Squid 2.4 Stable1 Configuration Manual |
||
Previous |
Tag Name |
ftp_user |
|
Usage |
ftp_user username |
|
Description |
||
This tag can be used if you want the anonymous login password to be more informative. You can set this to something reasonable for your domain, like squid@squid.kovaiteam.com. The reason why this is domainless by default is that the request can be made on the behalf of a user in any domain, depending on how the cache is used. Some ftp servers also validate the email address. For detailed explanation Click Here |
||
Default |
ftp_user disabled |
|
Example ftp_user squid@squid.kovaiteam.com |
||
Caution |
- |
Tag Name |
ftp_list_width |
|
Usage |
ftp_list_width number |
|
Description |
||
This tag is used to set the width of ftp listings. This should be set to fit in the width of a standard browser. Setting this too small can cut off long filenames when browsing ftp sites |
||
Default |
ftp_list_width 32 |
|
Example |
- |
|
Caution |
- |
Tag Name |
ftp_passive |
|
Usage |
ftp_passive on|off |
|
Description |
||
If your firewall does not allow Squid to use passive connections, then turn off this option. |
||
Default |
ftp_passive on |
|
Example |
- |
|
Caution |
- |
Tag Name |
cache_dns_program |
|
Usage |
cache_dns_program program |
|
Description |
||
This tag is used to specify the location of the executable for dnslookup process. This option is only available if Squid is rebuilt with the --disable-internal-dns option. The external dns program uses the normal resolver libraries which is a much more mature DNS client. The internal DNS client still has some problems with special cases in the DNS protocol. However, things has gotten a lot better compared to the early version so any of theseissues are not likely to be noticed, and is heavily out weighted by the improved performance and reliability. But drawbacks of the external DNS helper are likely to be noticed when using external DNS. If DNS lookups are slow then the external DNS helper will hit the roof and no further DNS lookups can complete (some Squid versions even abort in such case). Recommendation: Use the internal DNS client unless experience problems which forces to use the external one until a fix is provided. |
||
Default |
cache_dns_program none |
|
Example |
cache_dns_program /usr/local/squid/bin/dnsserver |
|
Caution |
- |
Tag Name |
dns_children |
|
Usage |
dns_children number (1 to 32) |
|
Description |
||
The number of processes spawn to service DNS name lookups are specified here.For heavily loaded caches on large servers, There is probably need to increasethis value to at least 10. The maximum is 32. The default is 5. Thisoption is only available if Squid is rebuilt with the --disable-internal-dns option. The number of processes increases, the performance of DNS lookups also increases. It is recommended to use maximum child processes (32). The limitation that the external dnsserver helper can only handle one DNS lookup at a time and cannot be aborted prior to the 2 minutes DNS lookup time-out. The internal DNS client DOES NOT have this limitation and can handle any number of concurrent lookups. See the description of cache_dns_program. |
||
Default |
dns_children 5 |
|
Example |
- |
|
Caution You must have at least one dnsserver process |
Tag Name |
dns_retransmit_interval |
|
Usage |
dns_retransmit_interval time-units |
|
Description |
||
This tag is used to set the initial retransmit interval for DNS queries. The interval is doubled each time all configured DNS servers have been tried |
||
Default |
dns_retransmit_interval 5 seconds |
|
Example |
- |
|
Caution |
- |
Tag Name |
dns_timeout |
|
Usage |
dns_timeout time-units |
|
Description |
||
This tag is used to set the DNS Query time-out. If no response is received to a DNS query within this time then all DNS servers forthe queried domain is assumed to be unavailable |
||
Default |
dns_timeout 5 minutes |
|
Caution |
- |
Tag Name |
dns_defnames |
|
Usage |
dns_defnames on|off |
|
Description |
||
