hello,
we are using a PentiumPro 200Mhz machine with 64mb memory and
2scsi hard drives which are 4.2gb and 6.4 gb.
the operating system is FreeBSD 2.2.6 and squid version is 1.1.21
I have set 256MB of swap on 4.2 gb hard drive (it is dedicated to OS)
and I set 6.4gb hard drive to cache (dedicated to Squid)
and here is a copy of my squid.conf file generated by cachemgr.cgi
here the problem comes....
the people in my company says that when they use proxy it makes the
system
so slow, I mean they say that when they connect thru proxy the web sites
come so slowly. May it be true? or that is their psychologic stuff?
I mean that they are thinking that they are connecting thru a 3th party
machine and that makes them connect slower...is that may be true???
thanks.
--------------------------------------------------------------------------------
squid.conf: 195.174.18.2:8080
dated Wed Jul 22 21:38:31 1998
"# Generated automatically from squid.conf.pre.in by configure."
"#"
"# $Id: squid.conf.pre.in,v 1.93.2.14 1997/12/31 21:36:59 wessels Exp $"
"#"
""
"# TAG: http_port"
"# The port number where squid will listen for HTTP client"
"# requests. Default is 3128, for httpd-accel mode use port 80."
"# May be overridden with -a on the command line."
"#"
"http_port 80"
""
"# TAG: icp_port"
"# The port number where squid send and receive ICP requests to"
"# and from neighbor caches. Default is 3130. To disable use"
"# "0". May be overridden with -u on the command line."
"#"
"icp_port 3130"
""
"# TAG: mcast_groups"
"# This tag specifies a list of multicast groups which your"
"# server should join to receive multicasted ICP requests."
"#"
"# NOTE! Be very careful what you put here! Be sure you"
"# understand the difference between an ICP _query_ and an ICP"
"# _reply_. This option is to be set only if you want to RECEIVE"
"# multicast queries. Do NOT set this option to SEND multicast"
"# ICP (use cache_host for that). ICP replies are always sent via"
"# unicast, so this option does not affect whether or not you will"
"# receive replies from multicast group members."
"#"
"# You must be very careful to NOT use a multicast address which"
"# is already in use by another group of caches. NLANR has been"
"# assigned a block of multicast address space for use in Web"
"# Caching. Plese write to us at nlanr-cache@nlanr.net to receive"
"# an address for your own use."
"#"
"# Usage: mcast_groups 239.128.16.128 224.0.1.20"
"#"
"# By default, squid doesn't listen on any multicast groups."
"#"
"#mcast_groups 239.128.16.128"
""
"# TAG: tcp_incoming_address"
"# TAG: tcp_outgoing_address"
"# TAG: udp_incoming_address"
"# TAG: udp_outgoing_address"
"#"
"# Usage: tcp_incoming_address 10.20.30.40"
"# udp_outgoing_address fully.qualified.domain.name"
"#"
"# These tags have replaced 'bind_address' and 'outbound_address'"
"# to provide more control for multihomed hosts."
"#"
"# tcp_incoming_address is used for the HTTP socket which accepts"
"# connections from clients and other caches."
"# tcp_outgoing_address is used for connections made to remote"
"# servers and other caches."
"# udp_incoming_address is used for the ICP socket receiving packets"
"# from other caches."
"# udp_outgoing_address is used for ICP packets sent out to other"
"# caches."
"#"
"# The defaults behaviour is to not bind to any specific address."
"#"
"# NOTE, udp_incoming_address and udp_outgoing_address can not have"
"# the same value since they both use port 3130."
"#"
"#tcp_incoming_address 0.0.0.0"
"#tcp_outgoing_address 0.0.0.0"
"#udp_incoming_address 0.0.0.0"
"#udp_outgoing_address 0.0.0.0"
""
""
"# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM"
"#-----------------------------------------------------------------------------"
""
"# TAG: cache_host"
"# To specify other caches in a hierarchy, use the format:"
"#"
"# hostname type http_port icp_port"
"#"
"# For example,"
"#"
"# # proxy icp"
"# # hostname type port port options"
"# # -------------------- -------- ----- ----- -----------"
"# cache_host bigserver.usc.edu parent 3128 3130 [proxy-only]"
"# cache_host littleguy1.usc.edu sibling 3128 3130 [proxy-only]"
"# cache_host littleguy1.usc.edu sibling 3128 3130 [proxy-only]"
"#"
"# type: either 'parent', 'sibling', or 'multicast'."
"#"
"# proxy_port: The port number where the cache listens for proxy"
"# requests."
"#"
"# icp_port: Used for querying neighbor caches about"
"# objects. To have a non-ICP neighbor"
"# specify '7' for the ICP port and make sure the"
"# neighbor machine has the UDP echo port"
"# enabled in its /etc/inetd.conf file."
"#"
"# options: proxy-only"
"# weight=n"
"# ttl=n"
"# no-query"
"# default"
"# round-robin"
"# multicast-responder"
"#"
"# use 'proxy-only' to specify that objects fetched"
"# from this cache should not be saved locally."
"#"
"# use 'weight=n' to specify a weighted parent."
"# The weight must be an integer. The default weight"
"# is 1, larger weights are favored more."
"#"
"# use 'ttl=n' to specify a IP multicast TTL to use"
"# when sending an ICP request to this address."
"# Only useful when sending to a multicast group."
"# Because we don't accept ICP replies from random"
"# hosts, you must configure other group members as"
"# peers with the 'multicast-responder' option below."
"#"
"# use 'no-query' to NOT send ICP queries to this"
"# neighbor."
"#"
"# use 'default' if this is a parent cache which can"
"# be used as a "last-resort." You should probably"
"# only use 'default' in situations where you cannot"
"# use ICP with your parent cache(s)."
