miscellaneous

MISCELLANEOUS

This section covers configurations that could not be explicitly bundled in with any of the previous categories. Examples of features covered here are limiting the growth of log files, displaying customized information to clients upon error conditions or access denial, defining memory pools for Squid, network management by enabling SNMP, co-ordination with neighbor caches by enabling WCCP, directing the requests either to the origin server or to the neighbor cache, etc.

dns_testnames

logfile_rotate

append_domain

tcp_recv_bufsize

err_html_text

email_err_data

deny_info

memory_pools

memory_pools_limit

via

forwarded_for

log_icp_queries

icp_hit_stale

minimum_direct_hops

minimum_direct_rtt

cachemgr_passwd

store_avg_object_size

store_objects_per_bucket

client_db

netdb_low

netdb_high

netdb_ping_period

query_icmp

test_reachability

buffered_logs

reload_into_ims

always_direct

never_direct

header_access

header_replace

icon_directory

error_directory

maximum_single_addr_tries

snmp_port

snmp_access

snmp_incoming_address

snmp_outgoing_address

as_whois_server

wccp_router

wccp_version

wccp_incoming_address

wccp_outgoing_address

TAG NAME

< dns_testnames

Description

This points to a number of hosts that Squid can use to test if DNS service is working properly on your network

Build Option

Default

Usage

dns_testnames url

Default

dns_testnames netscape.com internic.net nlanr.net microsoft.com

Synopsis
If DNS isn't working properly, Squid will not be able to service requests, so it will refuse to start, with a brief message regarding why in the cache.log. It is recommended that you select two or more host names on the internet and one or two host names on your intranet, assuming you have one and Squid is expected to service it. By default, the dns_testnames directive checks a few well known and popular sites: netscape.com, internic.net, nlanr.net, and microsoft.com.

Arguments

url

Sites on which DNS test to be done

Example(s)
dns_testnames visolve.com

TAG NAME

logfile_rotate

Description

Used to specify the number of old rotated log files Squid will keep

Build Option

Default

Usage

logfile_rotate number

Default

logfile_rotate 10

Synopsis
The value in this tag defines number of rotated log files to be generated. This defaults to 10, which means Squid will keep 10 old log files before overwriting the oldest. Squid -k rotate is the command line usage to implement this function.

Arguments

number

Number of rotations

Example(s)
logfile_rotate 5

TAG NAME

append_domain

Description

The domain that Squid will append to requests that are not possibly fully qualified domain names (more precisely,
those that have no dots in them)

Build Option

Default

Usage

append_domain domainname

Default

none

Synopsis
Using this tag, you can append the domain names to the requests that are not fully qualified domains names.

Note: append_domain must begin with a period.

Arguments

dimainname

Domain name to be appended

Example(s)
append_domain .cgi.com

TAG NAME

tcp_recv_bufsize

Description

Defines the size of the buffer used for TCP packets being received

Build Option

Default

Usage

tcp_recv_bufsize bytes

Default

tcp_recv_bufsize 0 bytes

Synopsis
When defined to a non-zero value, this determines the TCP packets receiving buffer size. By default Squid uses whatever the default buffer size for your operating system is. This is done by setting its value to zero.

Arguments

bytes

Buffer size

Example(s)
tcp_recv_bufsize 500 bytes

TAG NAME

err_html_text

Description

Provides a means to automatically add some extra information to Squid's error pages

Build Option

Default

Usage

err_htmal_text text

Default

none

Synopsis
You can add HTML or plain text comments or links here, which will be added to the error messages displayed to clients. To include this in your error messages, you must rewrite the error template files (found in the "errors" directory). Wherever you want the err_html_text line to appear, insert a %L tag in the error template file.

Arguments

text

Message to be displayed

xample(s)
err_html_text [email protected]
Consider you want to display this mail Id when access denied error occurs, then edit the corresponding file (ERR_ACCESS_DENIED in '$prefix/etc/errors' directory) with %L where this mail Id should be displayed.

