Package: squid3 / 3.4.8-6

01-cf.data.debian.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
Author: Luigi Gangitano <luigi@debian.org>
Description: Default configuration file for debian
=== modified file 'src/cf.data.pre'
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -360,7 +360,7 @@
 	If you want to use the traditional NCSA proxy authentication, set
 	this line to something like
 
-	auth_param basic program @DEFAULT_PREFIX@/libexec/basic_ncsa_auth @DEFAULT_PREFIX@/etc/passwd
+	auth_param basic program @DEFAULT_PREFIX@/lib/squid3/basic_ncsa_auth @DEFAULT_PREFIX@/etc/passwd
 
 	"utf8" on|off
 	HTTP uses iso-latin-1 as character set, while some authentication
@@ -444,7 +444,7 @@
 	If you want to use a digest authenticator, set this line to
 	something like
 
-	auth_param digest program @DEFAULT_PREFIX@/bin/digest_pw_auth @DEFAULT_PREFIX@/etc/digpass
+	auth_param digest program @DEFAULT_PREFIX@/lib/squid3/digest_pw_auth @DEFAULT_PREFIX@/etc/digpass
 
 	"utf8" on|off
 	HTTP uses iso-latin-1 as character set, while some authentication
@@ -521,6 +521,9 @@
 	of type proxy_auth.  By default, the NTLM authenticator program
 	is not used.
 
+	NOTE: In Debian the ntlm_auth program is distributed in the winbindd package
+	      which is required for this auth scheme to work
+
 	auth_param ntlm program /usr/bin/ntlm_auth
 
 	"children" numberofchildren [startup=N] [idle=N]
@@ -562,6 +565,9 @@
 	The only supported program for this role is the ntlm_auth
 	program distributed as part of Samba, version 4 or later.
 
+	NOTE: In Debian the ntlm_auth program is distributed in the winbindd package
+	      which is required for this auth scheme to work
+
 	auth_param negotiate program /usr/bin/ntlm_auth --helper-protocol=gss-spnego
 
 	"children" numberofchildren [startup=N] [idle=N]
@@ -1155,11 +1161,11 @@
 # Example rule allowing access from your local networks.
 # Adapt to list your (internal) IP networks from where browsing
 # should be allowed
-acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
-acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
-acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
-acl localnet src fc00::/7       # RFC 4193 local private network range
-acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
+#acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
+#acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
+#acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
+#acl localnet src fc00::/7       # RFC 4193 local private network range
+#acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
 
 acl SSL_ports port 443
 acl Safe_ports port 80		# http
@@ -1360,7 +1366,7 @@
 # Example rule allowing access from your local networks.
 # Adapt localnet in the ACL section to list your (internal) IP networks
 # from where browsing should be allowed
-http_access allow localnet
+#http_access allow localnet
 http_access allow localhost
 
 # And finally deny all other access to this proxy
@@ -4178,7 +4184,7 @@
 
 NAME: logfile_rotate
 TYPE: int
-DEFAULT: 10
+DEFAULT: 0
 LOC: Config.Log.rotateNumber
 DOC_START
 	Specifies the number of logfile rotations to make when you
@@ -4197,6 +4203,9 @@
 
 	Note, from Squid-3.1 this option is only a default for cache.log,
 	that log can be rotated separately by using debug_options.
+
+	Note2, for Debian/Linux the default of logfile_rotate is
+	zero, since it includes external logfile-rotation methods.
 DOC_END
 
 NAME: emulate_httpd_log
@@ -8497,8 +8506,8 @@
 
 	WARNING:
 	  This option will restrict the situations under which IPv6
-	  connectivity is used (and tested). Hiding network problems
-	  which would otherwise be detected and warned about.
+	  connectivity is used (and tested), potentially hiding network
+	  problems which would otherwise be detected and warned about.
 DOC_END
 
 NAME: ipcache_size