# Generated automatically from squid.conf.pre.in by configure. # # $Id: squid.conf.pre.in,v 1.18.4.15 1996/08/16 20:20:41 wessels Exp $ # # TAG: http_port # The port number where cached will listen for HTTP client # requests. Default is 3128, for httpd-accel mode use port 80. # May be overridden with -a on the command line. #http_port 3128 # TAG: icp_port # The port number where cached will listen for ICP requests from # neighbor caches. Default is 3130. To disable use "0". # May be overridden with -u on the command line. #icp_port 3130 # TAG: tcp_incoming_address # TAG: tcp_outgoing_address # TAG: udp_incoming_address # TAG: udp_outgoing_address # # Usage: tcp_incoming_address 10.20.30.40 # udp_outgoing_address fully.qualified.domain.name # # These tags have replaced 'bind_address' and 'outbound_address' # to provide more control for multihomed hosts. # # tcp_incoming_address is used for the HTTP socket which accepts # connections from clients and other caches. # tcp_outgoing_address is used for connections made to remote # servers and other caches. # udp_incoming_address is used for the ICP socket receiving packets # from other caches. # udp_outgoing_address is used for ICP packets sent out to other # caches. # # The defaults behaviour is to not bind to any specific address. # #tcp_incoming_address 0.0.0.0 #tcp_outgoing_address 0.0.0.0 #udp_incoming_address 0.0.0.0 #udp_outgoing_address 0.0.0.0 # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM #----------------------------------------------------------------------------- # TAG: cache_host # To specify other caches in a hierarchy, use the format: # # hostname type http_port icp_port # # For example, # # # proxy icp # # hostname type port port options # # -------------------- -------- ----- ----- ----------- # cache_host bigserver.usc.edu parent 3128 3130 [proxy-only] # cache_host littleguy1.usc.edu neighbor 3128 3130 [proxy-only] # cache_host littleguy1.usc.edu neighbor 3128 3130 [proxy-only] # # type: either 'parent' or 'neighbor'. # # proxy_port: The port number where the cache listens for proxy # requests. # # icp_port: Used for querying neighbor/parent caches about # objects. To have a non-ICP neighbor/parent # specify '7' for the ICP port and make sure the # neighbor/parent machine has the UDP echo port # enabled in its /etc/inetd.conf file. # # options: use 'proxy-only' to specify that objects fetched # from this cache should not be saved locally. # # use 'weight=n' to specify a weighted neighbor. # The weight must be an integer. The default weight # is 1, larger weights are favored more. # # NOTE: when using a non-ICP neighbor/parent, there is no # difference between a neighbor and a parent. # #cache_host hostname type 3128 3130 # TAG: cache_host_domain # Use to limit the domains for which a neighbor/parent cache # will be queried. Usage: # # cache_host_domain cache-host domain [domain ...] # cache_host_domain cache-host !domain # # For example, specifying # # cache_host_domain bigserver.usc.edu .edu # # has the effect such that UDP query packets are sent to # 'bigserver' only when the requested object exists on a # server in the .edu domain. Prefixing the domainname # with '!' means that the cache will be queried for objects # NOT in that domain. # # NOTE: * Any number of domains may be given for a cache-host, # either on the same or separate lines. # * When multiple domains are given for a particular # cache-host, the first matched domain is applied. # * Cache hosts with no domain restrictions are queried # for all requests. # * There are no defaults. # * There is also a 'cache_host_acl' tag in the ACL # section. # TAG: inside_firewall # This tag specifies a list of domains inside your Internet # firewall. # # Usage: inside_firewall my.domain [ my.other.domain ...] # # The use of this tag affects the server selection algorithm in # two ways. Objects which do not match any of the listed domains # will be considered "beyond the firewall." For these:" # - There will be no DNS lookups for the URL-host. # - The object will always be fetched from one of # the parent or neighbor caches. # # As a special case you may specify the domain as 'none' to force # all requests to be fetched from neghbors and parents. # #inside_firewall topsecret.com # TAG: local_domain # This tag specifies a list of domains local to your organization. # # Usage: local_domain my.domain [ my.other.domain ...] # # For URLs which are in one of the local domains, the object # is always fetched directly from the source and never from a # neighbor or parent. # #local_domain bigbucks.com # TAG: local_ip # This tag specifies a list of network addresses local to your # organization. # # Usage: local_ip ip-address # # This tag is similar to local_domain, except that the IP-address # of the URL-host is checked. This requires that a DNS lookup # be done on the URL-host. For this reason, local_domain is # preferred over local_ip. By using local_domain it may be # possible to avoid the DNS lookup altogether and deliver the # object with less