"#"
"# use 'round-robin' to define a set of parents which"
"# should be used in a round-robin fashion in the"
"# absence of any ICP queries."
"#"
"# 'multicast-responder' indicates that the named peer"
"# is a member of a multicast group. ICP queries will"
"# not be sent directly to the peer, but ICP replies"
"# will be accepted from it."
"#"
"# NOTE: non-ICP neighbors must be specified as 'parent'."
"#"
"#cache_host hostname type 3128 3130"
""
"# TAG: cache_host_domain"
"# Use to limit the domains for which a neighbor cache will be queried."
"# Usage:"
"#"
"# cache_host_domain cache-host domain [domain ...]"
"# cache_host_domain cache-host !domain"
"#"
"# For example, specifying"
"#"
"# cache_host_domain bigserver.usc.edu .edu"
"#"
"# has the effect such that UDP query packets are sent to"
"# 'bigserver' only when the requested object exists on a"
"# server in the .edu domain. Prefixing the domainname"
"# with '!' means that the cache will be queried for objects"
"# NOT in that domain."
"#"
"# NOTE: * Any number of domains may be given for a cache-host,"
"# either on the same or separate lines."
"# * When multiple domains are given for a particular"
"# cache-host, the first matched domain is applied."
"# * Cache hosts with no domain restrictions are queried"
"# for all requests."
"# * There are no defaults."
"# * There is also a 'cache_host_acl' tag in the ACL"
"# section."
""
"# TAG: neighbor_type_domain"
"#"
"# usage: neighbor_type_domain parent|sibling domain domain ..."
"#"
"# Modifying the neighbor type for specific domains is now"
"# possible. You can treat some domains differently than the the"
"# default neighbor type specified on the 'cache_host' line."
"# Normally it should only be necessary to list domains which"
"# should be treated differently because the default neighbor type"
"# applies for hostnames which do not match domains listed here."
"#"
"#EXAMPLE:"
"# cache_host parent cache.foo.org 3128 3130"
"# neighbor_type_domain cache.foo.org sibling .com .net"
"# neighbor_type_domain cache.foo.org sibling .au .de"
""
"# TAG: inside_firewall"
"# This tag specifies a list of domains inside your Internet"
"# firewall."
"#"
"# Usage: inside_firewall my.domain [ my.other.domain ...]"
"# !out.my.domain my.domain"
"#"
"# The use of this tag affects the server selection algorithm in"
"# two ways. Objects which do not match any of the listed domains"
"# will be considered "beyond the firewall." For these:"
"# - There will be no DNS lookups for the URL-host."
"# - The object will always be fetched from one of"
"# the parent or neighbor caches."
"#"
"# As a special case you may specify the domain as 'none' to force"
"# all requests to be fetched from neghbors and parents."
"# Prefixing a domain name with '!' means the domain is NOT inside"
"# your firewall."
"#"
"#inside_firewall topsecret.com"
""
"# TAG: local_domain"
"# This tag specifies a list of domains local to your organization."
"#"
"# Usage: local_domain my.domain [ my.other.domain ...]"
"#"
"# For URLs which are in one of the local domains, the object"
"# is always fetched directly from the source and never from a"
"# neighbor or parent."
"#"
"#local_domain ispro.net.tr"
""
"# TAG: local_ip"
"# This tag specifies a list of network addresses local to your"
"# organization."
"#"
"# Usage: local_ip ip-address"
"#"
"# This tag is similar to local_domain, except that the IP-address"
"# of the URL-host is checked. This requires that a DNS lookup"
"# be done on the URL-host. For this reason, local_domain is"
"# preferred over local_ip. By using local_domain it may be"
"# possible to avoid the DNS lookup altogether and deliver the"
"# object with less delay."
"#"
"#local_ip 10.0.0.0"
"#local_ip 195.174.18.0"
""
"# TAG: firewall_ip"
"#"
"# Just like 'inside_firewall' but for IP addresses. NOTE:"
"# firewall_ip and local_ip are mutually exclusive. If you"
"# use firewall_ip then local_ip will be ignored."
"#"
"#firewall_ip 10.0.0.0"
"#firewall_ip 172.16.0.0"
""
"# TAG: single_parent_bypass"
"# This tag specifies that it is okay to bypass the hierarchy"
"# "Pinging" when there is only a single parent for a given URL."
"#"
"# Usage: single_parent_bypass on|off"
"#"
"# Before actually sending ICP "ping" packets to parents and"
"# neighbors, we figure out which hosts would be pinged based"
"# on the cache_host_domain rules, etc. Often it may be the"
"# case that only a single parent cache would be pinged."
"#"
"# Since there is only a single parent, there is a very good"
"# chance that we will end up fetching the object from that"
"# parent. For this reason, it may be beneficial to avoid"
"# the ping and just fetch the object anyway."
"#"
"# However, if we avoid the ping, we will be assuming that the"
"# parent host is reachable and that the cache process is running."
"# By using the ping, we can be reasonably sure that the parent"
"# host will be able to handle our request. If the ping fails then"
"# it may be possible to fetch the object directly from the source."
"#"
"# To favor the resiliency provided by the ping algorithm,"
"# single_parent_bypass is 'off' by default."
"#"
"single_parent_bypass on"
""
"# TAG: source_ping"
"# If source_ping is enabled, then squid will include the source"
"# provider site in its selection algorithm. This is accomplished"
"# by sending ICP "HIT" packets to the UDP echo port of the source"
"# host. Note that using source_ping may send a fair amount of UDP"
"# traffic out on the Internet and may irritate paranoid network"
"# administrators."
"#"
"# Note that source_ping is incompatible with inside_firewall."
