Support for external functions
Description This tag can be used if you want the anonymous login password to be more informative. You can set this to something reasonable for your domain, like squid@squid.visolve.com. The reason why this is domain less by default is that the request can be made on the behalf of a user in any domain, depending on how the cache is used. Some ftp servers also validate the email address. For detailed explanation Click Here Example ftp_user squid@squid.visolve.com |
Usage | ftp_list_width number |
Description This tag is used to set the width of ftp listings. This should be set to fit in the width of a standard browser. Setting this too small can cut off long filenames when browsing ftp sites. Example ftp_list_width 64 |
Description If your firewall does not allow Squid to use passive connections, then turn off this option. |
Tag Name | cache_dns_program |
Usage | cache_dns_program program |
Description This tag is used to specify the location of the executable for dns lookup process. This option is only available if Squid is rebuilt with the --disable-internal-dns option. The external dns program uses the normal resolver libraries which is a much more mature DNS client. The internal DNS client still has some problems with special cases in the DNS protocol. However, things has gotten a lot better compared to the early version so any of these issues are not likely to be noticed, and is heavily out weighted by the improved performance and reliability. But drawbacks of the external DNS helper are likely to be noticed when using external DNS. If DNS lookups are slow then the external DNS helper will hit the roof and no further DNS lookups can complete (some Squid versions even abort in such case). Recommendation: Use the internal DNS client unless an experience problem which forces to use the external one until a fix is provided. Default | cache_dns_program /usr/local/squid/libexec/squid/ |
Example cache_dns_program /usr/local/squid/bin/dnsserver |
Usage | dns_children number (1 to 32) |
Description The number of processes spawn to service DNS name lookups are specified here. For heavily loaded caches on large servers, There is probably need to increase this value to at least 10. The maximum is 32. The default is 5. This option is only available if Squid is rebuilt with the --disable-internal-dns option. The number of processes increases, the performance of DNS lookups also increases. It is recommended to use maximum child processes (32). The limitation that the external dnsserver helper can only handle one DNS lookup at a time and cannot be aborted prior to the 2 minutes DNS lookup time-out. The internal DNS client does not have this limitation and can handle any number of concurrent lookups. See the description of cache_dns_program. Example dns_children 10 Caution You must have at least one dnsserver process |
Tag Name | dns_retransmit_interval |
Usage | dns_retransmit_interval time-units |
Description This tag is used to set the initial retransmit interval for DNS queries. The interval is doubled each time all configured DNS servers have been tried Default | dns_retransmit_interval 5 seconds |
|
Usage | dns_timeout time-units |
Description This tag is used to set the DNS Query time-out. If no response is received to a DNS query within this time then all DNS servers for the queried domain is assumed to be unavailable Default | dns_timeout 5 minutes |
|
Description Normally the 'dnsserver' disables the RES_DEFNAMES resolver option (see res_init(3)). This prevents caches in a hierarchy from interpreting single component hostnames locally. To allow dnsserver handle single component names, enable this option. This option is only available if Squid is rebuilt with the --disable-internal-dnsoption. |
Usage | dns_nameservers IPaddress |
Description This tag can be used if you want to specify a list of DNS name servers (IP addresses) to use instead of those given in your /etc/resolv.conf file Default | dns_nameservers none |
Example dns_nameservers 172.16.1.102 204.54.6.20 |
Usage | diskd_program path/to/diskdfile |
Description To specify the location of the diskd executable. Note that this is only useful if you have compiled in diskd as one of the store io modules. Default | diskd_program /usr/local/squid/libexec/squid/diskd |
Example diskd_program /local/squid/bin/diskd |
Usage | unlinkd_program path/to/unlinkedfile |
Description This tag specifies the location of the unlinkd program. This isn't needed if you are using async-io since it's handled by a thread Default | unlinkd_program /usr/local/squid/libexec/squid/unlinkd |
Example unlinkd_program /usr/local/squid/bin/unlinkd |
Usage | pinger_program path/to/pingerfile |
Description This tag is used to specify the location of the executable for the pinger process. This is only useful if you configured Squid (during compilation) with the '--enable-icmp' option Default | pinger_program /usr/local/squid/libexec/squid/ |
Example pinger_program /usr/local/squid/bin/pinger |
Usage | redirect_program path/to/redirector |
Description This tag is used to specify the location of the executable for the URL redirector. Since they can perform almost any function there isn't one included. Click here for information on how to write one. By default, a redirector is not used Default | redirect_program none |
Example redirect_program /usr/local/squirm/bin/squirm |
Tag Name | redirect_children |
Usage | redirect_children number |
Description This tag is used to set the number of redirect processes to spawn Default | redirect_children 5 |
Example redirect_children 10 Caution If you start too few Squid will have to wait for them to process a back log of URLs, slowing it down. If you start too many they will use RAM and other system resources. |
Tag Name | redirect_rewrites_host_header |
Usage | redirect_rewrites_host_header on|off |
Description By default Squid rewrites any Host: header in redirected requests. If you are running a accelerator then this may not be a wanted effect of a redirector Default | redirect_rewrites_host_header on |
|
Usage | redirector_access allow|deny |
Description If defined, this access list specifies which requests are sent to the redirector processes Default | All requests are sent |
Example redirector_access allow aclname |
Tag Name | authenticate_program |
Usage | authenticate_program path/to/program path/to/passwdfile |
Description This tag is used to specify the command for the external authenticator. Such a program reads a line containing "username password" and replies "OK" or "ERR" in an endless loop. If you use an authenticator, make sure you have 1 acl of type proxy_auth. If you want to use the traditional proxy authentication, jump over to the ../auth_modules/NCSA directory and give # make # make install The source for this program is included in the source distribution, in the auth_modules/NCSA directory. You should now have an ncsa_authprogram in the same directory where your squid binary lives. You may need to create a password file. If you have been using proxy authentication before, you probably already have such a file. You can get apache's htpasswd program from here. Pick a pathname for your password file. We will assume you will want to put it in the same directory as your Squid.conf. Default | authenticate_program none By default, the authenticator_program is not used |
Example authenticate_program /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/passwd |
Tag Name | authenticate_children |
Usage | authenticate_children number |
Description The number of authenticator processes to spawn (default 5). Default | authenticate_children 5 |
Caution If you start too few Squid will have to wait for them to process aback log of usercode/password verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes. |
Usage | authenticate_ttl seconds |
Description This tag is used to specify the time a checked username/password combination remains cached (default 3600). If a wrong password is given for a cached user, the user gets removed from the username/password cache forcing a revalidation. Default | authenticate_ttl 3600 |
|
Tag Name | authenticate_ip_ttl |
Usage | authenticate_ip_ttl number |
Description With this option you control how long a proxy authentication will be bound to a specific IP address. If a request using the same user name is received during this time then access will be denied and both users are required to reauthenticate them selves. The idea behind this is to make it annoying for people to share their password to their friends, but yet allow a dialup user to reconnect on a different dialup port. The default is 0 to disable the check. Recommended values if you have dialup users are no more than 60 (seconds). If all your users are stationary then higher values may be used. Default | authenticate_ip_ttl 0 |
Example authenticate_ip_ttl 3600 |
Tag Name | authenticate_ip_ttl_is_strict |
Usage | authenticate_ip_ttl_is_strict on|off |
Description This option makes authenticate_ip_ttl a bit stricter. With this enabled authenticate_ip_ttl will deny all access from other IPaddresses until the TTL has expired, and the IP address "owning" the userid will not be forced to reauthenticate. Default | authenticate_ip_ttl_is_strict on |
|
|