From 18357e740a4a6b830e12e3bfa46f7d916a7e315e Mon Sep 17 00:00:00 2001 From: wojtek Date: Tue, 9 Feb 1999 17:34:40 +0000 Subject: [PATCH] Zrodelka do squida -- 2.2PRE2 jest trafiony ... Changed files: squid-2.0-make.patch -> 1.1 squid-perl.patch -> 1.1 squid.conf -> 1.1 squid.init -> 1.1 --- squid-2.0-make.patch | 85 ++ squid-perl.patch | 108 +++ squid.conf | 1759 ++++++++++++++++++++++++++++++++++++++++++ squid.init | 66 ++ 4 files changed, 2018 insertions(+) create mode 100644 squid-2.0-make.patch create mode 100644 squid-perl.patch create mode 100644 squid.conf create mode 100644 squid.init diff --git a/squid-2.0-make.patch b/squid-2.0-make.patch new file mode 100644 index 0000000..c971561 --- /dev/null +++ b/squid-2.0-make.patch @@ -0,0 +1,85 @@ +diff -ruN squid-2.0.RELEASE-org/scripts/Makefile.in squid-2.0.RELEASE/scripts/Makefile.in +--- squid-2.0.RELEASE-org/scripts/Makefile.in Wed May 14 23:08:14 1997 ++++ squid-2.0.RELEASE/scripts/Makefile.in Tue Oct 6 18:28:45 1998 +@@ -23,11 +23,11 @@ + install: + @if test ! -d $(exec_prefix); then \ + echo "mkdir $(exec_prefix)"; \ +- mkdir $(exec_prefix); \ ++ mkdir -p $(exec_prefix); \ + fi + @if test ! -d $(bindir); then \ + echo "mkdir $(bindir)"; \ +- mkdir $(bindir); \ ++ mkdir -p $(bindir); \ + fi + $(INSTALL_BIN) RunCache $(bindir) + $(INSTALL_BIN) RunAccel $(bindir) +diff -ruN squid-2.0.RELEASE-org/src/Makefile.in squid-2.0.RELEASE/src/Makefile.in +--- squid-2.0.RELEASE-org/src/Makefile.in Tue Aug 18 01:27:15 1998 ++++ squid-2.0.RELEASE/src/Makefile.in Tue Oct 6 18:34:21 1998 +@@ -31,10 +31,10 @@ + DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf + DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf + DEFAULT_DNSSERVER = $(libexecdir)/$(DNSSERVER_EXE) +-DEFAULT_CACHE_LOG = $(localstatedir)/logs/cache.log +-DEFAULT_ACCESS_LOG = $(localstatedir)/logs/access.log +-DEFAULT_STORE_LOG = $(localstatedir)/logs/store.log +-DEFAULT_PID_FILE = $(localstatedir)/logs/squid.pid ++DEFAULT_CACHE_LOG = $(localstatedir)/log/squid/cache.log ++DEFAULT_ACCESS_LOG = $(localstatedir)/log/squid/access.log ++DEFAULT_STORE_LOG = $(localstatedir)/log/squid/store.log ++DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid + DEFAULT_SWAP_DIR = $(localstatedir)/cache + DEFAULT_PINGER = $(libexecdir)/$(PINGER_EXE) + DEFAULT_UNLINKD = $(libexecdir)/$(UNLINKD_EXE) +@@ -258,32 +258,37 @@ + install-mkdirs: + -@if test ! -d $(prefix); then \ + echo "mkdir $(prefix)"; \ +- mkdir $(prefix); \ ++ mkdir -p $(prefix); \ + fi + -@if test ! -d $(exec_prefix); then \ + echo "mkdir $(exec_prefix)"; \ +- mkdir $(exec_prefix); \ ++ mkdir -p $(exec_prefix); \ + fi + -@if test ! -d $(bindir); then \ + echo "mkdir $(bindir)"; \ +- mkdir $(bindir); \ ++ mkdir -p $(bindir); \ + fi + -@if test ! -d $(libexecdir); then \ + echo "mkdir $(libexecdir)"; \ +- mkdir $(libexecdir); \ ++ mkdir -p $(libexecdir); \ + fi + -@if test ! -d $(sysconfdir); then \ + echo "mkdir $(sysconfdir)"; \ +- mkdir $(sysconfdir); \ ++ mkdir -p $(sysconfdir); \ + fi +- -@if test ! -d $(localstatedir); then \ +- echo "mkdir $(localstatedir)"; \ +- mkdir $(localstatedir); \ +- fi +- -@if test ! -d $(localstatedir)/logs; then \ +- echo "mkdir $(localstatedir)/logs"; \ +- mkdir $(localstatedir)/logs; \ ++ -@if test ! -d $(localstatedir)/log/squid; then \ ++ echo "mkdir $(localstatedir)/log/squid"; \ ++ mkdir -p $(localstatedir)/log/squid; \ + fi ++ -@if test ! -d $(localstatedir)/spool/squid; then \ ++ echo "mkdir $(localstatedir)/spool/squid"; \ ++ mkdir -p $(localstatedir)/spool/squid; \ ++ fi ++ -@if test ! -d $(localstatedir)/run; then \ ++ echo "mkdir $(localstatedir)/run"; \ ++ mkdir -p $(localstatedir)/run; \ ++ fi ++ + + # Michael Lupp wants to know about additions + # to the install target. diff --git a/squid-perl.patch b/squid-perl.patch new file mode 100644 index 0000000..81c1fac --- /dev/null +++ b/squid-perl.patch @@ -0,0 +1,108 @@ +diff -Nur squid-2.1.PATCH2/scripts/AnnounceCache.pl squid-2.1.PATCH2.orig/scripts/AnnounceCache.pl +--- squid-2.1.PATCH2/scripts/AnnounceCache.pl Thu Feb 22 07:23:57 1996 ++++ squid-2.1.PATCH2.orig/scripts/AnnounceCache.pl Thu Dec 17 16:57:37 1998 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + + $|=1; + +diff -Nur squid-2.1.PATCH2/scripts/access-log-matrix.pl squid-2.1.PATCH2.orig/scripts/access-log-matrix.pl +--- squid-2.1.PATCH2/scripts/access-log-matrix.pl Thu Feb 22 07:23:57 1996 ++++ squid-2.1.PATCH2.orig/scripts/access-log-matrix.pl Thu Dec 17 16:57:51 1998 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + + # access-log-matrix.pl + # +diff -Nur squid-2.1.PATCH2/scripts/cache-compare.pl squid-2.1.PATCH2.orig/scripts/cache-compare.pl +--- squid-2.1.PATCH2/scripts/cache-compare.pl Tue Sep 17 18:32:27 1996 ++++ squid-2.1.PATCH2.orig/scripts/cache-compare.pl Thu Dec 17 16:57:59 1998 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + + # cache-compare.pl + # +diff -Nur squid-2.1.PATCH2/scripts/cachetrace.pl squid-2.1.PATCH2.orig/scripts/cachetrace.pl +--- squid-2.1.PATCH2/scripts/cachetrace.pl Tue Mar 4 06:16:23 1997 ++++ squid-2.1.PATCH2.orig/scripts/cachetrace.pl Thu Dec 17 16:58:05 1998 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + + require 'sys/socket.ph'; + +diff -Nur squid-2.1.PATCH2/scripts/check_cache.pl squid-2.1.PATCH2.orig/scripts/check_cache.pl +--- squid-2.1.PATCH2/scripts/check_cache.pl Tue Feb 4 00:42:21 1997 ++++ squid-2.1.PATCH2.orig/scripts/check_cache.pl Thu Dec 17 16:58:13 1998 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + + # check_cache.pl + # +diff -Nur squid-2.1.PATCH2/scripts/fileno-to-pathname.pl squid-2.1.PATCH2.orig/scripts/fileno-to-pathname.pl +--- squid-2.1.PATCH2/scripts/fileno-to-pathname.pl Wed Jul 16 22:31:55 1997 ++++ squid-2.1.PATCH2.orig/scripts/fileno-to-pathname.pl Thu Dec 17 16:58:21 1998 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + + # $Id$ + # Convert hexadecimal cache file numbers (from swap log) into full pathnames. +diff -Nur squid-2.1.PATCH2/scripts/flag_truncs.pl squid-2.1.PATCH2.orig/scripts/flag_truncs.pl +--- squid-2.1.PATCH2/scripts/flag_truncs.pl Thu Feb 22 07:23:57 1996 ++++ squid-2.1.PATCH2.orig/scripts/flag_truncs.pl Thu Dec 17 16:58:28 1998 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + + # flag_truncs.pl - martin hamilton + # +diff -Nur squid-2.1.PATCH2/scripts/icp-test.pl squid-2.1.PATCH2.orig/scripts/icp-test.pl +--- squid-2.1.PATCH2/scripts/icp-test.pl Thu Aug 13 18:52:25 1998 ++++ squid-2.1.PATCH2.orig/scripts/icp-test.pl Thu Dec 17 16:58:34 1998 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + + # icp-test.pl + # +diff -Nur squid-2.1.PATCH2/scripts/icpserver.pl squid-2.1.PATCH2.orig/scripts/icpserver.pl +--- squid-2.1.PATCH2/scripts/icpserver.pl Thu Feb 22 07:23:57 1996 ++++ squid-2.1.PATCH2.orig/scripts/icpserver.pl Thu Dec 17 16:58:39 1998 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + + # parse and answer ICP type 1 requests via unicast/multicast UDP + # cf. +diff -Nur squid-2.1.PATCH2/scripts/tcp-banger.pl squid-2.1.PATCH2.orig/scripts/tcp-banger.pl +--- squid-2.1.PATCH2/scripts/tcp-banger.pl Thu Apr 4 03:57:54 1996 ++++ squid-2.1.PATCH2.orig/scripts/tcp-banger.pl Thu Dec 17 16:58:46 1998 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + + # tcp-banger.pl + # +diff -Nur squid-2.1.PATCH2/scripts/udp-banger.pl squid-2.1.PATCH2.orig/scripts/udp-banger.pl +--- squid-2.1.PATCH2/scripts/udp-banger.pl Fri Nov 20 23:50:42 1998 ++++ squid-2.1.PATCH2.orig/scripts/udp-banger.pl Thu Dec 17 16:58:53 1998 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + + # udp-banger.pl + # +diff -Nur squid-2.1.PATCH2/scripts/upgrade-1.0-store.pl squid-2.1.PATCH2.orig/scripts/upgrade-1.0-store.pl +--- squid-2.1.PATCH2/scripts/upgrade-1.0-store.pl Fri Oct 11 21:56:06 1996 ++++ squid-2.1.PATCH2.orig/scripts/upgrade-1.0-store.pl Thu Dec 17 16:59:00 1998 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + + # $Id$ + diff --git a/squid.conf b/squid.conf new file mode 100644 index 0000000..d7dd4fe --- /dev/null +++ b/squid.conf @@ -0,0 +1,1759 @@ + +# WELCOME TO SQUID 2 +# ------------------ +# +# This is the default Squid configuration file. You may wish +# to look at http://cache.is.co.za/squid/ for documentation, +# or the Squid home page (http://squid.nlanr.net/) for the FAQ. +# + + +# NETWORK OPTIONS +# ----------------------------------------------------------------------------- + +# TAG: http_port +# The port number where Squid will listen for HTTP client +# requests. Default is 3128, for httpd-accel mode use port 80. +# May be overridden with -a on the command line. +# +# You may specify multiple ports here, but they MUST all be on +# a single line. +# +http_port 8080 + +# TAG: icp_port +# The port number where Squid sends and receives ICP requests to +# and from neighbor caches. Default is 3130. To disable use +# "0". May be overridden with -u on the command line. +# +#icp_port 3130 + +# TAG: htcp_port +# The port number where Squid sends and receives ICP requests to +# and from neighbor caches. Default is 4827. To disable use +# "0". +# +#htcp_port 4827 + +# TAG: mcast_groups +# This tag specifies a list of multicast groups which your server +# should join to receive multicasted ICP requests. +# +# NOTE! Be very careful what you put here! Be sure you +# understand the difference between an ICP _query_ and an ICP +# _reply_. This option is to be set only if you want to RECEIVE +# multicast queries. Do NOT set this option to SEND multicast +# ICP (use cache_peer for that). ICP replies are always sent via +# unicast, so this option does not affect whether or not you will +# receive replies from multicast group members. +# +# You must be very careful to NOT use a multicast address which +# is already in use by another group of caches. NLANR has been +# assigned a block of multicast address space for use in Web +# Caching. Plese write to us at nlanr-cache@nlanr.net to receive +# an address for your own use. +# +# If you are unsure about multicast, please read the Multicast +# chapter in the Squid FAQ (http://squid.nlanr.net/Squid/FAQ/). +# +# Usage: mcast_groups 239.128.16.128 224.0.1.20 +# +# By default, Squid doesn't listen on any multicast groups. +# +#mcast_groups 239.128.16.128 + +# TAG: tcp_incoming_address +# TAG: tcp_outgoing_address +# TAG: udp_incoming_address +# TAG: udp_outgoing_address +# Usage: tcp_incoming_address 10.20.30.40 +# udp_outgoing_address fully.qualified.domain.name +# +# tcp_incoming_address is used for the HTTP socket which accepts +# connections from clients and other caches. +# tcp_outgoing_address is used for connections made to remote +# servers and other caches. +# udp_incoming_address is used for the ICP socket receiving packets +# from other caches. +# udp_outgoing_address is used for ICP packets sent out to other +# caches. +# +# The default behaviour is to not bind to any specific address. +# +# NOTE, udp_incoming_address and udp_outgoing_address can not +# have the same value (unless it is 0.0.0.0) since they both use +# port 3130. +# +#tcp_incoming_address 0.0.0.0 +#tcp_outgoing_address 0.0.0.0 +#udp_incoming_address 0.0.0.0 +#udp_outgoing_address 0.0.0.0 + + +# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM +# ----------------------------------------------------------------------------- + +# TAG: cache_peer +# To specify other caches in a hierarchy, use the format: +# +# hostname type http_port icp_port +# +# For example, +# +# # proxy icp +# # hostname type port port options +# # -------------------- -------- ----- ----- ----------- +# cache_peer parent.foo.net parent 3128 3130 [proxy-only] +# cache_peer sib1.foo.net sibling 3128 3130 [proxy-only] +# cache_peer sib2.foo.net sibling 3128 3130 [proxy-only] +# +# type: either 'parent', 'sibling', or 'multicast'. +# +# proxy_port: The port number where the cache listens for proxy +# requests. +# +# icp_port: Used for querying neighbor caches about +# objects. To have a non-ICP neighbor +# specify '7' for the ICP port and make sure the +# neighbor machine has the UDP echo port +# enabled in its /etc/inetd.conf file. +# +# options: proxy-only +# weight=n +# ttl=n +# no-query +# default +# round-robin +# multicast-responder +# closest-only +# no-digest +# no-netdb-exchange +# no-delay +# login=user:password +# +# use 'proxy-only' to specify that objects fetched +# from this cache should not be saved locally. +# +# use 'weight=n' to specify a weighted parent. +# The weight must be an integer. The default weight +# is 1, larger weights are favored more. +# +# use 'ttl=n' to specify a IP multicast TTL to use +# when sending an ICP request to this address. +# Only useful when sending to a multicast group. +# Because we don't accept ICP replies from random +# hosts, you must configure other group members as +# peers with the 'multicast-responder' option below. +# +# use 'no-query' to NOT send ICP queries to this +# neighbor. +# +# use 'default' if this is a parent cache which can +# be used as a "last-resort." You should probably +# only use 'default' in situations where you cannot +# use ICP with your parent cache(s). +# +# use 'round-robin' to define a set of parents which +# should be used in a round-robin fashion in the +# absence of any ICP queries. +# +# 'multicast-responder' indicates that the named peer +# is a member of a multicast group. ICP queries will +# not be sent directly to the peer, but ICP replies +# will be accepted from it. +# +# 'closest-only' indicates that, for ICP_OP_MISS +# replies, we'll only forward CLOSEST_PARENT_MISSes +# and never FIRST_PARENT_MISSes. +# +# use 'no-digest' to NOT request cache digests from +# this neighbor. +# +# 'no-netdb-exchange' disables requesting ICMP +# RTT database (NetDB) from the neighbor. +# +# use 'no-delay' to prevent access to this neighbor +# from influencing the delay pools. +# +# use 'login=user:password' if this is a personal/workgroup +# proxy and your parent requires proxy authentication. +# +# NOTE: non-ICP neighbors must be specified as 'parent'. +# +#cache_peer hostname type 3128 3130 + +# TAG: cache_peer_domain +# Use to limit the domains for which a neighbor cache will be +# queried. Usage: +# +# cache_peer_domain cache-host domain [domain ...] +# cache_peer_domain cache-host !domain +# +# For example, specifying +# +# cache_peer_domain parent.foo.net .edu +# +# has the effect such that UDP query packets are sent to +# 'bigserver' only when the requested object exists on a +# server in the .edu domain. Prefixing the domainname +# with '!' means that the cache will be queried for objects +# NOT in that domain. +# +# NOTE: * Any number of domains may be given for a cache-host, +# either on the same or separate lines. +# * When multiple domains are given for a particular +# cache-host, the first matched domain is applied. +# * Cache hosts with no domain restrictions are queried +# for all requests. +# * There are no defaults. +# * There is also a 'cache_peer_access' tag in the ACL +# section. + +# TAG: neighbor_type_domain +# usage: neighbor_type_domain parent|sibling domain domain ... +# +# Modifying the neighbor type for specific domains is now +# possible. You can treat some domains differently than the the +# default neighbor type specified on the 'cache_peer' line. +# Normally it should only be necessary to list domains which +# should be treated differently because the default neighbor type +# applies for hostnames which do not match domains listed here. +# +#EXAMPLE: +# cache_peer parent cache.foo.org 3128 3130 +# neighbor_type_domain cache.foo.org sibling .com .net +# neighbor_type_domain cache.foo.org sibling .au .de + +# TAG: icp_query_timeout (msec) +# Normally Squid will automatically determine an optimal ICP +# query timeout value based on the round-trip-time of recent ICP +# queries. If you want to override the value determined by +# Squid, set this 'icp_query_timeout' to a non-zero value. This +# value is specified in MILLISECONDS, so, to use a 2-second +# timeout (the old default), you would write: +# +# icp_query_timeout 2000 +# +#icp_query_timeout 0 + +# TAG: mcast_icp_query_timeout (msec) +# For Multicast peers, Squid regularly sends out ICP "probes" to +# count how many other peers are listening on the given multicast +# address. This value specifies how long Squid should wait to +# count all the replies. The default is 2000 msec, or 2 +# seconds. +# +#mcast_icp_query_timeout 2000 + +# TAG: dead_peer_timeout (seconds) +# This controls how long Squid waits to declare a peer cache +# as "dead." If there are no ICP replies received in this +# amount of time, Squid will declare the peer dead and not +# expect to receive any further ICP replies. However, it +# continues to send ICP queries, and will mark the peer as +# alive upon receipt of the first subsequent ICP reply. +# +# This timeout also affects when Squid expects to receive ICP +# replies from peers. If more than 'dead_peer' seconds have +# passed since the last ICP reply was received, Squid will not +# expect to receive an ICP reply on the next query. Thus, if +# your time between requests is greater than this timeout, you +# will see a lot of requests sent DIRECT to origin servers +# instead of to your parents. +# +#dead_peer_timeout 10 seconds + +# TAG: hierarchy_stoplist +# A list of words which, if found in a URL, cause the object to +# be handled directly by this cache. In other words, use this +# to not query neighbor caches for certain objects. You may +# list this option multiple times. +# +# The default is to directly fetch URLs containing 'cgi-bin' or '?'