1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
<TITLE>SQUID Frequently Asked Questions: Squid version 2</TITLE>
<LINK HREF="FAQ-20.html" REL=next>
<LINK HREF="FAQ-18.html" REL=previous>
<LINK HREF="FAQ.html#toc19" REL=contents>
</HEAD>
<BODY>
<A HREF="FAQ-20.html">Next</A>
<A HREF="FAQ-18.html">Previous</A>
<A HREF="FAQ.html#toc19">Contents</A>
<HR>
<H2><A NAME="s19">19.</A> <A HREF="FAQ.html#toc19">Squid version 2</A></H2>
<H2><A NAME="ss19.1">19.1</A> <A HREF="FAQ.html#toc19.1">What are the new features?</A>
</H2>
<P>
<UL>
<LI>persistent connections.</LI>
<LI>Lower VM usage; in-transit objects are not held fully in memory.</LI>
<LI>Totally independent swap directories.</LI>
<LI>Customizable error texts.</LI>
<LI>FTP supported internally; no more ftpget.</LI>
<LI>Asynchronous disk operations (optional, requires pthreads library).</LI>
<LI>Internal icons for FTP and gopher directories.</LI>
<LI>snprintf() used everywhere instead of sprintf().</LI>
<LI>SNMP.</LI>
<LI>
<A HREF="/urn-support.html">URN support</A></LI>
<LI>Routing requests based on AS numbers.</LI>
<LI>
<A HREF="FAQ-16.html">Cache Digests</A></LI>
<LI>...and many more!</LI>
</UL>
</P>
<H2><A NAME="ss19.2">19.2</A> <A HREF="FAQ.html#toc19.2">How do I configure 'ssl_proxy' now?</A>
</H2>
<P>By default, Squid connects directly to origin servers for SSL requests.
But if you must force SSL requests through a parent, first tell Squid
it can not go direct for SSL:
<PRE>
acl SSL method CONNECT
never_direct allow SSL
</PRE>
With this in place, Squid <EM>should</EM> pick one of your parents to
use for SSL requests. If you want it to pick a particular parent,
you must use the <EM>cache_peer_access</EM> configuration:
<PRE>
cache_peer parent1 parent 3128 3130
cache_peer parent2 parent 3128 3130
cache_peer_access parent2 allow !SSL
</PRE>
The above lines tell Squid to NOT use <EM>parent2</EM> for SSL, so it
should always use <EM>parent1</EM>.</P>
<H2><A NAME="ss19.3">19.3</A> <A HREF="FAQ.html#toc19.3">Empty placeholder</A>
This entry has been deleted.</H2>
<H2><A NAME="ss19.4">19.4</A> <A HREF="FAQ.html#toc19.4">Adding a new cache disk</A>
</H2>
<P>Simply add your new <EM>cache_dir</EM> line to <EM>squid.conf</EM>, then
run <EM>squid -z</EM> again. Squid will create swap directories on the
new disk and leave the existing ones in place.</P>
<H2><A NAME="ss19.5">19.5</A> <A HREF="FAQ.html#toc19.5">Empty placeholder</A>
This entry has been deleted.</H2>
<H2><A NAME="configuring-proxy-auth"></A> <A NAME="ss19.6">19.6</A> <A HREF="FAQ.html#toc19.6">How do I configure proxy authentication?</A>
</H2>
<P>Authentication is handled via external processes.
Arjan's
<A HREF="http://www.iae.nl/users/devet/squid/proxy_auth/">proxy auth page</A>
describes how to set it up. Some simple instructions are given below as well.</P>
<P>
<OL>
<LI>We assume you have configured an ACL entry with proxy_auth, for example:
<PRE>
acl foo proxy_auth REQUIRED
http_access allow foo
</PRE>
</LI>
<LI>You will need to compile and install an external authenticator program.
Most people will want to use <EM>ncsa_auth</EM>. The source for this program
is included in the source distribution, in the <EM>helpers/basic_auth/NCSA</EM>
directory.
<PRE>
% cd helpers/basic_auth/NCSA
% make
% make install
</PRE>
You should now have an <EM>ncsa_auth</EM> program in the <prefix>/libexec/ directory where
the helpers for <EM>squid</EM> lives (usually /usr/local/squid/libexec unless overridden by
configure flags). You can also select with the --enable-basic-auth-helpers=... option which
helpers should be installed by default when you install Squid.