TAG NAME

email_err_data

Description

If enabled, information about the occurred error will be included in the mailto links of the ERR pages (if %W is set) so
that the email body contains the data

Build Option

Default

Usage

email_err_data on|off

Default

email_err_data on

Synopsis
Enabling this feature, information about the occurred error will be included in the mailto links of the ERR pages
Syntax is

Arguments

on/off

Enable or disable

TAG NAME

deny_info

Description

Used to define a customized error page for the requests which gets denied by http_access rules

Build Option

Default

Usage

deny_info err_page_name acl
deny_info link acl

Default

none

Synopsis
You might have defied certain rules which filters access to certain domains. While accessing those domains, Squid normally displays a default error page. Using this tag, we can define a customized error page.

Arguments

err_page_name

Customized error page to be displayed

acl

acl for which the page to be displayed

link

Link to be displayed on deny access

Example(s)
acl test1 urlpath_regex -i .index.html
http_access deny test1
deny_info https://www.google.co.in test1
On satisfying http_access, instead of the default error page, the site google will be loaded.

TAG NAME

memory_pools

Description

This allows Squid to keep memory that it has allocated (but no longer needs), so that it will not need to reallocate
memory in the future

Build Option

Default

Usage

memory_pools on|off

Default

memory_pools on

Synopsis
Memory pools can improve performance to a small margin by allocating memory, but may need to be turned off if memory is at a premium on your system. This option defaults to on.

Arguments

on/off

Enable or disable memory pool feature







TAG NAME

memory_pools_limit

Description

The amount of memory Squid will keep allocated, assuming the Keep memory for future use option is turned on

Build Option

Default

Usage

memory_pools_limit bytes

Default

none

Synopsis
Any non-zero value to this tag will instruct Squid not to keep more than that amount allocated, and if Squid requires more memory than that to fulfill a request, it will use your system's malloc library. Squid does not pre-allocate memory, so it is safe to set this reasonably high. If your Squid runs on a dedicated host, it is probably wisest to leave it to its default of unlimited. If it must share the system with other server processes (like Apache or Sendmail) then it might be appropriate to limit it somewhat.

Arguments

bytes

Memory pool limit size

Example(s)
memory_pools_limit 50 MB

TAG NAME

via

Description

Enable/disable via header

Build Option

Default

Usage

via on|off

Default

via on

Synopsis
If set (default), Squid will include a Via header in requests and replies as required by RFC2616.

Arguments

on/off

Enable/disable via header

TAG NAME

forwarded_for

Description

This option allows you to choose whether Squid will report the host name of the system that originally made the
request to the origin server

Build Option

Default

Usage

forwarded_for on|off

Default

forwarded_for on

Synopsis
If set, Squid will include your system's IP address or name in the HTTP requests it forwards. By default it looks like this: X-Forwarded-For: 192.1.2.3

If you disable this, it will appear as X-Forwarded-For: unknown

Arguments

on/off

Enable or disable

TAG NAME

log_icp_queries

Description

Dictates whether Squid will log ICP requests

Build Option

Default

Usage

log_icp_queries on|off

Default

log_icp_queries on

Synopsis
When you fell if ICP loads are very high, you can disable it otherwise you can enable for logging ICP requests.

Arguments

on/off

Enable or disable logging ICP queries

TAG NAME

icp_hit_stale

Description

Enable/disable to return ICP_HIT for stale cache objects

Build Option

Default

Usage

icp_hit_stale on|off

Default

icp_hit_stale off

Synopsis
If you want to return ICP_HIT for stale cache objects, set this option to 'on'. If you have sibling relationships with caches in other administrative domains, this should be 'off'. If you only have sibling relationships with caches under your control, then it is probably okay to set this to 'on'. If set to 'on', then your siblings should use the option "allow-miss" on their cache_peer lines for connecting to you.

Arguments

on/off

Enable or disable

TAG NAME

minimum_direct_hops

Description

Define minimum number of direct hops after which it directs Squid to do direct fetches

Build Option

Default

Usage

minimum_direct_hops number

Default

minimum_direct_hops 4

Synopsis
When using ICMP pinging features of Squid to determine distance to peers and origin servers, this configures when Squid should prefer going direct over a peer. This parameter plays a role in deciding latency.

Arguments

number

Number of hops

Example(s)
minimum_direct_hops 10

TAG NAME

minimum_direct_rtt

Description

Defines minimum rtt after which it directs Squid to do direct fetches

Build Option

Default

Usage

minimum_direct_rtt timeunits

Default

minimum_direct_rtt 400

Synopsis
If using the ICMP pinging stuff, do direct fetches for sites which are no more than this many rtt milliseconds away.