. +# +#hierarchy_stoplist cgi-bin ? + +# TAG: no_cache +# A list of ACL elements which, if matched, cause the reply to +# immediately removed from the cache. In other words, use this +# to force certain objects to never be cached. +# +# You must use the word 'DENY' to indicate the ACL names which should +# NOT be cached. +# +# There is no default. We recommend you uncomment the following +# two lines. +# +#acl QUERY urlpath_regex cgi-bin \? +#no_cache deny QUERY + + +# OPTIONS WHICH AFFECT THE CACHE SIZE +# ----------------------------------------------------------------------------- + +# TAG: cache_mem (bytes) +# NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS +# SIZE. IT PLACES A LIMIT ON ONE ASPECT OF SQUID'S MEMORY +# USAGE. SQUID USES MEMORY FOR OTHER THINGS AS WELL. +# YOUR PROCESS WILL PROBABLY BECOME TWICE OR THREE TIMES +# BIGGER THAN THE VALUE YOU PUT HERE +# +# 'cache_mem' specifies the ideal amount of memory to be used +# for: +# * In-Transit objects +# * Hot Objects +# * Negative-Cached objects +# +# Data for these objects are stored in 4 KB blocks. This +# parameter specifies the ideal upper limit on the total size of +# 4 KB blocks allocated. In-Transit objects take the highest +# priority. +# +# In-transit objects have priority over the others. When +# additional space is needed for incoming data, negative-cached +# and hot objects will be released. In other words, the +# negative-cached and hot objects will fill up any unused space +# not needed for in-transit objects. +# +# If circumstances require, this limit will be exceeded. +# Specifically, if your incoming request rate requires more than +# 'cache_mem' of memory to hold in-transit objects, Squid will +# exceed this limit to satisfy the new requests. When the load +# decreases, blocks will be freed until the high-water mark is +# reached. Thereafter, blocks will be used to store hot +# objects. +# +# The values of cache_mem_low and cache_mem_high (below) can be +# used to tune the use of the memory pool. When the high mark is +# reached, in-transit and hot objects will be released to clear +# space. When an object transfer is completed, it will remain in +# memory only if the current memory usage is below the low water +# mark. +# +# The default is 8 Megabytes. +# +cache_mem 8 MB + +# TAG: cache_swap_low (percent, 0-100) +# TAG: cache_swap_high (percent, 0-100) +# The low- and high-water marks for cache LRU replacement. LRU +# replacement begins when the high-water mark is reached and ends +# when enough objects have been removed and the low-water mark is +# reached. Defaults are 90% and 95%. If you have a large cache, 5% +# could be hundreds of MB. If this is the case you may wish to +# set these numbers closer together. +# +cache_swap_low 90 +cache_swap_high 95 + +# TAG: cache_mem_low (in percent, 0-100) +# TAG: cache_mem_high (in percent, 0-100) +# The low- and high-water mark for cache memory storage. When +# the amount of RAM used by the hot-object RAM cache reaches this +# point, the cache starts throwing objects out of the RAM cache +# (but they remain on disk). Defaults are 75% and 90%. +# +cache_mem_low 75 +cache_mem_high 90 + +# TAG: maximum_object_size (bytes) +# Objects larger than this size will NOT be saved on disk. The +# value is specified in kilobytes, and the default is 4MB. If +# you wish to get a high BYTES hit ratio, you should probably +# increase this (one 32 MB object hit counts for 3200 10KB +# hits). If you wish to increase speed more than your want to +# save bandwidth you should leave this low. +# +maximum_object_size 4096 KB + +# TAG: ipcache_size (number of entries) +# TAG: ipcache_low (percent) +# TAG: ipcache_high (percent) +# The size, low-, and high-water marks for the IP cache. +# +#ipcache_size 1024 +#ipcache_low 90 +#ipcache_high 95 + +# TAG: fqdncache_size (number of entries) +# Maximum number of FQDN cache entries. +#fqdncache_size 1024 + + +# LOGFILE PATHNAMES AND CACHE DIRECTORIES +# ----------------------------------------------------------------------------- + +# TAG: cache_dir +# Usage: +# +# cache_dir Directory-Name Mbytes Level-1 Level2 +# +# You can specify multiple cache_dir lines to spread the +# cache among different disk partitions. +# +# 'Directory' is a top-level directory where cache swap +# files will be stored. If you want to use an entire disk +# for caching, then this can be the mount-point directory. +# The directory must exist and be writable by the Squid +# process. Squid will NOT create this directory for you. +# +# If no 'cache_dir' lines are specified, the following +# default will be used: /usr/cache. +# +# 'Mbytes' is the amount of disk space (MB) to use under this +# directory. The default is 100 MB. Change this to suit your +# configuration. +# +# 'Level-1' is the number of first-level subdirectories which +# will be created under the 'Directory'. The default is 16. +# +# 'Level-2' is the number of second-level subdirectories which +# will be created under each first-level directory. The default +# is 256. +# +cache_dir /var/spool/squid 100 16 256 + +# TAG: cache_access_log +# Logs the client request activity. Contains an entry for +# every HTTP and ICP request received. +# +cache_access_log /var/log/squid/access.log + +# TAG: cache_log +# Cache logging file. This is where general information about +# your cache's behaviour goes. You can increase the amount of data +# logged to this file with the "debug_options" tag below. +# +cache_log /var/log/squid/cache.log + +# TAG: cache_store_log +# Logs the activities of the storage manager. Shows which +# objects are ejected from the cache, and which objects are +# saved and for how long. To disable, enter "none". There are +# not really utilities to analyse this data, so you can safely +# disable it. +# +cache_store_log /var/log/squid/store.log + +# TAG: cache_swap_log +# Location for the cache "swap.log." This log file holds the +# metadata of objects saved on disk. It is used to rebuild the +# cache during startup. Normally this file resides in the first +# 'cache_dir' directory, but you may specify an alternate +# pathname here. Note you must give a full filename, not just +# a directory. Since this is the index for the whole object +# list you CANNOT periodically rotate it! +# +#cache_swap_log + +# TAG: emulate_httpd_log on|off +# The Cache can emulate the log file format which many 'httpd' +# programs use. To disable/enable this emulation, set +# emulate_httpd_log to 'off' or 'on'. The default +# is to use the native log format since it includes useful +# information that Squid-specific log analysers use. +# +#emulate_httpd_log off + +# TAG: mime_table +# Pathname to Squid's MIME table. You shouldn't need to change +# this, but the default file contains examples and formatting +# information if you do. +# +mime_table /etc/squid/mime.conf + +# TAG: log_mime_hdrs on|off +# The Cache can record both the request and the response MIME +# headers for each HTTP transaction. The headers are encoded +# safely and will appear as two bracketed fields at the end of +# the access log (for either the native or httpd-emulated log +# formats). To enable this logging set log_mime_hdrs to 'on'. +# +#log_mime_hdrs off + +# TAG: useragent_log +# If configured with the "--enable-useragent_log" configure +# option, Squid will write the User-Agent field from HTTP +# requests to the filename specified here. By default +# useragent_log is disabled. +# +#useragent_log none + +# TAG: pid_filename +# A filename to write the process-id to. To disable, enter "none". +# +pid_filename /var/run/squid.pid + +# TAG: debug_options +# Logging options are set as section,level where each source file +# is assigned a unique section. Lower levels result in less +# output, Full debugging (level 9) can result in a very large +# log file, so be careful. The magic word "ALL" sets debugging +# levels for all sections. We recommend normally running with +# "ALL,1". +# +#debug_options ALL,1 + +# TAG: ident_lookup on|off +# If you wish to make an RFC931/ident lookup of the client +# username for each connection, enable this. It is off by +# default. +# +#ident_lookup off + +# TAG: log_fqdn on|off +# Turn this on if you wish to log fully qualified domain names +# in the access.log. To do this Squid does a DNS lookup of all +# IP's connecting to it. This can (in some situations) increase +# latency, which makes your cache seem slower for interactive +# browsing. +# +#log_fqdn off + +# TAG: client_netmask +# A netmask for client addresses in logfiles and cachemgr output. +# Change this to protect the privacy of your cache clients. +# A netmask of 255.255.255.0 will log all IP's in that range with +# the last digit set to '0'. +# +#client_netmask 255.255.255.255 + + +# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS +# ----------------------------------------------------------------------------- + +# TAG: ftp_user +# If you want the anonymous login password to be more informative +# (and enable the use of picky ftp servers), set this to something +# resonable for your domain, like wwwuser@somewhere.net +# +# The reason why this is domainless by default is that the +# request can be made on the behalf of a user in any domain, +# depending on how the cache is used. +# Some ftp server also validate that the email address is valid +# (for example perl.com). +# +#ftp_user Squid@ + +# TAG: ftp_list_width +# Sets the width of ftp listings. This should be set to fit in +# the width of a standard browser. Setting this too small +# can cut off long filenames when browsing ftp sites. +# +#ftp_list_width 32 + +# TAG: cache_dns_program +# Specify the location of the executable for dnslookup process. +# +#cache_dns_program /usr/bin/dnsserver + +# TAG: dns_children +# The number of processes spawn to service DNS name lookups. +# For heavily loaded caches on large servers, you should +# probably increase this value to at least 10. The maximum +# is 32. The default is 5. +# +# To disable dnsservers, set this to 0. NOTE, this is very +# strongly discouraged. If you disable dnsservers your Squid +# process will BLOCK on DNS lookups! +# +#dns_children 5 + +# TAG: dns_defnames on|off +# Normally the 'dnsserver' disables the RES_DEFNAMES resolver +# option (see res_init(3)). This prevents caches in a hierarchy +# from interpreting single-component hostnames locally. To allow +# dnsserver to handle single-component names, enable this +# option. +# +#dns_defnames off + +# TAG: dns_nameservers +# Use this if you want to specify a list of DNS name servers +# (IP addresses) to use instead of those given in your +# /etc/resolv.conf file. +# +# Example: dns_nameservers 10.0.0.1 192.172.0.4 +# +#dns_nameservers none + +# TAG: unlinkd_program +# Specify the location of the executable for file deletion process. +# This isn't needed if you are using async-io since it's handled by +# a thread. +# +#unlinkd_program /usr/bin/unlinkd + +# TAG: pinger_program +# Specify the location of the executable for the pinger process. +# This is only useful if you configured Squid (during compliation) +# with the '--enable-icmp' option. +# +#pinger_program /usr/bin/pinger + +# TAG: redirect_program +# Specify the location of the executable for the URL redirector. +# Since they can perform almost any function there isn't one included. +# See the Release-Notes for information on how to write one. +# By default, a redirector is not used. +# +#redirect_program none + +# TAG: redirect_children +# The number of redirector processes to spawn. If you start +# too few Squid will have to wait for them to process a backlog of +# URLs, slowing it down. If you start too many they will use RAM +# and other system resources. +# +#redirect_children 5 + +# TAG: redirect_rewrites_host_header +# By default Squid rewrites any Host: header in redirected requests. +# If you are running a accelerator then this may not be a wanted effect +# of a redirector. +#redirect_rewrites_host_header on + +# TAG: authenticate_program +# Specify the command for the external authenticator. Such a +# program reads a line containing "username password" and replies +# "OK" or "ERR" in an endless loop. If you use an authenticator, +# make sure you have 1 acl of type proxy_auth. By default, the +# authenticator_program is not used. +# +# If you want to use the traditional proxy authentication, +# jump over to the ../auth_modules/NCSA directory and +# type: +# % make +# % make install +# +# Then, set this line to something like +# +# authenticate_program /usr/bin/ncsa_auth /usr/etc/passwd +# +#authenticate_program none + +# TAG: authenticate_children +# The number of authenticator processes to spawn (default 5). If you +# start too few Squid will have to wait for them to process a backlog +# of usercode/password verifications, slowing it down. When password +# verifications are done via a (slow) network you are likely to need +# lots of authenticator processes. +# +#authenticate_children 5 + +# TAG: authenticate_ttl +# The time a checked username/password combination remains cached +# (default 3600). If a wrong password is given for a cached user, +# the user gets removed from the username/password cache forcing +# a revalidation. +# +#authenticate_ttl 3600 + + +# OPTIONS FOR TUNING THE CACHE +# ----------------------------------------------------------------------------- + +# TAG: wais_relay_host +# TAG: wais_relay_port +# Relay WAIS request to host (1st arg) at port (2 arg). +# +#wais_relay_host localhost +#wais_relay_port 8000 + +# TAG: request_size (KB) +# Maximum allowed request size in kilobytes. If people are using +# POST to upload files, then set this to the largest acceptable +# filesize plus a few extra kbytes. +# +#request_size 100 KB + +# TAG: refresh_pattern +# usage: refresh_pattern [-i] regex min percent max [options] +# +# By default, regular expressions are CASE-SENSITIVE. To make +# them case-insensitive, use the -i option. +# +# min and max are specified in MINUTES. +# percent is an integer number. +# +# options: override-expire +# override-lastmod +# reload-into-ims +# ignore-reload +# +# override-expire enforces min age even if the server +# sent a Expires: header. Doing this VIOLATES the HTTP +# standard. Enabling this feature could make you liable +# for problems which it causes. +# +# override-lastmod enforces min age even on objects +# that was modified recently. +# +# reload-into-ims changes client no-cache or ``reload'' +# to If-Modified-Since requests. Doing this VIOLATES the +# HTTP standard. Enabling this feature could make you +# liable for problems which it causes. +# +# ignore-reload ignores a client no-cache or ``reload'' +# header. Doing this VIOLATES the HTTP standard. Enabling +# this feature could make you liable for problems which +# it causes. +# +# Please see the file doc/Release-Notes-1.1.txt for a full +# description of Squid's refresh algorithm. Basically a +# cached object is: (the order is changed from 1.1.X) +# +# STALE if age > max +# FRESH if expires < now, else STALE +# FRESH if lm-factor < percent, else STALE +# FRESH if age < min +# else STALE +# +# The refresh_pattern lines are checked in the order listed here. +# The first entry which matches is used. If none of the entries +# match, then the default will be used. +# +#Default: +#refresh_pattern . 0 20% 4320 + +# TAG: reference_age +# As a part of normal operation, Squid performs Least Recently +# Used removal of cached objects. The LRU age for removal is +# computed dynamically, based on the amount of disk space in +# use. The dynamic value can be seen in the Cache Manager 'info' +# output. +# +# The 'reference_age' parameter defines the maximum LRU age. For +# example, setting reference_age to '1 week' will cause objects +# to be removed if they have not been accessed for a week or +# more. The default value is one month. +# +# Specify a number here, followed by units of time. For example: +# 1 week +# 3.5 days +# 4 months +# 2.2 hours +# +#reference_age 1 month + +# TAG: quick_abort_min (KB) +# TAG: quick_abort_max (KB) +# TAG: quick_abort_pct (percent) +# The cache can be configured to continue downloading aborted +# requests. This may be undesirable on slow (e.g. SLIP) links +# and/or very busy caches. Impatient users may tie up file +# descriptors and bandwidth by repeatedly requesting and +# immediately aborting downloads. +# +# When the user aborts a request, Squid will check the +# quick_abort values to the amount of data transfered until +# then. +# +# If the transfer has less than 'quick_abort_min' KB remaining, +# it will finish the retrieval. Setting 'quick_abort_min' to -1 +# will disable the quick_abort feature. +# +# If the transfer has more than 'quick_abort_max' KB remaining, +# it will abort the retrieval. +# +# If more than 'quick_abort_pct' of the transfer has completed, +# it will finish the retrieval. +# +#quick_abort_min 16 KB +#quick_abort_max 16 KB +#quick_abort_pct 95 + +# TAG: negative_ttl time-units +# Time-to-Live (TTL) for failed requests. Certain types of +# failures (such as "connection refused" and "404 Not Found") are +# negatively-cached for a configurable amount of time. The +# default is 5 minutes. Note that this is different from +# negative caching of DNS lookups. +# +#negative_ttl 5 minutes + +# TAG: positive_dns_ttl time-units +# Time-to-Live (TTL) for positive caching of successful DNS lookups. +# Default is 6 hours (360 minutes). If you want to minimize the +# use of Squid's ipcache, set this to 1, not 0. +# +#positive_dns_ttl 6 hours + +# TAG: negative_dns_ttl time-units +# Time-to-Live (TTL) for negative caching of failed DNS lookups. +# +#negative_dns_ttl 5 minutes + +# TAG: range_offset_limit (bytes) +# Sets a upper limit on how far into the the file a Range request +# may be to cause Squid to prefetch the whole file. If beyond this +# limit then Squid forwards the Range request as it is and the result +# is NOT cached. +# +# This is to stop a far ahead range