delay. # #local_ip 10.0.0.0 #local_ip 172.16.0.0 # TAG: firewall_ip # # Just like 'inside_firewall' but for IP addresses. NOTE: # firewall_ip and local_ip are mutually exclusive. If you # use firewall_ip then local_ip will be ignored. # #firewall_ip 10.0.0.0 #firewall_ip 172.16.0.0 # TAG: single_parent_bypass # This tag specifies that it is okay to bypass the hierarchy # "Pinging" when there is only a single parent for a given URL. # # Usage: single_parent_bypass on|off # # Before actually sending ICP "ping" packets to parents and # neighbors, we figure out which hosts would be pinged based # on the cache_host_domain rules, etc. Often it may be the # case that only a single parent cache would be pinged. # # Since there is only a single parent, there is a very good # chance that we will end up fetching the object from that # parent. For this reason, it may be beneficial to avoid # the ping and just fetch the object anyway. # # However, if we avoid the ping, we will be assuming that the # parent host is reachable and that the cache process is running. # By using the ping, we can be reasonably sure that the parent # host will be able to handle our request. If the ping fails then # it may be possible to fetch the object directly from the source. # # To favor the resiliency provided by the ping algorithm, # single_parent_bypass is 'off' by default. # #single_parent_bypass off # TAG: source_ping # If source_ping is enabled, then cached will include the source # provider site in its selection algorithm. This is accomplished # by sending ICP "HIT" packets to the UDP echo port of the source # host. Note that using source_ping may send a fair amount of UDP # traffic out on the Internet and may irritate paranoid network # administrators. # # Note that source_ping is incompatible with inside_firewall. # For hosts beyond the firewall, source_ping packets will never # be sent. # # By default, source_ping is off. # #source_ping off # TAG: neighbor_timeout (seconds) # This controls how long to wait for replies from neighbor caches. # If none of the parent or neighbor caches reply before this many # seconds (due to dropped packets or slow links), then the object # request will be satisfied from the default source. The default # timeout is two seconds. # #neighbor_timeout 2 # TAG: hierarchy_stoplist # A list of words which, if found in a URL, cause the object to # be handled directly by this cache. In other words, use this # to not query neighbor caches for certain objects. You may # list this option multiple times. # # NOTE: this option will partially replace 'http_stop' etc, in a # future release. # #hierarchy_stoplist # OPTIONS WHICH AFFECT THE CACHE SIZE #----------------------------------------------------------------------------- # # TAG: cache_mem (in megabytes) # Maximum amout of virtual memory used to cache particularly hot # objects. Note the cache VM images will grow larger than this # limit because other data are stored in VM besides just hot # objects. The default is 16 MB. # #cache_mem 16 # TAG: cache_swap (in megabytes) # Maximum about of disk space used by the cache. The default is # 100 megabytes. When the disk usage gets to this size, the cache # uses LRU replacement to evict objects as new objects are cached. # Note that cache_swap is set to: # max(cache_mem, cache_swap_specified) # to guard against users' accidentally specifying a smaller # cache_swap than cache_mem size. # #cache_swap 100 # TAG: cache_swap_low (percent, 0-100) # TAG: cache_swap_high (percent, 0-100) # The low- and high-water marks for cache LRU replacement. # LRU replacement begins when the high-water mark is reached # and ends when enough objects have been removed and the low-water # mark is reached. Defaults are 75% and 90%. # #cache_swap_low 75 #cache_swap_high 90 # TAG: cache_mem_low (in percent) # TAG: cache_mem_high (in percent) # The low- and high-water mark for cache memory storage. When # the amount of RAM used by the hot-object RAM cache reaches this # point, the cache starts throwing objects out of the RAM cache # (but they remain on disk). Defaults are 75% and 90%. # #cache_mem_low 75 #cache_mem_high 90 # LOGFILE PATHNAMES AND CACHE DIRECTORIES #----------------------------------------------------------------------------- # TAG: cache_dir # Directory for on-disk cache storage. The cache will change into # this directory when running. The default is # /usr/local/squid/cache. # # You can specify multiple cache_dir lines to spread the # cache among different disk partitions. #cache_dir /usr/local/squid/cache # TAG: cache_access_log # Logs the client request activity. Contains an entry for # every HTTP and ICP request received. #cache_access_log /usr/local/squid/logs/access.log # TAG: cache_log # Cache logging file. Set logging levels with "debug_options" below. #cache_log /usr/local/squid/logs/cache.log # TAG: cache_hierarchy_log # Hierachical caching access logfile. It shows which parent, # neighbor, or source host a request is satisfied from. # To disable, enter "none". #cache_hierarchy_log /usr/local/squid/logs/hierarchy.log # TAG: cache_store_log # Logs the activities of the storage manager. Shows which # objects are ejected from the cache, and which objects are # saved and for how long. To disable, enter "none". #cache_store_log /usr/local/squid/logs/store.log # TAG: emulate_httpd_log # The Cache can emulate the log file format which many 'httpd' # programs use. To disable/enable this emulation, set # emulate_httpd_log to 'off' or 'on'. The default # is to enable this emulation. # #emulate_httpd_log on # TAG: pid_filename # A pathname to write the process-id to. There is no default. #pid_filename /tmp/squid.pid # TAG: debug_options # Logging options are set as section,level where each source file # is assigned a unique section. Lower levels result in less # output, Full debugging (level 9) can result in a very large # log file, so be careful. The magic word "ALL" sets debugging # levels for all sections. We recommend normally running with # "ALL,1". #debug_options ALL,1 # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS #----------------------------------------------------------------------------- # TAG: cache_ftp_program # Where to find the 'ftpget' program that retrieves FTP data (HTTP # and Gopher protocol support are built into the cache). # #cache_ftp_program /usr/local/squid/bin/ftpget # TAG: cache_ftp_options # Options for the 'ftpget' program. Please run 'ftpget' without # any arguments to see a list of options. The default is # no options. An example is # # cache_ftp_options -n 60 -R -W # #cache_ftp_options # If you want the anonymous login password to be more informative # (and enable the use of picky ftp servers), set this to something # resonable for your domain, like wwwuser@somewhere.net # # The reason why this is domainless by default is that the # request can be made on the behalf of a user in any domain. # depending on how the cache is used. # Some ftp server also validate that the email adress is valid # (for example perl.com). # #ftp_user squid@ # TAG: cache_dns_program # Specify the location of the executable for dnslookup process. # #cache_dns_program /usr/local/squid/bin/dnsserver # TAG: dns_children # The number of processes spawn to service DNS name lookups. # For heavily loaded caches on large servers, you should # probably increase this value to at least 10. The maximum # is 32. The default is 5. # #dns_children 5 # OPTIONS FOR TUNING THE CACHE #----------------------------------------------------------------------------- # TAG: http_stop, gopher_stop, ftp_stop # Stoplist for URL's. URL's which contain these strings will be # never be saved in the cache. # # NOTE: these options will be removed in a future release, their # functionality will be more appropriately provided by 'ttl_pattern' # and 'hierarchy_stoplist'. # http_stop /cgi-bin/ http_stop ? gopher_stop ? # TAG: ftp, gopher, http # Object size limits (in MB) and default TTLs (in minutes) # per access type. # # You cannot have a max object size that is greater than # cache_mem. We recommend that max object sizes are no greater # than (cache_mem / 4). # # Objects greater than max-obj-size will be proxied, but not # cached. # # The defaults are: # # Access Type Max Object Size TTL (note: 4320 minutes = 3 days) # --------- ---------------- ----------- #gopher 4 4320 #http 4 4320 #ftp 4 4320 # TAG: wais_relay # Relay WAIS request to host (1st arg) at port (2 arg). # Third argument is max object size. #wais_relay localhost 8000 4 # TAG: request_size # Maximum allowed request size in kilobytes. If people are using # POST to upload files, then set this to the largest acceptable # filesize plus a few extra kbytes. # request_size 100 # TAG: ttl_pattern # Selection of TTL's based on URL regular expressions (syntax # is the POSIX standard). There are no defaults. # # The list of URL patterns are searched in the order listed here. # All patterns in the list are checked and the last match is used. # There are two ways to specify the TTL: an absolute value, and # as a percentage of the object's age. # # The percentage factor is listed last on the line and may be # omitted. If the value is positive (non-zero) and the object # metadata includes a last-modified timestamp, the TTL will be set as # the given percent of the difference between current time and # the last-modified time. The number following the percentage # is an upper limit on the TTL. The default is 43200 minutes, or # 30 days. This means that no object whose TTL is set by this # method will remain in the cache for longer than 30 days. # # If the percentage factor is not used (for example when an object # has no last-modified timestamp) the absolute TTL value will # be checked instead. If the absolute value is non-negative, # it will be used. # # A negative absolute TTL value in conjunction with a positive # percentage factor has the effect that the TTL is set from # the pattern match only if a last-modified timestamp is present. # # If neither the absolute TTL or percentage factor result in a # TTL for the object, the default TTL from the preceeding section # will be used. # # The following line represents the default behaviour. Objects with # Last-Modified time are cached for 20% of their age, up to three # days. Otherwise, an object will be cached for three days # by default. # # ttl_pattern . 