Squid 2.4 Stable1
Configuration Manual		  

   
Previous
Table of Contents
Next
OPTIONS FOR EXTERNAL SUPPORT PROGRAMS

Tag Name
ftp_user

Usage
ftp_user username

Description

This tag can be used if you want the anonymous login password to be more informative. You can set this to something reasonable for your domain, like squid@squid.kovaiteam.com. The reason why this is domainless by default is that the request can be made on the behalf of a user in any domain, depending on how the cache is used. Some ftp servers also validate the email address. For detailed explanation Click Here

Default
ftp_user disabled

Example
ftp_user squid@squid.kovaiteam.com

Caution
-

Tag Name
ftp_list_width

Usage
ftp_list_width number

Description

This tag is used to set the width of ftp listings. This should be set to fit in the width of a standard browser. Setting this too small can cut off long filenames when browsing ftp sites

Default
ftp_list_width 32

Example
-

Caution
-

Tag Name
ftp_passive

Usage
ftp_passive on|off

Description

If your firewall does not allow Squid to use passive connections, then turn off this option.

Default
ftp_passive on

Example
-

Caution
-

Tag Name
cache_dns_program

Usage
cache_dns_program program

Description

This tag is used to specify the location of the executable for dnslookup process. This option is only available if Squid is rebuilt with the --disable-internal-dns option.

The external dns program uses the normal resolver libraries which is a much more mature DNS client. The internal DNS client still has some problems with special cases in the DNS protocol. However, things has gotten a lot better compared to the early version so any of theseissues are not likely to be noticed, and is heavily out weighted by the improved performance and reliability. But drawbacks of the external DNS helper are likely to be noticed when using external DNS. If DNS lookups are slow then the external DNS helper will hit the roof and no further DNS lookups can complete (some Squid versions even abort in such case).

Recommendation: Use the internal DNS client unless experience problems which forces to use the external one until a fix is provided.

Default
cache_dns_program none

Example
cache_dns_program /usr/local/squid/bin/dnsserver

Caution
-

Tag Name
dns_children

Usage
dns_children number (1 to 32)

Description

The number of processes spawn to service DNS name lookups are specified here.For heavily loaded caches on large servers, There is probably need to increasethis value to at least 10. The maximum is 32. The default is 5. Thisoption is only available if Squid is rebuilt with the --disable-internal-dns option. The number of processes increases, the performance of DNS lookups also increases. It is recommended to use maximum child processes (32).

The limitation that the external dnsserver helper can only handle one DNS lookup at a time and cannot be aborted prior to the 2 minutes DNS lookup time-out. The internal DNS client DOES NOT have this limitation and can handle any number of concurrent lookups. See the description of cache_dns_program.

Default
dns_children 5

Example
-

Caution
You must have at least one dnsserver process

Tag Name
dns_retransmit_interval

Usage
dns_retransmit_interval time-units

Description

This tag is used to set the initial retransmit interval for DNS queries. The interval is doubled each time all configured DNS servers have been tried

Default
dns_retransmit_interval 5 seconds

Example
-

Caution
-

Tag Name
dns_timeout

Usage
dns_timeout time-units

Description

This tag is used to set the DNS Query time-out. If no response is received to a DNS query within this time then all DNS servers forthe queried domain is assumed to be unavailable

Default
dns_timeout 5 minutes

Caution
-

Tag Name
dns_defnames

Usage
dns_defnames on|off

Description

Normally the 'dnsserver' disables the RES_DEFNAMES resolveroption (see res_init(3)). This prevents caches in a hierarchy from interpreting single component hostnames locally. To allow dnsserver handle single component names, enable this option. This option is only available if Squid isrebuilt with the --disable-internal-dnsoption

Default
dns_defnames off

Example
-

Caution
-

Tag Name
dns_nameservers

Usage
dns_nameservers IPaddress

Description

This tag can be used if you want to specify a list of DNS name servers (IP addresses) to use instead of those given in your /etc/resolv.conf file