Arguments

timeunits

Round Trip Time

Example(s)
minimum_direct_rtt 200

TAG NAME

cachemgr_passwd

Description

Specify passwords for cachemgr operations

Build Option

Default

Usage

cachemgr_passwd password action action ...

Default

none

Synopsis
By using this we can have secured administration over the Squid.

Actions:

5min, 60min, asndb, authenticator, cbdata, client_list, comm_incoming, config *, counters, delay, digest_stats, dns, events, filedescriptors, fqdncache, histograms, http_headers, info, io, ipcache, mem, menu, netdb, non_peers, objects, offline_toggle *, pconn, peer_select, redirector, refresh, server_list, shutdown *, store_digest, storedir, utilization, via_headers, vm_objects.

* Indicates actions which will not be performed without a valid password, others can be performed if not listed here.

To disable an action, set the password to "disable". To allow performing an action without a password, set the
password to "none".

Use the keyword "all" to set the same password for all actions.


Arguments

password

Password for the action

action

Action as described above

Example(s)
cachemgr_passwd secret shutdown

TAG NAME

store_avg_object_size

Description

Average object size, used to estimate number of objects your cache can hold.

Build Option

Default

Usage

store_avg_object_size size(Kbytes)

Default

store_avg_object_size 13 KB

Synopsis
To Estimate the number of objects your cache can hold: NUM_OBJ = cache_swap / store_avg_object_size where, cache_swap is the size of the cache.

Arguments

size

Size of the object

Example(s)
store_avg_object_size 100 KB

TAG NAME

store_objects_per_bucket

Description

Defines the number of objects in each store hash table

Build Option

Default

Usage

store_objects_per_bucket number

Default

store_objects_per_bucket 20

Synopsis
Target number of objects per bucket in the store hash table. Lowering this value increases the total number of buckets and also the storage maintenance rate.

Arguments

number

Number of objects

Example(s)
store_objects_per_bucket 50

TAG NAME

client_db

Description

Allows you to choose whether Squid will keep statistics regarding each individual client

Build Option

Default

Usage

client_db on|off

Default

client_db on

Synopsis
If you want to disable collecting per-client statistics, then turn off client_db here.

Arguments

on/off

Enable or disable collecting client statistics

TAG NAME

netdb_low, netdb_high

Description

Defines low and high water marks for the ICMP measurement database

Build Option

Default

Usage

netdb_low number
netdb_high number

Default

netdb_low 900
netdb_high 1000

Synopsis
These measurements are counts and not percentage. The defaults are 900 and 1000. When the high water mark is reached, database entries will be deleted until the low mark is reached.

Arguments

number

Number of entries

Example(s)
netdb_low 500
netdb_high 800

TAG NAME

netdb_ping_period

Description

Defines minimum period for measuring a site

Build Option

Default

Usage

netdb_ping_period timeunits

Default

netdb_ping_period 5 minutes

Synopsis
When this is defined, there will be at least this much delay between successive pings to the same network. The default is five minutes.

Arguments

timeunits

Time period between successive pings

Example(s)
netdb_ping_period 15 minutes

TAG NAME

query_icmp

Description

Enabling this option, makes Squid to ask your peers to include ICMP data in their ICP replies

Build Option

--enable-icmp

Usage

query_icmp on|off

Default

query_icmp off

Synopsis
If your peer has configured Squid (during compilation) with '--enable-icmp' then that peer will send ICMP pings to origin server sites of the URLs it receives. If you enable this option then the ICP replies from that peer will include the ICMP data (if available). Then, when choosing a parent cache, Squid will choose the parent with the minimal RTT to the origin server. When this happens, the hierarchy field of the access.log will be "CLOSEST_PARENT_MISS". This option is off by default.

Arguments

on/off

Enable or disable this option

TAG NAME

test_reachability

Description

When this is 'on', ICP MISS replies will be ICP_MISS_NOFETCH instead of ICP_MISS if the target host is NOT in the
ICMP database, or has a zero RTT

Build Option

Default

Usage

test_reachability on|off

Default

test_reachability off

Synopsis
If the target host is NOT in the ICMP database, or has a zero RTT, enabling this tag, ICP MISS replies will be ICP_MISS_NOFETCH instead of ICP_MISS.