</LI>
<LI>You may need to create a password file. If you have been using
proxy authentication before, you probably already have such a file.
You can get
<A HREF="../../htpasswd/">apache's htpasswd program</A>
from our server. Pick a pathname for your password file. We will assume
you will want to put it in the same directory as your squid.conf.
</LI>
<LI>Configure the external authenticator in <EM>squid.conf</EM>.
For <EM>ncsa_auth</EM> you need to give the pathname to the executable and
the password file as an argument. For example:
<PRE>
auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd
</PRE>
</LI>
</OL>
</P>
<P>After all that, you should be able to start up Squid. If we left something out, or
haven't been clear enough, please let us know (squid-faq@squid-cache.org).</P>
<H2><A NAME="ss19.7">19.7</A> <A HREF="FAQ.html#toc19.7">Why does proxy-auth reject all users after upgrading from Squid-2.1 or earlier?</A>
</H2>
<P>The ACL for proxy-authentication has changed from:
<PRE>
acl foo proxy_auth timeout
</PRE>
to:
<PRE>
acl foo proxy_auth username
</PRE>
Please update your ACL appropriately - a username of <EM>REQUIRED</EM> will permit
all valid usernames. The timeout is now specified with the configuration
option:
<PRE>
auth_param basic credentialsttl timeout
</PRE>
</P>
<H2><A NAME="ss19.8">19.8</A> <A HREF="FAQ.html#toc19.8">Delay Pools</A>
</H2>
<P>by
<A HREF="mailto:david@luyer.net">David Luyer</A>.</P>
<P><B>The information here is current for version 2.2. It is strongly
recommended that you use at least Squid 2.2 if you wish to use delay pools.</B></P>
<P>Delay pools provide a way to limit the bandwidth of certain requests
based on any list of criteria. The idea came from a Western Australian
university who wanted to restrict student traffic costs (without
affecting staff traffic, and still getting cache and local peering hits
at full speed). There was some early Squid 1.0 code by Central Network
Services at Murdoch University, which I then developed (at the University
of Western Australia) into a much more complex patch for Squid 1.0
called ``DELAY_HACK.'' I then tried to code it in a much cleaner style
and with slightly more generic options than I personally needed, and
called this ``delay pools'' in Squid 2. I almost completely recoded
this in Squid 2.2 to provide the greater flexibility requested by people
using the feature.</P>
<P>To enable delay pools features in Squid 2.2, you must use the
<EM>--enable-delay-pools</EM> configure option before compilation.</P>
<P>Terminology for this FAQ entry:</P>
<P>
<DL>
<DT><B>pool</B><DD><P>a collection of bucket groups as appropriate to a given class</P>
<DT><B>bucket group</B><DD><P>a group of buckets within a pool, such as the per-host bucket
group, the per-network bucket group or the aggregate bucket
group (the aggregate bucket group is actually a single bucket)</P>
<DT><B>bucket</B><DD><P>an individual delay bucket represents a traffic allocation
which is replenished at a given rate (up to a given limit) and
causes traffic to be delayed when empty</P>
<DT><B>class</B><DD><P>the class of a delay pool determines how the delay is applied,
ie, whether the different client IPs are treated seperately or
as a group (or both)</P>
<DT><B>class 1</B><DD><P>a class 1 delay pool contains a single unified bucket which is
used for all requests from hosts subject to the pool</P>
<DT><B>class 2</B><DD><P>a class 2 delay pool contains one unified bucket and 255
buckets, one for each host on an 8-bit network (IPv4 class C)</P>
<DT><B>class 3</B><DD><P>contains 255 buckets for the subnets in a 16-bit network, and
individual buckets for every host on these networks (IPv4 class
B)</P>
</DL>
</P>
<P>Delay pools allows you to limit traffic for clients or client groups,
with various features:
<UL>
<LI>can specify peer hosts which aren't affected by delay pools,
ie, local peering or other 'free' traffic (with the
<EM>no-delay</EM> peer option).
</LI>
<LI>delay behavior is selected by ACLs (low and high priority
traffic, staff vs students or student vs authenticated student
or so on).
</LI>
<LI>each group of users has a number of buckets, a bucket has an
amount coming into it in a second and a maximum amount it can
grow to; when it reaches zero, objects reads are deferred
until one of the object's clients has some traffic allowance.