Default
dns_nameservers none

Example
dns_nameservers 172.16.1.102 204.54.6.20

Caution
-

Tag Name
unlinkd_program

Usage
unlinkd_program path/to/unlinkedfile

Description

This tag specifies the location of the executable for file deletion process. This isn't needed if you are using async-io since it's handled by a thread

Default
-

Example
unlinkd_program /usr/local/squid/bin/unlinkd

Caution
-

Tag Name
pinger_program

Usage
pinger_program path/to/pingerfile

Description

Specify the location of the executable for the pinger process. This is only useful if you configured Squid (during compilation) with the '--enable-icmp' option

Default
-

Example
pinger_program /usr/local/squid/bin/pinger

Caution
-

Tag Name
redirect_program

Usage
redirect_program path/to/redirector

Description

This tag is used to specify the location of the executable for the URL redirector. Since they can perform almost any function there isn't one included. Click here for information on how to write one. By default, a redirector is not used

Default
redirect_program none

Example
-

Caution
-

Tag Name
redirect_children

Usage
redirect_children number

Description

This tag is used to set the number of redirect processes to spawn

Default
redirect_children 5

Example
-

Caution
If you start too few Squid will have to wait for them to process aback log of URLs, slowing it down. If you start too many they will use RAM andother system resources

Tag Name
redirect_rewrites_host_header

Usage
redirect_rewrites_host_header on|off

Description

By default Squid rewrites any Host: header in redirected requests. If you are running a accelerator then this may not be a wanted effect of a redirector

Default
redirect_rewrites_host_header on

Example
-

Caution
-

Tag Name
redirect_access

Usage
redirector_access allow|deny

Description

If defined, this access list specifies which requests are sent to the redirector processes

Default
All requests are sent

Example
-

Caution
-

Tag Name
authenticate_program

Usage
authenticate_program path/to/program path/to/passwdfile

Description


This tag is used to specify the command for the external authenticator. Such a program reads a line containing "username password" and replies "OK" or "ERR" in an endless loop. If you use an authenticator, make sure you have 1 acl of type proxy_auth. If you want to use the traditional proxy authentication, jump over to the ../auth_modules/NCSA directory and give

# make
# make install

The source for this program is included in the source distribution, in the auth_modules/NCSA directory. You should now have an ncsa_authprogram in the same directory where your squid binary lives. You may need to create a password file. If you have been using proxy authentication before, you probably already have such a file. You can get apache’s htpasswd         program from here. Pick a pathname for your password file. We will assume youwill want to        put it in the same directory as your Squid.conf.


Default
authenticate_program none
By default, the authenticator_program is not used

Example
authenticate_program /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/passwd

Caution
-

Tag Name
authenticate_children

Usage
authenticate_children number

Description


The number of authenticator processes to spawn (default 5).

Default


authenticate_children 5

Example
-

Caution
If you start too few Squid will have to wait for them to process aback log of usercode/password verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes.

Tag Name
authenticate_ttl

Usage
authenticate_ttl seconds

Description


This tag is used to specify the time a checked username/password combination remains cached (default 3600). If a wrong password is given for a cached user, the user gets removed from the username/password cache forcing a revalidation

Default


authenticate_ttl 3600

Example
-

Caution
-

Tag Name
authenticate_ip_ttl

Usage
authenticate_ip_ttl number

Description


With this option you control how long a proxy authentication will be bound to a specific IP address. If a request using the same user name is received during this time then access will be denied and both users are required to reauthenticate them selves. The idea behind this is to make it annoying for people to share their password to their friends, but yet allow a dialup user to reconnect on a different dialup port. The default is 0 to disable the check. Recommended value if you have dialup users are no more than 60 (seconds). If all your users are stationary then higher values may be used

Default


authenticate_ip_ttl 0

Example
-

Caution
-
 

Tag Name
authenticate_ip_ttl_is_strict

Usage
authenticate_ip_ttl_is_strict on|off

Description


This option makes authenticate_ip_ttl a bit stricter. With this enabled authenticate_ip_ttl will deny all access from other IPaddresses until the TTL has expired, and the IP address "owning" the useridwill not be forced to reauthenticate.

Default


authenticate_ip_ttl_is_strict on

Example
-

Caution
-