|
Options
|
Functions
|
|
proxy-only
|
to specify that objects fetched from this cache should not be saved locally.
|
|
weight=n
|
to specify a weighted parent. The weight must be an integer. The default weight is 1, larger weights are favored more.
|
|
basetime=n
|
to specify a base amount to be subtracted from round trip times of parents. It is subtracted before division by weight in calculating
which parent to fetch from. If the rtt is less than the base time then the rtt is set to a minimal value.
|
|
ttl=n
|
to specify a IP multicast TTL to use when sending an ICP queries to this address. Only useful when sending to a multicast group.
Because we don't accept ICP replies from random hosts, you must configure other group members as peers with the
multicast-responder' option below.
|
|
no-query
|
NOT to send ICP queries to this neighbor.
|
|
background-ping
|
only send ICP queries to this neighbor infrequently. This is used to keep the neighbor round trip time updated and is usually used
in conjunction with weighted-round-robin.
|
|
default
|
if this is a parent cache which can be used as a "last-resort." You should probably only use 'default' in situations where you cannot
use ICP with your parent cache(s).
|
|
round-robin
|
to define a set of parents which should be used in a round-robin fashion in the absence of any ICP queries.
|
|
weighted-round-robin
|
to define a set of parents which should be used in a round-robin fashion with the frequency of each parent being based on the round
trip time. Closer parents are used more often.
|
|
carp
|
to define a set of parents which should be used as a CARP array. The requests will then be distributed among the parents based
on the CARP load balancing hash function based on their weight.
|
|
multicast-responder
|
indicates that the named peer is a member of a multicast group. ICP queries willnot be sent directly to the peer, but ICP replies
will be accepted from it.
|
|
closest-only
|
indicates that, for ICP_OP_MISS replies, we'll only forward CLOSEST_PARENT_MISSes and never FIRST_PARENT_MISSes.
|
|
no-digest
|
NOT to request cache digests from this neighbor.
|
|
no-netdb-exchange
|
disables requesting ICMP RTT database (NetDB) from the neighbor.
|
|
no-delay
|
to prevent access to this neighbor from influencing the delay pools.
|
|
login=user:password
|
if this is a personal/workgroup proxy and your parent requires proxy authentication.
The string can include URL escapes (i.e. %20 for spaces). This also means that % must be written as %%.
|
|
login=PASS
|
if users must authenticate against the upstream proxy. This will pass the users credentials as they are to the peer proxy. This only
works for the Basic HTTP authentication scheme.
To combine this with proxy_auth both proxies must share the same user database as HTTP only allows for one proxy login. Also be
warned that this will expose your users proxy password to the peer. USE WITH CAUTION
|
|
login=*:password
|
to pass the username to the upstream cache, but with a fixed password. This is meant to be used when the peer is in another
administrative domain, but it is still needed to identify each user. The star can optionally be followed by some extra information
which is added to the username. This can be used to identify this proxy to the peer, similar to the login=username:password option
above.
|
|
connect-timeout=nn
|
to specify a peer specific connect timeout (also see the peer_connect_timeout directive)
|
|
digest-url=url
|
to tell Squid to fetch the cache digest (if digests are enabled) for this host from the specified URL rather than the Squid default
location.
|
|
allow-miss
|
to disable Squid's use of only-if-cached when forwarding requests to siblings. This is primarily useful when icp_hit_stale is used by
the sibling. To extensive use of this option may result in forwardingloops, and you should avoid having two-way peerings with this
option. (for Example(s) to deny peer usage on requests from peer by denying cache_peer_access if the source is a peer)
|
|
max-conn
|
to limit the amount of connections Squid may open to this peer.
|
|
htcp
|
to send HTCP, instead of ICP, queries to the neighbor. You probably also want to set the "icp port" to 4827 instead of 3130.
|
|
originserver
|
causes this parent peer to be contacted as a origin server. Meant to be used in accelerator setups.
|
|
name=xxx
|
if you have multiple peers on the same host but different ports. This name can then be used to differentiate the peers in
cache_peer_access and similar directives.
|
|
forceddomain=name
|
to forcibly set the Host header of requests forwarded to this peer. Useful in accelerator setups where the server (peer) expects a
certain domain name and using redirectors to feed this domainname is not feasible.
|
|
ssl
|
to indicate that connections to this peer should bs SSL/TLS encrypted.
|
|
sslcert=
/path/to/ssl/certificate
|
to specify a client SSL certificate to use when connecting to this peer.
|
|
sslkey=
/path/to/ssl/key
|
to specify the private SSL key corresponding to sslcert above. If 'sslkey' is not specified then 'sslcert' is assumed to reference a
combined file containing both the certificate and the key.
|
|
sslversion=1|2|3|4
|
to specify the SSL version to use when connecting to this peer
1 = automatic (default)
2 = SSL v2 only
3 = SSL v3 only
4 = TLS v1 only
|
|
sslcipher=...
|
to specify the list of valid SSL chipers to use when connecting to this peer
|
|
ssloptions=...
|
to specify various SSL engine options
NO_SSLv2 Disallow the use of SSLv2
NO_SSLv3 Disallow the use of SSLv3
NO_TLSv1 Disallow the use of TLSv1
|
|
cafile=...
|
to specify a file containing additional CA certificates to use when verifying the peer certificate
|
|
capath=...
|
to specify a directory containing additional CA certificates to use when verifying the peer certificate
|
|
sslflags=...
|
to specify various flags modifying the SSL implementation
DONT_VERIFY_PEER - Accept certificates even if they fail to verify.
NO_DEFAULT_CA - Don't use the default CA list built in to OpenSSL.
DONT_VERIFY_DOMAIN - Don't verify that the peer certificate matches the server name
|
|
sslname=
|
to specify the peer name as advertised in it's certificate. Used for verifying the correctness of the received peer certificate. If not
specified the peer hostname will be used.
|
|
front-end-https
|
to enable the "Front-End-Https: On" header needed when using Squid as a SSL frontend infront of Microsoft OWA. See MS KB
document Q307347 for details on this header. If set to auto then the header will only be added if the request is forwarded as a
https://URL.
|
+1 (408)-850-2243
[email protected]
