03
Home Solutions Knowledge Base FAQs E-mail Support Live Chat Buy Support

Disclaimer: This manual is NOT a Squid tutorial. It is only a reference material that provides detailed explanation of all configuration parameters available in Squid 2.6. The reader is expected to have prior knowledge of basic Squid installation and configuration. For Complete tutorial on Squid, please visit http://www.squid-cache.org

Squid 2.6 Configuration Manual - External Support Parameters
Squid 2.6 Configuration Manual
OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
External support programs could be viewed as a simple means of modular design, allowing third parties to write modules to improve the features of Squid. That's being said, some of Squid's standard functionality is also provided by helper programs. The standard helper programs include dnsserver, pinger, and several authentication modules. Third party modules include redirectors, ad blockers, and additional authentication modules.
ftp_user
 ftp_list_width ftp_passive ftp_sanitycheck ftp_telnet_protocol
check_hostnames allow_underscore
 cache_dns_program dns_children dns_retransmit_interval
dns_timeout dns_defnames dns_nameservers hosts_file diskd_program
unlinkd_program pinger_program url_rewrite_program url_rewrite_children url_rewrite_concurrency
url_rewrite_host_header url_rewrite_access location_rewrite_program
 location_rewrite_children
 location_rewrite_concurrency
location_rewrite_access
 auth_param authenticate_cache_garbage_interval authenticate_ttl authenticate_ip_ttl
external_acl_type



Recommended minimum configuration
      TAG NAME                   ftp_user









Description  This is the email address Squid uses to login to remote FTP servers anonymously
Build Option
  Default
Usage
  ftp_user username
Default
  ftp_user squid@

Synopsis
For login to some servers, an anonymous email address is to be used. This tag is used to provide the anonymous email address for the login. This can simply be a user name followed by an @ symbol, which your domain name can be automatically attached to. Or it can be a full email address. This should be something reasonable for your domain, such as wwwuser@mydomain.com, or in the domainless case first mentioned, squid@, which happens to be the default for this option.

Arguments
username  User name to be used while login

Example(s)
ftp_user squid@squid.visolve.com

      TAG NAME                   ftp_list_width










Description  The column width for auto-generated Web pages of FTP sites queried through Squid when Squid is in forward proxy
 mode
Build Option
  Default
Usage
  ftp_list_width number
Default
  ftp_list_width 32

Synopsis
This tag gives some control over how Squid formats the resulting file lists. Squid provides limited FTP proxy features to allow browsers (even older, non-FTP aware browsers) to communicate with FTP servers.

Arguments
number  Column width

Example(s)
ftp_list_width 48

      TAG NAME                   ftp_passive




Description  If your firewall does not allow Squid to use passive connections, then turn off this option
Build Option
  Default
Usage
  ftp_passive on|off
Default
  ftp_passive on

Synopsis
Enable or disable passive connections.

Arguments
on/off
  Enable or disable this option

      TAG NAME                   ftp_sanitycheck







Description  Squid performs sanity checks of the addresses of FTP data connections ensure the data connection is to the requested
 server
Build Option
  Default
Usage
  ftp_sanitycheck on|off 
Default
  ftp_sanitycheck on

Synopsis
For security and data integrity reasons Squid by default performs sanity checks of the addresses of FTP data connections ensure the data connection is to the requested  server. If you need to allow FTP connections to servers using another IP address for the data connection then turn this off.

Arguments
on/off  Enable or disable sanity checks

      TAG NAME                   ftp_telnet_protocol







Description  Allows to use the telnet protocol as transport channel for the control connection.
Build Option
  Default
Usage
  ftp_telnet_protocol on|off 
Default
  ftp_telnet_protocol on

Synopsis
The FTP protocol is officially defined to use the telnet protocol as transport channel for the control connection. However, many implementations are broken and does not respect this aspect of the FTP protocol.

If there is any trouble accessing files with ASCII code 255 in the path or similar problems involving this ASCII code you can try setting this directive to off. If that helps, report to the operator of the FTP server in question that their FTP server is broken and does not follow the FTP standard.

Arguments
on/off  Enable or disable telnet protocol as transport channel

      TAG NAME                   check_hostnames






Description  For security and stability reasons Squid by default checks hostnames for Internet standard RFC compliance
Build Option
  Default
Usage
  check_hostnames on|off 
Default
  check_hostnames on 

Synopsis
If you want Squid not to perform these checks then turn this directive off.
If this directive is set to off, then squid disable the hostname validity/sanity checks before trying to look them up in DNS.

Arguments
on/off  Enable or disable hostname checks

      TAG NAME                   allow_underscore






Description  If it is enabled, the underscore character is allowed in the Internet Hostnames
Build Option
  Default
Usage
  allow_underscore on|off 
Default
  allow_underscore on 

Synopsis
Underscore character is strictly not allowed in Internet hostnames but nevertheless used by many sites. Set this to off if Squid sould be strict about the standard.

Arguments
on/off  Enable or disable underscore checks in URL


      TAG NAME                  cache_dns_program





Description  This helper program is used for DNS resolution
Build Option
  --disable-internal-dns
Usage  cache_dns_program program
Default
  cache_dns_program /usr/local/Squid/libexec/dnsserver 

Synopsis
Squid requires a non-blocking resolver for its queries, an external program called dnsserver is included in the standard distribution. This tag is used to specify the path for the external dnsserver program.

