Squid 2.4 Stable1 Configuration Manual |
||
Previous |
Tag Name |
dns_testnames |
|
Usage |
dns_testnames URL |
|
Description |
||
The DNS tests exit as soon as the first site is successfully looked up To disable DNS tests, not to comment out or delete this list. Instead use the -D command line option |
||
Default |
dns_testnames netscape.com internic.net nlanr.net microsoft.com |
|
Example |
- |
|
Caution |
- |
Tag Name |
logfile_rotate |
|
Usage |
logfile_rotate NUMBER |
|
Description |
||
Specifies the number of logfile rotations to make when you type 'squid -k rotate'. The default is 10, which will rotate with extensions 0 through 9. Setting logfile_rotate to 0 will disable the rotation, but the logfiles are still closed and re-opened. This will enable you to rename the logfiles yourself just before sending the rotate signal. |
||
Default |
logfile_rotate 10 |
|
Example |
logfile_rotate 5 |
|
Caution Note, the 'squid -k rotate' command normally sends a USR1 signal to the running squid process. In certain situations (e.g. on Linux with Async I/O), USR1 is used for other purposes; so -k rotate uses another signal. It is best to get in the habit of using 'squid -k rotate' instead of 'kill -USR1 |
Tag Name |
append_domain |
|
Usage |
append_domain domainname |
|
Description |
||
Appends local domain name to hostnames without any dotsin them. append_domain must begin with a period. |
||
Default |
none |
|
Example |
append_domain .yourdomain.com |
|
Caution |
- |
Tag Name |
tcp_recv_bufsize |
|
Usage |
tcp_recv_bufsize (bytes) |
|
Description |
||
Size of receive buffer to set for TCP sockets. Probablyjust as easy to change your kernel's default. |
||
Default Set to zero to use the default buffer size. By default, this is set to zero means it is using kernel’s default. tcp_recv_bufsize0 bytes |
||
Example |
- |
|
Caution |
- |
Tag Name |
err_html_text |
|
Usage |
err_html_text text |
|
Description |
||
HTML text to include in error messages. Make this a "mailto" URL to your admin address, or maybe just a link to your organizations Web page. To include this in your error messages, you must rewrite the errortemplate files (found in the "$prefix/etc/errors" directory). Whereveryou want the 'err_html_text' line to appear, insert a %L tag in theerror template file |
||
Default |
none |
|
Example err_html_text venkatesh@visolve.com Consider you want to display this mailId when access denied error occurs, then edit corresponding file (ERR_ACCESS_DENIED in “$prefix/etc/errors” directory) with %L where this mailId should be displayed |
||
Caution |
- |
Tag Name |
||
Usage |
deny_info err_page_name acl |
|
Description |
||
This can be used to return an ERR_ page for requests, which do not pass the 'http_access' rules. A single ACL will cause the http_access check to fail. If a 'deny_info' line exists for that ACL then Squid returns a corresponding error page. You may use ERR_ pages that come with Squid or create your own pages and put them into the configured errors/ directory |
||
Default |
none |
|
Example If you want to deny domain “deny.com” and want to display access denied message specifically, add these lines in conf. And add the file called ERR_CUSTOM_ACCESS_DENIED in $prefix/etc/errors/ directory with your own format. acl DSTDOMAIN dstdomain .deny.com http_access deny DSTDOMAIN http_access allow all deny_info ERR_CUSTOM_ACCESS_DENIED DSTDOMAIN So now if users try to browse “deny.com”, they will get your defined error message |
||
Caution |
- |
Tag Name |
memory_pools |
|
Usage |
memory_pools on|off |
|
Description |
||
If set, Squid will keep pools of allocated (but unused) memory available for future use. If memory is a premium on your system andyou believe your malloc library outperforms Squid routines, disablethis. |
||
Default |
memory_pools off |
|
Example |
- |
|
Caution |
- |
Tag Name |
memory_pools_limit |
|
Usage |
memory_pools_limit (bytes) |
|
Description |
||
If set to a non-zero value, Squid will keep at most the specified limit of allocated (but unused) memory in memory pools. Allfree() requests that exceed this limit will be handled by your malloclibrary. Squiddoes not pre-allocate any memory, just safe-keeps objectsthat otherwisewould be free()d. Thus,it is safe to set memory_pools_limitto a reasonablyhigh value even if yourconfiguration will use lessmemory. If not set (default) or set to zero, Squid will keep all memory it can. That is, there will be no limit on the total amount of memory used forsafe-keeping. |
||
Default |