request (lets say start at 17MB) +# from making Squid fetch the whole object up to that point before +# sending anything to the client. +# +# A value of -1 causes Squid to always fetch the object from the +# beginning so that it may cache the result. (2.0 style) +# +# A value of 0 causes Squid to never fetch more than the client +# client requested. (default) +# +#range_offset_limit 0 KB + + +# TIMEOUTS +# ----------------------------------------------------------------------------- + +# TAG: connect_timeout time-units +# Some systems (notably Linux) can not be relied upon to properly +# time out connect(2) requests. Therefore the Squid process +# enforces its own timeout on server connections. This parameter +# specifies how long to wait for the connect to complete. The +# default is two minutes (120 seconds). +# +#connect_timeout 120 seconds + +# TAG: siteselect_timeout time-units +# For URN to multiple URL's URL selection +# +#siteselect_timeout 4 seconds + +# TAG: read_timeout time-units +# The read_timeout is applied on server-side connections. After +# each successful read(), the timeout will be extended by this +# amount. If no data is read again after this amount of time, +# the request is aborted and logged with ERR_READ_TIMEOUT. The +# default is 15 minutes. +# +#read_timeout 15 minutes + +# TAG: request_timeout +# How long to wait for an HTTP request after connection +# establishment. For persistent connections, wait this long +# after the previous request completes. +# +#request_timeout 30 seconds + +# TAG: client_lifetime time-units +# The maximum amount of time that a client (browser) is allowed to +# remain connected to the cache process. This protects the Cache +# from having alot of sockets (and hence file descriptors) tied up +# in a CLOSE_WAIT state from remote clients that go away without +# properly shutting down (either because of a network failure or +# because of a poor client implementation). The default is one +# day, 1440 minutes. +# +# NOTE: The default value is intended to be much larger than any +# client would ever need to be connected to your cache. You +# should probably change client_lifetime only as a last resort. +# If you seem to have many client connections tying up +# filedescriptors, we recommend first tuning the read_timeout, +# request_timeout, pconn_timeout and quick_abort values. +# +#client_lifetime 1 day + +# TAG: half_closed_clients +# Some clients may shutdown the sending side of their TCP +# connections, while leaving their receiving sides open. Sometimes, +# Squid can not tell the difference between a half-closed and a +# fully-closed TCP connection. By default, half-closed client +# connections are kept open until a read(2) or write(2) on the +# socket returns an error. Change this option to 'off' and Squid +# will immediately close client connections when read(2) returns +# "no more data to read." +# +#half_closed_clients on + +# TAG: pconn_timeout +# Timeout for idle persistent connections to servers and other +# proxies. +#pconn_timeout 120 seconds + +# TAG: shutdown_lifetime time-units +# When SIGTERM or SIGHUP is received, the cache is put into +# "shutdown pending" mode until all active sockets are closed. +# This value is the lifetime to set for all open descriptors +# during shutdown mode. Any active clients after this many +# seconds will receive a 'timeout' message. +# +#shutdown_lifetime 30 seconds + + +# ACCESS CONTROLS +# ----------------------------------------------------------------------------- + +# TAG: acl +# Defining an Access List +# +# acl aclname acltype string1 ... +# acl aclname acltype "file" ... +# +# when using "file", the file should contain one item per line +# +# acltype is one of src dst srcdomain dstdomain url_pattern +# urlpath_pattern time port proto method browser user +# +# acl aclname src ip-address/netmask ... (clients IP address) +# acl aclname src addr1-addr2/netmask ... (range of addresses) +# acl aclname dst ip-address/netmask ... (URL host's IP address) +# +# acl aclname srcdomain foo.com ... # reverse lookup, client IP +# acl aclname dstdomain foo.com ... # Destination server from URL +# acl aclname srcdom_regex xxx ... # regex matching client name +# acl aclname dstdom_regex xxx ... # regex matching server +# # For dstdomain and dstdom_regex a reverse lookup is tried if a IP +# # based URL is used. The name "none" is used if the reverse lookup +# # fails. +# +# acl aclname time [day-abbrevs] [h1:m1-h2:m2] +# day-abbrevs: +# S - Sunday +# M - Monday +# T - Tuesday +# W - Wednesday +# H - Thursday +# F - Friday +# A - Saturday +# h1:m1 must be less than h2:m2 +# acl aclname url_regex ^http:// ... # regex matching on whole URL +# acl aclname urlpath_regex \.gif$ ... # regex matching on URL path +# acl aclname port 80 70 21 ... +# acl aclname port 0-1024 ... # ranges allowed +# acl aclname proto HTTP FTP ... +# acl aclname method GET POST ... +# acl aclname browser regexp +# acl aclname ident username ... +# # string match on ident output. +# # use REQUIRED to accept any non-null ident. +# acl aclname src_as number ... +# acl aclname dst_as number ... +# # Except for access control, AS numbers can be used for +# # routing of requests to specific caches. Here's an +# # example for routing all requests for AS#1241 and only +# # those to mycache.mydomain.net: +# # acl asexample dst_as 1241 +# # cache_peer_access mycache.mydomain.net allow asexample +# # cache_peer_access mycache_mydomain.net deny all +# +# acl aclname proxy_auth username ... +# # list of valid usernames +# # use REQUIRED to accept any valid username. +# # +# # NOTE: when a Proxy-Authentication header is sent but it is not +# # needed during ACL checking the username is NOT logged +# # in access.log. +# # +# # NOTE: proxy_auth requires a EXTERNAL authentication program +# # to check username/password combinations (see +# # authenticate_program). +# # +# # WARNING: proxy_auth can't be used in a transparent proxy. It +# # collides with any authentication done by origin servers. It may +# # seem like it works at first, but it doesn't. +# +# +#Examples: +#acl myexample dst_as 1241 +#acl password proxy_auth 300 +# +#Defaults: +acl all src 0.0.0.0/0.0.0.0 +acl manager proto cache_object +acl localhost src 127.0.0.1/255.255.255.255 +acl SSL_ports port 443 563 +acl Safe_ports port 80 21 443 563 70 210 1025-65535 +acl CONNECT method CONNECT + +# TAG: http_access +# Allowing or Denying access based on defined access lists +# +# Access to the HTTP port: +# http_access allow|deny [!]aclname ... +# +# Access to the ICP port: +# icp_access allow|deny [!]aclname ... +# +# NOTE on default values: +# +# If there are no "access" lines present, the default is to allow +# the request. +# +# If none of the "access" lines cause a match, the default is the +# opposite of the last line in the list. If the last line was +# deny, then the default is allow. Conversely, if the last line +# is allow, the default will be deny. For these reasons, it is a +# good idea to have an "deny all" or "allow all" entry at the end +# of your access lists to avoid potential confusion. +# +#Default configuration: +http_access allow manager localhost +http_access deny manager +http_access deny !Safe_ports +http_access deny CONNECT !SSL_ports +# +# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS +# +http_access allow all + +# TAG: icp_access +# Reply to all ICP queries we receive +# +icp_access allow all + +# TAG: miss_access +# Use to force your neighbors to use you as a sibling instead of +# a parent. For example: +# +# acl localclients src 172.16.0.0/16 +# miss_access allow localclients +# miss_access deny !localclients +# +# This means that only your local clients are allowed to fetch +# MISSES and all other clients can only fetch HITS. +# +# By default, allow all clients who passed the http_access rules +# to fetch MISSES from us. +miss_access allow all + +# TAG: cache_peer_access +# Similar to 'cache_peer_domain' but provides more flexibility by +# using ACL elements. +# +# cache_peer_access cache-host allow|deny [!]aclname ... +# +# The syntax is identical to 'http_access' and the other lists of +# ACL elements. See the comments for 'http_access' below, or +# the Squid FAQ (http://squid.nlanr.net/Squid/FAQ/FAQ-10.html). + +# TAG: proxy_auth_realm +# Specifies the realm name which is to be reported to the client for +# proxy authentication (part of the text the user will see when +# prompted their username and password). +# +#proxy_auth_realm Squid proxy-caching web server + + +# ADMINISTRATIVE PARAMETERS +# ----------------------------------------------------------------------------- + +# TAG: cache_mgr +# Email-address of local cache manager who will receive +# mail if the cache dies. The default is "webmaster." +# +#cache_mgr webmaster + +# TAG: cache_effective_user +# TAG: cache_effective_group +# +# If