<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
 <TITLE>SQUID Frequently Asked Questions: Squid version 2</TITLE>
 <LINK HREF="FAQ-20.html" REL=next>
 <LINK HREF="FAQ-18.html" REL=previous>
 <LINK HREF="FAQ.html#toc19" REL=contents>
</HEAD>
<BODY>
<A HREF="FAQ-20.html">Next</A>
<A HREF="FAQ-18.html">Previous</A>
<A HREF="FAQ.html#toc19">Contents</A>
<HR>
<H2><A NAME="s19">19.</A> <A HREF="FAQ.html#toc19">Squid version 2</A></H2>

<H2><A NAME="ss19.1">19.1</A> <A HREF="FAQ.html#toc19.1">What are the new features?</A>
</H2>

<P>
<UL>
<LI>persistent connections.</LI>
<LI>Lower VM usage; in-transit objects are not held fully in memory.</LI>
<LI>Totally independent swap directories.</LI>
<LI>Customizable error texts.</LI>
<LI>FTP supported internally; no more ftpget.</LI>
<LI>Asynchronous disk operations (optional, requires pthreads library).</LI>
<LI>Internal icons for FTP and gopher directories.</LI>
<LI>snprintf() used everywhere instead of sprintf().</LI>
<LI>SNMP.</LI>
<LI>
<A HREF="/urn-support.html">URN support</A></LI>
<LI>Routing requests based on AS numbers.</LI>
<LI>
<A HREF="FAQ-16.html">Cache Digests</A></LI>
<LI>...and many more!</LI>
</UL>
</P>



<H2><A NAME="ss19.2">19.2</A> <A HREF="FAQ.html#toc19.2">How do I configure 'ssl_proxy' now?</A>
</H2>

<P>By default, Squid connects directly to origin servers for SSL requests.
But if you must force SSL requests through a parent, first tell Squid
it can not go direct for SSL:
<PRE>
        acl SSL method CONNECT
        never_direct allow SSL
</PRE>

With this in place, Squid <EM>should</EM> pick one of your parents to
use for SSL requests.  If you want it to pick a particular parent,
you must use the <EM>cache_peer_access</EM> configuration:
<PRE>
        cache_peer parent1 parent 3128 3130
        cache_peer parent2 parent 3128 3130
        cache_peer_access parent2 allow !SSL
</PRE>

The above lines tell Squid to NOT use <EM>parent2</EM> for SSL, so it
should always use <EM>parent1</EM>.</P>

<H2><A NAME="ss19.3">19.3</A> <A HREF="FAQ.html#toc19.3">Empty placeholder</A>
This entry has been deleted.</H2>

<H2><A NAME="ss19.4">19.4</A> <A HREF="FAQ.html#toc19.4">Adding a new cache disk</A>
</H2>

<P>Simply add your new <EM>cache_dir</EM> line to <EM>squid.conf</EM>, then
run <EM>squid -z</EM> again.  Squid will create swap directories on the
new disk and leave the existing ones in place.</P>

<H2><A NAME="ss19.5">19.5</A> <A HREF="FAQ.html#toc19.5">Empty placeholder</A>
This entry has been deleted.</H2>

<H2><A NAME="configuring-proxy-auth"></A> <A NAME="ss19.6">19.6</A> <A HREF="FAQ.html#toc19.6">How do I configure proxy authentication?</A>
</H2>

<P>Authentication is handled via external processes.
Arjan's 
<A HREF="http://www.iae.nl/users/devet/squid/proxy_auth/">proxy auth page</A>
describes how to set it up.  Some simple instructions are given below as well.</P>
<P>
<OL>
<LI>We assume you have configured an ACL entry with proxy_auth, for example:
<PRE>
        acl foo proxy_auth REQUIRED
        http_access allow foo
</PRE>

</LI>
<LI>You will need to compile and install an external authenticator program.
Most people will want to use <EM>ncsa_auth</EM>.  The source for this program
is included in the source distribution, in the <EM>helpers/basic_auth/NCSA</EM>
directory.
<PRE>
        % cd helpers/basic_auth/NCSA
        % make
        % make install
</PRE>