</LI>
<LI>any number of pools can be configured with a given class and
any set of limits within the pools can be disabled, for example
you might only want to use the aggregate and per-host bucket
groups of class 3, not the per-network one.
</LI>
</UL>
</P>
<P>This allows options such as creating a number of class 1 delay pools
and allowing a certain amount of bandwidth to given object types (by
using URL regular expressions or similar), and many other uses I'm sure
I haven't even though of beyond the original fair balancing of a
relatively small traffic allocation across a large number of users.</P>
<P>There are some limitations of delay pools:
<UL>
<LI>delay pools are incompatible with slow aborts; quick abort
should be set fairly low to prevent objects being retrived at
full speed once there are no clients requesting them (as the
traffic allocation is based on the current clients, and when
there are no clients attached to the object there is no way to
determine the traffic allocation).</LI>
<LI>delay pools only limits the actual data transferred and is not
inclusive of overheads such as TCP overheads, ICP, DNS, icmp
pings, etc.</LI>
<LI>it is possible for one connection or a small number of
connections to take all the bandwidth from a given bucket and
the other connections to be starved completely, which can be a
major problem if there are a number of large objects being
transferred and the parameters are set in a way that a few
large objects will cause all clients to be starved (potentially
fixed by a currently experimental patch).</LI>
</UL>
</P>
<H3>How can I limit Squid's total bandwidth to, say, 512 Kbps?</H3>
<P>
<PRE>
acl all src 0.0.0.0/0.0.0.0 # might already be defined
delay_pools 1
delay_class 1 1
delay_access 1 allow all
delay_parameters 1 64000/64000 # 512 kbits == 64 kbytes per second
</PRE>
</P>
<P><B>For an explanation of these tags please see the configuration file.</B></P>
<P>The 1 second buffer (max = restore = 64kbytes/sec) is because a limit
is requested, and no responsiveness to a busrt is requested. If you
want it to be able to respond to a burst, increase the aggregate_max to
a larger value, and traffic bursts will be handled. It is recommended
that the maximum is at least twice the restore value - if there is only
a single object being downloaded, sometimes the download rate will fall
below the requested throughput as the bucket is not empty when it comes
to be replenished.</P>
<H3>How to limit a single connection to 128 Kbps?</H3>
<P>You can not limit a single HTTP request's connection speed. You
<EM>can</EM> limit individual hosts to some bandwidth rate. To limit a
specific host, define an <EM>acl</EM> for that host and use the example
above. To limit a group of hosts, then you must use a delay pool of
class 2 or 3. For example:
<PRE>
acl only128kusers src 192.168.1.0/255.255.192.0
acl all src 0.0.0.0/0.0.0.0
delay_pools 1
delay_class 1 3
delay_access 1 allow only128kusers
delay_access 1 deny all
delay_parameters 1 64000/64000 -1/-1 16000/64000
</PRE>
<B>For an explanation of these tags please see the configuration file.</B></P>
<P>The above gives a solution where a cache is given a total of 512kbits to
operate in, and each IP address gets only 128kbits out of that pool.</P>
<H3>How do you personally use delay pools?</H3>
<P>We have six local cache peers, all with the options 'proxy-only no-delay'
since they are fast machines connected via a fast ethernet and microwave (ATM)
network.</P>
<P>For our local access we use a dstdomain ACL, and for delay pool exceptions
we use a dst ACL as well since the delay pool ACL processing is done using
"fast lookups", which means (among other things) it won't wait for a DNS
lookup if it would need one.</P>
<P>Our proxy has two virtual interfaces, one which requires student
authentication to connect from machines where a department is not
paying for traffic, and one which uses delay pools. Also, users of the
main Unix system are allowed to choose slow or fast traffic, but must
pay for any traffic they do using the fast cache. Ident lookups are
disabled for accesses through the slow cache since they aren't needed.
