTE: Since 3.0-PRE6 and 2.6STABLE14 squid no longer comes\r
- bundled with CPPUnit. Compile-time validation will be disabled\r
- if it is not installed on your system.</p>\r
-\r
-</descrip>\r
-</p>\r
-\r
-<sect2>Changes to existing options<label id="modifiedoptions">\r
-\r
-<p>\r
-<descrip>\r
- <tag>--enable-carp</tag>\r
- <p>CARP support is now built by default.\r
- --disable-carp can be used to build without it.</p>\r
-\r
- <tag>--enable-htcp</tag>\r
- <p>HTCP protocol support is now built by default.\r
- Use --disable-htcp to build without it.</p>\r
-\r
- <tag>--enable-snmp</tag>\r
- <p>SNMP monitoring is now build by default.\r
- Use --disable-snmp to build without it.</p>\r
-\r
- <tag>--enable-heap-replacement</tag>\r
- <p>Please use --enable-removal-policies directive instead.</p>\r
-\r
- <tag>--with-maxfd=N</tag>\r
- <p>Replaced by --with-filedescriptors=N</p>\r
- <p>Override maximum number of filedescriptors. Useful\r
- if you build as another user who is not privileged\r
- to use the number of filedescriptors you want the\r
- resulting binary to support</p>\r
-\r
- <tag>--enable-select</tag>\r
- <p>Deprecated.\r
- Automatic checks will enable best I/O loop method available.</p>\r
-\r
- <tag>--enable-epoll</tag>\r
- <p>Deprecated.\r
- Automatic checks will enable best I/O loop method available.</p>\r
-\r
- <tag>--enable-poll</tag>\r
- <p>Deprecated.\r
- Automatic checks will enable best I/O loop method available.</p>\r
-\r
- <tag>--enable-kqueue</tag>\r
- <p>kqueue support is marked Experimental in Squid 3.0. Known to have some issues under load.</p>\r
-\r
-</descrip>\r
-</p>\r
-\r
-<sect2>Not yet available options<label id="notportedoptions">\r
-\r
-<p>These configure options have not yet been ported to Squid-3. If you need something to do then\r
-porting one of these from Squid-2 to Squid-3 is most welcome.\r
-\r
-<descrip>\r
- <tag>--enable-devpoll</tag>\r
- <p>Support for Solaris /dev/poll</p>\r
-\r
- <tag>--enable-select-simple</tag>\r
- <p>Basic POSIX select() loop without any binary fd_set optimizations.</p>\r
-\r
- <tag>--enable-follow-x-forwarded-for</tag>\r
- <p>Support following the X-Forwarded-For HTTP header for determining the\r
- client IP address</p>\r
-</descrip>\r
-\r
-<sect2>Removed options<label id="removedoptions">\r
-\r
-<p>The following configure options have been removed.\r
-\r
-<descrip>\r
- <tag>--enable-dlmalloc</tag>\r
- <p>Most OS:es have good malloc implementations these days, and the version we used to ship with Squid was very very old..</p>\r
- <tag>--enable-mempool-debug</tag>\r
- <p>Debug option, not needed and therefore removed.</p>\r
- <tag>--enable-forward-log</tag>\r
- <p>Rarely used extra log file. Removed.</p>\r
- <tag>--enable-multicast-miss</tag>\r
- <p>Rarely used feature, and multicast ICP acheives almost the same result. Removed.</p>\r
- <tag>--enable-coss-aio-ops</tag>\r
- <p>Specific to the COSS implementation in Squid-2</p>\r
- <tag>--enable-large-cache-files</tag>\r
- <p>Now enabled by default. Configure option was redundant and therefore removed.\r
- <tag>--enable-truncate</tag>\r
- <p>Known to cause race conditions where cache objects may get corrupted, and this for at most a marginal performance improvement. Removed.</p>\r
-\r
-</descrip>\r
-\r
-</article>\r
+<!doctype linuxdoc system>
+<article>
+<title>Squid 3.0.RC1 release notes</title>
+<author>Squid Developers</author>
+<date>$Id: release-3.0.sgml,v 1.31 2007/12/14 05:34:16 amosjeffries Exp $</date>
+
+<abstract>
+This document contains the release notes for version 3.0 of Squid.
+Squid is a WWW Cache application developed by the National Laboratory
+for Applied Network Research and members of the Web Caching community.
+</abstract>
+
+<toc>
+
+<sect>Notice
+<p>
+The Squid Team are pleased to announce the release of Squid-3.0.RC1 for pre-release testing.
+
+This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.0/"> or the <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
+
+A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support.
+While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
+
+We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d"> for how to submit a report with a stack trace.
+
+<sect>Known issues
+<p>
+Although this release is deemed good enough for testing in many setups, please note the existence of <url url="http://www.squid-cache.org/bugs/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&target_milestone=3.0&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=bugs.bug_severity&field0-0-0=noop&type0-0-0=noop&value0-0-0=" name="open bugs against Squid-3.0">.
+
+<sect>Changes since earlier releases of Squid-3.0
+<p>
+The 3.0 change history can be <url url="http://www.squid-cache.org/Versions/v3/3.0/changesets/" name="viewed here">.
+
+<sect>Changes since Squid-2.6
+
+<sect1>Major new features
+<p>
+Squid 3.0 represents a major rewrite of Squid and has a number of new features.
+
+The most important of these are:
+
+<itemize>
+ <item>Code converted to C++, with significant internal restructuring and rewrites.
+ <item>ICAP implementation (RFC 3507 and www.icap-forum.org)
+ <item>Edge Side Includes (ESI) implementation (www.esi.org)
+</itemize>
+
+Most user-facing changes are reflected in squid.conf (see below).
+
+<sect2>Internet Content Adaptation Protocol (ICAP)
+
+<p>Squid 3.0 supports ICAP/1.0. To enable ICAP support, use the --enable-icap-client ./configure option and icap_enable squid.conf option. You will also need to configure ICAP services in your squid.conf using icap_service, icap_class, and icap_access options. The following example instructs Squid to talk to two ICAP services, one for request and one for response adaptation:
+
+<verb>
+icap_enable on
+icap_service service_req reqmod_precache 1 icap://127.0.0.1:1344/request
+icap_service service_resp respmod_precache 0 icap://127.0.0.1:1344/response
+icap_class class_req service_req
+icap_class class_resp service_resp
+icap_access class_req allow all
+icap_access class_resp allow all
+</verb>
+
+<p>Please see squid.conf.default for more details about these and many other icap_* options.
+
+<p>Squid supports pre-cache request and pre-cache response vectoring points. The following ICAP features are supported: message preview, 204 responses outside of preview, request satisfaction, X-Transfer-* negotiation, persistent ICAP connections, client IP/credentials sharing, and optional bypass of certain service failures.
+
+<p>No more than one ICAP service can be applied to an HTTP message. In other words, chaining or load balancing multiple services is not yet supported.
+
+<p>Proxy-directed data trickling and patience pages are not supported yet.
+
+<p>Following ICAP requirements, Squid never performs HTTP message adaptation without a successful and fresh ICAP OPTIONS response on file. A REQMOD or RESPMOD request will not be sent to a configured ICAP service until Squid receives a valid OPTIONS response from that service. If a service malfunctions or goes down, Squid may stop talking to the service for a while. Several squid.conf options can be used to tune the failure bypass algorithm (e.g., icap_service_failure_limit and icap_service_revival_delay).
+
+<p>The bypass parameter of the icap_service squid.conf option determines whether Squid will try to bypass service failures. Most connectivity and preview-stage failures can be bypassed.
+
+<p>More information about ICAP can be found from the ICAP-forum website <url url="http://www.icap-forum.org">
+
+<sect2>Edge Side Includes (ESI)
+
+<p>ESI is an open specification of an markup language enabling reverse proxies
+to perform some simple XML based processing, offloading the final page assembly from the webserver and similar tasks.
+
+<p>More information about ESI can be found from the ESI website <url url="http://www.esi.org">
+
+<sect1>2.6 features not found in Squid-3.0
+<p>
+Some of the features found in Squid-2.6 is not available in Squid-3.
+Some has been dropped as they are not needed. Some has not yet been forward-ported to Squid-3 and may appear in a later release.
+
+<itemize>
+ <item>refresh_stale_hit option. Not yet ported.
+ <item>ability to follow X-Forwarded-For. Not yet ported.
+ <item>Full caching of Vary/ETag using If-None-Match. Only basic Vary cache supported. Not yet ported.
+ <item>Mapping of server error messages. Not yet ported.
+ <item>http_access2 access directive. Not yet ported.
+ <item>Location header rewrites. Not yet ported.
+ <item>umask directive. Not yet ported.
+ <item>wais_relay. Feature dropped as it's equivalent to cache_peer + cache_peer_access.
+ <item>urlgroup. Not yet ported.
+ <item>collapsed forwarding. Not yet ported.
+ <item>stable Windows support. Irregularly maintained.
+</itemize>
+
+<sect1>Logging changes
+<sect2>access.log
+<p>The TCP_REFRESH_HIT and TCP_REFRESH_MISS log types have been replaced because they were misleading (all refreshes need to query the origin server, so they could never be hits). The following log types have been introduced to replace them:
+
+<descrip>
+ <tag>TCP_REFRESH_UNMODIFIED</tag>
+ <p>The requested object was cached but STALE. The IMS query for the object resulted in "304 not modified".
+ <tag>TCP_REFRESH_MODIFIED</tag>
+ <p>The requested object was cached but STALE. The IMS query returned the new content.
+</descrip>
+<p>See <url url="http://www.squid-cache.org/Doc/FAQ/FAQ-6.html#ss6.7"> for a definition of all log types.
+
+<sect>Windows support
+
+<p>This Squid version can run on Windows as a system service using the Cygwin emulation environment,
+or can be compiled in Windows native mode using the MinGW + MSYS development environment. Windows NT 4 SP4 and later are supported.
+
+On Windows 2000 and later the service is configured to use the Windows Service Recovery option
+restarting automatically after 60 seconds.
+
+<sect1>Usage
+
+<p>Some new command line options was added for the Windows service support:
+
+The service installation is made with -i command line switch, it's possible to use -f switch at
+the same time for specify a different config-file settings for the Squid Service that will be
+stored on the Windows Registry.
+
+A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed.
+<em/"Squid"/ is the default when the switch is not used.
+
+So, to install the service, the syntax is:
+
+<p><verb>squid -i [-f file] [-n name]</verb>
+
+Service uninstallation is made with -r command line switch with the appropriate -n switch.
+
+The -k switch family must be used with the appropriate -f and -n switches, so the syntax is:
+
+<verb>squid -k command [-f file] -n service-name</verb>
+where <em/service-name/ is the name specified with -n options at service install time.
+
+To use the Squid original command line, the new -O switch must be used ONCE, the syntax is:
+
+<verb>squid -O cmdline [-n service-name]</verb>
+If multiple service command line options must be specified, use quote. The -n switch is
+needed only when a non default service name is in use.
+
+Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are
+specific to Windows services functionality and Squid is not designed for understand they.
+
+In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130":
+
+<verb>squid -O "-D -u 3130" -n squidsvc</verb>
+
+<sect1>PSAPI.DLL (Process Status Helper) Considerations
+
+<p>The process status helper functions make it easier for you to obtain information about
+processes and device drivers running on Microsoft® Windows NT®/Windows® 2000. These
+functions are available in PSAPI.DLL, which is distributed in the Microsoft® Platform
+Software Development Kit (SDK). The same information is generally available through the
+performance data in the registry, but it is more difficult to get to it. PSAPI.DLL is
+freely redistributable.
+
+PSAPI.DLL is available only on Windows NT, 2000, XP and 2003. The implementation in Squid is
+aware of this, and try to use it only on the right platform.
+
+On Windows NT PSAPI.DLL can be found as component of many applications, if you need it,
+you can find it on Windows NT Resource KIT. If you have problem, it can be
+downloaded from here:
+<url url="http://download.microsoft.com/download/platformsdk/Redist/4.0.1371.1/NT4/EN-US/psinst.EXE" name="http://download.microsoft.com/download/platformsdk/Redist/4.0.1371.1/NT4/EN-US/psinst.EXE">
+
+On Windows 2000 and later it is available installing the Windows Support Tools, located on the
+Support\Tools folder of the installation Windows CD-ROM.