"# For hosts beyond the firewall, source_ping packets will never"
"# be sent."
"#"
"# By default, source_ping is off."
"#"
"#source_ping off"
""
"# TAG: neighbor_timeout (seconds)"
"# This controls how long to wait for replies from neighbor caches."
"# If none of the parent or neighbor caches reply before this many"
"# seconds (due to dropped packets or slow links), then the object"
"# request will be satisfied from the default source. The default"
"# timeout is two seconds."
"#"
"#neighbor_timeout 2"
""
"# TAG: hierarchy_stoplist"
"# A list of words which, if found in a URL, cause the object to"
"# be handled directly by this cache. In other words, use this"
"# to not query neighbor caches for certain objects. You may"
"# list this option multiple times."
"#"
"# The default is to directly fetch URLs containing 'cgi-bin' or '?'."
"#"
"hierarchy_stoplist cgi-bin ?"
""
"# TAG: cache_stoplist"
"# A list of words which, if found in a URL, cause the object to"
"# immediately removed from the cache. In other words, use this"
"# to force certain objects to never be cached. You may list this"
"# option multiple times."
"#"
"# The default is to not cache URLs containing 'cgi-bin' or '?'."
"#"
"cache_stoplist cgi-bin ?"
""
"# TAG: cache_stoplist_pattern # case sensitive"
"# TAG: cache_stoplist_pattern/i # case insensitive"
"#"
"# Just like 'cache_stoplist' but you can use regular expressions"
"# instead of simple string matching. There is no default."
"#"
"#cache_stoplist_pattern"
""
"# OPTIONS WHICH AFFECT THE CACHE SIZE"
"#-----------------------------------------------------------------------------"
""
"#"
"# TAG: cache_mem (megabytes)"
"# Maximum amout of VM used to store objects in memory."
"# This includes:"
"# in-transit objects,"
"# negative-cached objects,"
"# "hot" objects"
"# The value of cache_mem is an upper limit on the size of the"
"# "in-memory object data" pool. This is a pool of 4k pages used"
"# to hold object data."
"#"
"# In-transit objects have priority over the others. When"
"# additional space is needed for incoming data, negative-cached"
"# and hot objects will be released. In other words, the"
"# negative-cached and hot objects will fill up any unused space"
"# not needed for in-transit objects."
"#"
"# The values of cache_mem_low and cache_mem_high (below) can be"
"# used to tune the use of the memory pool. When the high mark is"
"# reached, in-transit and hot objects will be released to clear"
"# space. When an object transfer is completed, it will remain in"
"# memory only if the current memory usage is below the low water"
"# mark."
"#"
"# The default is 8 Megabytes."
"#"
"cache_mem 32"
""
"# TAG: cache_swap (megabytes)"
"# Maximum about of disk space used by the cache. The default is"
"# 100 megabytes. When the disk usage gets to this size, the cache"
"# uses LRU replacement to evict objects as new objects are cached."
"# Note that cache_swap is set to:"
"# max(cache_mem, cache_swap_specified)"
"# to guard against users' accidentally specifying a smaller"
"# cache_swap than cache_mem size."
"# "
"cache_swap 5000"
""
"# TAG: cache_swap_low (percent, 0-100)"
"# TAG: cache_swap_high (percent, 0-100)"
"# The low- and high-water marks for cache LRU replacement."
"# LRU replacement begins when the high-water mark is reached"
"# and ends when enough objects have been removed and the low-water"
"# mark is reached. Defaults are 90% and 95%."
"# "
"#cache_swap_low 90"
"#cache_swap_high 95"
""
"# TAG: cache_mem_low (percent, 0-100)"
"# TAG: cache_mem_high (percent, 0-100)"
"# The low- and high-water mark for cache memory storage. When"
"# the amount of RAM used by the hot-object RAM cache reaches this"
"# point, the cache starts throwing objects out of the RAM cache"
"# (but they remain on disk). Defaults are 75% and 90%."
"#"
"#cache_mem_low 75"
"#cache_mem_high 90"
""
"# TAG: maximum_object_size"
"# Objects larger than this size will NOT be saved on disk. The"
"# value is specified in kilobytes, and the default is 4MB."
"#"
"maximum_object_size 32768"
""
"# TAG: ipcache_size (number of entries)"
"# TAG: ipcache_low (percent)"
"# TAG: ipcache_high (percent)"
"# The size, low-, and high-water marks for the IP cache."
"#"
"ipcache_size 8192"
"#ipcache_low 90"
"#ipcache_high 95"
""
""
"# LOGFILE PATHNAMES AND CACHE DIRECTORIES"
"#-----------------------------------------------------------------------------"
""
"# TAG: cache_dir"
"# Directory for on-disk cache storage. The cache will change into"
"# this directory when running. The default is"
"# /usr/local/squid/cache."
"#"
"# You can specify multiple cache_dir lines to spread the"
"# cache among different disk partitions."
"#"
"cache_dir /usr/local/squid/cache"
""
"# TAG: cache_access_log"
"# Logs the client request activity. Contains an entry for"
"# every HTTP and ICP request received."
"#"
"#cache_access_log /usr/local/squid/logs/access.log"
""
"# TAG: cache_log"
"# Cache logging file. Set logging levels with "debug_options" below."
"#"
"#cache_log /usr/local/squid/logs/cache.log"
""
"# TAG: cache_store_log"
"# Logs the activities of the storage manager. Shows which"
"# objects are ejected from the cache, and which objects are"
"# saved and for how long. To disable, enter "none"."