the cache is run as root, it will change its effective/real +# UID/GID to the UID/GID specified below. The default is to +# change to UID to nobody and GID to nogroup. +# +# If Squid is not started as root, the default is to keep the +# current UID/GID. Note that if Squid is not started as root then +# you cannot set http_port to a value lower than 1024. +# +#cache_effective_user nobody +#cache_effective_group nogroup + +# TAG: visible_hostname +# If you want to present a special hostname in error messages, etc, +# then define this. Otherwise, the return value of gethostname() +# will be used. If you have multiple caches in a cluster and +# get errors about IP-forwarding you must set them to have individual +# names with this setting. +# +#visible_hostname www-cache.foo.org + +# TAG: unique_hostname +# If you want to have multiple machines with the same +# 'visible_hostname' then you must give each machine a different +# 'unique_hostname' so that forwarding loops can be detected. +# +#unique_hostname www-cache1.foo.org + + +# OPTIONS FOR THE CACHE REGISTRATION SERVICE +# ----------------------------------------------------------------------------- +# +# This section contains parameters for the (optional) cache +# announcement service. This service is provided to help +# cache administrators locate one another in order to join or +# create cache hierarchies. +# +# An 'announcement' message is sent (via UDP) to the registration +# service by Squid. By default, the annoucement message is NOT +# SENT unless you enable it with 'announce_period' below. +# +# The announcement message includes your hostname, plus the +# following information from this configuration file: +# +# http_port +# icp_port +# cache_mgr +# +# All current information is processed regularly and made +# available on the Web at http://ircache.nlanr.net/Cache/Tracker/. + +# TAG: announce_period +# This is how frequently to send cache announcements. The +# default is `0' which disables sending the announcement +# messages. +# +# To enable announcing your cache, just uncomment the line +# below. +# +#announce_period 1 day + +# TAG: announce_host +# TAG: announce_file +# TAG: announce_port +# announce_host and announce_port set the hostname and port +# number where the registration message will be sent. +# +# Hostname will default to 'tracker.ircache.net' and port will +# default default to 3131. If the 'filename' argument is given, +# the contents of that file will be included in the announce +# message. +# +#announce_host tracker.ircache.net +#announce_port 3131 + + +# HTTPD-ACCELERATOR OPTIONS +# ----------------------------------------------------------------------------- + +# TAG: httpd_accel_host +# TAG: httpd_accel_port +# If you want to run Squid as an httpd accelerator, define the +# host name and port number where the real HTTP server is. +# +# If you want virtual host support then specify the hostname +# as "virtual". +# +# NOTE: enabling httpd_accel_host disables proxy-caching and +# ICP. If you want these features enabled also, then set +# the 'httpd_accel_with_proxy' option. +# +#httpd_accel_host hostname +#httpd_accel_port port + +# TAG: httpd_accel_with_proxy on|off +# If you want to use Squid as both a local httpd accelerator +# and as a proxy, change this to 'on'. +# +#httpd_accel_with_proxy off + +# TAG: httpd_accel_uses_host_header on|off +# HTTP/1.1 requests include a Host: header which is basically the +# hostname from the URL. Squid can be an accelerator for +# different HTTP servers by looking at this header. However, +# Squid does NOT check the value of the Host header, so it opens +# a big security hole. We recommend that this option remain +# disabled unless you are sure of what you are doing. +# +# However, you will need to enable this option if you run Squid +# as a transparent proxy. Otherwise, virtual servers which +# require the Host: header will not be properly cached. +#httpd_accel_uses_host_header off + + +# MISCELLANEOUS +# ----------------------------------------------------------------------------- + +# TAG: dns_testnames +# The DNS tests exit as soon as the first site is successfully looked up +# +# If you want to disable DNS tests, do not comment out or delete this +# list. Instead use the -D command line option +# +#dns_testnames netscape.com internic.net nlanr.net microsoft.com + +# TAG: logfile_rotate +# Specifies the number of logfile rotations to make when you +# type 'squid -k rotate'. The default is 10, which will rotate +# with extensions 0 through 9. Setting logfile_rotate to 0 will +# disable the rotation, but the logfiles are still closed and +# re-opened. This will enable you to rename the logfiles +# yourself just before sending the rotate signal. +# +# Note, the 'squid -k rotate' command normally sends a USR1 +# signal to the running squid process. In certain situations +# (e.g. on Linux with Async I/O), USR1 is used for other +# purposes, so -k rotate uses another signal. It is best to get +# in the habit of using 'squid -k rotate' instead of 'kill -USR1 +# '. +# +#logfile_rotate 10 + +# TAG: append_domain +# Appends local domain name to hostnames without any dots in +# them. append_domain must begin with a period. +# +#append_domain .tuniv.szczecin.pl + +# TAG: tcp_recv_bufsize (bytes) +# Size of receive buffer to set for TCP sockets. Probably just +# as easy to change your kernel's default. Set to zero to use +# the default buffer size. +# +#tcp_recv_bufsize 0 bytes + +# TAG: err_html_text +# HTML text to include in error messages. Make this a "mailto" +# URL to your admin address, or maybe just a link to your +# organizations Web page. +# +# To include this in your error messages, you must rewrite +# the error template files (found in the "errors" directory). +# Wherever you want the 'err_html_text' line to appear, +# insert a %L tag in the error template file. +#err_html_text + +# TAG: deny_info +# Usage: deny_info err_page_name acl +# Example: deny_info ERR_CUSTOM_ACCESS_DENIED bad_guys +# +# This can be used to return a ERR_ page for requests which +# do not pass the 'http_access' rules. A single ACL will cause +# the http_access check to fail. If a 'deny_info' line exists +# for that ACL then Squid returns a corresponding error page. +# +# You may use ERR_ pages that come with Squid or create your own pages +# and put them into the configured errors/ directory. + +# TAG: memory_pools on|off +# If set, Squid will keep pools of allocated (but unused) memory +# available for future use. If memory is a premium on your +# system and you believe your malloc library outperforms Squid +# routines, disable this. +# +#memory_pools on + +# TAG: memory_pools_limit (bytes) +# Used only with memory_pools on: +# memory_pools_limit 50 MB +# +# If set to a non-zero value, Squid will keep at most the specified +# limit of allocated (but unused) memory in memory pools. All free() +# requests that exceed this limit will be handled by your malloc +# library. Squid does not pre-allocate any memory, just safe-keeps +# objects that otherwise would be free()d. Thus, it is safe to set +# memory_pools_limit to a reasonably high value even if your +# configuration will use less memory. +# +# If not set (default) or set to zero, Squid will keep all memory it +# can. That is, there will be no limit on the total amount of memory +# used for safe-keeping. +# +# To disable memory allocation optimization, do not set +# memory_pools_limit to 0. Set memory_pools to "off" instead. +# +# An overhead for maintaining memory pools is not taken into account +# when the limit is checked. This overhead is close to four bytes per +# object kept. However, pools may actually _save_ memory because of +# reduced memory thrashing in your malloc library. + +# TAG: forwarded_for on|off +# If set, Squid will include your system's IP address or name +# in the HTTP requests it forwards. By default it looks like +# this: +# +# X-Forwarded-For: 192.1.2.3 +# +# If you disable this, it will appear as +# +# X-Forwarded-For: unknown +# +#forwarded_for on + +# TAG: log_icp_queries on|off +# If set, ICP queries are logged to access.log. You may wish +# do disable this if your ICP load is VERY high to speed things +# up or to simplify log analysis. +# +#log_icp_queries on + +# TAG: icp_hit_stale on|off +# If you want to return ICP_HIT for stale cache objects, set this +# option to 'on'. If you have sibling relationships with caches +# in other administrative domains, this should be 'off'. If you only +# have sibling relationships with caches under your control, then +# it is probably okay to set this to 'on'. +# +#icp_hit_stale off + +# TAG: minimum_direct_hops +# If using the ICMP pinging stuff, do direct fetches for sites +# which are no more than this many hops away. +# +#minimum_direct_hops 4 + +# TAG: cachemgr_passwd +# Specify passwords for cachemgr