+
+<sect1>Registry DNS lookup
+
+<p>On Windows platforms, if no value is specified in the <em/dns_nameservers/ option on
+squid.conf or in the /etc/resolv.conf file, the list of DNS name servers are
+taken from the Windows registry, both static and dynamic DHCP configurations
+are supported.
+
+<sect1>Compatibility Notes
+<p><itemize>
+<item>It's recommended to use '/' char in Squid paths instead of '\'
+<item>Paths with spaces (like 'C:\Programs Files\Squid) are NOT supported by Squid
+<item>Include wildcard patterns in squid.conf are NOT supported on Windows
+<item>When using ACL like 'acl aclname acltype "file"' the file must be in DOS text
+format (CR+LF) and the full Windows path must be specified, for example:
+
+<verb>acl blocklist url_regex -i "c:/squid/etc/blocked1.txt"</verb>
+
+<item>The Windows equivalent of '/dev/null' is 'NUL'
+<item>Squid doesn't know how to run external helpers based on scripts, like .bat, .cmd,
+.vbs, .pl, etc. So in squid.conf the interpreter path must be always specified, for example:
+
+<verb>redirect_program c:/perl/bin/perl.exe c:/squid/libexec/redir.pl
+redirect_program c:/winnt/system32/cmd.exe /C c:/squid/libexec/redir.cmd</verb>
+<item>When Squid runs in command line mode, the launching user account must have administrative privilege on the system
+<item>"Start parameters" in the Windows 2000/XP/2003 Service applet cannot be used
+<item>Building with MinGW, when the configure option --enable-truncate is used, Squid cannot run on Windows NT, only Windows 2000 and later are supported
+</itemize>
+
+<sect1>Known Limitations
+
+<p><itemize>
+<item>DISKD: still needs to be ported
+<item>WCCP: cannot work because user space GRE support on Windows is missing
+<item>Transparent Proxy: missing Windows non commercial interception driver
+<item>Some code sections can make blocking calls.
+<item>Some external helpers may not work.
+<item>File Descriptors number hard-limited to 2048 when building with MinGW.
+</itemize>
+
+<sect1>Using cache manager on Windows
+
+<p>On Windows, cache manager (cachemgr.cgi) can be used with Microsoft IIS or Apache.
+Some specific configuration could be needed:
+
+<sect2>IIS 6 (Windows 2003)
+<p>On IIS 6.0 all CGI extensions are denied by default for security reason, so the following configuration is needed:
+<p><itemize>
+<item>Create a cgi-bin Directory
+<item>Define the cgi-bin IIS Virtual Directory with read and CGI execute IIS
+permissions, ASP scripts are not needed. This automatically defines a
+cgi-bin IIS web application
+<item>Copy cachemgr.cgi into cgi-bin directory and look to file permissions:
+the IIS system account and SYSTEM must be able to read and execute the file
+<item>In IIS manager go to Web Service extensions and add a new Web Service
+Extension called <em/"Squid Cachemgr"/, add the cachemgr.cgi file and set the
+extension status to <em/Allowed/
+</itemize>
+
+<sect2>Apache:
+<p>On Windows, cachemgr.cgi needs to create a temporary file, so Apache must be instructed
+ to pass the TMP and TEMP Windows environment variables to CGI applications:
+<verb>
+ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"
+<Location /squid/cgi-bin/cachemgr.cgi>
+ PassEnv TMP TEMP
+ Order allow,deny
+ Allow from workstation.example.com
+</Location>
+</verb>
+
+
+
+<sect1>Changes to squid.conf
+<p>
+There have been many changes to Squid's configuration file since Squid-2.6.
+
+This section gives a thorough account of those changes in three categories:
+
+<itemize>
+ <item><ref id="newtags" name="New tags">
+ <item><ref id="modifiedtags" name="Changes to existing tags">
+ <item><ref id="removedtags" name="Removed tags">
+</itemize>
+
+<p>
+
+
+
+<sect2>New tags<label id="newtags">
+
+<p>
+<descrip>
+ <tag>minimum_icp_query_timeout (msec)</tag>
+ <verb>
+Default: 5
+
+Normally the ICP query timeout is determined dynamically. But
+sometimes it can lead to very small timeouts, even lower than
+the normal latency variance on your link due to traffic.
+Use this option to put an lower limit on the dynamic timeout
+value. Do NOT use this option to always use a fixed (instead
+of a dynamic) timeout value. To set a fixed timeout see the
+'icp_query_timeout' directive.
+ </verb>
+ <tag>background_ping_rate</tag>
+ <verb>
+Default: 10 seconds
+
+Controls how often the ICP pings are sent to siblings that
+have background-ping set.
+ </verb>
+
+ <tag>httpd_accel_surrogate_id</tag>
+ <verb>
+Default: unset
+
+Surrogates (http://www.esi.org/architecture_spec_1.0.html)
+need an identification token to allow control targeting. Because
+a farm of surrogates may all perform the same tasks, they may share
+an identification token.
+ </verb>
+
+ <tag>http_accel_surrogate_remote on|off</tag>
+ <verb>
+Default: off
+
+Remote surrogates (such as those in a CDN) honour Surrogate-Control: no-store-remote.
+Set this to on to have squid behave as a remote surrogate.
+ </verb>
+
+ <tag>esi_parser libxml2|expat|custom</tag>
+ <verb>
+Default: custom
+
+ESI markup is not strictly XML compatible. The custom ESI parser
+will give higher performance, but cannot handle non ASCII character
+encodings.
+ </verb>
+
+ <tag>email_err_data on|off</tag>
+ <verb>
+Default: on
+
+If enabled, information about the occurred error will be
+included in the mailto links of the ERR pages (if %W is set)
+so that the email body contains the data.
+Syntax is <A HREF="mailto:%w%W">%w</A>
+ </verb>
+
+ <tag>refresh_all_ims on|off</tag>
+ <verb>
+Default: off
+
+When you enable this option, squid will always check
+the origin server for an update when a client sends an
+If-Modified-Since request. Many browsers use IMS
+requests when the user requests a reload, and this
+ensures those clients receive the latest version.
+
+By default (off), squid may return a Not Modified response
+based on the age of the cached version.
+ </verb>
+ <tag>request_header_access</tag>
+ <p>Replaces the header_access directive of Squid-2.6 and earlier, but applies to requests only.
+ <tag>reply_header_access</tag>
+ <p>Replaces the header_access directive of Squid-2.6 and earlier, but applies to replies only.
+
+ <tag>icap_enable on|off</tag>
+ <verb>
+Default: off
+
+If you want to enable the ICAP module support, set this to on.
+ </verb>
+ <tag>icap_preview_enable on|off</tag>
+ <verb>
+Default: off
+
+Set this to 'on' if you want to enable the ICAP preview
+feature in Squid.
+ </verb>
+ <tag>icap_preview_size</tag>
+ <verb>
+Default: -1
+
+The default size of preview data to be sent to the ICAP server.
+-1 means no preview. This value might be overwritten on a per server
+basis by OPTIONS requests.
+ </verb>
+ <tag>icap_default_options_ttl (seconds)</tag>
+ <verb>
+Default: 60
+
+The default TTL value for ICAP OPTIONS responses that don't have
+an Options-TTL header.
+ </verb>
+ <tag>icap_persistent_connections on|off</tag>
+ <verb>
+Default: on
+
+Whether or not Squid should use persistent connections to
+an ICAP server.
+ </verb>
+ <tag>icap_send_client_ip on|off</tag>
+ <verb>
+Default: off
+
+This adds the header "X-Client-IP" to ICAP requests.
+ </verb>
+ <tag>icap_send_client_username on|off</tag>
+ <verb>
+Default: off
+
+This adds the header "X-Client-Username" to ICAP requests
+if proxy access is authentified.
+ </verb>
+ <tag>icap_service</tag>
+ <verb>
+Default: none
+
+Defines a single ICAP service
+
+icap_service servicename vectoring_point bypass service_url
+
+vectoring_point = reqmod_precache|reqmod_postcache|respmod_precache|respmod_postcache
+This specifies at which point of request processing the ICAP
+service should be plugged in.
+bypass = 1|0
+If set to 1 and the ICAP server cannot be reached, the request will go
+through without being processed by an ICAP server
+service_url = icap://servername:port/service
+
+Note: reqmod_precache and respmod_postcache is not yet implemented
+
+Example:
+icap_service service_1 reqmod_precache 0 icap://icap1.mydomain.net:1344/reqmod
+icap_service service_2 respmod_precache 0 icap://icap2.mydomain.net:1344/respmod
+ </verb>
+ <tag>icap_class</tag>
+ <verb>
+Default: none
+
+Defines an ICAP service chain. If there are multiple services per
+vectoring point, they are processed in the specified order.
+
+icap_class classname servicename...
+
+Example:
+icap_class class_1 service_1 service_2
+icap class class_2 service_1 service_3
+ </verb>
+ <tag>icap_access</tag>
+ <verb>
+Default: none
+
+Redirects a request through an ICAP service class, depending
+on given acls
+
+icap_access classname allow|deny [!]aclname...
+
+The icap_access statements are processed in the order they appear in
+this configuration file. If an access list matches, the processing stops.
+For an "allow" rule, the specified class is used for the request. A "deny"
+rule simply stops processing without using the class. You can also use the
+special classname "None".
+
+For backward compatibility, it is also possible to use services
+directly here.
+
+Example:
+icap_access class_1 allow all
+ </verb>
+
+ <tag>accept_filter</tag>
+ <verb>
+The name of an accept(2) filter to install on Squid's
+listen socket(s). This feature is perhaps specific to
+FreeBSD and requires support in the kernel.
+
+The 'httpready' filter delays delivering new connections
+to Squid until a full HTTP request has been received.
+See the accf_http(9) man page.
+ </verb>
+</descrip>
+
+
+<sect2>Changes to existing tags<label id="modifiedtags">
+<p>
+<descrip>
+ <tag>http_port</tag>
+ <p>New options:
+ <verb>
+ disable-pmtu-discovery=
+ Control Path-MTU discovery usage:
+ off lets OS decide on what to do (default).
+ transparent disable PMTU discovery when transparent support is enabled.
+ always disable always PMTU discovery.
+
+ In many setups of transparently intercepting proxies Path-MTU
+ discovery can not work on traffic towards the clients. This is
+ the case when the intercepting device does not fully track
+ connections and fails to forward ICMP must fragment messages
+ to the cache server. If you have such setup and experience that
+ certain clients sporadically hang or never complete requests set
+ disable-pmtu-discovery option to 'transparent'.
+ </verb>
+ <p>Removed options:
+ <verb>
+ urlgroup=, not yet ported to Squid-3.
+
+ no-connection-auth, not yet ported to Squid-3.
+ </verb>
+ <tag> https_port</tag>
+ <p>Removed options:
+ <verb>
+ urlgroup=, not yet ported to Squid-3.
+ </verb>
+ <tag>cache_peer</tag>
+ <p>New options:
+ <verb>
+ basetime=n
+
+ background-ping
+
+ weighted-round-robin
+
+ use 'basetime=n' to specify a base amount to
+ be subtracted from round trip times of parents.
+ It is subtracted before division by weight in calculating
+ which parent to fectch from. If the rtt is less than the
+ base time the rtt is set to a minimal value.
+
+ use 'background-ping' to only send ICP queries to this
+ neighbor infrequently. This is used to keep the neighbor
+ round trip time updated and is usually used in
+ conjunction with weighted-round-robin.
+
+ use 'weighted-round-robin' to define a set of parents
+ which should be used in a round-robin fashion with the
+ frequency of each parent being based on the round trip
+ time. Closer parents are used more often.
+ Usually used for background-ping parents.
+
+ </verb>
+ <p>Removed options:
+ <verb>
+ userhash, not yet ported to Squid-3
+
+ sourcehash, not yet ported to Squid-2
+
+ monitorurl, monitorsize etc, not yet ported to Squid-3
+
+ connection-auth=, not yet ported to Squid-3
+ </verb>
+ <tag>cache_dir</tag>
+ <p>Common options
+ <verb>
+ no-store, replaces the older read-only option
+
+ min-size, not yet portedto Squid-3
+ </verb>
+ <p>COSS file system:
+ <verb>
+ The coss file store is experimental, and still lacks much
+ of the functionality found in 2.6.