You should now have an <EM>ncsa_auth</EM> program in the &lt;prefix&gt;/libexec/ directory where
the helpers for <EM>squid</EM> lives (usually /usr/local/squid/libexec unless overridden by
configure flags). You can also select with the --enable-basic-auth-helpers=... option which
helpers should be installed by default when you install Squid.
</LI>
<LI>You may need to create a password file.  If you have been using
proxy authentication before, you probably already have such a file.
You can get 
<A HREF="../../htpasswd/">apache's htpasswd program</A>
from our server.  Pick a pathname for your password file.  We will assume
you will want to put it in the same directory as your squid.conf.
</LI>
<LI>Configure the external authenticator in <EM>squid.conf</EM>.
For <EM>ncsa_auth</EM> you need to give the pathname to the executable and
the password file as an argument.  For example:
<PRE>
        auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd
</PRE>
</LI>
</OL>
</P>

<P>After all that, you should be able to start up Squid.  If we left something out, or
haven't been clear enough, please let us know (squid-faq@squid-cache.org).</P>

<H2><A NAME="ss19.7">19.7</A> <A HREF="FAQ.html#toc19.7">Why does proxy-auth reject all users after upgrading from Squid-2.1 or earlier?</A>
</H2>

<P>The ACL for proxy-authentication has changed from:
<PRE>
        acl foo proxy_auth timeout
</PRE>

to:
<PRE>
        acl foo proxy_auth username
</PRE>

Please update your ACL appropriately - a username of <EM>REQUIRED</EM> will permit
all valid usernames.  The timeout is now specified with the configuration
option:
<PRE>
        auth_param basic credentialsttl timeout
</PRE>
</P>

<H2><A NAME="ss19.8">19.8</A> <A HREF="FAQ.html#toc19.8">Delay Pools</A>
</H2>

<P>by 
<A HREF="mailto:david@luyer.net">David Luyer</A>.</P>

<P><B>The information here is current for version 2.2.  It is strongly
recommended that you use at least Squid 2.2 if you wish to use delay pools.</B></P>

<P>Delay pools provide a way to limit the bandwidth of certain requests
based on any list of criteria.  The idea came from a Western Australian
university who wanted to restrict student traffic costs (without
affecting staff traffic, and still getting cache and local peering hits
at full speed).  There was some early Squid 1.0 code by Central Network
Services at Murdoch University, which I then developed (at the University
of Western Australia) into a much more complex patch for Squid 1.0
called ``DELAY_HACK.''  I then tried to code it in a much cleaner style
and with slightly more generic options than I personally needed, and
called this ``delay pools'' in Squid 2.  I almost completely recoded
this in Squid 2.2 to provide the greater flexibility requested by people
using the feature.</P>

<P>To enable delay pools features in Squid 2.2, you must use the
<EM>--enable-delay-pools</EM> configure option before compilation.</P>

<P>Terminology for this FAQ entry:</P>
<P>
<DL>
<DT><B>pool</B><DD><P>a collection of bucket groups as appropriate to a given class</P>

<DT><B>bucket group</B><DD><P>a group of buckets within a pool, such as the per-host bucket
group, the per-network bucket group or the aggregate bucket
group (the aggregate bucket group is actually a single bucket)</P>

<DT><B>bucket</B><DD><P>an individual delay bucket represents a traffic allocation
which is replenished at a given rate (up to a given limit) and
causes traffic to be delayed when empty</P>

<DT><B>class</B><DD><P>the class of a delay pool determines how the delay is applied,
ie, whether the different client IPs are treated seperately or
as a group (or both)</P>

<DT><B>class 1</B><DD><P>a class 1 delay pool contains a single unified bucket which is
used for all requests from hosts subject to the pool</P>

<DT><B>class 2</B><DD><P>a class 2 delay pool contains one unified bucket and 255
buckets, one for each host on an 8-bit network (IPv4 class C)</P>

<DT><B>class 3</B><DD><P>contains 255 buckets for the subnets in a 16-bit network, and
individual buckets for every host on these networks (IPv4 class
B)</P>

</DL>
</P>

<P>Delay pools allows you to limit traffic for clients or client groups,
with various features:
<UL>
<LI>can specify peer hosts which aren't affected by delay pools,
ie, local peering or other 'free' traffic (with the
<EM>no-delay</EM> peer option).
</LI>
<LI>delay behavior is selected by ACLs (low and high priority
traffic, staff vs students or student vs authenticated student
or so on).
</LI>
<LI>each group of users has a number of buckets, a bucket has an
amount coming into it in a second and a maximum amount it can
grow to; when  it reaches zero, objects reads are deferred
until one of the object's clients has some traffic allowance.
</LI>
<LI>any number of pools can be configured with a given class and
any set of limits within the pools can be disabled, for example
you might only want to use the aggregate and per-host bucket
groups of class 3, not the per-network one.
</LI>
</UL>
</P>