operations. +# +# Usage: cachemgr_passwd password action action ... +# +# Some valid actions are (see cache manager menu for a full list): +# 5min +# 60min +# asndb +# authenticator +# cbdata +# client_list +# comm_incoming +# config * +# counters +# delay +# digest_stats +# dns +# events +# filedescriptors +# fqdncache +# histograms +# http_headers +# info +# io +# ipcache +# mem +# menu +# netdb +# non_peers +# objects +# pconn +# peer_select +# redirector +# refresh +# server_list +# shutdown * +# store_digest +# storedir +# utilization +# via_headers +# vm_objects +# +# * Indicates actions which will not be performed without a +# valid password, others can be performed if not listed here. +# +# To disable an action, set the password to "disable". +# To allow performing an action without a password, set the +# password to "none". +# +# Use the keyword "all" to set the same password for all actions. +# +#cachemgr_passwd secret shutdown +#cachemgr_passwd lesssssssecret info stats/objects +#cachemgr_passwd disable all + +# TAG: store_avg_object_size (kbytes) +# Average object size, used to estimate number of objects your +# cache can hold. See doc/Release-Notes-1.1.txt. The default is +# 13 KB. +# +#store_avg_object_size 13 KB + +# TAG: store_objects_per_bucket +# Target number of objects per bucket in the store hash table. +# Lowering this value increases the total number of buckets and +# also the storage maintenance rate. The default is 20. +# +#store_objects_per_bucket 20 + +# TAG: http_anonymizer +# If you want to filter out certain HTTP request headers for +# privacy reasons, enable this option. There are three +# appropriate settings: +# 'off' All HTTP request headers are passed. +# 'standard' Specific headers are removed +# 'paranoid' Only specific headers are allowed. +# To see which headers are allowed or denied, please see the +# http-anon.c source file. +# +#http_anonymizer off + +# TAG: client_db on|off +# If you want to disable collecting per-client statistics, then +# turn off client_db here. +# +#client_db on + +# TAG: netdb_low +# TAG: netdb_high +# The low and high water marks for the ICMP measurement +# database. These are counts, not percents. The defaults are +# 900 and 1000. When the high water mark is reached, database +# entries will be deleted until the low mark is reached. +# +#netdb_low 900 +#netdb_high 1000 + +# TAG: netdb_ping_period +# The minimum period for measuring a site. There will be at +# least this much delay between successive pings to the same +# network. The default is five minutes. +# +#netdb_ping_period 5 minutes + +# TAG: query_icmp on|off +# If you want to ask your peers to include ICMP data in their ICP +# replies, enable this option. +# +# If your peer has configured Squid (during compilation) with +# '--enable-icmp' then that peer will send ICMP pings to origin server +# sites of the URLs it receives. If you enable this option then the +# ICP replies from that peer will include the ICMP data (if available). +# Then, when choosing a parent cache, Squid will choose the parent with +# the minimal RTT to the origin server. When this happens, the +# hierarchy field of the access.log will be +# "CLOSEST_PARENT_MISS". This option is off by default. +# +#query_icmp off + +# TAG: test_reachability on|off +# When this is 'on', ICP MISS replies will be ICP_MISS_NOFETCH +# instead of ICP_MISS if the target host is NOT in the ICMP +# database, or has a zero RTT. +# +#test_reachability off + +# TAG: buffered_logs on|off +# Some log files (cache.log, useragent.log) are written with +# stdio functions, and as such they can be buffered or +# unbuffered. By default they will be unbuffered. Buffering them +# can speed up the writing slightly (though you are unlikely to +# need to worry). +#buffered_logs off + +# TAG: reload_into_ims on|off +# When you enable this option, client no-cache or ``reload'' +# requests will be changed to If-Modified-Since requests. +# Doing this VIOLATES the HTTP standard. Enabling this +# feature could make you liable for problems which it +# causes. +# +# see also refresh_pattern for a more selective approach. +# +#reload_into_ims off + +# TAG: always_direct +# Usage: always_direct allow|deny [!]aclname ... +# +# Here you can use ACL elements to specify requests which should +# ALWAYS be forwarded directly to origin servers. For example, +# to always directly forward requests for local servers use +# something like: +# +# acl local-servers dstdomain my.domain.net +# always_direct allow local-servers +# +# To always forward FTP requests directly, use +# +# acl FTP proto FTP +# always_direct allow FTP +# +# NOTE: There is a similar, but opposite option named +# 'never_direct'. You need to be aware that "always_direct deny +# foo" is NOT the same thing as "never_direct allow foo". You +# may need to use a deny rule to exclude a more-specific case of +# some other rule. Example: +# +# acl local-external dstdomain external.foo.net +# acl local-servers dstdomain foo.net +# always_direct deny local-external +# always_direct allow local-servers +# +# This option replaces some v1.1 options such as local_domain +# and local_ip. + +# TAG: never_direct +# Usage: never_direct allow|deny [!]aclname ... +# +# never_direct is the opposite of always_direct. Please read +# the description for always_direct if you have not already. +# +# With 'never_direct' you can use ACL elements to specify +# requests which should NEVER be forwarded directly to origin +# servers. For example, to force the use of a proxy for all +# requests, except those in your local domain use something like: +# +# acl local-servers dstdomain foo.net +# acl all src 0.0.0.0/0.0.0.0 +# never_direct deny local-servers +# never_direct allow all +# +# or if squid is inside a firewall and there is local intranet +# servers inside the firewall then use something like: +# +# acl local-intranet dstdomain foo.net +# acl local-external dstdomain external.foo.net +# always_direct deny local-external +# always_direct allow local-intranet +# never_direct allow all +# +# This option replaces some v1.1 options such as inside_firewall +# and firewall_ip. + +# TAG: fake_user_agent +# If you use the paranoid http_anonymizer setting, Squid will strip +# your User-agent string from the request. Some Web servers will +# refuse your request without a User-agent string. Use this to +# fake one up. For example: +# +# fake_user_agent Nutscrape/1.0 (CP/M; 8-bit) +# (credit to Paul Southworth pauls@etext.org for this one!) +# +#fake_user_agent none + +# TAG: icon_directory +# Where the icons are stored. These are normally kept in +# /etc/squid/icons + +# TAG: error_directory +# If you wish to create your own versions of the default +# (English) error files, either to customise them to suit your +# language or company copy the template english files to anther +# directory and point this tag at them. + +# TAG: minimum_retry_timeout (seconds) +# This specifies the minimum connect timeout, for when the +# connect timeout is reduced to compensate for the availability +# of multiple IP addresses. +# +# When a connection to a host is initiated, and that host has +# several IP addresses, the default connection timeout is reduced +# by dividing it by the number of addresses. So, a site with 15 +# addresses would then have a timeout of 8 seconds for each +# address attempted. To avoid having the timeout reduced to the +# point where even a working host would not have a chance to +# respond, this setting is provided. The default, and the +# minimum value, is five seconds, and the maximum value is sixty +# seconds, or half of connect_timeout, whichever is greater and +# less than connect_timeout. +# +#minimum_retry_timeout 5 seconds + +# TAG: maximum_single_addr_tries +# This sets the maximum number of connection attempts for a +# host that only has one address (for multiple-address hosts, +# each address is tried once). +# +# The default value is three tries, the (not recommended) +# maximum is 255 tries. A warning message will be generated +# if it is set to a value greater than ten. +# +#maximum_single_addr_tries 3 + +# TAG: snmp_port +# Squid can now serve statistics and status information via SNMP. +# By default it listens to port 3401 on the machine. If you don't +# wish to use SNMP, set this to '-1'. +# +# NOTE: SNMP support requires use the --enable-snmp configure +# command line option. +#snmp_port 3401 + +# TAG: snmp_do_queueing +# If disabled, snmp packets will not be queued but delivered +# immediately. This could be useful when you want to monitor a +# cache in trouble, but this could also make Squid block, slowing +# connections and possibly worsening the cache status. +#snmp_do_queueing on + +# TAG: forward_snmpd_port +# This configures whether we should be forwarding SNMP requests +# to another snmpd. The reason for putting this piece of +# functionality