Arguments

on/off

Enable or disable

TAG NAME

buffered_logs

Description

Buffering and unbuffering can be done while writing cache.log with stdio functions using this tag

Build Option

Default

Usage

buffered_logs on|off

Default

buffered_logs off

Synopsis
Buffering it can speed up the writing slightly. By default it will be unbuffered.

Arguments

on/off

Enable or disable buffering

TAG NAME

reload_into_ims

Description

When you enable this option, client no-cache or reload requests will be changed to If-Modified-Since requests

Build Option

Default

Usage

reload_into_ims on|off

Default

reload_into_ims off

Synopsis
This tag is used to change clients no-cache or reload requests to IMS(if-modified sequence).

Note: Enabling this feature could make you liable for problems which it causes.

Arguments

on/off

Enable or disable

TAG NAME

always_direct

Description

Here you can use ACL elements to specify requests which should ALWAYS be forwarded directly to origin servers

Build Option

Default

Usage

always_direct allow|deny [!]aclname ...

Default

none

Synopsis
Allows you to easily pick which ACL matches will not be cached. Requests that match the selected ACLs will always be answered from the origin server. Example below explains the tag to a clear extent.

Arguments

allow/deny

Allow or deny direct access

aclname

Access list on which this should act

Example(s)
acl local-servers dstdomain my.domain.net
always_direct allow local-servers

To always forward FTP requests directly, use
acl FTP proto FTP
always_direct allow FTP

TAG NAME

never_direct

Description

With never_direct you can use ACL elements to specify requests which should NEVER be forwarded directly to origin
servers

Build Option

Default

Usage

never_direct allow|deny [!] aclname ...

Default

none

Synopsis
never_direct is the opposite of always_direct. By default all requests are not forwarded directly to the origin server.

The following example explains this tag.

Arguments
allow/deny Deny or allow direct access
aclname
Access list on which this should act

Example(s)
To force the use of a proxy for all requests, except those in your local domain use something like
acl local-servers dstdomain .foo.net
acl all src 0.0.0.0/0.0.0.0
never_direct deny local-servers
never_direct allow all

or if Squid is inside a firewall and there is local intranet
servers inside the firewall then use something like:

acl local-intranet dstdomain .foo.net
acl local-external dstdomain external.foo.net
always_direct deny local-external
always_direct allow local-intranet
never_direct allow all
TAG NAME header_access
Description This creates a list of ACLs for each header, allowing you very fine-tuned header mangling
Build Option Default
Usage
header_access allow|deny header_name ...
Default
none

Synopsis
This option replaces the old 'anonymize_headers' and the older 'http_anonymizer' option with something that is much more configurable. This new method creates a list of ACLs for each header, allowing you very fine-tuned header mangling.

You can only specify known headers for the header name. Other headers are reclassified as 'Other'. You can also refer to all the headers with 'All'.

Arguments
allow/deny
Allow or deny access for the specified header name
header_name
Header name
Example(s)
header_access Proxy-Connection allow all
TAG NAME header_replace
Description This option allows you to change the contents of headers denied with header_access above
Build Option
Default
Usage
header_replace header_name message
Default
none

Synopsis
For headers denied with header_access, this tag allows to replace the content of the header using the message specified This is done by replacing them with some fixed string. This replaces the old fake_user_agent option. By default, headers are removed if denied.

Arguments
header_name
Header for which content to be changed
message
Content to be replaced with the message specified here

Example(s)
header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit)

TAG NAME icon_directory
Description Used to specify the path to icon deirectory
Build Option
Default
Usage
icon_directory path/directoryname
Default
icon_directory /usr/local/Squid/share/icons

Synopsis
This tag is used to indicate the icon directory.

Arguments
path/directoryname
Location path and name of the directory

Example(s)
icon_directory /usr/local/icons
TAG NAME error_directory
Description Defines path to your own error directory
Build Option
Default
Usage
error_directory path/directoryname
Default
error_directory /usr/local/Squid/share/errors/English

Synopsis
Used to specify location and name of the error directory used.

Arguments
path/directoryname Local