+
+ overwrite-percent=n, not yet ported to Squid-3.
+
+ max-stripe-waste=n, not yet ported to Squid-3.
+
+ membufs=n, not yet ported to Squid-3.
+
+ maxfullbufs=n, not yet ported to Squid-3.
+ </verb>
+ <tag>auth_param</tag>
+ <p>Removed Basic auth option
+ <verb>
+ blankpasswor, not yet ported to squid-3.
+ auth_param basic concurrency 0
+ </verb>
+ <p>Removed digest options:
+ <verb>
+ concurrency, not yet ported to Squid-3.
+ </verb>
+
+ <tag>external_acl_type</tag>
+ <p>New format specifications:
+ <verb>
+ %URI Requested URI
+
+ %PATH Requested URL path
+ </verb>
+ <P>Removed format specifications:
+ <verb>
+ %ACL, not yet ported to Squid-3
+
+ %DATA, not yet ported to Squid-3
+ </verb>
+ <p>New result keywords:
+ <verb>
+ tag= Apply a tag to a request (for both ERR and OK results)
+ Only sets a tag, does not alter existing tags.
+ </verb>
+
+ <tag>refresh_pattern</tag>
+ <p>New options:
+ <verb>
+ ignore-no-store
+ refresh-ims
+
+ ignore-no-store ignores any ``Cache-control: no-store''
+ headers received from a server. Doing this VIOLATES
+ the HTTP standard. Enabling this feature could make you
+ liable for problems which it causes.
+
+ refresh-ims causes squid to contact the origin server
+ when a client issues an If-Modified-Since request. This
+ ensures that the client will receive an updated version
+ if one is available.
+ </verb>
+ <tag>acl</tag>
+ <p>New types:
+ <verb>
+ acl aclname http_status 200 301 500- 400-403 ... # status code in reply
+
+ </verb>
+ <p>Removed types:
+ <verb>
+ acl aclname urllogin [-i] [^a-zA-Z0-9] ... # regex matching on URL login field
+
+ acl urlgroup group1 ...
+ # match against the urlgroup as indicated by redirectors
+
+ </verb>
+ <tag>short_icon_urls</tag>
+ <p>New default:
+ <verb>
+ Default: on
+ (Old default: off)
+ </verb>
+ <tag>delay_class</tag>
+ <p>New delay classes:
+ <verb>
+ class 4 Everything in a class 3 delay pool, with an
+ additional limit on a per user basis. This
+ only takes effect if the username is established
+ in advance - by forcing authentication in your
+ http_access rules.
+
+ class 5 Requests are grouped according their tag (see
+ external_acl's tag= reply).
+ </verb>
+
+ <tag>htcp_port</tag>
+ <p>New default to require the feature to be enabled in squid.conf:
+ <verb>
+ Default: 0 (disabled)
+ (Old default: 4827)
+ </verb>
+
+ <tag>icp_port</tag>
+ <p>New default to require the feature to be enabled in squid.conf:
+ <verb>
+ Default: 0 (disabled)
+ (Old default: 3130)
+ </verb>
+
+ <tag>snmp_port</tag>
+ <p>New default to require the feature to be enabled in squid.conf:
+ <verb>
+ Default: 0 (disabled)
+ (Old default: 3401)
+ </verb>
+
+ <tag>logformat</tag>
+ <p>New format tags:
+ <verb>
+ rp Request URL-Path excluding hostname
+
+ et Tag returned by external acl
+
+ <sH Reply high offset sent
+
+ <sS Upstream object size
+ </verb>
+
+ <p>Removed format tags:
+ <verb>
+ >st Request size including HTTP headers, not yet ported to Squid-3.
+
+ st Request+Reply size including HTTP headers, not yet ported to Squid-3.
+ </verb>
+
+ <tag>reply_body_max_size</tag>
+ <p>Syntax changed:
+ <verb>
+ reply_body_max_size size [acl acl...]
+ </verb>
+ <p>allow/deny no longer used.
+
+ <tag>url_rewrite_program</tag>
+ <p>No urlgroup support in either requests or responese
+</descrip>
+
+
+
+
+<sect2>Removed tags<label id="removedtags">
+<p>
+<descrip>
+ <tag>broken_vary_encoding</tag>
+ <p>Not yet ported to Squid-3.
+ <tag>cache_vary</tag>
+ <p>Not yet ported to Squid-3.
+ <tag>collapsed_forwarding</tag>
+ <p>Not yet ported to Squid-3.
+ <tag>follow_x_forwarded_for</tag>
+ <p>Not yet ported to Squid-3.
+ <tag>*_uses_indirect_client</tag>
+ <p>Not yet ported to Squid-3.
+ <tag>error_map</tag>
+ <p>Not yet ported to Squid-3.
+ <tag>header_access</tag>
+ <p>This has been replaced by request_header_access and reply_header_access
+ <tag>http_access2</tag>
+ <p>Not yet ported to Squid-3.
+ <tag>httpd_accel_no_pmtu_disc</tag>
+ <p>Replaced by disable-pmtu-discovery http_port option
+ <tag>location_rewrite_*</tag>
+ <p>Not yet ported to Squid-3.
+ <tag>refresh_stale_hit</tag>
+ <p>Not yet ported to Squid-3.
+ <tag>umask</tag>
+ <p>Not yet ported to Squid-3.
+ <tag>wais_relay_*</tag>
+ <p>equivalent to cache_peer + cache_peer_access.
+</descrip>
+
+
+<sect1>Changes to ./configure Options
+<p>
+There have been some changes to Squid's build configuration since Squid-2.6.
+
+This section gives an account of those changes in three categories:
+
+<itemize>
+ <item><ref id="newoptions" name="New options">
+ <item><ref id="modifiedoptions" name="Changes to existing options">
+ <item><ref id="notportedoptions" name="Not yet available options">
+ <item><ref id="removedoptions" name="Removed options">
+</itemize>
+<p>
+
+
+<sect2>New options<label id="newoptions">
+
+<p>
+<descrip>
+ <tag>--enable-shared[=PKGS]</tag>
+ <p>Build shared libraries. The default is to build without.</p>
+
+ <tag>--enable-static[=PKGS]</tag>
+ <p>Build static libraries. The default is on.</p>
+
+ <tag>--enable-fast-install[=PKGS]</tag>
+ <verb>Optimize for fast installation
+ default: yes</verb>
+
+ <tag>--disable-libtool-lock</tag>
+ <p>Avoid locking (might break parallel builds)</p>
+
+ <tag>--disable-optimizations</tag>
+ <p>Don't compile Squid with compiler optimizations enabled.
+ Optimization is good for production builds, but not
+ good for debugging. During development, use
+ --disable-optimizations to reduce compilation times
+ and allow easier debugging. This option implicitly
+ also enables --disable-inline</p>
+
+ <tag>--disable-inline</tag>
+ <p>Don't compile trivial methods as inline. Squid
+ is coded with much of the code able to be inlined.
+ Inlining is good for production builds, but not
+ good for development. During development, use
+ --disable-inline to reduce compilation times and
+ allow incremental builds to be quick. For
+ production builds, or load tests, use
+ --enable-inline to have squid make all trivial
+ methods inlinable by the compiler.</p>
+
+ <tag>--enable-debug-cbdata</tag>
+ <p>Provide some debug information in cbdata</p>
+
+ <tag>--enable-disk-io=\"list of modules\"</tag>
+ <p>Build support for the list of disk I/O modules.
+ The default is only to build the "Blocking" module.
+ See src/DiskIO for a list of available modules, or
+ Programmers Guide for details on how to build your
+ custom disk module.</p>
+
+ <tag>--enable-esi</tag>
+ <p>Enable ESI for accelerators. Requires libexpat.
+ Enabling ESI will cause squid to follow the Edge
+ Acceleration Specification (www.esi.org). This
+ causes squid to IGNORE client Cache-Control headers.</p>
+ <p><em>DO NOT</em> use this in a squid configured as a web
+ proxy, ONLY use it in a squid configured for
+ webserver acceleration.</p>
+
+ <tag>--enable-icap-client</tag>
+ <p>Enable the ICAP client.</p>
+
+ <tag>--disable-snmp</tag>
+ <p>Disable SNMP monitoring support which is now built by default.</p>
+
+ <tag>--disable-htcp</tag>
+ <p>Disable HTCP protocol support which is now built by default.</p>
+
+ <tag>--enable-kqueue</tag>
+ <p>Enable kqueue() support. Marked as experimental in 3.0.</p>
+
+ <tag>--enable-ipfw-transparent</tag>
+ <p>Enable Transparent Proxy support for systems
+ using FreeBSD IPFW style redirection.</p>
+
+ <tag>--disable-mempools</tag>
+ <p>Disable memPools. Note that this option now simply sets the
+ default behaviour. Specific classes can override this at runtime, and
+ only lib/MemPool.c needs to be altered to change the squid-wide
+ default for all classes.</p>
+
+ <tag>--enable-cpu-profiling</tag>
+ <p>This option allows you to see which internal functions
+ in Squid are consuming how much CPU. Compiles in probes
+ that measure time spent in probed functions. Needs
+ source modifications to add new probes. This is meant
+ for developers to assist in performance optimisations
+ of Squid internal functions.</p>
+ <p>If you are not developer and not interested in the stats
+ you shouldn't enable this, as overhead added, although
+ small, is still overhead. See lib/Profiler.c for more.</p>
+
+ <tag>--with-gnu-ld</tag>
+ <p>Assume the C compiler uses GNU ld. The default is to auto-detect.</p>
+
+ <tag>--with-pic</tag>
+ <p>Try to use only PIC/non-PIC objects. The default is to use both.</p>
+
+ <tag>--with-tags[=TAGS]</tag>
+ <p>Include additional configurations. The default is automatic.</p>
+
+ <tag>--with-default-user=USER</tag>
+ <p>Sets the default System User account for squid permissions.
+ The default is 'nobody' as in other releases of squid.</p>
+
+ <tag>--with-cppunit-basedir=[PATH]</tag>
+ <p>Path where the cppunit headers and libraries are found
+ for unit testing. The default is automatic detection.</p>
+ <p>NOTE: Since 3.0-PRE6 and 2.6STABLE14 squid no longer comes
+ bundled with CPPUnit. Compile-time validation will be disabled
+ if it is not installed on your system.</p>
+
+</descrip>
+</p>
+
+<sect2>Changes to existing options<label id="modifiedoptions">
+
+<p>
+<descrip>
+ <tag>--enable-carp</tag>
+ <p>CARP support is now built by default.
+ --disable-carp can be used to build without it.</p>
+
+ <tag>--enable-htcp</tag>
+ <p>HTCP protocol support is now built by default.
+ Use --disable-htcp to build without it.</p>
+
+ <tag>--enable-snmp</tag>
+ <p>SNMP monitoring is now build by default.
+ Use --disable-snmp to build without it.</p>
+
+ <tag>--enable-heap-replacement</tag>
+ <p>Please use --enable-removal-policies directive instead.</p>
+
+ <tag>--with-maxfd=N</tag>
+ <p>Replaced by --with-filedescriptors=N</p>
+ <p>Override maximum number of filedescriptors. Useful
+ if you build as another user who is not privileged
+ to use the number of filedescriptors you want the
+ resulting binary to support</p>
+
+ <tag>--enable-select</tag>
+ <p>Deprecated.
+ Automatic checks will enable best I/O loop method available.</p>
+
+ <tag>--enable-epoll</tag>
+ <p>Deprecated.
+ Automatic checks will enable best I/O loop method available.</p>
+
+ <tag>--enable-poll</tag>
+ <p>Deprecated.
+ Automatic checks will enable best I/O loop method available.</p>
+
+ <tag>--enable-kqueue</tag>
+ <p>kqueue support is marked Experimental in Squid 3.0. Known to have some issues under load.</p>
+
+</descrip>
+</p>
+
+<sect2>Not yet available options<label id="notportedoptions">
+
+<p>These configure options have not yet been ported to Squid-3. If you need something to do then
+porting one of these from Squid-2 to Squid-3 is most welcome.
