Re: 2.5 Release notes - first draft

From: Henrik Nordstrom <>
Date: Thu, 27 Dec 2001 14:46:46 +0100

Sorry for the slow response.

comments within []


On Monday 03 December 2001 21.34, Gary Shelton wrote:
> greetings:
> Here's what i've got so far - just give me a shout with your changes,
> and i'll continue to whip it into shape.
> gary shelton

Version 2.5 Release Notes

Changes to squid.conf

This new option specifies the socket address where squid will listen for
HTTPS client requests. This is used where squid is running in accelerator
mode and any SSL work is to be done at the acelerator level.

This new option allows SSL to terminate without a shutdown message. This is
useful to prevent crashes from certain browsers (MSIE).

Udp_outgoing address
New configuration choices for these optios are the ability to specify a
password for an upstream proxy, and the ability to limit the number of
connections squid may open to a peer.

[this is malplaced.. the change relates to cache_peer]

This new option specifies the local hostname-IP address association database.

This new optin is used to pass parameters to the various authentication

The default for this option has changed from 1 MB to 0 (no limit).

Acl aclname max_user_ip
This acl will limit the number of concurrent multiple IP connections
(cnnections from multiple IP addresses).

These new options allow you to select a TOS/Diffserv value to mark outgoing
connections with, based upon the username or source address making the

[tcp_outgoing_address has also been extended in a similar fashion]

This option replaces the old 'anonymize_headers' and the older
'http_anonymizer' options with the ability to use ACLs to fine-tune header

This new option allows you to change the contents of headers denied with
header_acces. This replaced the 'fake_user_agent' option.

This new option allows squid to ignore immediate expiry times on Vary objects.

This new option allows the main squid process to sleep a number of
microseconds after a fork) system call.

This option specifies the maximum size of a reply body. It can be used to
prevent users from downloading very large files, such as MP3s and movies.

This option allows replies to client requests. It isa complementary option to

[This new option allows access control based on replies to client requests...
(as above). Examples of use is to control access based on reply content type]

Changes to configure

Use this option along with the --enable-storeio="aufs". This tunes the number
of worker threads for the aufs object store.

Compile squidwith the OpenSSL libriares.

--enable-auth=\"list of auth scheme modules\"
Build support for the list of authentication schemes. The default is to build
support for the Basic scheme, with a list of available modules in src/auth.
The programmer's Guide secion on authentication schemes has details on ow to
build your own custom auth scheme module.

--enable-basic-auth-helpers=\"list of helpers\"
This option selects which basic auth scheme helpers to build and install. For
a list of available helpers see thesrc/auth/basic/helpers directory.

--enable-ntlm-auth-helpers=\"list of helpers\"
This options selects which ntlm auth scheme helpers to build and install. For
a list of available helpers see the src/auth/ntlm/helpers directory.

--enable-digest-auth-helprs=\"list of helpers\"
This options selects which digest scheme authentication helpers to build and
install. For a list of available helpers see the src/auth/digest/helpers

This option enables NTLM Fail open, where a heper that fails one of the
Authentication steps can allow squit to still authenticat the user.

This option enables support for the X-Accelerator-Vary http header. This can
be used to indicate variance within an accelerator setu. This is typically
used together with other code that adds custom http headers to the requests.
Received on Thu Dec 27 2001 - 09:08:01 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:42 MST