1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360
|
squid (2.7.STABLE6-2) unstable; urgency=low
Since version 2.7.STABLE6-2 error pages are not included in squid-common
anymore, but are instead shipped in a separate package (squid-langpack).
If the error_directory option in /etc/squid/squid.conf was customized, it
should be checked against the new directory layout of squid-langpack; if
it is not set correctly, squid will refuse to start.
-- Luigi Gangitano <luigi@debian.org> Tue, 7 Jul 2009 1:48:10 +0200
squid (2.7.STABLE2-2) unstable; urgency=low
Squid 2.7 introduced a long listing of new features including partial
HTTP/1.1 support, modular logging, background object revalidation and
configuration file includes.
Release notes with details of changes can be found in
/usr/share/doc/squid/RELEASENOTES.html
Changes to the configuration file:
*Added directives*
acl myportname
new acl matching the incoming port name
authenticate_ip_shortcircuit_ttl
authenticate_ip_shortcircuit_access
controls the new IP based authentication cache.
zph_mode
zph_local
zph_sibling
zph_parent
zph_option
controls the Zero Penalty Hit support
update_headers
optimization to skip updating on-disk headers
logfile_daemon
new log file daemon support
netdb_filename
sas hardcoded to the first cache_dir
storeurl_rewrite_program
storeurl_rewrite_children
storeurl_rewrite_concurrency
storeurl_access
controls the new store URL rewrite functionality
rewrite_access
rewrite
controls the new builtin URL rewrite functionality
max_stale
server_http11
ignore_expect_100
Experimental HTTP/1.1 support knobs
external_refresh_check
new helper to allow custom cache validations in accelerator setups
delay_body_max_size
new way of using delay pools based on response size
ignore_ims_on_miss
optimization mainly targeted for accelerator setups
max_filedescriptors
can now be set runtime. Was previously hardcoded at build time and further limited by ulimit
accept_filter
optimization to avoid waking Squid up until a request has been received
incoming_rate
new tuning knob for high traffic conditions
zero_buffers
tuning knob to disable a new optimization
*Changed directives*
cache
Suggested defaults modified
cache_dir
the "read-only" option has been renamed to "no-store" to better reflect the functionality
cache_peer
new multicast-siblings option, enabling multicast ICP sibling relations
new idle=n option to keep a minimum pool of idle connections
new http11 option to enable experimental HTTP/1.1 support
external_acl_type
New %URI format tag
acl
Suggested defaults cleaned up, defines a new "localnet" acl with RFC1918 addresses
new "myportname" acl type matching the http_port name
icp_access
Suggested defaults cleaned up, now requires configuration to use ICP
htcp_access
Suggested defaults cleaned up, now requires configuration to use HTCP
http_access
Suggested defaults cleaned up, using a new "localnet" acl.
http_port
Accelerator mode options cleaned up (accel, defaultsite, vport, vhost and combinations thereof)
new "allow-direct" option
new "act-as-origin" option
new "http11" option (experimental)
new "name=" option
nee "keepalive=" option
https_port
See http_port.
logformat
New format codes: oa (Our outgoing IP address), rp (Request URL-Path), sn (Unique sequence number)
refresh_pattern
Several new options: stale-while-revalidate, ignore-stale-while-revalidate, max-stale, negative-ttl
Suggested defaults adjusted to match the changes in the cache directive.
url_rewrite_program
Future protocol change adding key=value pairs after the requests
forwarded_for
Has several new modes, allowing one to finetune how/if the requesting client IP should be forwarded in X-Forwarded-For
*Removed directives*
incoming_icp_average
incoming_http_average
incoming_dns_average
min_icp_poll_cnt
min_dns_poll_cnt
min_http_poll_cnt
the above tuning knobs no longer have any effect and has been removed.
-- Luigi Gangitano <luigi@debian.org> Sun, 1 Jun 2008 04:11:08 +0200
squid (2.6.1-3) unstable; urgency=low
Squid 2.6 introduced a long listing of new features including ICAP support,
TPROXY support on Linux, epoll() support, WCCPv2 support and new
authentication helpers.