none |
|
By default, memory_pools is not set. So there is no default value for
memory_pools_limit |
||
Example |
- |
|
Caution Used only with memory_pools on: To disable memory allocation optimization, do not set memory_pools_limit to 0. Set memory_pools to "off" instead. An overhead for maintaining memory pools is not taken into account when the limit is checked. This overhead is close to four bytes per object kept. However, pools may actually _save_ memory because of reduced memory thrashing in yourmalloc library |
Tag Name |
forwarded_for |
|
Usage |
forwarded_for on|off |
|
Description |
||
Current HTTP/1.1 does not provide any standard way of indicating the client address in the request. Since a number of people missedhaving the originating client address in the request, Squid now addsits own request header called "X-Forwarded-For" which looks like this: X-Forwarded-For: 192.1.2.3|unknown If set, Squid will include your system's IP address or name in theHTTP requests it forwards. By default it looks like this: X-Forwarded-For: 192.1.2.3 If you disable this, it will appear as X-Forwarded-For: unknown |
||
Default |
forwarded_for on |
|
Example |
- |
|
Caution |
- |
Tag Name |
log_icp_queries |
|
Usage |
log_icp_queries on|off |
|
Description |
||
If set, ICP queries are logged to access.log. You may wish do disable this if your ICP load is very high to speed things up or to simplify log analysis |
||
Default |
log_icp_queries on |
|
Example |
- |
|
Caution |
- |
Tag Name |
||
Usage |
icp_hit_stale on|off |
|
Description |
||
If you want to return ICP_HIT for stale cache objects, set this option to 'on'. If you have sibling relationships with cachesin other administrative domains, this should be 'off'. If you onlyhave sibling relationships with caches under your control, then itis probably okay to set this to 'on' |
||
Default |
icp_hit_stale off |
|
Example |
- |
|
Caution |
- |
Tag Name |
minimum_direct_hops |
|
Usage |
minimum_direct_hops NUMBER |
|
Description |
||
If using the ICMP pinging stuff, do direct fetches for sites which are no more than this many hops away. This parameter plays arole in deciding latency |
||
Default |
minimum_direct_hops 4 |
|
Example |
- |
|
Caution |
- |
Tag Name |
minimum_direct_rtt |
|
Usage |
minimum_direct_rtt time-units |
|
Description |
||
This is the port number to be used in conjunction with 'mcast_miss_addr'. This option is only available if Squid is rebuilt with the -DMULTICAST_MISS_TTL option |
||
Default |
minimum_direct_rtt 400 |
|
Example |
- |
|
Caution |
- |
Tag Name |
cachemgr_passwd |
|
Usage |
cachemgr_passwd password action action ... |
|
Description |
||
|
||
Default |
none |
|
Example |
- |
|
Caution |
- |
Tag Name |
store_avg_object_size |
|
Usage |
store_avg_object_size (kbytes) |
|
Description |
||
Average object size, used to estimate number of objectsyour cache can hold. To Estimate the number of objects your cache can hold: NUM_OBJ = cache_swap / store_avg_object_size Cache_swap is size of the cache |
||
Default The default is 13 KB. store_avg_object_size 13 KB |
||
Example |
- |
|
Caution |
- |
Tag Name |
store_objects_per_bucket |
|
Usage |
store_objects_per_bucket (kbytes) |
|
Description |
||
|
||
Default |
|
|
Example |
- |
|
Caution |
- |
Tag Name |
client_db |
|
Usage |
client_db on|off |
|
Description |
||
|
||
Default |
|
|
Example |
- |
|
Caution |
- |
Tag Name |
netdb_low netdb_high |
|
Usage |
netdb_low entries netdb_high entries |
|
Description |
||
|
||
Default netdb_low 900 netdb_high 1000 |
||
Example |
- |
|
Caution |
- |
Tag Name |
netdb_ping_period |
|
Usage |
netdb_ping_period time-units |
|
Description |
||
|
||
Default |
netdb_ping_period 5 minutes |
|
Example |
- |
|
Caution |
- |
Tag Name |
query_icmp |
|
Usage |
query_icmp on|off |
|
Description |
||
|
||
Default |
|
|
Example |
- |
|
Caution |
- |
Tag Name |
test_reachability |
|
Usage |
test_reachability on|off |
|
Description |
||
|
||
Default |
|
|
Example |
- |
|
Caution |
- |
Tag Name |
buffered_logs |
|
Usage |
buffered_logs on|off |
|
Description |
||
|
||
Default |
|
|
Example |
- |
|
Caution |
- |
Tag Name |
reload_into_ims |
|
Usage |
reload_into_ims on|off |
|
Description |
||
|
||
Default |
|
|
Example |
- |
|
Caution |
- |
Tag Name |
always_direct |
|
Usage |
always_direct allow|deny [!]aclname ... |
|
Description |
||
|
||
Default |
|
|
