# Generated automatically from squid.conf.pre.in by configure. # # $Id: squid.conf.pre.in,v 1.85.2.11 1998/01/10 07:39:01 wessels Exp $ # http_port 4040 #icp_port 3130 #mcast_groups 239.128.16.128 #tcp_incoming_address 0.0.0.0 #tcp_outgoing_address 0.0.0.0 #udp_incoming_address 0.0.0.0 #udp_outgoing_address 0.0.0.0 #cache_host hostname type 3128 3130 #EXAMPLE: # cache_host parent cache.foo.org 3128 3130 # neighbor_type_domain cache.foo.org sibling .com .net # neighbor_type_domain cache.foo.org sibling .au .de # TAG: inside_firewall # This tag specifies a list of domains inside your Internet # firewall. # # Usage: inside_firewall my.domain [ my.other.domain ...] # !out.my.domain my.domain # # The use of this tag affects the server selection algorithm in # two ways. Objects which do not match any of the listed domains # will be considered "beyond the firewall." For these: # - There will be no DNS lookups for the URL-host. # - The object will always be fetched from one of # the parent or neighbor caches. # # As a special case you may specify the domain as 'none' to force # all requests to be fetched from neghbors and parents. # Prefixing a domain name with '!' means the domain is NOT inside # your firewall. # #inside_firewall topsecret.com # TAG: local_domain # This tag specifies a list of domains local to your organization. # # Usage: local_domain my.domain [ my.other.domain ...] # # For URLs which are in one of the local domains, the object # is always fetched directly from the source and never from a # neighbor or parent. # #local_domain msctm.net.my # TAG: local_ip # This tag specifies a list of network addresses local to your # organization. # # Usage: local_ip ip-address # # This tag is similar to local_domain, except that the IP-address # of the URL-host is checked. This requires that a DNS lookup # be done on the URL-host. For this reason, local_domain is # preferred over local_ip. By using local_domain it may be # possible to avoid the DNS lookup altogether and deliver the # object with less delay. # #local_ip 10.0.0.0 #local_ip 172.16.0.0 local_ip 192.168.1.0 local_ip 192.168.2.0 # TAG: firewall_ip # # Just like 'inside_firewall' but for IP addresses. NOTE: # firewall_ip and local_ip are mutually exclusive. If you # use firewall_ip then local_ip will be ignored. # #firewall_ip 10.0.0.0 #firewall_ip 172.16.0.0 #firewall_ip 192.168.0.0 # TAG: single_parent_bypass # This tag specifies that it is okay to bypass the hierarchy # "Pinging" when there is only a single parent for a given URL. # # Usage: single_parent_bypass on|off # # Before actually sending ICP "ping" packets to parents and # neighbors, we figure out which hosts would be pinged based # on the cache_host_domain rules, etc. Often it may be the # case that only a single parent cache would be pinged. # # Since there is only a single parent, there is a very good # chance that we will end up fetching the object from that # parent. For this reason, it may be beneficial to avoid # the ping and just fetch the object anyway. # # However, if we avoid the ping, we will be assuming that the # parent host is reachable and that the cache process is running. # By using the ping, we can be reasonably sure that the parent # host will be able to handle our request. If the ping fails then # it may be possible to fetch the object directly from the source. # # To favor the resiliency provided by the ping algorithm, # single_parent_bypass is 'off' by default. # #single_parent_bypass off # TAG: source_ping # If source_ping is enabled, then squid will include the source # provider site in its selection algorithm. This is accomplished # by sending ICP "HIT" packets to the UDP echo port of the source # host. Note that using source_ping may send a fair amount of UDP # traffic out on the Internet and may irritate paranoid network # administrators. # # Note that source_ping is incompatible with inside_firewall. # For hosts beyond the firewall, source_ping packets will never # be sent. # # By default, source_ping is off. # #source_ping off # TAG: neighbor_timeout (seconds) # This controls how long to wait for replies from neighbor caches. # If none of the parent or neighbor caches reply before this many # seconds (due to dropped packets or slow links), then the object # request will be satisfied from the default source. The default # timeout is two seconds. # #neighbor_timeout 2 # TAG: hierarchy_stoplist # A list of words which, if found in a URL, cause the object to # be handled directly by this cache. In other words, use this # to not query neighbor caches for certain objects. You may # list this option multiple times. # # The default is to directly fetch URLs containing 'cgi-bin' or '?'