1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
#!/bin/sh -e
## 01-cf.data.debian.dpatch by Luigi Gangitano <luigi@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Default configuration file for Debian.
if [ $# -ne 1 ]; then
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1
fi
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
case "$1" in
-patch) patch $patch_opts -p1 < $0;;
-unpatch) patch $patch_opts -p1 -R < $0;;
*)
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1;;
esac
exit 0
@DPATCH@
diff -urNad squid-2.6.5~/src/cf.data.pre squid-2.6.5/src/cf.data.pre
--- squid-2.6.5~/src/cf.data.pre 2006-10-12 22:48:48.000000000 +0200
+++ squid-2.6.5/src/cf.data.pre 2006-11-06 11:38:28.000000000 +0100
@@ -320,12 +320,12 @@
NAME: htcp_port
IFDEF: USE_HTCP
TYPE: ushort
-DEFAULT: 4827
+DEFAULT: 0
LOC: Config.Port.htcp
DOC_START
The port number where Squid sends and receives HTCP queries to
- and from neighbor caches. Default is 4827. To disable use
- "0".
+ and from neighbor caches. To turn it on you want to set it 4827.
+ By default it is set to "0" (disabled).
DOC_END
@@ -1651,6 +1651,10 @@
If append_domain is used, that domain will be added to
domain-local (i.e. not containing any dot character) host
definitions.
+
+NOCOMMENT_START
+hosts_file /etc/hosts
+NOCOMMENT_END
DOC_END
NAME: diskd_program
@@ -1863,7 +1867,7 @@
Then, set this line to something like
- auth_param basic program @DEFAULT_PREFIX@/libexec/ncsa_auth @DEFAULT_PREFIX@/etc/passwd
+ auth_param basic program @DEFAULT_PREFIX@/lib/squid/ncsa_auth @DEFAULT_PREFIX@/etc/passwd
"children" numberofchildren
The number of authenticator processes to spawn. If you start too few
@@ -1930,7 +1934,7 @@
Then, set this line to something like
- auth_param digest program @DEFAULT_PREFIX@/libexec/digest_auth_pw @DEFAULT_PREFIX@/etc/digpass
+ auth_param digest program @DEFAULT_PREFIX@/lib/squid/digest_auth_pw @DEFAULT_PREFIX@/etc/digpass
"children" numberofchildren
@@ -1999,7 +2003,10 @@
By default, the ntlm authentication scheme is not used unless a
program is specified.
- auth_param ntlm program /path/to/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
+ Note: If you're using Samba >= 3.0.2, please install the winbind
+ package and use the ntlm_auth helper from that package.
+
+ auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
"children" numberofchildren
The number of authenticator processes to spawn. If you start too few
@@ -2801,7 +2808,9 @@
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
-acl SSL_ports port 443
+acl SSL_ports port 443 # https
+acl SSL_ports port 563 # snews
+acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
@@ -2812,6 +2821,10 @@
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
+acl Safe_ports port 631 # cups
+acl Safe_ports port 873 # rsync
+acl Safe_ports port 901 # SWAT
+acl purge method PURGE
acl CONNECT method CONNECT
NOCOMMENT_END
DOC_END
@@ -2931,6 +2944,9 @@
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
+# Only allow purge requests from localhost
+http_access allow purge localhost
+http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
@@ -2948,6 +2964,7 @@
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
+http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
@@ -3280,12 +3297,12 @@
NAME: cache_effective_user
TYPE: string
-DEFAULT: nobody
+DEFAULT: proxy
LOC: Config.effectiveUser
DOC_START
If you start Squid as root, it will change its effective/real
UID/GID to the user specified below. The default is to change
- to UID to nobody. If you define cache_effective_user, but not
+ to UID to proxy. If you define cache_effective_user, but not
cache_effective_group, Squid sets the GID to the effective
user's default group ID (taken from the password file) and
supplementary group list from the from groups membership of
@@ -3305,6 +3322,9 @@
and only this GID is effective. If Squid is not started as
root the user starting Squid must be member of the specified
group.
+NOCOMMENT_START
+cache_effective_group proxy
+NOCOMMENT_END
DOC_END
@@ -3471,7 +3491,7 @@
NAME: logfile_rotate
TYPE: int
-DEFAULT: 10
+DEFAULT: 0
LOC: Config.Log.rotateNumber
DOC_START
Specifies the number of logfile rotations to make when you
@@ -3487,6 +3507,9 @@
purposes, so -k rotate uses another signal. It is best to get
in the habit of using 'squid -k rotate' instead of 'kill -USR1
<pid>'.
+
+ Note2, for Debian/Linux the default of logfile_rotate is
+ zero, since it includes external logfile-rotation methods.
DOC_END
@@ -4132,12 +4155,15 @@
NAME: snmp_port
TYPE: ushort
LOC: Config.Port.snmp
-DEFAULT: 3401
+DEFAULT: 0
IFDEF: SQUID_SNMP
DOC_START
Squid can now serve statistics and status information via SNMP.
By default it listens to port 3401 on the machine. If you don't
wish to use SNMP, set this to "0".
+
+ Note: on Debian/Linux, the default is zero - you need to
+ set it to 3401 to enable it.
DOC_END
NAME: snmp_access
|