+
+<descrip>
+ <tag>--enable-devpoll</tag>
+ <p>Support for Solaris /dev/poll</p>
+
+ <tag>--enable-select-simple</tag>
+ <p>Basic POSIX select() loop without any binary fd_set optimizations.</p>
+
+ <tag>--enable-follow-x-forwarded-for</tag>
+ <p>Support following the X-Forwarded-For HTTP header for determining the
+ client IP address</p>
+</descrip>
+
+<sect2>Removed options<label id="removedoptions">
+
+<p>The following configure options have been removed.
+
+<descrip>
+ <tag>--enable-dlmalloc</tag>
+ <p>Most OS:es have good malloc implementations these days, and the version we used to ship with Squid was very very old..</p>
+ <tag>--enable-mempool-debug</tag>
+ <p>Debug option, not needed and therefore removed.</p>
+ <tag>--enable-forward-log</tag>
+ <p>Rarely used extra log file. Removed.</p>
+ <tag>--enable-multicast-miss</tag>
+ <p>Rarely used feature, and multicast ICP acheives almost the same result. Removed.</p>
+ <tag>--enable-coss-aio-ops</tag>
+ <p>Specific to the COSS implementation in Squid-2</p>
+ <tag>--enable-large-cache-files</tag>
+ <p>Now enabled by default. Configure option was redundant and therefore removed.
+ <tag>--enable-truncate</tag>
+ <p>Known to cause race conditions where cache objects may get corrupted, and this for at most a marginal performance improvement. Removed.</p>
+
+</descrip>
+
+</article>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
- <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
+ <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.50">
<TITLE>Squid 3.1.PRE1 release notes</TITLE>
</HEAD>
<BODY>
<H1>Squid 3.1.PRE1 release notes</H1>
-<H2>Squid Developers</H2>$Id: release-3.1.html,v 1.5 2008/01/17 10:09:05 hno Exp $
+<H2>Squid Developers</H2>$Id: release-3.1.sgml,v 1.6 2008/01/17 10:09:05 hno Exp $
<HR>
<EM>This document contains the release notes for version 3.1 of Squid.
Squid is a WWW Cache application developed by the National Laboratory
<P>
<UL>
<LI>IPv6 Support</LI>
+<LI>Error Page Localization</LI>
</UL>
</P>
<P>Most user-facing changes are reflected in squid.conf (see below).</P>
with the RADIUS server. A new helper will be needed for IPv6 RADIUS protocol.</P>
-<H2><A NAME="ss4.2">4.2 Changes to squid.conf</A>
+<H3>Error Page Localization</H3>
+
+<P>The error pages presented by squid may now be localized per-request to match the visitors local preferred language.</P>
+
+<P>Squid needs to be build with the --enable-auto-locale option. And the error_directory option in squid.conf needs to be removed.</P>
+
+<P>For best coverage of languages, using the latest language pack of error files is recommended.
+Updates can be downloaded from
+<A HREF="http://www.squid-cahch.org/Versions/langpack/">www.squid-cache.org/Versions/langpack/</A></P>
+
+<P>The squid developers are interested in making squid available in a wide variety of languages.
+Contributions of new languages is encouraged.
+Details at
+<A HREF="http://wiki.squid-cache.org/Translations">http://wiki.squid-cache.org/Translations</A></P>
+
+<H2><A NAME="s5">5. Windows support</A></H2>
+
+<P>This Squid version can run on Windows as a system service using the Cygwin emulation environment,
+or can be compiled in Windows native mode using the MinGW + MSYS development environment. Windows NT 4 SP4 and later are supported.</P>
+<P>On Windows 2000 and later the service is configured to use the Windows Service Recovery option
+restarting automatically after 60 seconds.</P>
+
+<H2><A NAME="ss5.1">5.1 Usage</A>
+</H2>
+
+<P>Some new command line options was added for the Windows service support:</P>
+<P>The service installation is made with -i command line switch, it's possible to use -f switch at
+the same time for specify a different config-file settings for the Squid Service that will be
+stored on the Windows Registry.</P>
+<P>A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed.
+<EM>"Squid"</EM> is the default when the switch is not used.</P>
+<P>So, to install the service, the syntax is: </P>
+
+<P>
+<PRE>
+squid -i [-f file] [-n name]
+</PRE>
+</P>
+<P>Service uninstallation is made with -r command line switch with the appropriate -n switch.</P>
+<P>The -k switch family must be used with the appropriate -f and -n switches, so the syntax is: </P>
+<P>
+<PRE>
+squid -k command [-f file] -n service-name
+</PRE>
+
+where <EM>service-name</EM> is the name specified with -n options at service install time.</P>
+<P>To use the Squid original command line, the new -O switch must be used ONCE, the syntax is: </P>
+<P>
+<PRE>
+squid -O cmdline [-n service-name]
+</PRE>
+
+If multiple service command line options must be specified, use quote. The -n switch is
+needed only when a non default service name is in use.</P>
+<P>Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are
+specific to Windows services functionality and Squid is not designed for understand they.</P>
+<P>In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130": </P>
+<P>
+<PRE>
+squid -O "-D -u 3130" -n squidsvc
+</PRE>
+</P>
+
+<H2><A NAME="ss5.2">5.2 PSAPI.DLL (Process Status Helper) Considerations</A>
+</H2>
+
+<P>The process status helper functions make it easier for you to obtain information about
+processes and device drivers running on Microsoft® Windows NT®/Windows® 2000. These
+functions are available in PSAPI.DLL, which is distributed in the Microsoft® Platform
+Software Development Kit (SDK). The same information is generally available through the
+performance data in the registry, but it is more difficult to get to it. PSAPI.DLL is
+freely redistributable.</P>
+<P>PSAPI.DLL is available only on Windows NT, 2000, XP and 2003. The implementation in Squid is
+aware of this, and try to use it only on the right platform.</P>
+<P>On Windows NT PSAPI.DLL can be found as component of many applications, if you need it,
+you can find it on Windows NT Resource KIT. If you have problem, it can be
+downloaded from here:
+<A HREF="http://download.microsoft.com/download/platformsdk/Redist/4.0.1371.1/NT4/EN-US/psinst.EXE">http://download.microsoft.com/download/platformsdk/Redist/4.0.1371.1/NT4/EN-US/psinst.EXE</A></P>
+<P>On Windows 2000 and later it is available installing the Windows Support Tools, located on the
+Support\Tools folder of the installation Windows CD-ROM.</P>
+
+<H2><A NAME="ss5.3">5.3 Registry DNS lookup</A>
+</H2>
+
+<P>On Windows platforms, if no value is specified in the <EM>dns_nameservers</EM> option on
+squid.conf or in the /etc/resolv.conf file, the list of DNS name servers are
+taken from the Windows registry, both static and dynamic DHCP configurations
+are supported.</P>
+
+<H2><A NAME="ss5.4">5.4 Compatibility Notes</A>
+</H2>
+
+<P>
+<UL>
+<LI>It's recommended to use '/' char in Squid paths instead of '\'</LI>
+<LI>Paths with spaces (like 'C:\Programs Files\Squid) are NOT supported by Squid</LI>
+<LI>Include wildcard patterns in squid.conf are NOT supported on Windows</LI>
+<LI>When using ACL like 'acl aclname acltype "file"' the file must be in DOS text
+format (CR+LF) and the full Windows path must be specified, for example:
+
+<PRE>
+acl blocklist url_regex -i "c:/squid/etc/blocked1.txt"
+</PRE>
+
+</LI>
+<LI>The Windows equivalent of '/dev/null' is 'NUL'</LI>
+<LI>Squid doesn't know how to run external helpers based on scripts, like .bat, .cmd,
+.vbs, .pl, etc. So in squid.conf the interpreter path must be always specified, for example:
+
+<PRE>
+redirect_program c:/perl/bin/perl.exe c:/squid/libexec/redir.pl
+redirect_program c:/winnt/system32/cmd.exe /C c:/squid/libexec/redir.cmd
+</PRE>
+</LI>
+<LI>When Squid runs in command line mode, the launching user account must have administrative privilege on the system</LI>
+<LI>"Start parameters" in the Windows 2000/XP/2003 Service applet cannot be used</LI>
+<LI>Building with MinGW, when the configure option --enable-truncate is used, Squid cannot run on Windows NT, only Windows 2000 and later are supported</LI>
+</UL>
+</P>
+
+<H2><A NAME="ss5.5">5.5 Known Limitations</A>
+</H2>
+
+<P>
+<UL>
+<LI>DISKD: still needs to be ported</LI>
+<LI>WCCP: cannot work because user space GRE support on Windows is missing</LI>
+<LI>Transparent Proxy: missing Windows non commercial interception driver</LI>
+<LI>Some code sections can make blocking calls.</LI>
+<LI>Some external helpers may not work.</LI>
+<LI>File Descriptors number hard-limited to 2048 when building with MinGW.</LI>
+</UL>
+</P>
+
+<H2><A NAME="ss5.6">5.6 Using cache manager on Windows</A>
+</H2>
+
+<P>On Windows, cache manager (cachemgr.cgi) can be used with Microsoft IIS or Apache.
+Some specific configuration could be needed:</P>
+
+<H3>IIS 6 (Windows 2003)</H3>
+
+<P>On IIS 6.0 all CGI extensions are denied by default for security reason, so the following configuration is needed:</P>
+<P>
+<UL>
+<LI>Create a cgi-bin Directory</LI>
+<LI>Define the cgi-bin IIS Virtual Directory with read and CGI execute IIS
+permissions, ASP scripts are not needed. This automatically defines a
+cgi-bin IIS web application </LI>
+<LI>Copy cachemgr.cgi into cgi-bin directory and look to file permissions:
+the IIS system account and SYSTEM must be able to read and execute the file</LI>
+<LI>In IIS manager go to Web Service extensions and add a new Web Service
+Extension called <EM>"Squid Cachemgr"</EM>, add the cachemgr.cgi file and set the
+extension status to <EM>Allowed</EM></LI>
+</UL>
+</P>
+
+<H3>Apache:</H3>
+
+<P>On Windows, cachemgr.cgi needs to create a temporary file, so Apache must be instructed
+to pass the TMP and TEMP Windows environment variables to CGI applications:
+<PRE>
+ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"
+<Location /squid/cgi-bin/cachemgr.cgi>
+ PassEnv TMP TEMP
+ Order allow,deny
+ Allow from workstation.example.com
+</Location>
+</PRE>
+</P>
+
+
+
+<H2><A NAME="ss5.7">5.7 Changes to squid.conf</A>
</H2>
<P>There have been changes to Squid's configuration file since Squid-3.0.</P>
<P>
<DL>
-<DT><B>pinger_enable</B><DD><P>New option to enable/disable the ICMP pinger helper with a reconfigure instead of a full rebuild.
+<DT><B>pinger_enable</B><DD>
+<P>New option to enable/disable the ICMP pinger helper with a reconfigure instead of a full rebuild.
<PRE>
Control whether the pinger is active at run-time.
Enables turning ICMP pinger on and off with a simple squid -k reconfigure.
</PRE>
</P>
-<DT><B>dns_v4_fallback</B><DD><P>New option to prevent squid from always looking up IPv4 regardless of whether IPv6 addresses are found.
+<DT><B>dns_v4_fallback</B><DD>
+<P>New option to prevent squid from always looking up IPv4 regardless of whether IPv6 addresses are found.
Squid will follow a policy of prefering IPv6 links, keeping the IPv4 only as a safety net behind IPv6.
<PRE>
Standard practice with DNS is to lookup either A or AAAA records
</PRE>
</P>
-<DT><B>include</B><DD><P>New option to import entire secondary configuration files into squid.conf.
+<DT><B>include</B><DD>
+<P>New option to import entire secondary configuration files into squid.conf.
<PRE>
Squid will follow the files immediately and insert all their content
as if it was at that position in squid.conf. As per squid.conf some
</PRE>
</P>
+<DT><B>error_default_language</B><DD>
+<P>New option to replace the old configure option --enable-default-err-language
+<PRE>
+ Set the default language which squid will send error pages in
+ if no existing translation matches the clients language
+ preferences.
+
+ If unset (default) generic English will be used.