<P>This allows options such as creating a number of class 1 delay pools
and allowing a certain amount of bandwidth to given object types (by
using URL regular expressions or similar), and many other uses I'm sure
I haven't even though of beyond the original fair balancing of a
relatively small traffic allocation across a large number of users.</P>

<P>There are some limitations of delay pools:
<UL>
<LI>delay pools are incompatible with slow aborts; quick abort
should be set fairly low to prevent objects being retrived at
full speed once there are no clients requesting them (as the
traffic allocation is based on the current clients, and when
there are no clients attached to the object there is no way to
determine the traffic allocation).</LI>
<LI>delay pools only limits the actual data transferred and is not
inclusive of overheads such as TCP overheads, ICP, DNS, icmp
pings, etc.</LI>
<LI>it is possible for one connection or a small number of
connections to take all the bandwidth from a given bucket and
the other connections to be starved completely, which can be a
major problem if there are a number of large objects being
transferred and the parameters are set in a way that a few
large objects will cause all clients to be starved (potentially
fixed by a currently experimental patch).</LI>
</UL>
</P>

<H3>How can I limit Squid's total bandwidth to, say, 512 Kbps?</H3>

<P>
<PRE>
        acl all src 0.0.0.0/0.0.0.0             # might already be defined
        delay_pools 1
        delay_class 1 1
        delay_access 1 allow all
        delay_parameters 1 64000/64000          # 512 kbits == 64 kbytes per second
</PRE>
</P>
<P><B>For an explanation of these tags please see the configuration file.</B></P>


<P>The 1 second buffer (max = restore = 64kbytes/sec) is because a limit
is requested, and no responsiveness to a busrt is requested. If you
want it to be able to respond to a burst, increase the aggregate_max to
a larger value, and traffic bursts will be handled.  It is recommended
that the maximum is at least twice the restore value - if there is only
a single object being downloaded, sometimes the download rate will fall
below the requested throughput as the bucket is not empty when it comes
to be replenished.</P>

<H3>How to limit a single connection to 128 Kbps?</H3>

<P>You can not limit a single HTTP request's connection speed.  You
<EM>can</EM> limit individual hosts to some bandwidth rate.  To limit a
specific host, define an <EM>acl</EM> for that host and use the example
above.  To limit a group of hosts, then you must use a delay pool of
class 2 or 3.  For example:
<PRE>
        acl only128kusers src 192.168.1.0/255.255.192.0
        acl all src 0.0.0.0/0.0.0.0
        delay_pools 1
        delay_class 1 3
        delay_access 1 allow only128kusers
        delay_access 1 deny all
        delay_parameters 1 64000/64000 -1/-1 16000/64000
</PRE>

<B>For an explanation of these tags please see the configuration file.</B></P>
<P>The above gives a solution where a cache is given a total of 512kbits to
operate in, and each IP address gets only 128kbits out of that pool.</P>

<H3>How do you personally use delay pools?</H3>

<P>We have six local cache peers, all with the options 'proxy-only no-delay'
since they are fast machines connected via a fast ethernet and microwave (ATM)
network.</P>

<P>For our local access we use a dstdomain ACL, and for delay pool exceptions
we use a dst ACL as well since the delay pool ACL processing is done using
"fast lookups", which means (among other things) it won't wait for a DNS
lookup if it would need one.</P>

<P>Our proxy has two virtual interfaces, one which requires student
authentication to connect from machines where a department is not
paying for traffic, and one which uses delay pools.  Also, users of the
main Unix system are allowed to choose slow or fast traffic, but must
pay for any traffic they do using the fast cache.  Ident lookups are
disabled for accesses through the slow cache since they aren't needed.
Slow accesses are delayed using a class 3 delay pool to give fairness
between departments as well as between users.  We recognize users of
Lynx on the main host are grouped together in one delay bucket but they
are mostly viewing text pages anyway, so this isn't considered a
serious problem.  If it was we could take those hosts into a class 1
delay pool and give it a larger allocation.</P>

<P>I prefer using a slow restore rate and a large maximum rate to give
preference to people who are looking at web pages as their individual
bucket fills while they are reading, and those downloading large
objects are disadvantaged.  This depends on which clients you believe
are more important.  Also, one individual 8 bit network (a residential
college) have paid extra to get more bandwidth.</P>