"#"
"#cache_store_log /usr/local/squid/logs/store.log"
""
"# TAG: cache_swap_log"
"# Location for the cache "swap log." This log file holds the"
"# metadata of objects saved on disk. It is used to rebuild the"
"# cache during startup. Normally this file resides in the first"
"# 'cache_dir' directory, but you may specify an alternate"
"# pathname here. Note you must give a full filename, not just"
"# a directory."
"#"
"#cache_swap_log"
""
"# TAG: emulate_httpd_log"
"# The Cache can emulate the log file format which many 'httpd'"
"# programs use. To disable/enable this emulation, set"
"# emulate_httpd_log to 'off' or 'on'. The default"
"# is to use the native log format."
"#"
"#emulate_httpd_log off"
""
"# TAG: log_mime_hdrs"
"# The Cache can record both the request and the response"
"# MIME headers for each HTTP transaction. The headers are"
"# encoded safely and will appear as two bracketed fields"
"# at the end of the access log (for either the native"
"# or httpd-emulated log formats). To enable this logging"
"# set log_mime_hdrs to 'on'."
"#"
"# NOTE: support for this may require you to define"
"# LOG_FULL_HEADERS before compiling."
"#"
"#log_mime_hdrs off"
""
"# TAG: useragent_log"
"# If compiled with "-DUSE_USERAGENT_LOG=1" Squid will write"
"# the User-Agent field from HTTP requests to the filename"
"# specified here. By default useragent_log is disabled."
"#"
"#useragent_log none"
""
"# TAG: pid_filename"
"# A pathname to write the process-id to. To disable, enter
"none"."
"#"
"#pid_filename /usr/local/squid/logs/squid.pid"
""
"# TAG: debug_options"
"# Logging options are set as section,level where each source file"
"# is assigned a unique section. Lower levels result in less"
"# output, Full debugging (level 9) can result in a very large"
"# log file, so be careful. The magic word "ALL" sets debugging"
"# levels for all sections. We recommend normally running with"
"# "ALL,1"."
"#"
"debug_options ALL,1"
""
"# TAG: ident_lookup"
"# If you wish to make an RFC931/ident lookup of the client username"
"# for each connection, enable this. It is off by default."
"#"
"#ident_lookup off"
""
"# TAG: log_fqdn"
"# Turn this on if you wish to log fully qualified domain names"
"# in the access.log."
"#"
"#log_fqdn off"
""
"# TAG: client_netmask"
"# A netmask for client addresses in logfiles and cachemgr output."
"# Change this to protect the privacy of your cache clients."
"#"
"#client_netmask 255.255.255.255"
""
""
"# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS"
"#-----------------------------------------------------------------------------"
""
"# TAG: ftpget_program"
"# Where to find the 'ftpget' program that retrieves FTP data (HTTP"
"# and Gopher protocol support are built into the cache)."
"#"
"# To disable ftpget and the ability to retrieve FTP objects, set"
"# this to "none". Note that ftpget is automatically disabled for"
"# http_accel mode."
"#"
"ftpget_program /usr/local/sbin/ftpget"
""
"# TAG: ftpget_options"
"# Options for the 'ftpget' program. Please run 'ftpget' without"
"# any arguments to see a list of options. The default is"
"# no options. An example is"
"# "
"# ftpget_options -n 60 -R -W"
"#"
"#ftpget_options"
""
"# If you want the anonymous login password to be more informative"
"# (and enable the use of picky ftp servers), set this to something"
"# resonable for your domain, like wwwuser@somewhere.net"
"#"
"# The reason why this is domainless by default is that the"
"# request can be made on the behalf of a user in any domain,"
"# depending on how the cache is used."
"# Some ftp server also validate that the email address is valid"
"# (for example perl.com)."
"#"
"ftp_user squid@ispro.net.tr"
""
"# TAG: cache_dns_program"
"# Specify the location of the executable for dnslookup process."
"#"
"cache_dns_program /usr/local/sbin/dnsserver"
""
"# TAG: dns_children"
"# The number of processes spawn to service DNS name lookups."
"# For heavily loaded caches on large servers, you should"
"# probably increase this value to at least 10. The maximum"
"# is 32. The default is 5."
"#"
"# To disable dnsservers, set this to 0. NOTE, this is very"
"# strongly discouraged. If you disable dnsservers your Squid"
"# process will BLOCK on DNS lookups!"
"#"
"dns_children 10"
""
"# TAG: dns_defnames"
"# Normally the 'dnsserver' disables the RES_DEFNAMES resolver"
"# option (see res_init(3)). This prevents caches in a hierarchy"
"# from interpreting single-component hostnames locally. To allow"
"# dnsserver to handle single-component names, enable this"
"# option."
"#"
"#dns_defnames off"
""
"# TAG: unlinkd_program"
"# Specify the location of the executable for file deletion process."
"#"
"unlinkd_program /usr/local/sbin/unlinkd"
""
"# TAG: pinger_program"
"# Specify the location of the executable for the pinger process."
"#"
"pinger_program /usr/local/sbin/pinger"
""
"# TAG: redirect_program"
"# Specify the location of the executable for the URL redirector."
"# Currently, you must provide your own redirector program."
"# See the Release-Notes for how to write one."
"# By default, the redirector is not used."
"#"
"#redirect_program /bin/false"
""
"# TAG: redirect_children"
"# The number of redirector processes to spawn."
"#"
"#redirect_children 5"
""
""
"# OPTIONS FOR TUNING THE CACHE"
"#-----------------------------------------------------------------------------"
""
"# TAG: wais_relay"
"# Relay WAIS request to host (1st arg) at port (2 arg)."
"#"
"#wais_relay localhost 8000"
""
"# TAG: request_size"
"# Maximum allowed request size in kilobytes. If people are using"
"# POST to upload files, then set this to the largest acceptable"
"# filesize plus a few extra kbytes."