Release notes with details of changes can be found in
/usr/share/doc/squid/RELEASENOTES.html
Changes to the configuration file:
http_port
Now takes a list of options in addition to the port address, specifying the
purpose of this http_port. Default is plain Internet proxy as usual.
httpd_accel_* for transparent proxy
Now implemented by the "transparent" http_port option
httpd_accel_host
Replaced by defaultsite http_port option and cache_peer originserver option.
httpd_accel_port
No longer needed. Server port defined by the cache_peer port.
httpd_accel_uses_host_header
Replaced by vhost http_port option
https_port
Many new options. Reconstructs URLs as https:// by default.
cache_peer
Many new options to support origin servers and SSL encryption
ssl_engine
New directive for hardware assisted SSL encryption
sslproxy_*
New directives defining how to gateway http->https
sslpassword_program
New helper directive to query an external program for SSL key encryption
password (if any)
no_cache
Renamed to cache to better reflect the functionaliy. no_cache still
accepted.
cache
New name for the old no_cache directive.
cache_vary
New directive to disable caching of Vary:ing responses
broken_vary_encoding
New directive to work around known broken compression modules which hasn't
understood the meaning of the ETag HTTP header in relation to
Accept-Encoding.
logformat
New directive for defining custom log formats
cache_access_log
Renamed to access_log
access_log
Select what requests to log where any by what format. Support for multiple
log files and multiple log formats.
check_hostnames
New option to disable the hostname validity/sanity checks usually performed
by Squid, replacing the similar build time configure option in 2.5.
allow_underscore
New option to allow _ in hostnames, replacing the similar build time
configure option in 2.5 and earlier.
dns_defnames
Allow for domain searches. Now possible even when using the internal DNS
client
redirect_*
Renamed to url_rewrite_* to better reflect the functionality of this helper
(rewriting requested URLs)
url_rewrite_concurrency
Activates a new and more efficient helper protocol. Requires changes in the
helper.
location_rewrite_*
New helper hook for rewriting Location headers
auth_param basic blankpassword
New option to allow the use of blank passwords.
auth_param ntlm max_challenge_reuse / max_challenge_lifetime
No longer supported
auth_param ntlm use_ntlm_negotiate
Directive no longer supported. Use of NTLM negotiate packet is always on.
auth_param ntlm keep_alive
New option to fine-tune the use of HTTP keep-alive in combination with NTLM
auth_param negotiate
New Negotiate authentication scheme, the "next generation" scheme in the
family of Microsoft authentication.
external_acl_type
Many new format options %SRCPORT, %MYADDR, %MYPORT, %PATH, %USER_CERT, %ACL,
%DATA and a few variants. Helper protocol defaults to the simpler "3.0"
protocol, and there is support for a highly efficient protocol via the
concurrency= option if supported by the helper.
refresh_pattern
Several new HTTP override/ignore options
read_ahead_gap
New directive to set the response buffer size.
collapsed_forwarding
New directive to enable an alternative optimized forwarding path when there
is very many concurrent requests for the same URL.
refresh_stale_hit
New directive similar to collapsed_forwarding and activates an alternative
optimized request processing when there is very many concurrent requests for
the same recently expired URL.
acl urlgroup
New acl class
acl user_cert
New acl class matching the user SSL certificate (https_port)
acl ca_cert
New acl class matching the CA of the user SSL certificate (https_port)
acl ext_user / ext_user_regex
New acl matching usernames returned by external acl
follow_x_forwarded_for
New option to enable parsing of X-Forwarded-For headers allowing access
controls to be based on the real client IP even if behind secondary proxies
http_access2
New http_access type directive but evaluated after url rewrites
htcp_access, htcp_clr_access
Access control on HTCP requests
log_access
New directive to limit what gets logged.
httpd_suppress_version_string
Enable hiding of the Squid version
umask
New directive to specify the minimum umask Squid should run under
error_map
New directive to allow dynamic rewrites of error pages
via
New directive to disable the use of the Via directive
wccp2_*
WCCP2 protocol support
-- Luigi Gangitano <luigi@debian.org> Wed, 12 Jul 2006 15:11:08 +0200
|