<P>The relevant parts of my configuration file are (IP addresses, etc, all
changed):
<PRE>
        # ACL definitions
        # Local network definitions, domains a.net, b.net
        acl LOCAL-NET dstdomain a.net b.net
        # Local network; nets 64 - 127.  Also nearby network class A, 10.
        acl LOCAL-IP dst 192.168.64.0/255.255.192.0 10.0.0.0/255.0.0.0
        # Virtual i/f used for slow access
        acl virtual_slowcache myip 192.168.100.13/255.255.255.255
        # All permitted slow access, nets 96 - 127
        acl slownets src 192.168.96.0/255.255.224.0
        # Special 'fast' slow access, net 123
        acl fast_slow src 192.168.123.0/255.255.255.0
        # User hosts
        acl my_user_hosts src 192.168.100.2/255.255.255.254
        # "All" ACL
        acl all src 0.0.0.0/0.0.0.0

        # Don't need ident lookups for billing on (free) slow cache
        ident_lookup_access allow my_user_hosts !virtual_slowcache
        ident_lookup_access deny all

        # Security access checks
        http_access [...]

        # These people get in for slow cache access
        http_access allow virtual_slowcache slownets
        http_access deny virtual_slowcache

        # Access checks for main cache
        http_access [...]

        # Delay definitions (read config file for clarification)
        delay_pools 2
        delay_initial_bucket_level 50

        delay_class 1 3
        delay_access 1 allow virtual_slowcache !LOCAL-NET !LOCAL-IP !fast_slow
        delay_access 1 deny all
        delay_parameters 1 8192/131072 1024/65536 256/32768

        delay_class 2 2
        delay_access 2 allow virtual_slowcache !LOCAL-NET !LOCAL-IP fast_slow
        delay_access 2 deny all
        delay_parameters 2 2048/65536 512/32768
</PRE>
</P>

<P>The same code is also used by a some of departments using class 2 delay
pools to give them more flexibility in giving different performance to
different labs or students.</P>

<H3>Where else can I find out about delay pools?</H3>

<P>This is also pretty well documented in the configuration file, with
examples.  Since people seem to lose their config files, here's a copy
of the relevant section.</P>
<P>
<PRE>
# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# -----------------------------------------------------------------------------

#  TAG: delay_pools
#       This represents the number of delay pools to be used.  For example,
#       if you have one class 2 delay pool and one class 3 delays pool, you
#       have a total of 2 delay pools.
#
#       To enable this option, you must use --enable-delay-pools with the
#       configure script.
#delay_pools 0

#  TAG: delay_class
#       This defines the class of each delay pool.  There must be exactly one
#       delay_class line for each delay pool.  For example, to define two
#       delay pools, one of class 2 and one of class 3, the settings above
#       and here would be:
#
#delay_pools 2      # 2 delay pools
#delay_class 1 2    # pool 1 is a class 2 pool
#delay_class 2 3    # pool 2 is a class 3 pool
#
#       The delay pool classes are:
#
#               class 1         Everything is limited by a single aggregate
#                               bucket.
#
#               class 2         Everything is limited by a single aggregate
#                               bucket as well as an "individual" bucket chosen
#                               from bits 25 through 32 of the IP address.
#
#               class 3         Everything is limited by a single aggregate
#                               bucket as well as a "network" bucket chosen
#                               from bits 17 through 24 of the IP address and a
#                               "individual" bucket chosen from bits 17 through
#                               32 of the IP address.
#
#       NOTE: If an IP address is a.b.c.d
#               -> bits 25 through 32 are "d"
#               -> bits 17 through 24 are "c"
#               -> bits 17 through 32 are "c * 256 + d"

#  TAG: delay_access
#       This is used to determine which delay pool a request falls into.
#       The first matched delay pool is always used, ie, if a request falls
#       into delay pool number one, no more delay are checked, otherwise the
#       rest are checked in order of their delay pool number until they have
#       all been checked.  For example, if you want some_big_clients in delay
#       pool 1 and lotsa_little_clients in delay pool 2:
#
#delay_access 1 allow some_big_clients
#delay_access 1 deny all
#delay_access 2 allow lotsa_little_clients
#delay_access 2 deny all