. # hierarchy_stoplist cgi-bin ? # TAG: cache_stoplist # A list of words which, if found in a URL, cause the object to # immediately removed from the cache. In other words, use this # to force certain objects to never be cached. You may list this # option multiple times. # # The default is to not cache URLs containing 'cgi-bin' or '?'. # cache_stoplist cgi-bin ? # TAG: cache_stoplist_pattern # case sensitive # TAG: cache_stoplist_pattern/i # case insensitive # # Just like 'cache_stoplist' but you can use regular expressions # instead of simple string matching. There is no default. # #cache_stoplist_pattern # OPTIONS WHICH AFFECT THE CACHE SIZE #----------------------------------------------------------------------------- # # TAG: cache_mem (megabytes) # Maximum amout of VM used to store objects in memory. # This includes: # in-transit objects, # negative-cached objects, # "hot" objects # The value of cache_mem is an upper limit on the size of the # "in-memory object data" pool. This is a pool of 4k pages used # to hold object data. # # In-transit objects have priority over the others. When # additional space is needed for incoming data, negative-cached # and hot objects will be released. In other words, the # negative-cached and hot objects will fill up any unused space # not needed for in-transit objects. # # The values of cache_mem_low and cache_mem_high (below) can be # used to tune the use of the memory pool. When the high mark is # reached, in-transit and hot objects will be released to clear # space. When an object transfer is completed, it will remain in # memory only if the current memory usage is below the low water # mark. # # The default is 8 Megabytes. # #cache_mem 8 # TAG: cache_swap (megabytes) # Maximum about of disk space used by the cache. The default is # 100 megabytes. When the disk usage gets to this size, the cache # uses LRU replacement to evict objects as new objects are cached. # Note that cache_swap is set to: # max(cache_mem, cache_swap_specified) # to guard against users' accidentally specifying a smaller # cache_swap than cache_mem size. # #cache_swap 100 # TAG: cache_swap_low (percent, 0-100) # TAG: cache_swap_high (percent, 0-100) # The low- and high-water marks for cache LRU replacement. # LRU replacement begins when the high-water mark is reached # and ends when enough objects have been removed and the low-water # mark is reached. Defaults are 90% and 95%. # #cache_swap_low 90 #cache_swap_high 95 # TAG: cache_mem_low (percent, 0-100) # TAG: cache_mem_high (percent, 0-100) # The low- and high-water mark for cache memory storage. When # the amount of RAM used by the hot-object RAM cache reaches this # point, the cache starts throwing objects out of the RAM cache # (but they remain on disk). Defaults are 75% and 90%. # #cache_mem_low 75 #cache_mem_high 90 # TAG: maximum_object_size # Objects larger than this size will NOT be saved on disk. The # value is specified in kilobytes, and the default is 4MB. # #maximum_object_size 4096 # TAG: ipcache_size (number of entries) # TAG: ipcache_low (percent) # TAG: ipcache_high (percent) # The size, low-, and high-water marks for the IP cache. # #ipcache_size 1024 #ipcache_low 90 #ipcache_high 95 # LOGFILE PATHNAMES AND CACHE DIRECTORIES #----------------------------------------------------------------------------- # TAG: cache_dir # Directory for on-disk cache storage. The cache will change into # this directory when running. The default is # /var/spool/squid. # # You can specify multiple cache_dir lines to spread the # cache among different disk partitions. # cache_dir /var/spool/squid # TAG: cache_access_log # Logs the client request activity. Contains an entry for # every HTTP and ICP request received. # cache_access_log /var/spool/squid/access.log # TAG: cache_log # Cache logging file. Set logging levels with "debug_options" below. # cache_log /var/spool/squid/cache.log # TAG: cache_store_log # Logs the activities of the storage manager. Shows which # objects are ejected from the cache, and which objects are # saved and for how long. To disable, enter "none". # cache_store_log /var/spool/squid/store.log # TAG: cache_swap_log # Location for the cache "swap log." This log file holds the # metadata of objects saved on disk. It is used to rebuild the # cache during startup. Normally this file resides in the first # 'cache_dir' directory, but you may specify an alternate # pathname here. Note you must give a full filename, not just # a directory. # #cache_swap_log #cache_swap_log /apps/squid/log # TAG: emulate_httpd_log # The Cache can emulate the log file format which many 'httpd' # programs use. To disable/enable this emulation, set # emulate_httpd_log to 'off' or 'on'. The default # is to use the native log format. # #emulate_httpd_log off # TAG: log_mime_hdrs # The Cache can record both the request and the response # MIME headers for each HTTP transaction. The headers are # encoded safely and will appear as two bracketed fields # at the end of the access log (for either the native # or httpd-emulated log formats). To enable this logging # set log_mime_hdrs to 'on'. # # NOTE: support for this may require you to define # LOG_FULL_HEADERS before compiling. # #log_mime_hdrs off # TAG: useragent_log # If compiled with "-DUSE_USERAGENT_LOG=1" Squid will write # the User-Agent field from HTTP requests to the filename # specified here. By default useragent_log is disabled. # #useragent_log none # TAG: pid_filename # A pathname to write the process-id to. To disable, enter "none". # #pid_filename /var/run/squid.pid # TAG: debug_options # Logging options are set as section,level where each source file # is assigned a unique section. Lower levels result in less # output, Full debugging (level 9) can result in a very large # log file, so be careful. The magic word "ALL" sets debugging # levels for all sections. We recommend normally running with # "ALL,1". # debug_options ALL,1 # TAG: ident_lookup # If you wish to make an RFC931/ident lookup of the client username # for each connection, enable this. It is off by default. # #ident_lookup off # TAG: log_fqdn # Turn this on if you wish to log fully qualified domain names # in the access.log. # #log_fqdn off # TAG: client_netmask # A netmask for client addresses in logfiles and cachemgr output. # Change this to protect the privacy of your cache clients. # #client_netmask 255.255.255.255 # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS #----------------------------------------------------------------------------- # TAG: ftpget_program # Where to find the 'ftpget' program that retrieves FTP data (HTTP # and Gopher protocol support are built into the cache). # # To disable ftpget and the ability to retrieve FTP objects, set # this to "none". Note that ftpget is automatically disabled for # http_accel mode. # #ftpget_program /usr/bin/ftpget # TAG: ftpget_options # Options for the 'ftpget' program. Please run 'ftpget' without # any arguments to see a list of options. The default is # no options. An example is # # ftpget_options -n 60 -R -W # #ftpget_options -a -A # If you want the anonymous login password to be more informative # (and enable the use of picky ftp servers), set this to something # resonable for your domain, like wwwuser@somewhere.net # # The reason why this is domainless by default is that the # request can be made on the behalf of a user in any domain, # depending on how the cache is used. # Some ftp server also validate that the email address is valid # (for example perl.com). # #ftp_user squid@ # TAG: cache_dns_program # Specify the location of the executable for dnslookup process. # #cache_dns_program /usr/bin/dnsserver # TAG: dns_children # The number of processes spawn to service DNS name lookups. # For heavily loaded caches on large servers, you should # probably increase this value to at least 10. The maximum # is 32. The default is 5. # # To disable dnsservers, set this to 0. NOTE, this is very # strongly discouraged. If you disable dnsservers your Squid # process will BLOCK on DNS lookups! # #dns_children 5 # TAG: dns_defnames # Normally the 'dnsserver' disables the RES_DEFNAMES resolver # option (see