+
+</PRE>
+</P>
+
+
</DL>
</P>
<P>
<DL>
-<DT><B>acl dst ipvs</B><DD><P>New preset content - ipv6 - available as a preset type in the src and dst ACL matching all of the public IPv6 network space.
+<DT><B>acl dst ipvs</B><DD>
+<P>New preset content - ipv6 - available as a preset type in the src and dst ACL matching all of the public IPv6 network space.
<PRE>
acl aclname dst ipv6
</PRE>
</P>
-<DT><B>http(s)_port name= option</B><DD><P>New port option to assign internal names to listening ports
+<DT><B>http(s)_port name= intercept</B><DD>
+<P>New port options.
<PRE>
name= Specifies a internal name for the port. Defaults to
the port specification (port or addr:port)
+
+ intercept Rename of old 'transparent' option to indicate proper functionality.
</PRE>
</P>
-<DT><B>acl myportname</B><DD><P>New acl type myportname, matching the name of the http(s)_port where the request was accepted
+<DT><B>acl myportname</B><DD>
+<P>New acl type myportname, matching the name of the http(s)_port where the request was accepted
<PRE>
acl aclname myportname 3128 ... # http(s)_port name
</PRE>
</P>
-
-<DT><B>external_acl_type</B><DD><P>New options 'ipv4' and 'ipv6' are added to set the IPv4/v6 protocol between squid and its helpers.
+<DT><B>external_acl_type</B><DD>
+<P>New options 'ipv4' and 'ipv6' are added to set the IPv4/v6 protocol between squid and its helpers.
Please be aware of some limits to these options. These options only affet the transport protocol used
to send data to and from the helpers. Squid in IPv6-mode may still send %SRC addresses in IPv4 or IPv6
format, so all helpers will need to be checked and converted to cope with such information cleanly.
</PRE>
</P>
-<DT><B>tcp_outgoing_address</B><DD><P>This option causes some problems when bridging IPv4 and IPv6. A workaround has been provided.
+<DT><B>tcp_outgoing_address</B><DD>
+<P>This option causes some problems when bridging IPv4 and IPv6. A workaround has been provided.
<PRE>
Squid is built with a capability of bridging the IPv4 and IPv6 internets.
tcp_outgoing_address as previously used breaks this bridging by forcing
</PRE>
</P>
-<DT><B>balance_on_multiple_ip</B><DD><P>The previous default behavour (rotate per-request) of this setting causes failover clashes with IPv6 built-in mechanisms.
+<DT><B>balance_on_multiple_ip</B><DD>
+<P>The previous default behavour (rotate per-request) of this setting causes failover clashes with IPv6 built-in mechanisms.
It has thus been turned off by default. Making the 'best choice' IP continue in use for any hostname until it encounters a connection failure and failover drops to the next known IP.
<PRE>
Modern IP resolvers in squid sort lookup results by preferred access.
</PRE>
</P>
+<DT><B>http_port</B><DD>
+<P>option 'transparent' is being deprecated in favour of 'intercept' which more clearly identifies what the option does.
+For now option 'tproxy' remains with old behaviour meaning fully-invisible proxy using TPROXY support.</P>
+
+<DT><B>error_directory</B><DD>
+<P>Now an optiona entry in squid.conf. If present it will force all visitors to receive the error pages
+contained in the directory it points at. If absent error page localization will be given a chance.
+<PRE>
+ If you wish to create your own versions of the default
+ error files to customize them to suit your company copy
+ the error/template files to another directory and point
+ this tag at them.
+
+ WARNING: This option will disable multi-language support
+ on error pages if used.
+
+ The squid developers are interested in making squid available in
+ a wide variety of languages. If you are making translations for a
+ language that Squid does not currently provide please consider
+ contributing your translation back to the project.
+ http://wiki.squid-cache.org/Translations
+
+ The squid developers working on translations are happy to supply drop-in
+ translated error files in exchange for any new language contributions.
+
+</PRE>
+</P>
+
</DL>
</P>
<P>
<DL>
+<DT><B>dns_testnames</B><DD>
+<P>Obsolete. This feature is no longer relevant to modern networks and causes boot problems.</P>
+
</DL>
</P>
-<H2><A NAME="ss4.3">4.3 Changes to ./configure Options</A>
+<H2><A NAME="ss5.8">5.8 Changes to ./configure Options</A>
</H2>
<P>There have been some changes to Squid's build configuration since Squid-3.0.</P>
<P>
<DL>
-<DT><B>--enable-ipv6</B><DD><P>Buildwith IPv6 support. The default is to build without.</P>
+<DT><B>--enable-ipv6</B><DD>
+<P>Buildwith IPv6 support. The default is to build without.</P>
-<DT><B>--with-localhost-ipv6</B><DD><P>Build support for squid to map all 127.0.0.1 traffic onto ::1.
+<DT><B>--with-localhost-ipv6</B><DD>
+<P>Build support for squid to map all 127.0.0.1 traffic onto ::1.
The default is to build with 127.0.0.1 and ::1 being considered seperate IP.
see the IPv6 details above for a better description. </P>
-<DT><B>--with-ipv6-split-stack</B><DD><P>Enable special additions for IPv6 support in Windows XP.
+<DT><B>--with-ipv6-split-stack</B><DD>
+<P>Enable special additions for IPv6 support in Windows XP.
see the IPv6 details above for a better description.</P>
-<DT><B>--with-ipv4-mapped</B><DD><P>Enable special additions for IPv6 support in Windows Vista.
+<DT><B>--with-ipv4-mapped</B><DD>
+<P>Enable special additions for IPv6 support in Windows Vista.
see the IPv6 details above for a better description.</P>
-<DT><B>--with-dns-cname</B><DD><P>Enable CNAME recursion within the Internal DNS resolver stub squid uses.
+<DT><B>--with-dns-cname</B><DD>
+<P>Enable CNAME recursion within the Internal DNS resolver stub squid uses.
This has no effect on the external DNS helper.
Please note this extension is still experimental and may encounter problems.
To see if it is actually needed you can run squid without it for a period and
If it produces ongoing serious problems the external helper may be needed
but please report the bugs anyway.</P>
+<DT><B>--enable-auto-locale</B><DD>
+<P>Enable error page localization for visitors.</P>
+
</DL>
</P>
<H3><A NAME="modifiedoptions"></A> Changes to existing options</H3>
<P>
<DL>
-<DT><B>--disable-internl-dns</B><DD><P>Better support for Linux using the external DNS helper.
+<DT><B>--disable-internl-dns</B><DD>
+<P>Better support for Linux using the external DNS helper.
The helper will compile and work with dns_nameservers on more variants of Linux than previously.</P>
+<DT><B>--enable-linux-netfilter</B><DD>
+<P>This option now enables support for all three netfilter interception targets.
+Adding TPROXY version 4+ support to squid through the TPROXY target.
+This options requires a linux kernel 2.6.25 or later for embeded netfilter TPROXY targets.
+Older REDIRECT and DNAT targets work as before on HTTP ports marked 'intercept'.</P>
+
</DL>
</P>
<H3><A NAME="notportedoptions"></A> Not yet available options</H3>
porting one of these from Squid-2 to Squid-3 is most welcome.</P>
<P>
<DL>
-<DT><B>--enable-devpoll</B><DD><P>Support for Solaris /dev/poll</P>
+<DT><B>--enable-devpoll</B><DD>
+<P>Support for Solaris /dev/poll</P>
-<DT><B>--enable-select-simple</B><DD><P>Basic POSIX select() loop without any binary fd_set optimizations.</P>
+<DT><B>--enable-select-simple</B><DD>
+<P>Basic POSIX select() loop without any binary fd_set optimizations.</P>
-<DT><B>--enable-follow-x-forwarded-for</B><DD><P>Support following the X-Forwarded-For HTTP header for determining the
+<DT><B>--enable-follow-x-forwarded-for</B><DD>
+<P>Support following the X-Forwarded-For HTTP header for determining the
client IP address</P>
</DL>
</P>
<P>The following configure options have been removed.</P>
<P>
<DL>
-
+<DT><B>--enable-linux-tproxy</B><DD>
+<P>Replaced by --enable-linux-tproxy2 to make way for differences in TPROXY v2 and v4 support.</P>
+<DT><B>--enable-default-err-language</B><DD>
+<P>Replaced by error_default_language squid.conf option</P>
+<DT><B>--enable-err-languages</B><DD>
+<P>Removed.</P>
</DL>
</P>
-<!doctype linuxdoc system>\r
-<article>\r
-<title>Squid 3.1.PRE1 release notes</title>\r
-<author>Squid Developers</author>\r
-<date>$Id: release-3.1.sgml,v 1.6 2008/01/17 10:09:05 hno Exp $</date>\r
-\r
-<abstract>\r
-This document contains the release notes for version 3.1 of Squid.\r
-Squid is a WWW Cache application developed by the National Laboratory\r
-for Applied Network Research and members of the Web Caching community.\r
-</abstract>\r
-\r
-<toc>\r
-\r
-<sect>Notice\r
-<p>\r
-The Squid Team are pleased to announce the release of Squid-3.1.PRE1 for pre-release testing.\r
-\r
-This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.1/"> or the <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.\r
-\r
-A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support.\r
-While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.\r
-\r
-We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d"> for how to submit a report with a stack trace.\r
-\r
-<sect>Known issues\r
-<p>\r
-Although this release is deemed good enough for testing in many setups, please note the existence of <url url="http://www.squid-cache.org/bugs/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&target_milestone=3.1&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=bugs.bug_severity&field0-0-0=noop&type0-0-0=noop&value0-0-0=" name="open bugs against Squid-3.1">.\r
-\r
-<sect>Changes since earlier PRE releases of Squid-3.1\r
-<p>\r
-The 3.1 change history can be <url url="http://www.squid-cache.org/Versions/v3/3.1/changesets/" name="viewed here">.\r
-\r
-<sect>Changes since Squid-3.0\r
-\r
-<sect1>Major new features\r
-<p>\r
-Squid 3.1 represents a new feature release above 3.0.\r
-\r
-The most important of these new features are:\r
-\r
-<itemize>\r
- <item>IPv6 Support\r
- <item>Error Page Localization\r
-</itemize>\r
-\r
-Most user-facing changes are reflected in squid.conf (see below).\r
-\r
-<sect2>Internet Protocol version 6 (IPv6)\r
-\r
-<p>Squid 3.1 supports IPv6. To enable IPv6 support, use the ./configure --enable-ipv6 option\r
-\r
-<sect3>New Features for IPv6\r
-\r
-<p>Squid handles localhost values seperately. For the purpose of ACLs and also external\r
- connections ::1 is considered a seperate IP from 127.0.0.1. This means all ACL which\r
- define behaviour for localhost may need ::1/128 included.\r
-\r
-<p>--with-localhost-ipv6 option is provided for Pure-IPv6 setups who do not want to be\r
- bothered by the localhost vagaries. It will enable logics to map all localhost traffic\r
- through ::1 unless an IPv4-only link is required.\r
-\r
-<p>Additional ./configure --with-ipv4-mapped option is provided for OS that require a socket setting\r
- to accept IPv4 addresses on IPv6 sockets, squid performs v4-mapping on these addresses\r
- It is intended primarily to be used for Windows Vista builds.\r
-\r
-<p>Pinger has been upgraded to perform both ICMP and ICMPv6 as required.\r
- As a result of this and due to a change in the binary protocol format between them,\r
- new builds of squid are no longer backwards-compatible with old pinger binaries.\r
- You will need to perform "make install-pinger" again after installing squid.\r
-\r
-<p>Peer and Client SNMP tables have been altered to handle IPv6 addresses.\r
- As a side effect of this the long-missing fix to show seperate named peers on one IP\r
- has been integrated. Making the SNMP peer table now produce correct output.\r
- The table structure change is identical for both IPv4-only and Dual modes but with\r
- IPv4-only simply not including any IP6 entries. This means any third-party SNMP\r
- software which hard coded the MIB paths needs to be upgraded for this Squid release.\r
-\r
-\r
-<sect3>Limitations of IPv6 Support\r
-\r
-<p>Specify a specific tcp_outgoing_address and the clients who match its ACL are limited\r
- to the IPv4 or IPv6 network that address belongs to. They are not permitted over the\r
- IPv4-IPv6 boundary. Some ACL voodoo can however be applied to explicitly route the\r
- IPv6/IPv4 bound traffic out an appropriate interface.\r
-<verb>\r
- acl toIP6 dst ipv6\r
- tcp_outgoing_address 2001::1 toIP6\r
- tcp_outgoing_address 10.0.0.1 !toIP6\r
-</verb>\r
-\r
-<p>WCCP is not available (neither version 1 or 2). It remains built into squid for use with IPv4 traffic but IPv6 cannot use it.\r
-\r
-<p>Transparent/Interception is done via NAT at the OS level and is not available in IPv6.\r
- Squid will ensure that any port set with transparent or tproxy options be an IPv4-only\r
- listening address. Wildcard can still be used but will not open as an IPv6.\r
- To ensure that squid can accept IPv6 traffic on its default port, an alternative should\r
- be chosen to handle transparent traffic.\r
-<verb>\r
- http_port 3128\r
- http_port 8080 transparent\r
-</verb>\r