#  TAG: delay_parameters
#       This defines the parameters for a delay pool.  Each delay pool has
#       a number of "buckets" associated with it, as explained in the
#       description of delay_class.  For a class 1 delay pool, the syntax is:
#
#delay_parameters pool aggregate
#
#       For a class 2 delay pool:
#
#delay_parameters pool aggregate individual
#
#       For a class 3 delay pool:
#
#delay_parameters pool aggregate network individual
#
#       The variables here are:
#
#               pool            a pool number - ie, a number between 1 and the
#                               number specified in delay_pools as used in
#                               delay_class lines.
#
#               aggregate       the "delay parameters" for the aggregate bucket
#                               (class 1, 2, 3).
#
#               individual      the "delay parameters" for the individual
#                               buckets (class 2, 3).
#
#               network         the "delay parameters" for the network buckets
#                               (class 3).
#
#       A pair of delay parameters is written restore/maximum, where restore is
#       the number of bytes (not bits - modem and network speeds are usually
#       quoted in bits) per second placed into the bucket, and maximum is the
#       maximum number of bytes which can be in the bucket at any time.
#
#       For example, if delay pool number 1 is a class 2 delay pool as in the
#       above example, and is being used to strictly limit each host to 64kbps
#       (plus overheads), with no overall limit, the line is:
#
#delay_parameters 1 -1/-1 8000/8000
#
#       Note that the figure -1 is used to represent "unlimited".
#
#       And, if delay pool number 2 is a class 3 delay pool as in the above
#       example, and you want to limit it to a total of 256kbps (strict limit)
#       with each 8-bit network permitted 64kbps (strict limit) and each
#       individual host permitted 4800bps with a bucket maximum size of 64kb
#       to permit a decent web page to be downloaded at a decent speed
#       (if the network is not being limited due to overuse) but slow down
#       large downloads more significantly:
#
#delay_parameters 2 32000/32000 8000/8000 600/8000
#
#       There must be one delay_parameters line for each delay pool.

#  TAG: delay_initial_bucket_level      (percent, 0-100)
#       The initial bucket percentage is used to determine how much is put
#       in each bucket when squid starts, is reconfigured, or first notices
#       a host accessing it (in class 2 and class 3, individual hosts and
#       networks only have buckets associated with them once they have been
#       "seen" by squid).
#
#delay_initial_bucket_level 50
</PRE>
</P>

<H2><A NAME="ss19.9">19.9</A> <A HREF="FAQ.html#toc19.9">Can I preserve my cache when upgrading from 1.1 to 2?</A>
</H2>

<P>At the moment we do not have a script which will convert your cache
contents from the 1.1 to the Squid-2 format.  If enough people ask for
one, then somebody will probably write such a script.</P>

<P>If you like, you can configure a new Squid-2 cache with your old
Squid-1.1 cache as a sibling.  After a few days, weeks, or
however long you want to wait, shut down the old Squid cache.
If you want to force-load your new cache with the objects
from the old cache, you can try something like this:
<OL>
<LI>Install Squid-2 and configure it to have the same
amount of disk space as your Squid-1 cache, even
if there is not currently that much space free.</LI>
<LI>Configure Squid-2 with Squid-1 as a parent cache.
You might want to enable <EM>never_direct</EM> on
the Squid-2 cache so that all of Squid-2's requests
go through Squid-1.</LI>
<LI>Enable the 
<A HREF="FAQ-7.html#purging-objects">PURGE method</A> on Squid-1.</LI>
<LI>Set the refresh rules on Squid-1 to be very liberal so that it
does not generate IMS requests for cached objects.</LI>
<LI>Create a list of all the URLs in the Squid-1 cache.  These can
be extracted from the access.log, store.log and swap logs.</LI>
<LI>For every URL in the list, request the URL from Squid-2, and then
immediately send a PURGE request to Squid-1.</LI>
<LI>Eventually Squid-2 will have all the objects, and Squid-1
will be empty.</LI>
</OL>
</P>



<H2><A NAME="custom-err-msgs"></A> <A NAME="ss19.10">19.10</A> <A HREF="FAQ.html#toc19.10">Customizable Error Messages</A>
</H2>

<P>Squid-2 lets you customize your error messages.  The source distribution
includes error messages in different languages.  You can select the
language with the configure option:
<PRE>
        --enable-err-language=lang
</PRE>
</P>