into Squid was to enable access to the system's +# installed snmpd with minimal changes. This option is turned +# off by default, check with your /etc/services for your system's +# snmp port (usually 161). We do not use getservbyname() to +# allow you to set Squid into port 161 and your system's snmpd to +# another port by changing /etc/services. +# +# WARNING: Because of Squid acting as a proxy snmpd for system +# you have to do security checks on THIS snmpd for all objects. +# Check your snmp_config_file. +#forward_snmpd_port 0 + +# TAG: snmp_mib_path +# The location of Squid's mib. +snmp_mib_path /etc/squid/mib.txt + +# TAG: trap_sink +# Hostname or ip address of trap sink for snmp +#trap_sink 127.0.0.1 + +# TAG: snmp_trap_community +# Community name for traps. +#snmp_trap_community public + +# TAG: snmp_enable_authen_traps +# Enable SNMP authenticated traps. Set to 'off' or 'on'. +#snmp_enable_authen_traps off + +# TAG: snmp_agent_conf +# Define snmp views, users and communities +# Example: +# snmp_agent_conf view all .1.3.6 included +# snmp_agent_conf view squid .1.3.6 included +# snmp_agent_conf user squid - all all public +# snmp_agent_conf user all all all all squid +# snmp_agent_conf community public squid squid +# snmp_agent_conf community readwrite all all + +# TAG: snmp_acl +# Define access controls per community: +# snmp_access communityname allow|deny [!]aclname ... +# Example: +# snmp_acl public allow adminsubnet +# snmp_acl public deny all + +# TAG: snmp_incoming_address +# TAG: snmp_outgoing_address +# Just like 'udp_incoming_address' above, but for the SNMP port. +# +# snmp_incoming_address is used for the SNMP socket receiving +# messages from SNMP agents. +# snmp_outgoing_address is used for SNMP packets returned to SNMP +# agents. +# +# The default behaviour is to not bind to any specific address. +# +# NOTE, snmp_incoming_address and snmp_outgoing_address can not have +# the same value since they both use port 3130. +# +#snmp_incoming_address 0.0.0.0 +#snmp_outgoing_address 0.0.0.0 + +# TAG: as_whois_server +# WHOIS server to query for AS numbers. NOTE: AS numbers are +# queried only when Squid starts up, not for every request. + + +# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option) +# ----------------------------------------------------------------------------- +# +# A general note on delay pools - the first matched delay pool is used, +# that is, if a request falls into class1 then it isn't checked for class2 +# or class3 (and similarly a class2 request isn't checked for class3). + +# TAG: delay_class1_access +# This is used to select what client requests are processed via +# the first ("class 1") delay pool. In this delay pool only the +# aggregate traffic allowance is configurable. + +# TAG: delay_class2_access +# This is used to select what client requests are processed via +# the first ("class 2") delay pool. In this delay pool both the +# aggregate and per-host traffic allowance are configurable. +# There are 254 individual delay pools based on the last 8 bits +# of the client IP address (addresses ending in 0 and 255 are not +# permitted). + +# TAG: delay_class3_access +# This is used to select what client requests are processed via +# the first ("class 3") delay pool. In this delay pool, the +# aggregate, network and per-host traffic allowance are +# configurable. There are 255 network delay pools based on the +# 17th to 24th bit of the client IP address (network 255 is not +# permitted), and individual delay pools based on the last 16 +# bits of the client IP address (network 255 and hosts ending in +# 0 and 255 are not permitted). + +# TAG: delay_class1_aggregate_restore (bps) +# The number of bytes per second added to the class 1 aggregate +# delay pool traffic allowance (-1 to disable the delay pool). + +# TAG: delay_class1_aggregate_max (bytes) +# The maximum number of bytes which can be in the class 1 +# aggregate delay pool traffic allowance. + +# TAG: delay_class2_aggregate_restore (bps) +# The number of bytes per second added to the class 2 aggregate +# delay pool traffic allowance (-1 to disable the delay pool). + +# TAG: delay_class2_aggregate_max (bytes) +# The maximum number of bytes which can be in the class 2 +# aggregate delay pool traffic allowance. + +# TAG: delay_class2_individual_restore (bps) +# The number of bytes per second added to the class 2 individual +# host delay pool traffic allowances (-1 to disable these delay +# pools). + +# TAG: delay_class2_individual_max (bytes) +# The maximum number of bytes which can be in the class 2 +# individual host delay pool traffic allowances. + +# TAG: delay_class3_aggregate_restore (bps) +# The number of bytes per second added to the class 3 aggregate +# delay pool traffic allowance (-1 to disable the delay pool). + +# TAG: delay_class3_aggregate_max (bytes) +# The maximum number of bytes which can be in the class 3 +# aggregate delay pool traffic allowance. + +# TAG: delay_class3_network_restore (bps) +# The number of bytes per second added to the class 3 8-bit +# network delay pool traffic allowances (-1 to disable these +# delay pools). + +# TAG: delay_class3_network_max (bytes) +# The maximum number of bytes which can be in the class 3 8-bit +# network delay pool traffic allowances. + +# TAG: delay_class3_individual_restore (bps) +# The number of bytes per second added to the class 3 individual +# host delay pool traffic allowances (-1 to disable these delay +# pools). + +# TAG: delay_class3_individual_max (bytes) +# The maximum number of bytes which can be in the class 3 +# individual host delay pool traffic allowances. + +# TAG: incoming_icp_average +# TAG: incoming_http_average +# TAG: min_icp_poll_cnt +# TAG: min_http_poll_cnt +# Heavy voodoo here. I can't even beleve you are reading this. +# Are you crazy? Don't even think about adjusting these unless +# you understand the algorithms in comm_select.c first! +# +#incoming_icp_average 6 +#incoming_http_average 4 +#min_icp_poll_cnt 8 +#min_http_poll_cnt 8 + +# TAG: max_open_disk_fds +# TAG: offline_mode +# Enable this option and Squid will never try to validate cached +# objects. + +# TAG: uri_whitespace +# What to do with requests that have whitespace characters in the +# URI. Options: +# +# deny: The request is denied. The user receives an "Invalid +# Request" message. +# allow: The request is allowed and the URI is not changed. The +# whitespace characters remain in the URI. Note the +# whitespace is passed to redirector processes if they +# are in use. +# encode: The request is allowed and the whitespace characters are +# encoded according to RFC1738. This could be considered +# a violation of the HTTP/1.1 +# RFC because proxies are not allowed to rewrite URI's. +# chop: The request is allowed and the URI is chopped at the +# first whitespace. This might also be considered a +# violation. +#uri_whitespace deny + +# TAG: persistent_client_posts +# Turn this 'off' to disable persistent connections for POST +# requests. When you disable this, Squid reads all bytes +# from the client request and sends them to the server. This +# makes Squid work with broken HTTP servers which expect the +# additional CRLF pair from broken web clients. +#persistent_client_posts on + diff --git a/squid.init b/squid.init new file mode 100644 index 0000000..b31ca6f --- /dev/null +++ b/squid.init @@ -0,0 +1,66 @@ +#!/bin/bash +# squid This shell script takes care of starting and stopping +# Squid Internet Object Cache +# +# chkconfig: - 90 25 +# description: Squid - Internet Object Cache. Internet object caching is \ +# a way to store requested Internet objects (i.e., data available \ +# via the HTTP, FTP, and gopher protocols) on a system closer to the \ +# requesting site than to the source. Web browsers can then use the \ +# local Squid cache as a proxy HTTP server, reducing access time as \ +# well as bandwidth consumption. +# pidfile: /var/run/squid.pid +# config: /etc/squid/squid.conf + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +[ "${NETWORKING}" = "no" ] && exit 0 + +# check if the squid conf file is present +[ -f /etc/squid/squid.conf ] || exit 0 + +# define the cache_swap location +CACHE_SWAP=/var/spool/squid + +# Try to define nice-level for running squid +NICE="nice -n 5" + +# default squid options +# -D disables initial dns checks. If you most likely will not to have an +# internet connection when you start squid, uncomment this +#SQUID_OPTS="-D" + +case "$1" in +start) + show Starting squid + busy + if [ ! -d $CACHE_SWAP/00 ]; then + squid -z -F &>/dev/null + fi + $NICE squid $SQUID_OPTS & + touch /var/lock/subsys/squid + deltext;ok + ;; +stop) + show Stopping squid + killproc squid + rm -f /var/lock/subsys/squid + ;; +restart) + $0 stop + $0 start + ;; +status) + status squid + ;; +*) + echo "Usage: $0 {start|stop|status|restart}" + exit 1 +esac + +exit 0 -- 2.44.0