res_init(3)). This prevents caches in a hierarchy # from interpreting single-component hostnames locally. To allow # dnsserver to handle single-component names, enable this # option. # #dns_defnames off # TAG: unlinkd_program # Specify the location of the executable for file deletion process. # #unlinkd_program /usr/bin/unlinkd # TAG: pinger_program # Specify the location of the executable for the pinger process. # #pinger_program /usr/bin/pinger # TAG: redirect_program # Specify the location of the executable for the URL redirector. # Currently, you must provide your own redirector program. # See the Release-Notes for how to write one. # By default, the redirector is not used. # #redirect_program /bin/false # TAG: redirect_children # The number of redirector processes to spawn. # #redirect_children 5 # TAG: authenticate_program # Specify the location of the executable for the authenticator. # Such a program reads a line containing "username password" # and replies "OK" or "ERR" in an endless loop. # If you use an authenticator, make sure you have 1 acl of type # proxy_auth. # By default, the authenticator_program is not used. You must # define USE_PROXY_AUTH during compilation. # #authenticate_program /bin/false # TAG: authenticate_options # Options for the authenticate program. # #authenticate_options # TAG: authenticate_children # The number of authenticate programs to spawn. # #authenticate_children 5 # OPTIONS FOR TUNING THE CACHE #----------------------------------------------------------------------------- # TAG: wais_relay # Relay WAIS request to host (1st arg) at port (2 arg). # #wais_relay localhost 8000 # TAG: request_size # Maximum allowed request size in kilobytes. If people are using # POST to upload files, then set this to the largest acceptable # filesize plus a few extra kbytes. # #request_size 100 # TAG: refresh_pattern # case sensitive # TAG: refresh_pattern/i # case insensitive # # usage: refresh_pattern regex min percent max # # min and max are specified in MINUTES. # percent is an integer number. # # Please see the file doc/Release-Notes-1.1.txt for a full # description of Squid's refresh algorithm. Basically a # cached object is: # # FRESH if age < min # STALE if expires < now # STALE if age > max # FRESH if lm-factor < percent # # The refresh_pattern lines are checked in the order listed here. # The first entry which matches is used. If none of the entries # match, then the default will be used. # #Default: #refresh_pattern . 0 20% 4320 # TAG: reference_age # As a part of normal operation, Squid performs Least Recently # Used removal of cached objects. The LRU age for removal is # computed dynamically, based on the amount of disk space in # use. The 'reference_age' value defines the maximum LRU age. # For example, setting reference_age to '1 week' will cause # objects to be removed if they have not been accessed for a week # or more. If set to zero, LRU removal is disabled, and objects # will be removed only when disk usage is over the high water # mark. The default value is one year. # # Specify a number here, followed by units of time. For example: # 1 week # 3.5 days # 4 months # 2.2 hours # reference_age 1 week # TAG: quick_abort # By default the cache continues to retrieve objects from # aborted requests. This may be undesirable on slow (e.g. SLIP) # links and/or very busy caches. Impatient users may tie up # file descriptors by repeatedly aborting and re-requesting # non-cachable objects. # # Usage: quick_abort min-kbytes percent max-kbytes # # When the user aborts a request, Squid will check the # quick_abort values to the amount of data transfered until # then. # # If the transfer has less than 'min-kbytes' remaining, it # will finish the retrieval. Setting minlength to -1 will # disable the quick_abort feature. # # If the transfer has more than 'max-kbytes' remaining, it # will abort the retrieval. # # If more than 'percent' of the transfer has completed, it will # finish the retrieval. # #quick_abort -1 0 0 # TAG: negative_ttl (minutes) # Time-to-Live (TTL) for failed requests. Certain types of # failures (such as "connection refused" and "404 Not Found") are # negatively-cached for a small amount of time. The default is 5 # minutes. Note that this is different from negative caching of # DNS