<P>Furthermore, you can rewrite the error message template files if you like.
This list describes the tags which Squid will insert into the messages:
<DL>
<DT><B>%B</B><DD><P>URL with FTP %2f hack</P>
<DT><B>%c</B><DD><P>Squid error code</P>
<DT><B>%d</B><DD><P>seconds elapsed since request received (not yet implemented)</P>
<DT><B>%e</B><DD><P>errno</P>
<DT><B>%E</B><DD><P>strerror()</P>
<DT><B>%f</B><DD><P>FTP request line</P>
<DT><B>%F</B><DD><P>FTP reply line</P>
<DT><B>%g</B><DD><P>FTP server message</P>
<DT><B>%h</B><DD><P>cache hostname</P>
<DT><B>%H</B><DD><P>server host name</P>
<DT><B>%i</B><DD><P>client IP address</P>
<DT><B>%I</B><DD><P>server IP address</P>
<DT><B>%L</B><DD><P>contents of <EM>err_html_text</EM> config option</P>
<DT><B>%M</B><DD><P>Request Method</P>
<DT><B>%m</B><DD><P>Error message returned by external auth helper</P>
<DT><B>%p</B><DD><P>URL port \#</P>
<DT><B>%P</B><DD><P>Protocol</P>
<DT><B>%R</B><DD><P>Full HTTP Request</P>
<DT><B>%S</B><DD><P>squid default signature</P>
<DT><B>%s</B><DD><P>caching proxy software with version</P>
<DT><B>%t</B><DD><P>local time</P>
<DT><B>%T</B><DD><P>UTC</P>
<DT><B>%U</B><DD><P>URL without password</P>
<DT><B>%u</B><DD><P>URL with password (Squid-2.5 and later only)</P>
<DT><B>%w</B><DD><P>cachemgr email address</P>
<DT><B>%z</B><DD><P>dns server error message</P>
</DL>
</P>
<P>The Squid default signature is added automatically unless %s
is used in the error page. To change the signature you must manually append
the signature to each error page.</P>

<P>The default signature reads like:
<PRE>
    &lt;BR clear="all"&gt;
    &lt;HR noshade size="1px"&gt;
    &lt;ADDRESS&gt;
    Generated %T by %h (%s)
    &lt;/ADDRESS&gt;
    &lt;/BODY&gt;&lt;/HTML&gt;
</PRE>
</P>

<H2><A NAME="ss19.11">19.11</A> <A HREF="FAQ.html#toc19.11">My squid.conf from version 1.1 doesn't work!</A>
</H2>

<P>Yes, a number of configuration directives have been renamed.
Here are some of them:
<DL>
<DT><B>cache_host</B><DD><P>This is now called <EM>cache_peer</EM>.  The old term does not
really describe what you are configuring, but the new name
tells you that you are configuring a peer for your cache.</P>
<DT><B>cache_host_domain</B><DD><P>Renamed to <EM>cache_peer_domain</EM>.</P>
<DT><B>local_ip, local_domain</B><DD><P>The functaionality provided by these directives is now implemented
as access control lists.  You will use the <EM>always_direct</EM> and
<EM>never_direct</EM> options.  The new <EM>squid.conf</EM> file has some
examples.</P>
<DT><B>cache_stoplist</B><DD><P>This directive also has been reimplemented with access control
lists.  You will use the <EM>no_cache</EM> option.  For example:
<PRE>
        acl Uncachable url_regex cgi ?
        no_cache deny Uncachable
        
</PRE>
</P>
<DT><B>cache_swap</B><DD><P>This option used to specify the cache disk size.  Now you
specify the disk size on each <EM>cache_dir</EM> line.</P>
<DT><B>cache_host_acl</B><DD><P>This option has been renamed to <EM>cache_peer_access</EM>
<B>and</B> the syntax has changed.  Now this option is a
true access control list, and you must include an
<EM>allow</EM> or <EM>deny</EM> keyword.  For example:
<PRE>
        acl that-AS dst_as 1241
        cache_peer_access thatcache.thatdomain.net allow that-AS
        cache_peer_access thatcache.thatdomain.net deny all
        
</PRE>

This example sends requests to your peer <EM>thatcache.thatdomain.net</EM>
only for origin servers in Autonomous System Number 1241.</P>
<DT><B>units</B><DD><P>In Squid-1.1 many of the configuration options had implied
units associated with them.  For example, the <EM>connect_timeout</EM>
value may have been in seconds, but the <EM>read_timeout</EM> value
had to be given in minutes.  With Squid-2, these directives take
units after the numbers, and you will get a warning if you
leave off the units.  For example, you should now write:
<PRE>
        connect_timeout 120 seconds
        read_timeout 15 minutes
        
</PRE>
</P>
</DL>
</P>



<HR>
<A HREF="FAQ-20.html">Next</A>
<A HREF="FAQ-18.html">Previous</A>
<A HREF="FAQ.html#toc19">Contents</A>
</BODY>
</HTML>