"#"
"#request_size 100"
""
"# TAG: refresh_pattern # case sensitive"
"# TAG: refresh_pattern/i # case insensitive"
"#"
"# usage: refresh_pattern regex min percent max"
"#"
"# min and max are specified in MINUTES."
"# percent is an integer number."
"#"
"# Please see the file doc/Release-Notes-1.1.txt for a full"
"# description of Squid's refresh algorithm. Basically a"
"# cached object is:"
"#"
"# FRESH if age < min"
"# STALE if expires < now"
"# STALE if age > max"
"# FRESH if lm-factor < percent"
"#"
"# The refresh_pattern lines are checked in the order listed here."
"# The first entry which matches is used. If none of the entries"
"# match, then the default will be used."
"#"
"#Default:"
"#refresh_pattern . 0 20% 4320"
""
"# TAG: reference_age"
"# As a part of normal operation, Squid performs Least Recently"
"# Used removal of cached objects. The LRU age for removal is"
"# computed dynamically, based on the amount of disk space in"
"# use. The 'reference_age' value defines the maximum LRU age."
"# For example, setting reference_age to '1 week' will cause"
"# objects to be removed if they have not been accessed for a week"
"# or more. If set to zero, LRU removal is disabled, and objects"
"# will be removed only when disk usage is over the high water"
"# mark. The default value is one year."
"#"
"# Specify a number here, followed by units of time. For example:"
"# 1 week"
"# 3.5 days"
"# 4 months"
"# 2.2 hours"
"#"
"reference_age 0"
""
"# TAG: quick_abort"
"# By default the cache continues to retrieve objects from"
"# aborted requests. This may be undesirable on slow (e.g. SLIP)"
"# links and/or very busy caches. Impatient users may tie up"
"# file descriptors by repeatedly aborting and re-requesting"
"# non-cachable objects."
"# "
"# Usage: quick_abort min-kbytes percent max-kbytes"
"#"
"# When the user aborts a request, Squid will check the"
"# quick_abort values to the amount of data transfered until"
"# then."
"#"
"# If the transfer has less than 'min-kbytes' remaining, it"
"# will finish the retrieval. Setting minlength to -1 will"
"# disable the quick_abort feature."
"#"
"# If the transfer has more than 'max-kbytes' remaining, it"
"# will abort the retrieval."
"#"
"# If more than 'percent' of the transfer has completed, it will"
"# finish the retrieval."
"#"
"quick_abort 50 75 50"
""
"# TAG: negative_ttl (minutes)"
"# Time-to-Live (TTL) for failed requests. Certain types of"
"# failures (such as "connection refused" and "404 Not Found") are"
"# negatively-cached for a small amount of time. The default is 5"
"# minutes. Note that this is different from negative caching of"
"# DNS lookups."
"#"
"#negative_ttl 5"
""
"#"
"# TAG: positive_dns_ttl (minutes)"
"# Time-to-Live (TTL) for positive caching of successful DNS lookups."
"# Default is 6 hours (360 minutes). If you want to minimize the"
"# use of Squid's ipcache, set this to 1, not 0."
"#"
"#positive_dns_ttl 360"
""
"# TAG: negative_dns_ttl (minutes)"
"# Time-to-Live (TTL) for negative caching of failed DNS lookups."
"#"
"#negative_dns_ttl 5"
""
""
"# TIMEOUTS"
"#-----------------------------------------------------------------------------"
""
"# TAG: connect_timeout (seconds)"
"# Some systems (notably Linux) can not be relied upon to properly"
"# time out connect(2) requests. Therefore the squid process"
"# enforces its own timeout on server connections. This parameter"
"# specifies how long to wait for the connect to complete. The"
"# default is two minutes (120 seconds)."
"#"
"#connect_timeout 120"
""
"# TAG: read_timeout (minutes)"
"# An active connection will be aborted after read_timeout minutes"
"# of no activity on that connection (i.e., assume the remote server"
"# or network connection died after the connection was established)."
"# The default is 15 minutes."
"#"
"#read_timeout 15"
""
"# TAG: client_lifetime (minutes)"
"# The maximum amount of time that a client (browser) is allowed to"
"# remain connected to the cache process. This protects the Cache"
"# from having alot of sockets (and hence file descriptors) tied up"
"# in a CLOSE_WAIT state from remote clients that go away without"
"# properly shutting down (either because of a network failure or"
"# because of a poor client implementation). The default is three"
"# hours, 20 minutes."
"#"
"# NOTE: The default value is designed with low-speed client"
"# connections in mind. 200 minutes should be plenty of time to"
"# transfer a 10M file at 1k/sec. If you have high-speed client"
"# connectivity, or occasionally run out of file descriptors,"
"# we suggest you lower this value appropriately."
"#"
"#client_lifetime 200"
""
"# TAG: shutdown_lifetime (seconds)"
"#"
"# When SIGTERM or SIGHUP is received, the cache is put into"
"# "shutdown pending" mode until all active sockets are closed."
"# This value is the lifetime to set for all open descriptors"
"# during shutdown mode. Any active clients after this many"
"# seconds will receive a 'lifetime expire' message"
"#"
"#shutdown_lifetime 30"
""
"# ACCESS CONTROLS"
"#-----------------------------------------------------------------------------"
""
"# Defining an Access List"
"#"
"# acl aclname acltype string1 ..."
"# acl aclname acltype "file" ..."