Slow accesses are delayed using a class 3 delay pool to give fairness
between departments as well as between users. We recognize users of
Lynx on the main host are grouped together in one delay bucket but they
are mostly viewing text pages anyway, so this isn't considered a
serious problem. If it was we could take those hosts into a class 1
delay pool and give it a larger allocation.</P>
<P>I prefer using a slow restore rate and a large maximum rate to give
preference to people who are looking at web pages as their individual
bucket fills while they are reading, and those downloading large
objects are disadvantaged. This depends on which clients you believe
are more important. Also, one individual 8 bit network (a residential
college) have paid extra to get more bandwidth.</P>
<P>The relevant parts of my configuration file are (IP addresses, etc, all
changed):
<PRE>
# ACL definitions
# Local network definitions, domains a.net, b.net
acl LOCAL-NET dstdomain a.net b.net
# Local network; nets 64 - 127. Also nearby network class A, 10.
acl LOCAL-IP dst 192.168.64.0/255.255.192.0 10.0.0.0/255.0.0.0
# Virtual i/f used for slow access
acl virtual_slowcache myip 192.168.100.13/255.255.255.255
# All permitted slow access, nets 96 - 127
acl slownets src 192.168.96.0/255.255.224.0
# Special 'fast' slow access, net 123
acl fast_slow src 192.168.123.0/255.255.255.0
# User hosts
acl my_user_hosts src 192.168.100.2/255.255.255.254
# "All" ACL
acl all src 0.0.0.0/0.0.0.0
# Don't need ident lookups for billing on (free) slow cache
ident_lookup_access allow my_user_hosts !virtual_slowcache
ident_lookup_access deny all
# Security access checks
http_access [...]
# These people get in for slow cache access
http_access allow virtual_slowcache slownets
http_access deny virtual_slowcache
# Access checks for main cache
http_access [...]
# Delay definitions (read config file for clarification)
delay_pools 2
delay_initial_bucket_level 50
delay_class 1 3
delay_access 1 allow virtual_slowcache !LOCAL-NET !LOCAL-IP !fast_slow
delay_access 1 deny all
delay_parameters 1 8192/131072 1024/65536 256/32768
delay_class 2 2
delay_access 2 allow virtual_slowcache !LOCAL-NET !LOCAL-IP fast_slow
delay_access 2 deny all
delay_parameters 2 2048/65536 512/32768
</PRE>
</P>
<P>The same code is also used by a some of departments using class 2 delay
pools to give them more flexibility in giving different performance to
different labs or students.</P>
<H3>Where else can I find out about delay pools?</H3>
<P>This is also pretty well documented in the configuration file, with
examples. Since people seem to lose their config files, here's a copy
of the relevant section.</P>
<P>
<PRE>
# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# -----------------------------------------------------------------------------