-\r
-<p>The bundled NTLM Auth helper is IPv4-native between itself and the NTLM server.\r
- A new one will be needed for IPv6 traffic between the helper and server.\r
-\r
-<p>The bundled RADIUS Auth helper is IPv4-native, both in traffic between and data storage\r
- with the RADIUS server. A new helper will be needed for IPv6 RADIUS protocol.\r
-\r
-\r
-<sect2>Error Page Localization\r
-<p>\r
-The error pages presented by squid may now be localized per-request to match the visitors local preferred language.\r
-\r
-<p>Squid needs to be build with the --enable-auto-locale option. And the error_directory option in squid.conf needs to be removed.\r
-\r
-<p>For best coverage of languages, using the latest language pack of error files is recommended.\r
-Updates can be downloaded from <url url="http://www.squid-cahch.org/Versions/langpack/" name="www.squid-cache.org/Versions/langpack/">\r
-\r
-<p>The squid developers are interested in making squid available in a wide variety of languages.\r
- Contributions of new languages is encouraged.\r
- Details at <url url="http://wiki.squid-cache.org/Translations" named="The Squid wiki">\r
-\r
-\r
-<sect1>Changes to squid.conf\r
-<p>\r
-There have been changes to Squid's configuration file since Squid-3.0.\r
-\r
-This section gives a thorough account of those changes in three categories:\r
-\r
-<itemize>\r
- <item><ref id="newtags" name="New tags">\r
- <item><ref id="modifiedtags" name="Changes to existing tags">\r
- <item><ref id="removedtags" name="Removed tags">\r
-</itemize>\r
-\r
-<p>\r
-\r
-\r
-<sect2>New tags<label id="newtags">\r
-<p>\r
-<descrip>\r
- <tag>pinger_enable</tag>\r
- <p>New option to enable/disable the ICMP pinger helper with a reconfigure instead of a full rebuild.\r
- <verb>\r
- Control whether the pinger is active at run-time.\r
- Enables turning ICMP pinger on and off with a simple squid -k reconfigure.\r
- default is on when --enable-icmp is compiled in.\r
- </verb>\r
-\r
- <tag>dns_v4_fallback</tag>\r
- <p>New option to prevent squid from always looking up IPv4 regardless of whether IPv6 addresses are found.\r
- Squid will follow a policy of prefering IPv6 links, keeping the IPv4 only as a safety net behind IPv6.\r
- <verb>\r
- Standard practice with DNS is to lookup either A or AAAA records\r
- and use the results if it succeeds. Only looking up the other if\r
- the first attempt fails or otherwise produces no results.\r
-\r
- That policy however will cause squid to produce error pages for some\r
- servers that advertise AAAA but are unreachable over IPv6.\r
-\r
- If this is ON squid will always lookup both AAAA and A, using both.\r
- If this is OFF squid will lookup AAAA and only try A if none found.\r
-\r
- WARNING: There are some possibly unwanted side-effects with this on:\r
- *) Doubles the load placed by squid on the DNS network.\r
- *) May negatively impact connection delay times.\r
- </verb>\r
-\r
- <tag>include</tag>\r
- <p>New option to import entire secondary configuration files into squid.conf.\r
- <verb>\r
- Squid will follow the files immediately and insert all their content\r
- as if it was at that position in squid.conf. As per squid.conf some\r
- options are order-specific within the config as a whole.\r
-\r
- A few layers of include are allowed, but too many are confusing and\r
- squid will enforce an include depth of 16 files.\r
-\r
- Syntax:\r
- include /path/to/file1 /path/to/file2\r
- </verb>\r
-\r
- <tag>error_default_language</tag>\r
- <p>New option to replace the old configure option --enable-default-err-language\r
- <verb>\r
- Set the default language which squid will send error pages in\r
- if no existing translation matches the clients language\r
- preferences.\r
-\r
- If unset (default) generic English will be used.\r
- </verb>\r
-\r
-\r
-</descrip>\r
-\r
-<sect2>Changes to existing tags<label id="modifiedtags">\r
-<p>\r
-<descrip>\r
- <tag>acl dst ipvs</tag>\r
- <p>New preset content - ipv6 - available as a preset type in the src and dst ACL matching all of the public IPv6 network space.\r
- <verb>\r
- acl aclname dst ipv6\r
- </verb>\r
-\r
- <tag>http(s)_port name= intercept</tag>\r
- <p>New port options.\r
- <verb>\r
- name= Specifies a internal name for the port. Defaults to\r
- the port specification (port or addr:port)\r
-\r
- intercept Rename of old 'transparent' option to indicate proper functionality.\r
- </verb>\r
-\r
- <tag>acl myportname</tag>\r
- <p>New acl type myportname, matching the name of the http(s)_port where the request was accepted\r
- <verb>\r
- acl aclname myportname 3128 ... # http(s)_port name\r
- </verb>\r
-\r
- <tag>external_acl_type</tag>\r
- <p>New options 'ipv4' and 'ipv6' are added to set the IPv4/v6 protocol between squid and its helpers.\r
- Please be aware of some limits to these options. These options only affet the transport protocol used\r
- to send data to and from the helpers. Squid in IPv6-mode may still send %SRC addresses in IPv4 or IPv6\r
- format, so all helpers will need to be checked and converted to cope with such information cleanly.\r
- <verb>\r
- ipv4 / ipv6 IP-mode used to communicate to this helper.\r
- For compatability with older configurations and helpers\r
- 'ipv4' is the default unless --with-localhost-ipv6 is used.\r
- --with-localhost-ipv6 changes the default to 'ipv6'.\r
- SPECIAL NOTE: explicit use of these options override --with-localhost-ipv6\r
- </verb>\r
-\r
- <tag>tcp_outgoing_address</tag>\r
- <p>This option causes some problems when bridging IPv4 and IPv6. A workaround has been provided.\r
- <verb>\r
- Squid is built with a capability of bridging the IPv4 and IPv6 internets.\r
- tcp_outgoing_address as previously used breaks this bridging by forcing\r
- all outbound traffic through a certain IPv4 which may be on the wrong\r
- side of the IPv4/IPv6 boundary.\r
-\r
- To operate with tcp_outgoing_address and keep the bridging benefits\r
- an additional ACL needs to be used which ensures the IPv6-bound traffic\r
- is never forced or permitted out the IPv4 interface.\r
-\r
- acl to_ipv6 dst ipv6\r
- tcp_outgoing_address 2002::c001 good_service_net to_ipv6\r
- tcp_outgoing_address 10.0.0.2 good_service_net !to_ipv6\r
-\r
- tcp_outgoing_address 2002::beef normal_service_net to_ipv6\r
- tcp_outgoing_address 10.0.0.1 normal_service_net !to_ipv6\r
-\r
- tcp_outgoing_address 2002::1 to_ipv6\r
- tcp_outgoing_address 10.0.0.3 !to_ipv6\r
- </verb>\r
-\r
- <tag>balance_on_multiple_ip</tag>\r
- <p>The previous default behavour (rotate per-request) of this setting causes failover clashes with IPv6 built-in mechanisms.\r
- It has thus been turned off by default. Making the 'best choice' IP continue in use for any hostname until it encounters a connection failure and failover drops to the next known IP.\r
- <verb>\r
- Modern IP resolvers in squid sort lookup results by preferred access.\r
- By default squid will use these IP in order and only rotates to\r
- the next listed when the most preffered fails.\r
-\r
- Some load balancing servers based on round robin DNS have been\r
- found not to preserve user session state across requests\r
- to different IP addresses.\r
-\r
- Enabling this directive Squid rotates IP's per request.\r
- </verb>\r
-\r
- <tag>http_port</tag>\r
- <p>option 'transparent' is being deprecated in favour of 'intercept' which more clearly identifies what the option does.\r
- For now option 'tproxy' remains with old behaviour meaning fully-invisible proxy using TPROXY support.</p>\r
-\r
- <tag>error_directory</tag>\r
- <p>Now an optiona entry in squid.conf. If present it will force all visitors to receive the error pages\r
- contained in the directory it points at. If absent error page localization will be given a chance.\r
- <verb>\r
- If you wish to create your own versions of the default\r
- error files to customize them to suit your company copy\r
- the error/template files to another directory and point\r
- this tag at them.\r
-\r
- WARNING: This option will disable multi-language support\r
- on error pages if used.\r
-\r
- The squid developers are interested in making squid available in\r
- a wide variety of languages. If you are making translations for a\r
- language that Squid does not currently provide please consider\r
- contributing your translation back to the project.\r
- http://wiki.squid-cache.org/Translations\r
-\r
- The squid developers working on translations are happy to supply drop-in\r
- translated error files in exchange for any new language contributions.\r
- </verb>\r
-\r
-</descrip>\r
-\r
-\r
-<sect2>Removed tags<label id="removedtags">\r
-<p>\r
-<descrip>\r
-\r
- <tag>dns_testnames</tag>\r
- <p>Obsolete. This feature is no longer relevant to modern networks and causes boot problems.</p>\r
-\r
-</descrip>\r
-\r
-\r
-<sect1>Changes to ./configure Options\r
-<p>\r
-There have been some changes to Squid's build configuration since Squid-3.0.\r
-\r
-This section gives an account of those changes in three categories:\r
-\r
-<itemize>\r
- <item><ref id="newoptions" name="New options">\r
- <item><ref id="modifiedoptions" name="Changes to existing options">\r
- <item><ref id="notportedoptions" name="Not yet available options">\r
- <item><ref id="removedoptions" name="Removed options">\r
-</itemize>\r
-<p>\r
-\r
-\r
-<sect2>New options<label id="newoptions">\r
-\r
-<p>\r
-<descrip>\r
- <tag>--enable-ipv6</tag>\r
- <p>Buildwith IPv6 support. The default is to build without.</p>\r
-\r
- <tag>--with-localhost-ipv6</tag>\r
- <p>Build support for squid to map all 127.0.0.1 traffic onto ::1.\r
- The default is to build with 127.0.0.1 and ::1 being considered seperate IP.\r
- see the IPv6 details above for a better description. \r
- </p>\r
-\r
- <tag>--with-ipv6-split-stack</tag>\r
- <p>Enable special additions for IPv6 support in Windows XP.\r
- see the IPv6 details above for a better description.</p>\r
-\r
- <tag>--with-ipv4-mapped</tag>\r
- <p>Enable special additions for IPv6 support in Windows Vista.\r
- see the IPv6 details above for a better description.</p>\r
-\r
- <tag>--with-dns-cname</tag>\r
- <p>Enable CNAME recursion within the Internal DNS resolver stub squid uses.\r
- This has no effect on the external DNS helper.\r
- Please note this extension is still experimental and may encounter problems.\r
- To see if it is actually needed you can run squid without it for a period and\r
- check the CNAME-Only Requests statistics squid maintains.\r
- If it produces ongoing serious problems the external helper may be needed\r
- but please report the bugs anyway.\r
- </p>\r
-\r
- <tag>--enable-auto-locale</tag>\r
- <p>Enable error page localization for visitors.</p>\r
-\r
-</descrip>\r
-</p>\r
-\r
-<sect2>Changes to existing options<label id="modifiedoptions">\r
-\r
-<p>\r
-<descrip>\r
- <tag>--disable-internl-dns</tag>\r
- <p>Better support for Linux using the external DNS helper.\r
- The helper will compile and work with dns_nameservers on more variants of Linux than previously.</p>\r
-\r
- <tag>--enable-linux-netfilter</tag>\r
- <p>This option now enables support for all three netfilter interception targets.\r
- Adding TPROXY version 4+ support to squid through the TPROXY target.\r
- This options requires a linux kernel 2.6.25 or later for embeded netfilter TPROXY targets.\r
- Older REDIRECT and DNAT targets work as before on HTTP ports marked 'intercept'.\r
- </p>\r
-\r
-</descrip>\r
-</p>\r
-\r
-<sect2>Not yet available options<label id="notportedoptions">\r
-\r
-<p>These configure options have not yet been ported to Squid-3. If you need something to do then\r
-porting one of these from Squid-2 to Squid-3 is most welcome.\r
-\r
-<descrip>\r
- <tag>--enable-devpoll</tag>\r
- <p>Support for Solaris /dev/poll</p>\r
-\r
- <tag>--enable-select-simple</tag>\r
- <p>Basic POSIX select() loop without any binary fd_set optimizations.</p>\r
-\r
- <tag>--enable-follow-x-forwarded-for</tag>\r
- <p>Support following the X-Forwarded-For HTTP header for determining the\r
- client IP address</p>\r
-</descrip>\r
-\r
-<sect2>Removed options<label id="removedoptions">\r
-\r
-<p>The following configure options have been removed.\r
-\r
-<descrip>\r
- <tag>--enable-linux-tproxy</tag>\r
- <p>Replaced by --enable-linux-tproxy2 to make way for differences in TPROXY v2 and v4 support.</p>\r
- <tag>--enable-default-err-language</tag>\r
- <p>Replaced by error_default_language squid.conf option</p>\r
- <tag>--enable-err-languages</tag>\r
- <p>Removed.</p>\r
-</descrip>\r
-\r
-</article>\r
+<!doctype linuxdoc system>
+<article>
+<title>Squid 3.1.PRE1 release notes</title>
+<author>Squid Developers</author>
+<date>$Id: release-3.1.sgml,v 1.6 2008/01/17 10:09:05 hno Exp $</date>
+
+<abstract>
+This document contains the release notes for version 3.1 of Squid.