lookups. # #negative_ttl 5 # # TAG: positive_dns_ttl (minutes) # Time-to-Live (TTL) for positive caching of successful DNS lookups. # Default is 6 hours (360 minutes). If you want to minimize the # use of Squid's ipcache, set this to 1, not 0. # #positive_dns_ttl 360 # TAG: negative_dns_ttl (minutes) # Time-to-Live (TTL) for negative caching of failed DNS lookups. # #negative_dns_ttl 5 # TIMEOUTS #----------------------------------------------------------------------------- # TAG: connect_timeout (seconds) # Some systems (notably Linux) can not be relied upon to properly # time out connect(2) requests. Therefore the squid process # enforces its own timeout on server connections. This parameter # specifies how long to wait for the connect to complete. The # default is two minutes (120 seconds). # #connect_timeout 120 # TAG: read_timeout (minutes) # An active connection will be aborted after read_timeout minutes # of no activity on that connection (i.e., assume the remote server # or network connection died after the connection was established). # The default is 15 minutes. # #read_timeout 15 # TAG: client_lifetime (minutes) # The maximum amount of time that a client (browser) is allowed to # remain connected to the cache process. This protects the Cache # from having alot of sockets (and hence file descriptors) tied up # in a CLOSE_WAIT state from remote clients that go away without # properly shutting down (either because of a network failure or # because of a poor client implementation). The default is three # hours, 20 minutes. # # NOTE: The default value is designed with low-speed client # connections in mind. 200 minutes should be plenty of time to # transfer a 10M file at 1k/sec. If you have high-speed client # connectivity, or occasionally run out of file descriptors, # we suggest you lower this value appropriately. # #client_lifetime 200 # TAG: shutdown_lifetime (seconds) # # When SIGTERM or SIGHUP is received, the cache is put into # "shutdown pending" mode until all active sockets are closed. # This value is the lifetime to set for all open descriptors # during shutdown mode. Any active clients after this many # seconds will receive a 'lifetime expire' message # #shutdown_lifetime 30 # ACCESS CONTROLS #----------------------------------------------------------------------------- # Defining an Access List # # acl aclname acltype string1 ... # acl aclname acltype "file" ... # # when using "file", the file should contain one item per line # # acltype is one of src dst srcdomain dstdomain url_pattern urlpath_pattern # time port proto method browser user # # acl aclname src ip-address/netmask ... (clients IP address) # acl aclname src addr1-addr2/netmask ... (range of addresses) # acl aclname dst ip-address/netmask ... (URL host's IP address) # acl aclname srcdomain foo.com ... (taken from reverse DNS lookup) # acl aclname dstdomain foo.com ... (taken from the URL) # acl aclname time [day-abbrevs] [h1:m1-h2:m2] # day-abbrevs: # S - Sunday # M - Monday # T - Tuesday # W - Wednesday # H - Thursday # F - Friday # A - Saturday # h1:m1 must be less than h2:m2 # acl aclname url_regex ^http:// ... # regex matching on whole URL # acl aclname urlpath_regex \.gif$ ... # regex matching on URL path only # acl aclname port 80 70 21 ... # acl aclname proto HTTP FTP ... # acl aclname method GET POST ... # acl aclname browser regexp # acl aclname user username ... # string match on ident output. # # use REQUIRED to accept any # # non-null ident. # acl aclname proxy_auth [ timeout ] # Use an EXTERNAL authenticate program to check username/password # combinations (see authenticate_program). # # 'timeout' is the time a cached username/password entry remains # cached (default = 3600 secs). # # When using a proxy_auth ACL in an ACL list, make sure it is the # *last* in the list and the only proxy_auth ACL in the list. # # NOTE: when a Proxy-Authentication header is sent but it is not # needed during ACL checking the username is NOT logged in access.log. # # NOTE: proxy_auth support is not compiled into Squid by default. # To use this feature you must enable the USE_PROXY_AUTH option # near the top of src/Makefile. ##### PORN WEBSITE BANLIST #acl bansites dst "/usr/local/squid/etc/bansites" #http_access deny bansites # using url_regex #acl sex