# TAG: delay_pools
# This represents the number of delay pools to be used. For example,
# if you have one class 2 delay pool and one class 3 delays pool, you
# have a total of 2 delay pools.
#
# To enable this option, you must use --enable-delay-pools with the
# configure script.
#delay_pools 0
# TAG: delay_class
# This defines the class of each delay pool. There must be exactly one
# delay_class line for each delay pool. For example, to define two
# delay pools, one of class 2 and one of class 3, the settings above
# and here would be:
#
#delay_pools 2 # 2 delay pools
#delay_class 1 2 # pool 1 is a class 2 pool
#delay_class 2 3 # pool 2 is a class 3 pool
#
# The delay pool classes are:
#
# class 1 Everything is limited by a single aggregate
# bucket.
#
# class 2 Everything is limited by a single aggregate
# bucket as well as an "individual" bucket chosen
# from bits 25 through 32 of the IP address.
#
# class 3 Everything is limited by a single aggregate
# bucket as well as a "network" bucket chosen
# from bits 17 through 24 of the IP address and a
# "individual" bucket chosen from bits 17 through
# 32 of the IP address.
#
# NOTE: If an IP address is a.b.c.d
# -> bits 25 through 32 are "d"
# -> bits 17 through 24 are "c"
# -> bits 17 through 32 are "c * 256 + d"
# TAG: delay_access
# This is used to determine which delay pool a request falls into.
# The first matched delay pool is always used, ie, if a request falls
# into delay pool number one, no more delay are checked, otherwise the
# rest are checked in order of their delay pool number until they have
# all been checked. For example, if you want some_big_clients in delay
# pool 1 and lotsa_little_clients in delay pool 2:
#
#delay_access 1 allow some_big_clients
#delay_access 1 deny all
#delay_access 2 allow lotsa_little_clients
#delay_access 2 deny all
# TAG: delay_parameters
# This defines the parameters for a delay pool. Each delay pool has
# a number of "buckets" associated with it, as explained in the
# description of delay_class. For a class 1 delay pool, the syntax is:
#
#delay_parameters pool aggregate
#
# For a class 2 delay pool:
#
#delay_parameters pool aggregate individual
#
# For a class 3 delay pool:
#
#delay_parameters pool aggregate network individual
#
# The variables here are:
#
# pool a pool number - ie, a number between 1 and the
# number specified in delay_pools as used in
# delay_class lines.
#
# aggregate the "delay parameters" for the aggregate bucket
# (class 1, 2, 3).
#
# individual the "delay parameters" for the individual
# buckets (class 2, 3).
#
# network the "delay parameters" for the network buckets
# (class 3).
#
# A pair of delay parameters is written restore/maximum, where restore is
# the number of bytes (not bits - modem and network speeds are usually
# quoted in bits) per second placed into the bucket, and maximum is the
# maximum number of bytes which can be in the bucket at any time.
#
# For example, if delay pool number 1 is a class 2 delay pool as in the
# above example, and is being used to strictly limit each host to 64kbps
# (plus overheads), with no overall limit, the line is:
#
#delay_parameters 1 -1/-1 8000/8000
#
# Note that the figure -1 is used to represent "unlimited".
#
# And, if delay pool number 2 is a class 3 delay pool as in the above
# example, and you want to limit it to a total of 256kbps (strict limit)
# with each 8-bit network permitted 64kbps (strict limit) and each
# individual host permitted 4800bps with a bucket maximum size of 64kb
# to permit a decent web page to be downloaded at a decent speed
# (if the network is not being limited due to overuse) but slow down
# large downloads more significantly:
#
#delay_parameters 2 32000/32000 8000/8000 600/8000
#
# There must be one delay_parameters line for each delay pool.
# TAG: delay_initial_bucket_level (percent, 0-100)
# The initial bucket percentage is used to determine how much is put
# in each bucket when squid starts, is reconfigured, or first notices
# a host accessing it (in class 2 and class 3, individual hosts and
# networks only have buckets associated with them once they have been
# "seen" by squid).
#
#delay_initial_bucket_level 50
</PRE>
</P>
<H2><A NAME="ss19.9">19.9</A> <A HREF="FAQ.html#toc19.9">Can I preserve my cache when upgrading from 1.1 to 2?</A>
</H2>
<P>At the moment we do not have a script which will convert your cache
contents from the 1.1 to the Squid-2 format. If enough people ask for
one, then somebody will probably write such a script.</P>
<P>If you like, you can configure a new Squid-2 cache with your old
Squid-1.1 cache as a sibling. After a few days, weeks, or
however long you want to wait, shut down the old Squid cache.
If you want to force-load your new cache with the objects
from the old cache, you can try something like this:
<OL>
<LI>Install Squid-2 and configure it to have the same
amount of disk space as your Squid-1 cache, even
if there is not currently that much space free.</LI>
<LI>Configure Squid-2 with Squid-1 as a parent cache.
You might want to enable <EM>never_direct</EM> on
the Squid-2 cache so that all of Squid-2's requests
go through Squid-1.</LI>
<LI>Enable the
<A HREF="FAQ-7.html#purging-objects">PURGE method</A> on Squid-1.</LI>
<LI>Set the refresh rules on Squid-1 to be very liberal so that it
does not generate IMS requests for cached objects.</LI>
<LI>Create a list of all the URLs in the Squid-1 cache. These can
be extracted from the access.log, store.log and swap logs.</LI>
<LI>For every URL in the list, request the URL from Squid-2, and then
immediately send a PURGE request to Squid-1.</LI>
<LI>Eventually Squid-2 will have all the objects, and Squid-1
will be empty.</LI>
</OL>
</P>
<H2><A NAME="custom-err-msgs"></A> <A NAME="ss19.10">19.10</A> <A HREF="FAQ.html#toc19.10">Customizable Error Messages</A>
</H2>
<P>Squid-2 lets you customize your error messages. The source distribution
includes error messages in different languages. You can select the
language with the configure option:
<PRE>
--enable-err-language=lang
</PRE>
</P>
<P>Furthermore, you can rewrite the error message template files if you like.