4320 20% 4320 # # Examples: # # Calculate TTL as # Absolute this percentage of # Regular Expression TTL in the object's age # matching URLs minutes %age Max (minutes) # --------- --------------------- ----------- ------ ------------ #ttl_pattern ^http:// 1440 20% 43200 #ttl_pattern ^ftp:// 10080 20% 43200 #ttl_pattern \.gif$ 2880 50% 43200 #ttl_pattern /cgi-bin/ 0 0% 43200 # TAG: quick_abort # By default the cache continues to retrieve objects from # aborted requests. This may be undesirable on slow (e.g. SLIP) # links and/or very busy caches. Impatient users may tie up # file descriptors by repeatedly aborting and re-requesting # non-cachable objects. # #quick_abort off # TAG: negative_ttl (in minutes) # Time-to-Live (TTL) for negative caching of retrieved objects. # The default is 5 minutes. Note that this is different from # negative caching of DNS lookups. # #negative_ttl 5 # # TAG: positive_dns_ttl (in minutes) # Time-to-Live (TTL) for positive caching of successful DNS lookups. # Default is 6 hours (360 minutes). If you want to minimize the # use of Squid's ipcache, set this to 1, not 0. # #positive_dns_ttl 360 # TAG: negative_dns_ttl (in minutes) # Time-to-Live (TTL) for negative caching of failed DNS lookups. # #negative_dns_ttl 5 # TIMEOUTS #----------------------------------------------------------------------------- # TAG: connect_timeout (in seconds) # Some systems (notably Linux) can not be relied upon to properly # time out connect(2) requests. Therefore the cached process # enforces its own timeout on server connections. This parameter # specifies how long to wait for the connect to complete. The # default is two minutes (120 seconds). # #connect_timeout 120 # TAG: read_timeout (in minutes) # An active connection will be aborted after read_timeout minutes # of no activity on that connection (i.e., assume the remote server # or network connection died after the connection was established). # The default is 15 minutes. # #read_timeout 15 # TAG: client_lifetime (in minutes) # The maximum amount of time that a client (browser) is allowed to # remain connected to the cache process. This protects the Cache # from having alot of sockets (and hence file descriptors) tied up # in a CLOSE_WAIT state from remote clients that go away without # properly shutting down (either because of a network failure or # because of a poor client implementation). The default is three # hours, 20 minutes. # # NOTE: The default value is designed with low-speed client # connections in mind. 200 minutes should be plenty of time to # transfer a 10M file at 1k/sec. If you have high-speed client # connectivity, or occasionally run out of file descriptors, # we suggest you lower this value appropriately. # #client_lifetime 200 # TAG: shutdown_lifetime (in seconds) # # When SIGTERM or SIGHUP is received, the cache is put into # "shutdown pending" mode until all active sockets are closed. # This value is the lifetime to set for all open descriptors # during shutdown mode. Any active clients after this many # seconds will receive a 'lifetime expire' message # #shutdown_lifetime 30 # TAG: clean_rate (in minutes) # How often to force a full garbage collection. Garbage collection # involves checking the expire time of every object in the cache. # # The cache will remove expired objects as space is needed for # new ones, so it should not be necessary to run full garbage # collections. For very large caches, garbage collection # may take a significant amount of time, during which it will # not process client requests. By default garbage collection # is disabled. If you want to force regular garbage collection # (perhaps to reclaim disk space) set this to a positive # value such as 30 minutes. # #clean_rate -1 # ACCESS CONTROLS #----------------------------------------------------------------------------- # Defining an Access List # # acl aclname src|domain|time|pattern|port|proto|method string1 ... # # acl aclname src ip-address/netmask ... # acl aclname domain .foo.com ... # acl aclname time day-abbrevs h1:m1-h2:m2 # day-abbrevs: # S - Sunday # M - Monday # T - Tuesday # W - Wednesday # H - Thursday # F - Friday # A - Saturday # h1:m1 must be less than h2:m2 # acl aclname url_regex ^http:// ... # regex matching on whole URL # acl aclname urlpath_regex \.gif$ ... # regex matching on URL path only # acl aclname port 80 70 21 ... # acl aclname proto HTTP FTP ... # acl aclname method GET POST ... acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl all src 0.0.0.0/0.0.0.0 acl SSL_ports port 443 563 acl CONNECT method CONNECT # Allowing or Denying access based on defined access lists # # Access to the HTTP port: # http_access allow|deny [!]aclname ... # # Access to the ICP port: # icp_access allow|deny [!]aclname ... # Only allow access to the cache manager functions from the local host. http_access deny manager !localhost http_access deny CONNECT !SSL_ports # Allow everything else http_access allow all # Reply to all ICP queries we receive icp_access allow all # TAG: cache_host_acl # Just like 'cache_host_domain' but provides more flexibility by # using ACL's. # # cache_host_acl cache-host [!]aclname ... # # NOTE: * Any number of ACL's may be given for a cache-host, # either on the same or separate lines. # * When multiple ACL's are given for a particular # cache-host, the first matched ACL is applied. # * Cache hosts with no domain or ACL restrictions arequeried # queried for all requests. # * There are no defaults. # ADMINISTRATIVE PARAMETERS #----------------------------------------------------------------------------- # TAG: cache_mgr # Email-address of local cache manager who will receive # mail if the cache dies. The default is "webmaster." # #cache_mgr webmaster # TAG: cache_effective_user # If the cache is run as root, it will change its effective/real # UID/GID to the UID/GID specified below. The default is not to # change UID/GID. # #cache_effective_user nobody nogroup # TAG: visible_hostname # If you want to present a special hostname in error messages, etc, # then define this. Otherwise, the return value of gethostname() # will be used. #visible_hostname www-cache.foo.org # OPTIONS FOR THE CACHE REGISTRATION SERVICE #----------------------------------------------------------------------------- # # This section contains parameters for the (optional) cache # announcement service. This service is provided to help # cache administrators locate one another in order to join or # create cache hierarchies. # # An 'announcement' message is sent (via UDP) to the registration # service by the program 'send-announce'. This program is called # in the RunCache script every time the cached process is started. # You may also run the 'send-announce' program manually, or from # cron if you like. By default, the annoucement message is NOT # SENT unless you enable it with 'cache_announce' below. # # The announcement message includes your hostname, plus the # following information from this configuration file: # # http_port # icp_port # cache_mgr # # All current information is processed regularly and made # available on the Web at http://www.nlanr.net/Cache/Tracker/. # This is how frequently to send cache announcements. The default # is `0' which disabled sending the announcement messages. # # To enable announcing your cache, just uncomment the line below. # #cache_announce 24 # This is the hostname and portnumber where the registration message # will be sent. # # Format: announce_to host[:port] [filename] # # Hostname will default to 'sd.cache.nlanr.net' and port will default # to 3131. If the 'filename' argument is given, the contents of that # file will be included in the announce message. # #announce_to sd.cache.nlanr.net:3131 # HTTPD-ACCELERATOR OPTIONS #----------------------------------------------------------------------------- # TAG: httpd_accel # If you want to run cached as an httpd accelerator, define the # host name and port number where the real HTTP server is. #httpd_accel your.real.httpd.host your.real.httpd.port # TAG: httpd_accel_with_proxy # If you want to use cached as both a local httpd accelerator # and as a proxy, change this to 'on'. #httpd_accel_with_proxy off # TAG: cache_hot_vm_factor # This parameter is only used when the cache is running strictly # in httpd_accel mode. In this case the cache keeps a number of # objects entirely in memory. We keep 'hot_vm_factor' such # objects for each megabyte of cache_mem. So, the number of # number of hot_vm objects is calculated as # # hot_vm_count = cache_mem * hot_vm_factor / 1048576 # # The default is 0.0, which disables hot_vm objects. The suggested # value for httpd_accel_mode is 12.5. # #cache_hot_vm_factor 0.0 # MISCELLANEOUS #----------------------------------------------------------------------------- # The DNS tests exit as soon as the first site is successfully looked up # # If you want to disable DNS tests, do not comment out or delete this # list. Instead use the -D command line option # dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu # TAG: logfile_rotate # # Specifies the number of logfile rotations to make upon receiving # a USR1 signal. The default is 10, which will rotate with # extensions 0 through 9. Setting logfile_rotate to 0 will # disable the rotation, but the logfiles are still closed and # re-opened. This will enable you to rename the logfiles yourself # just before sending a USR1 signal to the cached process. # #logfile_rotate 10 # TAG: append_domain # Appends local domain name to hostnames without any dots in them. # append_domain must begin with a period. # #append_domain .yourdomain.com # TAG: err_html_text # HTML text to include in error messages. Make this a "mailto" # URL to your admin address, or maybe just a link to your # organizations Web page. #html_text