+Squid is a WWW Cache application developed by the National Laboratory
+for Applied Network Research and members of the Web Caching community.
+</abstract>
+
+<toc>
+
+<sect>Notice
+<p>
+The Squid Team are pleased to announce the release of Squid-3.1.PRE1 for pre-release testing.
+
+This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.1/"> or the <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
+
+A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support.
+While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
+
+We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d"> for how to submit a report with a stack trace.
+
+<sect>Known issues
+<p>
+Although this release is deemed good enough for testing in many setups, please note the existence of <url url="http://www.squid-cache.org/bugs/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&target_milestone=3.1&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=bugs.bug_severity&field0-0-0=noop&type0-0-0=noop&value0-0-0=" name="open bugs against Squid-3.1">.
+
+<sect>Changes since earlier PRE releases of Squid-3.1
+<p>
+The 3.1 change history can be <url url="http://www.squid-cache.org/Versions/v3/3.1/changesets/" name="viewed here">.
+
+<sect>Changes since Squid-3.0
+
+<sect1>Major new features
+<p>
+Squid 3.1 represents a new feature release above 3.0.
+
+The most important of these new features are:
+
+<itemize>
+ <item>IPv6 Support
+ <item>Error Page Localization
+</itemize>
+
+Most user-facing changes are reflected in squid.conf (see below).
+
+<sect2>Internet Protocol version 6 (IPv6)
+
+<p>Squid 3.1 supports IPv6. To enable IPv6 support, use the ./configure --enable-ipv6 option
+
+<sect3>New Features for IPv6
+
+<p>Squid handles localhost values seperately. For the purpose of ACLs and also external
+ connections ::1 is considered a seperate IP from 127.0.0.1. This means all ACL which
+ define behaviour for localhost may need ::1/128 included.
+
+<p>--with-localhost-ipv6 option is provided for Pure-IPv6 setups who do not want to be
+ bothered by the localhost vagaries. It will enable logics to map all localhost traffic
+ through ::1 unless an IPv4-only link is required.
+
+<p>Additional ./configure --with-ipv4-mapped option is provided for OS that require a socket setting
+ to accept IPv4 addresses on IPv6 sockets, squid performs v4-mapping on these addresses
+ It is intended primarily to be used for Windows Vista builds.
+
+<p>Pinger has been upgraded to perform both ICMP and ICMPv6 as required.
+ As a result of this and due to a change in the binary protocol format between them,
+ new builds of squid are no longer backwards-compatible with old pinger binaries.
+ You will need to perform "make install-pinger" again after installing squid.
+
+<p>Peer and Client SNMP tables have been altered to handle IPv6 addresses.
+ As a side effect of this the long-missing fix to show seperate named peers on one IP
+ has been integrated. Making the SNMP peer table now produce correct output.
+ The table structure change is identical for both IPv4-only and Dual modes but with
+ IPv4-only simply not including any IP6 entries. This means any third-party SNMP
+ software which hard coded the MIB paths needs to be upgraded for this Squid release.
+
+
+<sect3>Limitations of IPv6 Support
+
+<p>Specify a specific tcp_outgoing_address and the clients who match its ACL are limited
+ to the IPv4 or IPv6 network that address belongs to. They are not permitted over the
+ IPv4-IPv6 boundary. Some ACL voodoo can however be applied to explicitly route the
+ IPv6/IPv4 bound traffic out an appropriate interface.
+<verb>
+ acl toIP6 dst ipv6
+ tcp_outgoing_address 2001::1 toIP6
+ tcp_outgoing_address 10.0.0.1 !toIP6
+</verb>
+
+<p>WCCP is not available (neither version 1 or 2). It remains built into squid for use with IPv4 traffic but IPv6 cannot use it.
+
+<p>Transparent/Interception is done via NAT at the OS level and is not available in IPv6.
+ Squid will ensure that any port set with transparent or tproxy options be an IPv4-only
+ listening address. Wildcard can still be used but will not open as an IPv6.
+ To ensure that squid can accept IPv6 traffic on its default port, an alternative should
+ be chosen to handle transparent traffic.
+<verb>
+ http_port 3128
+ http_port 8080 transparent
+</verb>
+
+<p>The bundled NTLM Auth helper is IPv4-native between itself and the NTLM server.
+ A new one will be needed for IPv6 traffic between the helper and server.
+
+<p>The bundled RADIUS Auth helper is IPv4-native, both in traffic between and data storage
+ with the RADIUS server. A new helper will be needed for IPv6 RADIUS protocol.
+
+
+<sect2>Error Page Localization
+<p>
+The error pages presented by squid may now be localized per-request to match the visitors local preferred language.
+
+<p>Squid needs to be build with the --enable-auto-locale option. And the error_directory option in squid.conf needs to be removed.
+
+<p>For best coverage of languages, using the latest language pack of error files is recommended.
+Updates can be downloaded from <url url="http://www.squid-cahch.org/Versions/langpack/" name="www.squid-cache.org/Versions/langpack/">
+
+<p>The squid developers are interested in making squid available in a wide variety of languages.
+ Contributions of new languages is encouraged.
+ Details at <url url="http://wiki.squid-cache.org/Translations" named="The Squid wiki">
+
+<sect>Windows support
+
+<p>This Squid version can run on Windows as a system service using the Cygwin emulation environment,
+or can be compiled in Windows native mode using the MinGW + MSYS development environment. Windows NT 4 SP4 and later are supported.
+
+On Windows 2000 and later the service is configured to use the Windows Service Recovery option
+restarting automatically after 60 seconds.
+
+<sect1>Usage
+
+<p>Some new command line options was added for the Windows service support:
+
+The service installation is made with -i command line switch, it's possible to use -f switch at
+the same time for specify a different config-file settings for the Squid Service that will be
+stored on the Windows Registry.
+
+A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed.
+<em/"Squid"/ is the default when the switch is not used.
+
+So, to install the service, the syntax is:
+
+<p><verb>squid -i [-f file] [-n name]</verb>
+
+Service uninstallation is made with -r command line switch with the appropriate -n switch.
+
+The -k switch family must be used with the appropriate -f and -n switches, so the syntax is:
+
+<verb>squid -k command [-f file] -n service-name</verb>
+where <em/service-name/ is the name specified with -n options at service install time.
+
+To use the Squid original command line, the new -O switch must be used ONCE, the syntax is:
+
+<verb>squid -O cmdline [-n service-name]</verb>
+If multiple service command line options must be specified, use quote. The -n switch is
+needed only when a non default service name is in use.
+
+Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are
+specific to Windows services functionality and Squid is not designed for understand they.
+
+In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130":
+
+<verb>squid -O "-D -u 3130" -n squidsvc</verb>
+
+<sect1>PSAPI.DLL (Process Status Helper) Considerations
+
+<p>The process status helper functions make it easier for you to obtain information about
+processes and device drivers running on Microsoft® Windows NT®/Windows® 2000. These
+functions are available in PSAPI.DLL, which is distributed in the Microsoft® Platform
+Software Development Kit (SDK). The same information is generally available through the
+performance data in the registry, but it is more difficult to get to it. PSAPI.DLL is
+freely redistributable.
+
+PSAPI.DLL is available only on Windows NT, 2000, XP and 2003. The implementation in Squid is
+aware of this, and try to use it only on the right platform.
+
+On Windows NT PSAPI.DLL can be found as component of many applications, if you need it,
+you can find it on Windows NT Resource KIT. If you have problem, it can be
+downloaded from here:
+<url url="http://download.microsoft.com/download/platformsdk/Redist/4.0.1371.1/NT4/EN-US/psinst.EXE" name="http://download.microsoft.com/download/platformsdk/Redist/4.0.1371.1/NT4/EN-US/psinst.EXE">
+
+On Windows 2000 and later it is available installing the Windows Support Tools, located on the
+Support\Tools folder of the installation Windows CD-ROM.
+
+<sect1>Registry DNS lookup
+
+<p>On Windows platforms, if no value is specified in the <em/dns_nameservers/ option on
+squid.conf or in the /etc/resolv.conf file, the list of DNS name servers are
+taken from the Windows registry, both static and dynamic DHCP configurations
+are supported.
+
+<sect1>Compatibility Notes
+<p><itemize>
+<item>It's recommended to use '/' char in Squid paths instead of '\'
+<item>Paths with spaces (like 'C:\Programs Files\Squid) are NOT supported by Squid
+<item>Include wildcard patterns in squid.conf are NOT supported on Windows
+<item>When using ACL like 'acl aclname acltype "file"' the file must be in DOS text
+format (CR+LF) and the full Windows path must be specified, for example:
+
+<verb>acl blocklist url_regex -i "c:/squid/etc/blocked1.txt"</verb>
+
+<item>The Windows equivalent of '/dev/null' is 'NUL'
+<item>Squid doesn't know how to run external helpers based on scripts, like .bat, .cmd,
+.vbs, .pl, etc. So in squid.conf the interpreter path must be always specified, for example:
+
+<verb>redirect_program c:/perl/bin/perl.exe c:/squid/libexec/redir.pl
+redirect_program c:/winnt/system32/cmd.exe /C c:/squid/libexec/redir.cmd</verb>
+<item>When Squid runs in command line mode, the launching user account must have administrative privilege on the system
+<item>"Start parameters" in the Windows 2000/XP/2003 Service applet cannot be used
+<item>Building with MinGW, when the configure option --enable-truncate is used, Squid cannot run on Windows NT, only Windows 2000 and later are supported
+</itemize>
+
+<sect1>Known Limitations
+
+<p><itemize>
+<item>DISKD: still needs to be ported
+<item>WCCP: cannot work because user space GRE support on Windows is missing
+<item>Transparent Proxy: missing Windows non commercial interception driver
+<item>Some code sections can make blocking calls.
+<item>Some external helpers may not work.
+<item>File Descriptors number hard-limited to 2048 when building with MinGW.
+</itemize>
+
+<sect1>Using cache manager on Windows
+
+<p>On Windows, cache manager (cachemgr.cgi) can be used with Microsoft IIS or Apache.
