deny_info

icp_hit_stale

This tag is used to specify passwords for cachemgr operations. Some valid actions are (see cache manager menu for a full list):

5min
60min
asndb
authenticator
cbdata
client_list
comm_incoming
config *
counters
delay
digest_stats
dns
events
filedescriptors
fqdncache
histograms
http_headers
info
io
ipcache
mem
menu
netdb
non_peers
objects
pconn
peer_select
redirector
refresh
server_list
shutdown *
store_digest
storedir
utilization
via_headers
vm_objects

* Indicates actions which will not be performed without a valid password, others can be performed if not listed here.

To disable an action, set the password to "disable".

To allow performing an action without a password, set the password to "none".

Use the keyword "all" to set the same password for all actions.

cachemgr_passwd secret shutdown
cachemgr_passwd lesssssssecret info stats/objects
cachemgr_passwd disable all

Target number of objects per bucket in the store hashtable. Lowering this value increases the total number of bucketsand also the storage maintenance rate. Then we estimate the numberof hashbuckets needed:
NUM_BUCKETS = NUM_OBJ / store_objects_per_bucket
NUM_OBJ is the number of objects your cache can hold, estimated by store_avg_object_size.

store_objects_per_bucket 50

If you want to disable collecting per-client statistics, then turn off client_db here

client_db on

The low and high water marks for the ICMP measurementdatabase. These are counts, not percents. The defaults are 900 and1000. When the high water mark is reached, database entries willbe deleted until the low mark is reached

The minimum period for measuring a site. There will be at least this much delay between successive pings to the same network

If you want to ask your peers to include ICMP data intheir ICP replies, enable this option. If your peer has configuredSquid (during compilation) with '--enable-icmp' then that peer willsend ICMP pings to origin server sites of the URLs it receives. Ifyouenable this option then the ICP replies from that peer will includethe ICMP data (if available). Then, when choosing a parent cache,Squid will choose the parent with the minimal RTT to the origin server.Whenthis happens, the hierarchy field of the access.log will be "CLOSEST_PARENT_MISS ".

query_icmp off

When this is 'on', ICP MISS replies will be ICP_MISS_NOFETCH instead of ICP_MISS if the target host is NOT in the ICMP database, or has a zero RTT

test_reachability off

Some log files (cache.log , useragent.log) are written with stdio functions, and as such they can be buffered or unbuffered. By default they will be unbuffered. Buffering them can speed up the writing slightly (though you are unlikely to need to worry).

buffered_logs off

When you enable this option, client no-cache or ``reload'' requests will be changed to If-Modified-Since requests. Doing this VIOLATES the HTTP standard. Enabling this feature could make youliable for problems, which it causes.

See also refresh_pattern for a more selective approach.

This option may be disabled by using --disable-http-violations with the configure script. reload_into_ims off

reload_into_ims off

Here you can use ACL elements to specify requests, which should ALWAYS be forwarded directly to origin servers. This is mostly used while using cache_peer. See also never_direct .

always_direct is by default deny.     

never_direct is the opposite of always_direct. Pleaseread the description for always_direct if you have not already.

With 'never_direct' you can use ACL elements to specify requests, whichshould NEVER be forwarded directly to origin servers

When always_direct and never_direct are deny (By default), Squid selectsbased on the request type and a number of other factors if a parent shouldbe used or not, and if a parent could not be reached it will always fallback on direct.

If always_direct is allow then Squid will always go direct to the sourcewithout concidering any peers.

If never_direct is allow then Squid will never attempt to go direct to the source. Instead it tries very hard to find a parent to send the request to. If no parent can be found then an error is returned

never_direct is by default deny.        

This option replaces the old 'http_anonymizer' optionwith something that is much more configurable. You may now specifyexactly which headers are to be allowed, or which are to be removedfrom outgoing requests.

There are two methods of using this option. You may either allowspecific headers (thus denying all others), or you may deny specificheaders (thus allowing all others).

For example, to achieve the same behavior as the old 'http_anonymizer standard' option, you should use:

anonymize_headers deny From Referer Server
anonymize_headers deny User-Agent WWW-Authenticate Link

Or, to reproduce the old 'http_anonymizer paranoid' feature you should use:

anonymize_headers allow Allow Authorization Cache-Control
anonymize_headers allow Content-Encoding Content-Length
anonymize_headers allow Content-Type Date Expires Host
anonymize_headers allow If-Modified-Since Last-Modified
anonymize_headers allow Location Pragma Accept
anonymize_headers allow Accept-Encoding Accept-Language
anonymize_headers allow Content-Language Mime-Version
anonymize_headers allow Retry-After Title Connection
anonymize_headers allow Proxy-Connection

If you filter the User-Agent header with ' anonymize_headers' it may cause some Web servers to refuse your request. Use this to fake one up.

fake_user_agent none

This tag is to specify the location where the icons are stored

These are normally kept in /usr/local/squid/etc/icons

If you wish to create your own versions of the default (English) error files, either to customize them to suit your language or company, copy the template English files to another directoryand point this tag at them

These are normally kept in /usr/local/squid/etc/errors

This specifies the minimum connect timeout, when the connect timeout is reduced to compensate for the availability of multiple IP addresses. When a connection to a host is initiated, and thathost has several IP addresses, the default connection timeout isreduced by dividing it by the number of addresses. So, a site with15 addresses would then have a timeout of 8 seconds for each addressattempted. To avoid having the timeout reduced to the point whereeven a working host would not have a chance to respond, this settingis provided

This sets the maximum number of connection attempts for a host that only has one address (for multiple-address hosts, each address is tried once)

Squid can now serve statistics and status informationvia SNMP. If you don't wish to use SNMP, set this to "0".

Allowing or denying access to the SNMP port. This option is only available if Squid is rebuilt with the --enable-snmp option

All access to the agent is denied by default.

Just like 'udp_incoming_address' above, but for the SNMP port. This option is only available if Squid is rebuilt with the--enable-snmp option

snmp_incoming_address is used for the SNMP socket receiving messages from SNMP agents.
snmp_outgoing_address is used for SNMP packets returned to SNMP agents. See also snmp_port

WHOIS server to query for AS numbers. NOTE: AS numbers are queried only when Squid starts up, not for every request

as_whois_server whois.ra.net

This option is used to define the WCCP ``home'' router for Squid. Setting the 'wccp_router' to 0.0.0.0 (the default) disables WCCP

wccp_router 0.0.0.0

According to some users, Cisco IOS 11.2 only supportsWCCP version 3. If you're using that version of IOS, change thisvalueto 3

wccp_version 4

Use this option if you require WCCP messages to be received on only one interface. Do NOT use this option if you're unsure how many interfaces you have, or if you know you have only one interface

Use this option if you require WCCP messages to be sent out on only one interface. Do NOT use this option if you're unsure how many interfaces you have, or if you know you have only one interface