"#"
"# when using "file", the file should contain one item per line"
"#"
"# acltype is one of src dst srcdomain dstdomain url_pattern
urlpath_pattern"
"# time port proto method browser user"
"#"
"# acl aclname src ip-address/netmask ... (clients IP address)"
"# acl aclname src addr1-addr2/netmask ... (range of addresses)"
"# acl aclname dst ip-address/netmask ... (URL host's IP address)"
"# acl aclname srcdomain foo.com ... (taken from reverse DNS lookup)"
"# acl aclname dstdomain foo.com ... (taken from the URL)"
"# acl aclname time [day-abbrevs] [h1:m1-h2:m2]"
"# day-abbrevs:"
"# S - Sunday"
"# M - Monday"
"# T - Tuesday"
"# W - Wednesday"
"# H - Thursday"
"# F - Friday"
"# A - Saturday"
"# h1:m1 must be less than h2:m2"
"# acl aclname url_regex ^http:// ... # regex matching on whole URL"
"# acl aclname urlpath_regex \.gif$ ... # regex matching on URL path
only"
"# acl aclname port 80 70 21 ..."
"# acl aclname proto HTTP FTP ..."
"# acl aclname method GET POST ..."
"# acl aclname browser regexp"
"# acl aclname user username ... # string match on ident output."
"# # use REQUIRED to accept any"
"# # non-null ident."
""
"acl manager proto cache_object"
"acl localhost src 127.0.0.1/255.255.255.255"
"acl all src 0.0.0.0/0.0.0.0"
"acl ispro src 195.174.18.0/24"
"acl async src 195.174.177.0/24"
"acl fatih src 195.174.179.0/24"
""
"acl SSL_ports port 443 563"
"acl Dangerous_ports port 7 9 19"
"acl CONNECT method CONNECT"
""
"# Allowing or Denying access based on defined access lists"
"#"
"# Access to the HTTP port:"
"# http_access allow|deny [!]aclname ..."
"#"
"# Access to the ICP port:"
"# icp_access allow|deny [!]aclname ..."
"#"
"# NOTE on default values:"
"#"
"# If there are no "access" lines present, the default is to allow"
"# the request."
"#"
"# If none of the "access" lines cause a match, the default is the"
"# opposite of the last line in the list. If the last line was"
"# deny, then the default is allow. Conversely, if the last line"
"# is allow, the default will be deny. For these reasons, it is a"
"# good idea to have an "deny all" or "allow all" entry at the end"
"# of your access lists to avoid potential confusion."
""
""
"# Only allow access to the cache manager functions from the local
host."
"#http_access deny manager !localhost"
"http_access deny CONNECT !SSL_ports"
"http_access deny Dangerous_ports"
"http_access deny !ispro !async !fatih"
""
"# Allow everything else"
"http_access allow all"
""
"# Reply to all ICP queries we receive"
"icp_access allow all"
""
"# TAG: miss_access"
"# Use to force your neighbors to use you as a sibling instead of"
"# a parent. For example:"
"#"
"# acl localclients src 172.16.0.0/16"
"# miss_access allow localclients"
"# miss_access deny !localclients"
"#"
"# This means that only your local clients are allowed to fetch"
"# MISSES and all other clients can only fetch HITS."
"#"
"# By default, allow all clients who passed the http_access rules"
"# to fetch MISSES from us."
"#"
"miss_access allow all"
""
"# TAG: cache_host_acl"
"# Just like 'cache_host_domain' but provides more flexibility by"
"# using ACL's."
"#"
"# cache_host_acl cache-host [!]aclname ..."
"#"
"# NOTE: * Any number of ACL's may be given for a cache-host,"
"# either on the same or separate lines."
"# * When multiple ACL's are given for a particular"
"# cache-host, the first matched ACL is applied."
"# * Cache hosts with no domain or ACL restrictions are"
"# queried for all requests."
"# * There are no defaults."
""
""
"# ADMINISTRATIVE PARAMETERS"
"#-----------------------------------------------------------------------------"
""
"# TAG: cache_mgr"
"# Email-address of local cache manager who will receive"
"# mail if the cache dies. The default is "webmaster.""
"#"
"cache_mgr root@ispro.net.tr"
""
"# TAG: cache_effective_user"
"# If the cache is run as root, it will change its effective/real"
"# UID/GID to the UID/GID specified below. The default is not to"
"# change UID/GID."
"#"
"cache_effective_user nobody nogroup"
""
"# TAG: visible_hostname"
"# If you want to present a special hostname in error messages, etc,"
"# then define this. Otherwise, the return value of gethostname()"
"# will be used."
"#"
"#visible_hostname www-cache.foo.org"
""
""
"# OPTIONS FOR THE CACHE REGISTRATION SERVICE"
"#-----------------------------------------------------------------------------"
""
"# This section contains parameters for the (optional) cache"
"# announcement service. This service is provided to help"
"# cache administrators locate one another in order to join or"
"# create cache hierarchies."
"#"
"# An 'announcement' message is sent (via UDP) to the registration"
"# service by Squid. By default, the annoucement message is NOT"
"# SENT unless you enable it with 'cache_announce' below."
"#"
"# The announcement message includes your hostname, plus the"
"# following information from this configuration file:"
"#"
"# http_port"
"# icp_port"
"# cache_mgr"
"#"
"# All current information is processed regularly and made"
"# available on the Web at http://www.nlanr.net/Cache/Tracker/."
""
""
"# This is how frequently to send cache announcements. The default"
"# is `0' which disables sending the announcement messages."
"#"
"# To enable announcing your cache, just uncomment the line below."
"#"
"#cache_announce 24"
""
"# This is the hostname and portnumber where the registration message"
"# will be sent."
"#"
"# Format: announce_to host[:port] [filename]"
"#"
"# Hostname will default to 'tracker.ircache.net' and port will default"
"# to 3131. If the 'filename' argument is given, the contents of that"
"# file will be included in the announce message."