This list describes the tags which Squid will insert into the messages:
<DL>
<DT><B>%B</B><DD><P>URL with FTP %2f hack</P>
<DT><B>%c</B><DD><P>Squid error code</P>
<DT><B>%d</B><DD><P>seconds elapsed since request received (not yet implemented)</P>
<DT><B>%e</B><DD><P>errno</P>
<DT><B>%E</B><DD><P>strerror()</P>
<DT><B>%f</B><DD><P>FTP request line</P>
<DT><B>%F</B><DD><P>FTP reply line</P>
<DT><B>%g</B><DD><P>FTP server message</P>
<DT><B>%h</B><DD><P>cache hostname</P>
<DT><B>%H</B><DD><P>server host name</P>
<DT><B>%i</B><DD><P>client IP address</P>
<DT><B>%I</B><DD><P>server IP address</P>
<DT><B>%L</B><DD><P>contents of <EM>err_html_text</EM> config option</P>
<DT><B>%M</B><DD><P>Request Method</P>
<DT><B>%m</B><DD><P>Error message returned by external auth helper</P>
<DT><B>%p</B><DD><P>URL port \#</P>
<DT><B>%P</B><DD><P>Protocol</P>
<DT><B>%R</B><DD><P>Full HTTP Request</P>
<DT><B>%S</B><DD><P>squid default signature</P>
<DT><B>%s</B><DD><P>caching proxy software with version</P>
<DT><B>%t</B><DD><P>local time</P>
<DT><B>%T</B><DD><P>UTC</P>
<DT><B>%U</B><DD><P>URL without password</P>
<DT><B>%u</B><DD><P>URL with password (Squid-2.5 and later only)</P>
<DT><B>%w</B><DD><P>cachemgr email address</P>
<DT><B>%z</B><DD><P>dns server error message</P>
</DL>
</P>
<P>The Squid default signature is added automatically unless %s
is used in the error page. To change the signature you must manually append
the signature to each error page.</P>
<P>The default signature reads like:
<PRE>
<BR clear="all">
<HR noshade size="1px">
<ADDRESS>
Generated %T by %h (%s)
</ADDRESS>
</BODY></HTML>
</PRE>
</P>
<H2><A NAME="ss19.11">19.11</A> <A HREF="FAQ.html#toc19.11">My squid.conf from version 1.1 doesn't work!</A>
</H2>
<P>Yes, a number of configuration directives have been renamed.
Here are some of them:
<DL>
<DT><B>cache_host</B><DD><P>This is now called <EM>cache_peer</EM>. The old term does not
really describe what you are configuring, but the new name
tells you that you are configuring a peer for your cache.</P>
<DT><B>cache_host_domain</B><DD><P>Renamed to <EM>cache_peer_domain</EM>.</P>
<DT><B>local_ip, local_domain</B><DD><P>The functaionality provided by these directives is now implemented
as access control lists. You will use the <EM>always_direct</EM> and
<EM>never_direct</EM> options. The new <EM>squid.conf</EM> file has some
examples.</P>
<DT><B>cache_stoplist</B><DD><P>This directive also has been reimplemented with access control
lists. You will use the <EM>no_cache</EM> option. For example:
<PRE>
acl Uncachable url_regex cgi ?
no_cache deny Uncachable
</PRE>
</P>
<DT><B>cache_swap</B><DD><P>This option used to specify the cache disk size. Now you
specify the disk size on each <EM>cache_dir</EM> line.</P>
<DT><B>cache_host_acl</B><DD><P>This option has been renamed to <EM>cache_peer_access</EM>
<B>and</B> the syntax has changed. Now this option is a
true access control list, and you must include an
<EM>allow</EM> or <EM>deny</EM> keyword. For example:
<PRE>
acl that-AS dst_as 1241
cache_peer_access thatcache.thatdomain.net allow that-AS
cache_peer_access thatcache.thatdomain.net deny all
</PRE>
This example sends requests to your peer <EM>thatcache.thatdomain.net</EM>
only for origin servers in Autonomous System Number 1241.</P>
<DT><B>units</B><DD><P>In Squid-1.1 many of the configuration options had implied
units associated with them. For example, the <EM>connect_timeout</EM>
value may have been in seconds, but the <EM>read_timeout</EM> value
had to be given in minutes. With Squid-2, these directives take
units after the numbers, and you will get a warning if you
leave off the units. For example, you should now write:
<PRE>
connect_timeout 120 seconds
read_timeout 15 minutes
</PRE>
</P>
</DL>
</P>
<HR>
<A HREF="FAQ-20.html">Next</A>
<A HREF="FAQ-18.html">Previous</A>
<A HREF="FAQ.html#toc19">Contents</A>
</BODY>
</HTML>
|