Normally the 'dnsserver' disables the RES_DEFNAMES resolveroption (see res_init(3)). This prevents caches in a hierarchy from interpreting single component hostnames locally. To allow dnsserver handle single component names, enable this option. This option is only available if Squid isrebuilt with the --disable-internal-dnsoption |
||
Default |
dns_defnames off |
|
Example |
- |
|
Caution |
- |
Tag Name |
dns_nameservers |
|
Usage |
dns_nameservers IPaddress |
|
Description |
||
This tag can be used if you want to specify a list of DNS name servers (IP addresses) to use instead of those given in your /etc/resolv.conf file |
||
Default |
dns_nameservers none |
|
Example |
dns_nameservers 172.16.1.102 204.54.6.20 |
|
Caution |
- |
Tag Name |
unlinkd_program |
|
Usage |
unlinkd_program path/to/unlinkedfile |
|
Description |
||
This tag specifies the location of the executable for file deletion process. This isn't needed if you are using async-io since it's handled by a thread |
||
Default |
- |
|
Example |
unlinkd_program /usr/local/squid/bin/unlinkd |
|
Caution |
- |
Tag Name |
pinger_program |
|
Usage |
pinger_program path/to/pingerfile |
|
Description |
||
Specify the location of the executable for the pinger process. This is only useful if you configured Squid (during compilation) with the '--enable-icmp' option |
||
Default |
- |
|
Example |
pinger_program /usr/local/squid/bin/pinger |
|
Caution |
- |
Tag Name |
redirect_program |
|
Usage |
redirect_program path/to/redirector |
|
Description |
||
This tag is used to specify the location of the executable for the URL redirector. Since they can perform almost any function there isn't one included. Click here for information on how to write one. By default, a redirector is not used |
||
Default |
redirect_program none |
|
Example |
- |
|
Caution |
- |
Tag Name |
redirect_children |
|
Usage |
redirect_children number |
|
Description |
||
This tag is used to set the number of redirect processes to spawn |
||
Default |
redirect_children 5 |
|
Example |
- |
|
Caution If you start too few Squid will have to wait for them to process aback log of URLs, slowing it down. If you start too many they will use RAM andother system resources |
Tag Name |
redirect_rewrites_host_header |
|
Usage |
redirect_rewrites_host_header on|off |
|
Description |
||
By default Squid rewrites any Host: header in redirected requests. If you are running a accelerator then this may not be a wanted effect of a redirector |
||
Default |
redirect_rewrites_host_header on |
|
Example |
- |
|
Caution |
- |
Tag Name |
redirect_access |
|
Usage |
redirector_access allow|deny |
|
Description |
||
If defined, this access list specifies which requests are sent to the redirector processes |
||
Default |
All requests are sent |
|
Example |
- |
|
Caution |
- |
Tag Name |
authenticate_program |
|
Usage |
authenticate_program path/to/program path/to/passwdfile |
|
Description |
||
The source for this program is included in the source distribution, in the auth_modules/NCSA directory. You should now have an ncsa_authprogram in the same directory where your squid binary lives. You may need to create a password file. If you have been using proxy authentication before, you probably already have such a file. You can get apache’s htpasswd program from here. Pick a pathname for your password file. We will assume youwill want to put it in the same directory as your Squid.conf. |
||
Default authenticate_program none By default, the authenticator_program is not used |
||
Example |
authenticate_program /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/passwd |
|
Caution |
- |
Tag Name |
authenticate_children |
|
Usage |
authenticate_children number |
|
Description |
||
|
||
Default |
|
|
Example |
- |
|
Caution If you start too few Squid will have to wait for them to process aback log of usercode/password verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes. |
Tag Name |
authenticate_ttl |
|
Usage |
authenticate_ttl seconds |
|
Description |
||
|
||
Default |
|
|
Example |
- |
|
Caution |
- |
Tag Name |
authenticate_ip_ttl |
|
Usage |
authenticate_ip_ttl number |
|
Description |
||
|
||
Default |
|
|
Example |
- |
|
Caution |
- |