url_regex "/usr/local/squid/etc/sex" #acl notsex url_regex "/usr/local/squid/etc/notsex" #http_access allow notsex #http_access deny sex acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl all src 0.0.0.0/0.0.0.0 ###BAN THIS IP #acl WINGA src 200.36.1.0/24 #acl WINGB src 200.36.2.0/24 #acl showroom1 src 200.36.2.141/32 #acl showroom2 src 200.36.2.142/32 #acl showroom3 src 200.36.2.143/32 acl LAN1 src 192.168.1.0/24 acl LAN2 src 192.168.2.0/24 acl TMNET src 202.188.0.0/16 acl SSL_ports port 443 563 acl Dangerous_ports port 7 9 19 acl CONNECT method CONNECT http_access deny manager !localhost http_access deny CONNECT !SSL_ports http_access deny Dangerous_ports http_access deny suratman http_access deny norjalee http_access allow LAN1 http_access allow LAN2 http_access allow TMNET #http_access deny showroom1 #http_access deny showroom2 #http_access deny showroom3 http_access deny all # Reply to all ICP queries we receive icp_access allow all # TAG: miss_access # Use to force your neighbors to use you as a sibling instead of # a parent. For example: # # acl localclients src 172.16.0.0/16 # miss_access allow localclients # miss_access deny !localclients # # This means that only your local clients are allowed to fetch # MISSES and all other clients can only fetch HITS. # # By default, allow all clients who passed the http_access rules # to fetch MISSES from us. # miss_access allow all # TAG: cache_host_acl # Just like 'cache_host_domain' but provides more flexibility by # using ACL's. # # cache_host_acl cache-host [!]aclname ... # # NOTE: * Any number of ACL's may be given for a cache-host, # either on the same or separate lines. # * When multiple ACL's are given for a particular # cache-host, the first matched ACL is applied. # * Cache hosts with no domain or ACL restrictions are # queried for all requests. # * There are no defaults. # ADMINISTRATIVE PARAMETERS #----------------------------------------------------------------------------- # TAG: cache_mgr # Email-address of local cache manager who will receive # mail if the cache dies. The default is "webmaster." # #cache_mgr webmaster # TAG: cache_effective_user # If the cache is run as root, it will change its effective/real # UID/GID to the UID/GID specified below. The default is not to # change UID/GID. # cache_effective_user nobody nobody # TAG: visible_hostname # If you want to present a special hostname in error messages, etc, # then define this. Otherwise, the return value of gethostname() # will be used. # #visible_hostname www-cache.foo.org # OPTIONS FOR THE CACHE REGISTRATION SERVICE #----------------------------------------------------------------------------- # This section contains parameters for the (optional) cache # announcement service. This service is provided to help # cache administrators locate one another in order to join or # create cache hierarchies. # # An 'announcement' message is sent (via UDP) to the registration # service by Squid. By default, the annoucement message is NOT # SENT unless you enable it with 'cache_announce' below. # # The announcement message includes your hostname, plus the # following information from this configuration file: # # http_port # icp_port # cache_mgr # # All current information is processed regularly and made # available on the Web at http://www.nlanr.net/Cache/Tracker/. # This is how frequently to send cache announcements. The default # is `0' which disables sending the announcement messages. # # To enable announcing your cache, just uncomment the line below. # #cache_announce 24 # This is the hostname and portnumber where the registration message # will be sent. # # Format: announce_to host[:port] [filename] # # Hostname will default to 'tracker.ircache.net' and port will default # to 3131. If the 'filename' argument is given, the contents of that # file will be included in the announce message. # #announce_to tracker.ircache.net:3131 # HTTPD-ACCELERATOR OPTIONS #----------------------------------------------------------------------------- # TAG: httpd_accel # If you want to run squid as an httpd accelerator, define the # host name and port number where the real HTTP server is. # # If you want virtual host support then specify the hostname # as "virtual". # #httpd_accel real_httpd_host real_httpd_port # TAG: httpd_accel_with_proxy # If you want to use squid as both a local httpd accelerator # and as a proxy, change this to 'on'. # #httpd_accel_with_proxy off # TAG: httpd_accel_uses_host_header # HTTP/1.1 requests include a Host: header which is basically the # hostname from the URL. Squid can be an accelerator for # different HTTP servers by looking at this header. However, # Squid does NOT check the value of the Host header, so it opens # a big security hole. We recommend that this option remain # disabled unless you are sure of what you are doing. # #httpd_accel_uses_host_header off # MISCELLANEOUS #----------------------------------------------------------------------------- # The DNS tests exit as soon as the first site is successfully looked up # # If you want to disable DNS tests, do not comment out or delete this # list. Instead use the -D command line option # #dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu dns_testnames tm.net.my jaring.my # TAG: logfile_rotate # # Specifies the number of logfile rotations to make upon receiving # a USR1 signal. The default is 10, which will rotate with # extensions 0 through 9. Setting logfile_rotate to 0 will # disable the rotation, but the logfiles are still closed and # re-opened. This will enable you to rename the logfiles yourself # just before sending a USR1 signal to the squid process. # #logfile_rotate 10 # TAG: append_domain # Appends local domain name to hostnames without any dots in them. # append_domain must begin with a period. # #append_domain .yourdomain.com # TAG: tcp_recv_bufsize # Size of receive buffer to set for TCP sockets. Probably just # as easy to change your kernel's default. Set to zero to use # the default buffer size. # #tcp_recv_bufsize 0 # TAG: ssl_proxy # Specify the name of a 'cache_host' listed above, or a hostname # and port number where all SSL requests should be forwarded to. # # Usage: ssl_proxy cache_host # ssl_proxy host:port # #ssl_proxy # TAG: passthrough_proxy # Specify the name of a 'cache_host' listed above, or a hostname # and port number where all non-GET (i.e. POST, PUT) requests # should be forwarded to. # # Usage: passthrough_proxy cache_host # passthrough_proxy host:port # #passthrough_proxy # TAG: err_html_text # HTML text to include in error messages. Make this a "mailto" # URL to your admin address, or maybe just a link to your # organizations Web page. # #err_html_text # TAG: deny_info # Usage: deny_info URL acl # # This can be used to return a HTTP redirect for requests which # do not pass the 'http_access' rules. A single ACL will cause # the http_access check to fail. If a 'deny_info' line exists # for that ACL then Squid returns a redirect to the given URL. # TAG: udp_hit_obj on|off # If set, Squid will request UDP_HIT_OBJ replies from its # neighbors. UDP_HIT_OBJ is nice because it saves bandwidth, but # it can cause some other problems. For one it complicates # calculating hit rates. Also, problems arise because the ICP # query does not contain any HTTP request headers which may # affect the reply. # #udp_hit_obj off # TAG: udp_hit_obj_size # # If set, Squid will limit UDP_HIT_OBJ size to be less than # this value. Setting this value to more than SQUID_UDP_SO_SNDBUF # will not work as expected. Set to zero to select the size # permited by the socket. #udp_hit_obj_size 0 # TAG: memory_pools on|off # If set, Squid will keep pools of allocated (but unused) memory # available for future use. If memory is a premium on your # system, disable this. # #memory_pools off # TAG: forwarded_for on|off # If set, Squid will include your system's IP address or name # in the HTTP requests it forwards. By default it looks like # this: # # X-Forwarded-For: 192.1.2.3 # # If you disable this, it will appear as # # X-Forwarded-For: unknown # #forwarded_for on # TAG: log_icp_queries on|off # If set, ICP queries are logged to access.log. ICP logging # is enabled by default, so uncomment and change the line # below to disable it. # #log_icp_queries on # TAG: minimum_direct_hops # If using the ICMP pinging stuff, do direct fetches for sites # which are no more than this many hops away. # minimum_direct_hops 4 # TAG: cachemgr_passwd # Specify passwords for cachemgr operations. # #Usage: cachemgr_passwd password action action ... # # valid actions are: # shutdown * # info # stats/objects # stats/vm_objects # stats/utilization # stats/ipcache # stats/fqdncache # stats/dns # stats/redirector # stats/io # stats/reply_headers # stats/filedescriptors # stats/netdb # log/status * # log/enable * # log/disable * # log/clear * # log * # parameter # server_list # client_list # squid.conf * # # * Indicates actions which will not be performed without a # valid password, others can be performed if not listed here. # # To disable an action, set the password to "disable". # To allow performing an action without a password, set the # password to "none". # # Use the keyword "all" to set the same password for all actions. # #Examples: # # cachemgr_passwd secret shutdown # cachemgr_passwd lesssssssecret info stats/objects # cachemgr_passwd disable all # #Defaults: none # TAG: swap_level1_dirs # Number of first-level directories to create for storing cached # objects. Minimum 1, maximum 256, default 16. # #swap_level1_dirs 16 # TAG: swap_level2_dirs # Number of sub-directories to create under each first-level # directory. Minimum 1, maximum 256, default 256. # #swap_level2_dirs 256 # TAG: store_avg_object_size # Average object size, used to estimate number of objects your # cache can hold. See doc/Release-Notes-1.1.txt. The default is # 13K. # #store_avg_object_size 13 # TAG: store_objects_per_bucket # Target number of objects per bucket in the store hash table. # Lowering this value increases the total number of buckets and # also the storage maintenance rate. The default is 20. # #store_objects_per_bucket 20 # TAG: http_anonymizer # If you want to filter out certain HTTP request headers for # privacy reasons, enable this option. There are three # appropriate settings: # 'off' All HTTP request headers are passed. # 'standard' Specific headers are removed # 'paranoid' Only specific headers are allowed. # To see which headers are allowed or denied, please see the # http-anon.c source file. # #http_anonymizer off # TAG: fake_user_agent # If you use the paranoid http_anonymizer setting, Squid will strip # your User-agent string from the request. Some Web servers will # refuse your request without a User-agent string. Use this to # fake one up. For example: # # fake_user_agent Nutscrape/1.0 (CP/M; 8-bit) # (credit to Paul Southworth pauls@etext.org for this one!) # #fake_user_agent none # TAG: client_db # If you want to disable collecting per-client statistics, then # turn off client_db here. # #client_db on # TAG: netdb_low # TAG: netdb_high # The low and high water marks for the ICMP measurement # database. These are counts, not percents. The defaults are # 900 and 1000. When the high water mark is reached, database # entries will be deleted until the low mark is reached. # #netdb_low 900 #netdb_high 1000 # TAG: netdb_ping_rate # The minimum period for measuring a site. There will be at # least this much delay between successive pings to the same # network. The default is five minutes. # #netdb_ping_period 5 minutes # TAG: query_icmp # If you want to ask your peers to include ICMP data in their ICP # replies, enable this option. # # If your peer has built squid with '-DUSE_ICMP=1' then that peer # will send ICMP pings to origin server sites of the URLs it # receives. If you enable this option then the ICP replies from # that peer will include the ICMP data (if available). Then, # when choosing a parent cache, Squid will choose the parent with # the minimal RTT to the origin server. When this happens, the # hierarchy field of the access.log will be # "CLOSEST_PARENT_MISS". This option is off by default. # #query_icmp off # TAG: icp_hit_stale # If you want to return ICP_HIT for stale cache objects, set this # option to 'on'. If you have sibling relationships with caches # in other administrative domains, this should be 'off'. If you only # have sibling relationships with caches under your control, then # it is probably okay to set this to 'on'. NEVER enable # icp_hit_stale if you also use 'miss_access'. # #icp_hit_stale off # TAG: reload_into_ims # Enable this if you want to turn 'Pragma: no-cache' requests # into If-Modified-Since requests. Off by default, use at your # own risk. This feature is not compiled in by default. You # must add -DRELOAD_INTO_IMS in src/Makefile. # #reload_into_ims off