"#"
"#announce_to tracker.ircache.net:3131"
""
""
"# HTTPD-ACCELERATOR OPTIONS"
"#-----------------------------------------------------------------------------"
""
"# TAG: httpd_accel"
"# If you want to run squid as an httpd accelerator, define the"
"# host name and port number where the real HTTP server is."
"#"
"# If you want virtual host support then specify the hostname"
"# as "virtual"."
"#"
"#httpd_accel real_httpd_host real_httpd_port"
""
"httpd_accel virtual 80"
""
"# TAG: httpd_accel_with_proxy"
"# If you want to use squid as both a local httpd accelerator"
"# and as a proxy, change this to 'on'."
"#"
"#httpd_accel_with_proxy off"
""
"httpd_accel_with_proxy on"
""
""
"# TAG: httpd_accel_uses_host_header"
"# HTTP/1.1 requests include a Host: header which is basically the"
"# hostname from the URL. Squid can be an accelerator for"
"# different HTTP servers by looking at this header. However,"
"# Squid does NOT check the value of the Host header, so it opens"
"# a big security hole. We recommend that this option remain"
"# disabled unless you are sure of what you are doing."
"#"
"#httpd_accel_uses_host_header off"
""
"httpd_accel_uses_host_header on"
""
""
"# MISCELLANEOUS"
"#-----------------------------------------------------------------------------"
""
"# The DNS tests exit as soon as the first site is successfully looked
up"
"#"
"# If you want to disable DNS tests, do not comment out or delete this"
"# list. Instead use the -D command line option"
"#"
"dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu"
""
"# TAG: logfile_rotate #"
"# Specifies the number of logfile rotations to make upon receiving"
"# a USR1 signal. The default is 10, which will rotate with"
"# extensions 0 through 9. Setting logfile_rotate to 0 will"
"# disable the rotation, but the logfiles are still closed and"
"# re-opened. This will enable you to rename the logfiles yourself"
"# just before sending a USR1 signal to the squid process."
"#"
"logfile_rotate 1"
""
"# TAG: append_domain"
"# Appends local domain name to hostnames without any dots in them."
"# append_domain must begin with a period."
"#"
"append_domain .ispro.net.tr"
""
"# TAG: tcp_recv_bufsize"
"# Size of receive buffer to set for TCP sockets. Probably just"
"# as easy to change your kernel's default. Set to zero to use"
"# the default buffer size."
"#"
"#tcp_recv_bufsize 0"
""
""
"# TAG: ssl_proxy"
"# Specify the name of a 'cache_host' listed above, or a hostname"
"# and port number where all SSL requests should be forwarded to."
"#"
"# Usage: ssl_proxy cache_host"
"# ssl_proxy host:port"
"#"
"#ssl_proxy"
""
"# TAG: passthrough_proxy"
"# Specify the name of a 'cache_host' listed above, or a hostname"
"# and port number where all non-GET (i.e. POST, PUT) requests"
"# should be forwarded to."
"#"
"# Usage: passthrough_proxy cache_host"
"# passthrough_proxy host:port"
"#"
"#passthrough_proxy"
""
"# TAG: proxy_auth"
"# Usage: proxy_auth passwd_file [ ignore-domain ]"
"#"
"# 'passwd_file' is an apache-style file of passwords for"
"# authenticated proxy access Looks like user:password, with the"
"# password being standard crypt() format. Proxy authentication"
"# is disabled by default."
"#"
"# 'ignore-domain' is a domain name for which authorization will"
"# *not* be required."
"#"
"# NOTE, proxy_auth support is not compiled into Squid by default."
"# To use this feature you must enable the USE_PROXY_AUTH option"
"# near the top of src/Makefile."
"#"
"#proxy_auth /dev/null"
""
"# TAG: err_html_text"
"# HTML text to include in error messages. Make this a "mailto""
"# URL to your admin address, or maybe just a link to your"
"# organizations Web page."
"#"
"#err_html_text"
""
"# TAG: deny_info"
"# Usage: deny_info URL acl"
"#"
"# This can be used to return a HTTP redirect for requests which"
"# do not pass the 'http_access' rules. A single ACL will cause"
"# the http_access check to fail. If a 'deny_info' line exists"
"# for that ACL then Squid returns a redirect to the given URL."
""
"# TAG: udp_hit_obj on|off"
"# If set, Squid will request UDP_HIT_OBJ replies from its"
"# neighbors. UDP_HIT_OBJ is nice because it saves bandwidth, but"
"# it can cause some other problems. For one it complicates"
"# calculating hit rates. Also, problems arise because the ICP"
"# query does not contain any HTTP request headers which may"
"# affect the reply."
"#"
"#udp_hit_obj off"
""
"# TAG: udp_hit_obj_size"
"#"
"# If set, Squid will limit UDP_HIT_OBJ size to be less than"
"# this value. Setting this value to more than SQUID_UDP_SO_SNDBUF"
"# will not work as expected. Set to zero to select the size"
"# permited by the socket."
"#udp_hit_obj_size 0"
""
"# TAG: memory_pools on|off"
"# If set, Squid will keep pools of allocated (but unused) memory"
"# available for future use. If memory is a premium on your"
"# system, disable this."
"#"
"#memory_pools on"
""
"# TAG: forwarded_for on|off"
"# If set, Squid will include your system's IP address or name"
"# in the HTTP requests it forwards. By default it looks like"
"# this:"
"#"
"# X-Forwarded-For: 192.1.2.3"
"#"
"# If you disable this, it will appear as"
"#"
"# X-Forwarded-For: unknown"
"#"
"#forwarded_for on"
""
"# TAG: log_icp_queries on|off"
"# If set, ICP queries are logged to access.log. ICP logging"
"# is enabled by default, so uncomment and change the line"
"# below to disable it."