Example For example, to always directly forward requests for local serversuse something like: acl local-servers dstdomain .my.domain.net always_direct allow local-servers To always forward FTP requests directly, use acl FTP proto FTP always_direct allow FTP Example for denying specific domain acl local-external dstdomain .external.foo.net acl local-servers dstdomain .foo.net always_direct deny local-external always_direct allow local-servers |
||
Caution There is a similar, but opposite option named ' never_direct'. You need to be aware that "always_direct deny foo" is NOT the same thing as "never_directallow foo". You may need to use a deny rule to exclude a more-specificcase of some other rule |
Tag Name |
never_direct |
|
Usage |
never_direct allow|deny [!]aclname ... |
|
Description |
||
|
||
Default |
|
|
Example For example, to force the use of a proxy for all requests, except those in your local domain use something like: acl local-servers dstdomain foo.net acl all src 0.0.0.0/0.0.0.0 never_direct deny local-servers never_direct allow all or if squid is inside a firewall and there is local intranet servers inside the firewall then use something like: acl local-intranet dstdomain .foo.net acl local-external dstdomain .external.foo.net always_direct deny local-external always_direct allow local-intranet never_direct allow all |
||
Caution It will be better to understand always_direct before enabling this tag |
Tag Name |
fake_user_agent |
|
Usage |
fake_user_agent String |
|
Description |
||
|
||
Default |
|
|
Example |
fake_user_agent Nutscrape/1.0 (CP/M; 8-bit) |
|
Caution |
- |
Tag Name |
icon_directory |
|
Usage |
icon_directory directorypath/directoryname |
|
Description |
||
|
||
Default |
|
|
Example |
icon_directory /etc/icons |
|
Caution |
- |
Tag Name |
error_directory |
|
Usage |
error_directory directorypath/directoryname |
|
Description |
||
|
||
Default |
|
|
Example |
icon_directory /etc/errors |
|
Caution |
- |
Tag Name |
minimum_retry_timeout |
|
Usage |
minimum_retry_timeout (seconds) |
|
Description |
||
|
||
Default The default, and the minimum value, is five seconds, and the maximum value is sixty seconds, or half of connect_timeout, whichever is greater and lessthan connect_timeout. minimum_retry_timeout 5 seconds |
||
Example |
- |
|
Caution |
- |
Tag Name |
maximum_single_addr_tries |
|
Usage |
maximum_single_addr_tries NUMBER |
|
Description |
||
|
||
Default The default value is three tries, the (not recommended) maximum is 255 tries. maximum_single_addr_tries 3 |
||
Example |
- |
|
Caution A warning message will be generated if it is set to a value greater than ten |
Tag Name |
snmp_port |
|
Usage |
snmp_port port |
|
Description |
||
|
||
Default By default it listens to port 3401 on the machine. snmp_port 3401 |
||
Example |
- |
|
Caution SNMP support requires use of the --enable-snmp configure command line option |
Tag Name |
snmp_access |
|
Usage |
snmp_access allow|deny [!]aclname ... |
|
Description |
||
|
||
Default |
|
|
Example snmp_access allow snmppublic localhost snmp_access deny all |
||
Caution |
- |
Tag Name |
snmp_incoming_address snmp_outgoing_address |
|
Usage |
snmp_incoming_address IPAddress snmp_outgoing_address IPAddress |
|
Description |
||
|
||
Default The default behavior is to not bind to any specific address. snmp_incoming_address 0.0.0.0 snmp_outgoing_address 255.255.255.255 |
||
Example snmp_incoming_address 172.16.1.115 snmp_outgoing_address 172.16.1.114 |
||
Caution snmp_incoming_address and snmp_outgoing_address cannot have the same value since they both use port 3130. |
Tag Name |
as_whois_server |
|
Usage |
as_whois_server Server-Name |
|
Description |
||
|
||
Default |
|
|
Example |
- |
|
Caution |
- |
Tag Name |
wccp_router |
|
Usage |
wccp_router Router-IPAddress |
|
Description |
||
|
||
Default |
|
|
Example |
- |
|
Caution |
- |
Tag Name |
wccp_version |
|
Usage |
wccp_version Version |
|
Description |
||
|
||
Default |
|
|
Example |
- |
|
Caution |
- |
Tag Name |
wccp_incoming_address |
|
Usage |
wccp_incoming_address IPAddress |
|
Description |
||
|
||
Default The default behavior is to not bind to any specific address wccp_incoming_address 0.0.0.0 |
||
Example |
- |
|
Caution wccp_incoming_address and wccp_outgoing_address cannot have the same value since they both use port 2048. |
Tag Name |
wccp_outgoing_address |
|
Usage |
wccp_outgoing_address IPAddress |
|
Description |
||
|
||
Default The default behavior is to not bind to any specific address wccp_outgoing_address 255.255.255.255 |
||
Example |
- |
|
Caution wccp_incoming_address and wccp_outgoing_address cannot have the same value since they both use port 2048. |