2.5 Release notes - first draft

From: Gary Shelton <omega996@dont-contact.us>
Date: Mon, 3 Dec 2001 12:34:05 -0800

Here's what i've got so far - just give me a shout with your changes,
and i'll continue to whip it into shape.

gary shelton

Version 2.5 Release Notes

Changes to squid.conf

This new option specifies the socket address where squid will listen for HTTPS client requests. This is used where squid is running in accelerator mode and any SSL work is to be done at the acelerator level.

This new option allows SSL to terminate without a shutdown message. This is useful to prevent crashes from certain browsers (MSIE).

Udp_outgoing address
New configuration choices for these optios are the ability to specify a password for an upstream proxy, and the ability to limit the number of connections squid may open to a peer.

This new option specifies the local hostname-IP address association database.

This new optin is used to pass parameters to the various authentication schemes.

The default for this option has changed from 1 MB to 0 (no limit).

Acl aclname max_user_ip
This acl will limit the number of concurrent multiple IP connections (cnnections from multiple IP addresses).

These new options allow you to select a TOS/Diffserv value to mark outgoing connections with, based upon the username or source address making the request.

This option replaces the old 'anonymize_headers' and the older 'http_anonymizer' options with the ability to use ACLs to fine-tune header mangling.

This new option allows you to change the contents of headers denied with header_acces. This replaced the 'fake_user_agent' option.

This new option allows squid to ignore immediate expiry times on Vary objects.

This new option allows the main squid process to sleep a number of microseconds after a fork) system call.

This option specifies the maximum size of a reply body. It can be used to prevent users from downloading very large files, such as MP3s and movies.

This option allows replies to client requests. It isa complementary option to http_access.
Changes to configure

Use this option along with the --enable-storeio="aufs". This tunes the number of worker threads for the aufs object store.

Compile squidwith the OpenSSL libriares.

--enable-auth=\"list of auth scheme modules\"
Build support for the list of authentication schemes. The default is to build support for the Basic scheme, with a list of available modules in src/auth. The programmer's Guide secion on authentication schemes has details on ow to build your own custom auth scheme module.

--enable-basic-auth-helpers=\"list of helpers\"
This option selects which basic auth scheme helpers to build and install. For a list of available helpers see thesrc/auth/basic/helpers directory.

--enable-ntlm-auth-helpers=\"list of helpers\"
This options selects which ntlm auth scheme helpers to build and install. For a list of available helpers see the src/auth/ntlm/helpers directory.

--enable-digest-auth-helprs=\"list of helpers\"
This options selects which digest scheme authentication helpers to build and install. For a list of available helpers see the src/auth/digest/helpers directory.

This option enables NTLM Fail open, where a heper that fails one of the Authentication steps can allow squit to still authenticat the user.

This option enables support for the X-Accelerator-Vary http header. This can be used to indicate variance within an accelerator setu. This is typically used together with other code that adds custom http headers to the requests.

Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Received on Mon Dec 03 2001 - 17:51:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:39 MST