"#"
"#log_icp_queries on"
""
""
"# TAG: minimum_direct_hops"
"# If using the ICMP pinging stuff, do direct fetches for sites"
"# which are no more than this many hops away."
"#"
"minimum_direct_hops 4"
""
"# TAG: cachemgr_passwd"
"# Specify passwords for cachemgr operations."
"#"
"#Usage: cachemgr_passwd password action action ..."
""
"cachemgr_passwd XXXXXXXXX all"
""
"#"
"# valid actions are:"
"# shutdown *"
"# info"
"# stats/objects"
"# stats/vm_objects"
"# stats/utilization"
"# stats/ipcache"
"# stats/fqdncache"
"# stats/dns"
"# stats/redirector"
"# stats/io"
"# stats/reply_headers"
"# stats/filedescriptors"
"# stats/netdb"
"# log/status *"
"# log/enable *"
"# log/disable *"
"# log/clear *"
"# log *"
"# parameter"
"# server_list"
"# client_list"
"# squid.conf *"
"#"
"# * Indicates actions which will not be performed without a"
"# valid password, others can be performed if not listed here."
"#"
"# To disable an action, set the password to "disable"."
"# To allow performing an action without a password, set the"
"# password to "none"."
"#"
"# Use the keyword "all" to set the same password for all actions."
"#"
"#Examples:"
"#"
"# cachemgr_passwd secret shutdown"
"# cachemgr_passwd lesssssssecret info stats/objects"
"# cachemgr_passwd disable all"
"#"
"#Defaults: none"
""
"# TAG: swap_level1_dirs"
"# Number of first-level directories to create for storing cached"
"# objects. Minimum 1, maximum 256, default 16."
"#"
"#swap_level1_dirs 16"
""
"# TAG: swap_level2_dirs"
"# Number of sub-directories to create under each first-level"
"# directory. Minimum 1, maximum 256, default 256."
"#"
"#swap_level2_dirs 256"
""
"# TAG: store_avg_object_size"
"# Average object size, used to estimate number of objects your"
"# cache can hold. See doc/Release-Notes-1.1.txt. The default is"
"# 13K."
"#"
"store_avg_object_size 20"
""
"# TAG: store_objects_per_bucket"
"# Target number of objects per bucket in the store hash table."
"# Lowering this value increases the total number of buckets and"
"# also the storage maintenance rate. The default is 20."
"#"
"#store_objects_per_bucket 20"
""
"# TAG: http_anonymizer"
"# If you want to filter out certain HTTP request headers for"
"# privacy reasons, enable this option. There are three"
"# appropriate settings:"
"# 'off' All HTTP request headers are passed."
"# 'standard' Specific headers are removed"
"# 'paranoid' Only specific headers are allowed."
"# To see which headers are allowed or denied, please see the"
"# http-anon.c source file."
"#"
"#http_anonymizer off"
""
"# TAG: fake_user_agent"
"# If you use the paranoid http_anonymizer setting, Squid will strip"
"# your User-agent string from the request. Some Web servers will"
"# refuse your request without a User-agent string. Use this to"
"# fake one up. For example:"
"#"
"# fake_user_agent Nutscrape/1.0 (CP/M; 8-bit)"
"# (credit to Paul Southworth pauls@etext.org for this one!)"
"#"
"#fake_user_agent none"
""
"# TAG: client_db"
"# If you want to disable collecting per-client statistics, then"
"# turn off client_db here."
"#"
"client_db off"
""
"# TAG: netdb_low"
"# TAG: netdb_high"
"# The low and high water marks for the ICMP measurement"
"# database. These are counts, not percents. The defaults are"
"# 900 and 1000. When the high water mark is reached, database"
"# entries will be deleted until the low mark is reached."
"#"
"#netdb_low 900"
"#netdb_high 1000"
""
"# TAG: netdb_ping_rate"
"# The minimum period for measuring a site. There will be at"
"# least this much delay between successive pings to the same"
"# network. The default is five minutes."
"#"
"#netdb_ping_period 5 minutes"
""
"# TAG: query_icmp"
"# If you want to ask your peers to include ICMP data in their ICP"
"# replies, enable this option."
"#"
"# If your peer has built squid with '-DUSE_ICMP=1' then that peer"
"# will send ICMP pings to origin server sites of the URLs it"
"# receives. If you enable this option then the ICP replies from"
"# that peer will include the ICMP data (if available). Then,"
"# when choosing a parent cache, Squid will choose the parent with"
"# the minimal RTT to the origin server. When this happens, the"
"# hierarchy field of the access.log will be"
"# "CLOSEST_PARENT_MISS". This option is off by default."
"#"
"#query_icmp off"
""
"# TAG: icp_hit_stale"
"# If you want to return ICP_HIT for stale cache objects, set this"
"# option to 'on'. If you have sibling relationships with caches"
"# in other administrative domains, this should be 'off'. If you only"
"# have sibling relationships with caches under your control, then"
"# it is probably okay to set this to 'on'. NEVER enable"
"# icp_hit_stale if you also use 'miss_access'."
"#"
"#icp_hit_stale off"
""
"# TAG: reload_into_ims"
"# Enable this if you want to turn 'Pragma: no-cache' requests"
"# into If-Modified-Since requests. Off by default, use at your"
"# own risk. This feature is not compiled in by default. You"
"# must add -DRELOAD_INTO_IMS in src/Makefile."
"#"
"#reload_into_ims off"
--------------------------------------------------------------------------------
Generated Wed, 22 Jul 1998 18:38:31 GMT, by
cachemgr.cgi/1.1.21@finland.ispro.net.tr
--------------------------------------------------------------------------------
Received on Wed Jul 22 1998 - 12:50:22 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:13 MST