1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186
|
#!/bin/sh -e
## 01-cf.data.debian.dpatch by Luigi Gangitano <luigi@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Default configuration file for Debian.
if [ $# -ne 1 ]; then
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1
fi
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
case "$1" in
-patch) patch $patch_opts -p1 < $0;;
-unpatch) patch $patch_opts -p1 -R < $0;;
*)
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1;;
esac
exit 0
@DPATCH@
diff -urNad squid-2.6.5~/src/cf.data.pre squid-2.6.5/src/cf.data.pre
--- squid-2.6.5~/src/cf.data.pre 2006-10-12 22:48:48.000000000 +0200
+++ squid-2.6.5/src/cf.data.pre 2006-11-06 11:38:28.000000000 +0100
@@ -320,12 +320,12 @@
NAME: htcp_port
IFDEF: USE_HTCP
TYPE: ushort
-DEFAULT: 4827
+DEFAULT: 0
LOC: Config.Port.htcp
DOC_START
The port number where Squid sends and receives HTCP queries to
- and from neighbor caches. Default is 4827. To disable use
- "0".
+ and from neighbor caches. To turn it on you want to set it 4827.
+ By default it is set to "0" (disabled).
DOC_END
@@ -1651,6 +1651,10 @@
If append_domain is used, that domain will be added to
domain-local (i.e. not containing any dot character) host
definitions.
+
+NOCOMMENT_START
+hosts_file /etc/hosts
+NOCOMMENT_END
DOC_END
NAME: diskd_program
@@ -1863,7 +1867,7 @@
Then, set this line to something like
- auth_param basic program @DEFAULT_PREFIX@/libexec/ncsa_auth @DEFAULT_PREFIX@/etc/passwd
+ auth_param basic program @DEFAULT_PREFIX@/lib/squid/ncsa_auth @DEFAULT_PREFIX@/etc/passwd
"children" numberofchildren
The number of authenticator processes to spawn. If you start too few
@@ -1930,7 +1934,7 @@
Then, set this line to something like
- auth_param digest program @DEFAULT_PREFIX@/libexec/digest_auth_pw @DEFAULT_PREFIX@/etc/digpass
+ auth_param digest program @DEFAULT_PREFIX@/lib/squid/digest_auth_pw @DEFAULT_PREFIX@/etc/digpass
"children" numberofchildren
@@ -1999,7 +2003,10 @@
By default, the ntlm authentication scheme is not used unless a
program is specified.
- auth_param ntlm program /path/to/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
+ Note: If you're using Samba >= 3.0.2, please install the winbind
+ package and use the ntlm_auth helper from that package.
+
+ auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
"children" numberofchildren
The number of authenticator processes to spawn. If you start too few
@@ -2801,7 +2808,9 @@
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
-acl SSL_ports port 443
+acl SSL_ports port 443 # https
+acl SSL_ports port 563 # snews
+acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
@@ -2812,6 +2821,10 @@
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
+acl Safe_ports port 631 # cups
+acl Safe_ports port 873 # rsync
+acl Safe_ports port 901 # SWAT
+acl purge method PURGE
acl CONNECT method CONNECT
NOCOMMENT_END
DOC_END
@@ -2931,6 +2944,9 @@
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
+# Only allow purge requests from localhost
+http_access allow purge localhost
+http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
@@ -2948,6 +2964,7 @@
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
+http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
@@ -3280,12 +3297,12 @@
NAME: cache_effective_user
TYPE: string
-DEFAULT: nobody
+DEFAULT: proxy
LOC: Config.effectiveUser
DOC_START
If you start Squid as root, it will change its effective/real
UID/GID to the user specified below. The default is to change
- to UID to nobody. If you define cache_effective_user, but not
+ to UID to proxy. If you define cache_effective_user, but not
cache_effective_group, Squid sets the GID to the effective
user's default group ID (taken from the password file) and
supplementary group list from the from groups membership of
@@ -3305,6 +3322,9 @@
and only this GID is effective. If Squid is not started as
root the user starting Squid must be member of the specified
group.
+NOCOMMENT_START
+cache_effective_group proxy
+NOCOMMENT_END
DOC_END
@@ -3471,7 +3491,7 @@
NAME: logfile_rotate
TYPE: int
-DEFAULT: 10
+DEFAULT: 0
LOC: Config.Log.rotateNumber
DOC_START
Specifies the number of logfile rotations to make when you
@@ -3487,6 +3507,9 @@
purposes, so -k rotate uses another signal. It is best to get
in the habit of using 'squid -k rotate' instead of 'kill -USR1
<pid>'.
+
+ Note2, for Debian/Linux the default of logfile_rotate is
+ zero, since it includes external logfile-rotation methods.
DOC_END
@@ -4132,12 +4155,15 @@
NAME: snmp_port
TYPE: ushort
LOC: Config.Port.snmp
-DEFAULT: 3401
+DEFAULT: 0
IFDEF: SQUID_SNMP
DOC_START
Squid can now serve statistics and status information via SNMP.
By default it listens to port 3401 on the machine. If you don't
wish to use SNMP, set this to "0".
+
+ Note: on Debian/Linux, the default is zero - you need to
+ set it to 3401 to enable it.
DOC_END
NAME: snmp_access
|