+Some specific configuration could be needed:
+
+<sect2>IIS 6 (Windows 2003)
+<p>On IIS 6.0 all CGI extensions are denied by default for security reason, so the following configuration is needed:
+<p><itemize>
+<item>Create a cgi-bin Directory
+<item>Define the cgi-bin IIS Virtual Directory with read and CGI execute IIS
+permissions, ASP scripts are not needed. This automatically defines a
+cgi-bin IIS web application
+<item>Copy cachemgr.cgi into cgi-bin directory and look to file permissions:
+the IIS system account and SYSTEM must be able to read and execute the file
+<item>In IIS manager go to Web Service extensions and add a new Web Service
+Extension called <em/"Squid Cachemgr"/, add the cachemgr.cgi file and set the
+extension status to <em/Allowed/
+</itemize>
+
+<sect2>Apache:
+<p>On Windows, cachemgr.cgi needs to create a temporary file, so Apache must be instructed
+ to pass the TMP and TEMP Windows environment variables to CGI applications:
+<verb>
+ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"
+<Location /squid/cgi-bin/cachemgr.cgi>
+ PassEnv TMP TEMP
+ Order allow,deny
+ Allow from workstation.example.com
+</Location>
+</verb>
+
+
+
+<sect1>Changes to squid.conf
+<p>
+There have been changes to Squid's configuration file since Squid-3.0.
+
+This section gives a thorough account of those changes in three categories:
+
+<itemize>
+ <item><ref id="newtags" name="New tags">
+ <item><ref id="modifiedtags" name="Changes to existing tags">
+ <item><ref id="removedtags" name="Removed tags">
+</itemize>
+
+<p>
+
+
+<sect2>New tags<label id="newtags">
+<p>
+<descrip>
+ <tag>pinger_enable</tag>
+ <p>New option to enable/disable the ICMP pinger helper with a reconfigure instead of a full rebuild.
+ <verb>
+ Control whether the pinger is active at run-time.
+ Enables turning ICMP pinger on and off with a simple squid -k reconfigure.
+ default is on when --enable-icmp is compiled in.
+ </verb>
+
+ <tag>dns_v4_fallback</tag>
+ <p>New option to prevent squid from always looking up IPv4 regardless of whether IPv6 addresses are found.
+ Squid will follow a policy of prefering IPv6 links, keeping the IPv4 only as a safety net behind IPv6.
+ <verb>
+ Standard practice with DNS is to lookup either A or AAAA records
+ and use the results if it succeeds. Only looking up the other if
+ the first attempt fails or otherwise produces no results.
+
+ That policy however will cause squid to produce error pages for some
+ servers that advertise AAAA but are unreachable over IPv6.
+
+ If this is ON squid will always lookup both AAAA and A, using both.
+ If this is OFF squid will lookup AAAA and only try A if none found.
+
+ WARNING: There are some possibly unwanted side-effects with this on:
+ *) Doubles the load placed by squid on the DNS network.
+ *) May negatively impact connection delay times.
+ </verb>
+
+ <tag>include</tag>
+ <p>New option to import entire secondary configuration files into squid.conf.
+ <verb>
+ Squid will follow the files immediately and insert all their content
+ as if it was at that position in squid.conf. As per squid.conf some
+ options are order-specific within the config as a whole.
+
+ A few layers of include are allowed, but too many are confusing and
+ squid will enforce an include depth of 16 files.
+
+ Syntax:
+ include /path/to/file1 /path/to/file2
+ </verb>
+
+ <tag>error_default_language</tag>
+ <p>New option to replace the old configure option --enable-default-err-language
+ <verb>
+ Set the default language which squid will send error pages in
+ if no existing translation matches the clients language
+ preferences.
+
+ If unset (default) generic English will be used.
+ </verb>
+
+
+</descrip>
+
+<sect2>Changes to existing tags<label id="modifiedtags">
+<p>
+<descrip>
+ <tag>acl dst ipvs</tag>
+ <p>New preset content - ipv6 - available as a preset type in the src and dst ACL matching all of the public IPv6 network space.
+ <verb>
+ acl aclname dst ipv6
+ </verb>
+
+ <tag>http(s)_port name= intercept</tag>
+ <p>New port options.
+ <verb>
+ name= Specifies a internal name for the port. Defaults to
+ the port specification (port or addr:port)
+
+ intercept Rename of old 'transparent' option to indicate proper functionality.
+ </verb>
+
+ <tag>acl myportname</tag>
+ <p>New acl type myportname, matching the name of the http(s)_port where the request was accepted
+ <verb>
+ acl aclname myportname 3128 ... # http(s)_port name
+ </verb>
+
+ <tag>external_acl_type</tag>
+ <p>New options 'ipv4' and 'ipv6' are added to set the IPv4/v6 protocol between squid and its helpers.
+ Please be aware of some limits to these options. These options only affet the transport protocol used
+ to send data to and from the helpers. Squid in IPv6-mode may still send %SRC addresses in IPv4 or IPv6
+ format, so all helpers will need to be checked and converted to cope with such information cleanly.
+ <verb>
+ ipv4 / ipv6 IP-mode used to communicate to this helper.
+ For compatability with older configurations and helpers
+ 'ipv4' is the default unless --with-localhost-ipv6 is used.
+ --with-localhost-ipv6 changes the default to 'ipv6'.
+ SPECIAL NOTE: explicit use of these options override --with-localhost-ipv6
+ </verb>
+
+ <tag>tcp_outgoing_address</tag>
+ <p>This option causes some problems when bridging IPv4 and IPv6. A workaround has been provided.
+ <verb>
+ Squid is built with a capability of bridging the IPv4 and IPv6 internets.
+ tcp_outgoing_address as previously used breaks this bridging by forcing
+ all outbound traffic through a certain IPv4 which may be on the wrong
+ side of the IPv4/IPv6 boundary.
+
+ To operate with tcp_outgoing_address and keep the bridging benefits
+ an additional ACL needs to be used which ensures the IPv6-bound traffic
+ is never forced or permitted out the IPv4 interface.
+
+ acl to_ipv6 dst ipv6
+ tcp_outgoing_address 2002::c001 good_service_net to_ipv6
+ tcp_outgoing_address 10.0.0.2 good_service_net !to_ipv6
+
+ tcp_outgoing_address 2002::beef normal_service_net to_ipv6
+ tcp_outgoing_address 10.0.0.1 normal_service_net !to_ipv6
+
+ tcp_outgoing_address 2002::1 to_ipv6
+ tcp_outgoing_address 10.0.0.3 !to_ipv6
+ </verb>
+
+ <tag>balance_on_multiple_ip</tag>
+ <p>The previous default behavour (rotate per-request) of this setting causes failover clashes with IPv6 built-in mechanisms.
+ It has thus been turned off by default. Making the 'best choice' IP continue in use for any hostname until it encounters a connection failure and failover drops to the next known IP.
+ <verb>
+ Modern IP resolvers in squid sort lookup results by preferred access.
+ By default squid will use these IP in order and only rotates to
+ the next listed when the most preffered fails.
+
+ Some load balancing servers based on round robin DNS have been
+ found not to preserve user session state across requests
+ to different IP addresses.
+
+ Enabling this directive Squid rotates IP's per request.
+ </verb>
+
+ <tag>http_port</tag>
+ <p>option 'transparent' is being deprecated in favour of 'intercept' which more clearly identifies what the option does.
+ For now option 'tproxy' remains with old behaviour meaning fully-invisible proxy using TPROXY support.</p>
+
+ <tag>error_directory</tag>
+ <p>Now an optiona entry in squid.conf. If present it will force all visitors to receive the error pages
+ contained in the directory it points at. If absent error page localization will be given a chance.
+ <verb>
+ If you wish to create your own versions of the default
+ error files to customize them to suit your company copy
+ the error/template files to another directory and point
+ this tag at them.
+
+ WARNING: This option will disable multi-language support
+ on error pages if used.
+
+ The squid developers are interested in making squid available in
+ a wide variety of languages. If you are making translations for a
+ language that Squid does not currently provide please consider
+ contributing your translation back to the project.
+ http://wiki.squid-cache.org/Translations
+
+ The squid developers working on translations are happy to supply drop-in
+ translated error files in exchange for any new language contributions.
+ </verb>
+
+</descrip>
+
+
+<sect2>Removed tags<label id="removedtags">
+<p>
+<descrip>
+
+ <tag>dns_testnames</tag>
+ <p>Obsolete. This feature is no longer relevant to modern networks and causes boot problems.</p>
+
+</descrip>
+
+
+<sect1>Changes to ./configure Options
+<p>
+There have been some changes to Squid's build configuration since Squid-3.0.
+
+This section gives an account of those changes in three categories:
+
+<itemize>
+ <item><ref id="newoptions" name="New options">
+ <item><ref id="modifiedoptions" name="Changes to existing options">
+ <item><ref id="notportedoptions" name="Not yet available options">
+ <item><ref id="removedoptions" name="Removed options">
+</itemize>
+<p>
+
+
+<sect2>New options<label id="newoptions">
+
+<p>
+<descrip>
+ <tag>--enable-ipv6</tag>
+ <p>Buildwith IPv6 support. The default is to build without.</p>
+
+ <tag>--with-localhost-ipv6</tag>
+ <p>Build support for squid to map all 127.0.0.1 traffic onto ::1.
+ The default is to build with 127.0.0.1 and ::1 being considered seperate IP.
+ see the IPv6 details above for a better description.
+ </p>
+
+ <tag>--with-ipv6-split-stack</tag>
+ <p>Enable special additions for IPv6 support in Windows XP.
+ see the IPv6 details above for a better description.</p>
+
+ <tag>--with-ipv4-mapped</tag>
+ <p>Enable special additions for IPv6 support in Windows Vista.
+ see the IPv6 details above for a better description.</p>
+
+ <tag>--with-dns-cname</tag>
+ <p>Enable CNAME recursion within the Internal DNS resolver stub squid uses.
+ This has no effect on the external DNS helper.
+ Please note this extension is still experimental and may encounter problems.
+ To see if it is actually needed you can run squid without it for a period and
+ check the CNAME-Only Requests statistics squid maintains.
+ If it produces ongoing serious problems the external helper may be needed
+ but please report the bugs anyway.
+ </p>
+
+ <tag>--enable-auto-locale</tag>
+ <p>Enable error page localization for visitors.</p>
+
+</descrip>
+</p>
+
+<sect2>Changes to existing options<label id="modifiedoptions">
+
+<p>
+<descrip>
+ <tag>--disable-internl-dns</tag>
+ <p>Better support for Linux using the external DNS helper.
+ The helper will compile and work with dns_nameservers on more variants of Linux than previously.</p>
+
+ <tag>--enable-linux-netfilter</tag>
+ <p>This option now enables support for all three netfilter interception targets.
+ Adding TPROXY version 4+ support to squid through the TPROXY target.
+ This options requires a linux kernel 2.6.25 or later for embeded netfilter TPROXY targets.
+ Older REDIRECT and DNAT targets work as before on HTTP ports marked 'intercept'.
+ </p>
+
+</descrip>
+</p>
+
+<sect2>Not yet available options<label id="notportedoptions">
+
+<p>These configure options have not yet been ported to Squid-3. If you need something to do then
+porting one of these from Squid-2 to Squid-3 is most welcome.
+
+<descrip>
+ <tag>--enable-devpoll</tag>
+ <p>Support for Solaris /dev/poll</p>
+
+ <tag>--enable-select-simple</tag>
+ <p>Basic POSIX select() loop without any binary fd_set optimizations.</p>
+
+ <tag>--enable-follow-x-forwarded-for</tag>
+ <p>Support following the X-Forwarded-For HTTP header for determining the
+ client IP address</p>
+</descrip>
+
+<sect2>Removed options<label id="removedoptions">
+
+<p>The following configure options have been removed.
+
+<descrip>
+ <tag>--enable-linux-tproxy</tag>
+ <p>Replaced by --enable-linux-tproxy2 to make way for differences in TPROXY v2 and v4 support.</p>
+ <tag>--enable-default-err-language</tag>
+ <p>Replaced by error_default_language squid.conf option</p>
+ <tag>--enable-err-languages</tag>
+ <p>Removed.</p>
+</descrip>
+
+</article>
projects / thirdparty / squid.git / commitdiff