Arguments
program
  Path and the external dnsserver program

Example(s)
cache_dns_program /usr/local/libexec/dnsserver

      TAG NAME                   dns_children







Description  The number of processes spawn to service DNS name lookups
Build Option
  Default
Usage
  dns_children number (1 to 32)
Default
  dns_children 5

Synopsis
Specifies the number of external DNS resolver processes that will be started in order to serve requests. The default value of five is enough for many networks, however, if your Squid serves a large number of users, this value may need to be increased to avoid errors. However, increasing the number of processes also increases the load on system resources and may actually hinder performance if set too high. More than 10 is probably overkill.
Arguments
number
  Number of dns children program

Example(s)
dns_children 10

      TAG NAME                   dns_retransmit_interval







Description  Defines the initial retransmit time interval for DNS queries
Build Option
  Default
Usage
  dns_retransmit_interval time-units
Default
  dns_retransmit_interval 5 seconds 

Synopsis
The interval is doubled each time all configured DNS servers have been tried.

Arguments
time-units
  Retransmit time interval

Example(s)
dns_retransmit_interval 15 seconds

      TAG NAME                   dns_timeout







Description  This defines the DNS query timeout
Build Option
  Default
Usage
  dns_timeout time-units
Default
  dns_timeout 5 minutes 

Synopsis
If no response is received to a DNS query within this time then all DNS servers for the queried domain is assumed to be unavailable.

Arguments
time-units
  DNS timeout period

Example(s)
dns_timeout 10 minutes

      TAG NAME                   dns_defnames







Description  Enable/disable the dnsserver to add the local domain name to single component host names
Build Option
  Default
Usage
  dns_defnames on|off
Default
  dns_defnames off 

Synopsis
Normally the 'dnsserver' disables the RES_DEFNAMES resolver option (see res_init(3)).  This prevents caches in a hierarchy from interpreting single-component  hostnames locally.  To allow dnsserver to handle single-component names, enable this option.

Arguments
on/off
  Enable or disable this option

      TAG NAME                   dns_nameservers







Description  Use this if you want to specify a list of DNS name servers (IP addresses) to use
Build Option
  Default
Usage
  dns_nameservers ip_address
Default
  none 

Synopsis
Normally defaults to resolve.conf, which simply means that Squid's parent DNS servers will be drawn from the /etc/resolve.conf file found on the system Squid runs on. It is possible to select other DNS servers if needed, for example to choose a more local caching DNS server, or a remote internet connected server.
Arguments
ip_address
  IP address of the dns servers

Example(s)
dns_nameservers 10.0.0.1 192.172.0.4

      TAG NAME                   hosts_file







Description  Defines the location of the host-local IP name-address associations database
Build Option
  Default
Usage
  host_file path/filename
Default
  hosts_file /etc/hosts 

Synopsis
For Unix and Linux system this file is located at /etc/hosts

Arguments
path
  Path to the file that contains the ip addresses
filename
  File that contains the ip addresses

Example(s)
hosts_file /hosts

      TAG NAME                  diskd_program







Description  Specifies the location of the diskd executable
Build Option
  Default
Usage
  diskd_program path/filename
Default
  diskd_program /usr/local/Squid/libexec/diskd 

Synopsis
This tag is used to specify the location where diskd program is located

Note: This is only useful if you have compiled in diskd as one of the store io modules.

Arguments
path
  Path where diskd program is located
filename
  File that performs diskd operation

Example(s)
diskd_program /usr/local/libexec/diskd

      TAG NAME                  unlinkd_program







Description  Specifies the location where executable for file deletion process is stored
Build Option
  Default
Usage
  unlinkd_program path/filename
Default
  unlinkd_program /usr/local/Squid/libexec/unlinkd 

Synopsis
The name of the helper program that deletes, or unlinks old files in the cache to make room for newer objects.

Arguments
path
  Path where the program is located
filename
  File that performs the specified operation

Example(s)
unlinkd_program /usr/local/libexec/unlinkd

      TAG NAME                  pinger_program







Description  Specifies the location of the executable for the pinger process
Build Option
  --enable-icmp
Usage
  pinger_program path/filename
Default
  pinger_program /usr/local/Squid/libexec/pinger 

Synopsis
An external program that provides Squid with ICMP RTT information so that it can more effectively choose between multiple remote parent caches for request fulfillment.
Arguments
path
  Path of the pinger executable program
filename
  File that performs the pinger process

Example(s)
pinger_program /usr/local/libexec/pinger

      TAG NAME                  url_rewrite_program [previously called as redirect_program]







Description  Specifies the location of the executable for the URL redirector
Build Option
  Default
Usage
  url_rewrite_program path/to/rewriter/program
Default
  none 

Synopsis
Specify the location of the executable for the URL rewriter. Since they can perform almost any function there isn't one included.

For each requested URL, the rewriter will receive a line input with the following format
URL <SP> client_ip "/" fqdn <SP> user <SP> method <SP> urlgroup <NL>

The rewriter may return a rewritten URL. The other components of the request line does not need to be returned (ignored if they are).
The rewriter can also indicate that a client-side redirect should be performed to the new URL. This is done by prefixing the returned URL with "301:" (moved permanently) or 302: (moved temporarily).
It can also return a "urlgroup" that can subsequently be matched in cache_peer_access and similar ACL driven rules. An urlgroup is returned by prefixing the returned url with "!urlgroup!"

By default, a URL rewriter is not used.
 Arguments
path
  Location of the rewriter program
rewriter
  Executable file that performs the rewrite process

Example(s)
url_rewrite_program /usr/local/squirm/bin/squirm

      TAG NAME                  url_rewrite_children [previously called as redirect_children] 







Description  The number of redirector processes to spawn.
Build Option
  Default
Usage
  url_rewrite_children number
Default
  url_rewrite_children 5 
          
Synopsis
The number of redirector processes to spawn. If you start too few Squid will have to wait for them to process a backlog of URLs, slowing it down. If you start too many they will use RAM and other system resources.

Aguments
number
  Number of rewrite process to spawn

Example(s)
url_rewrite_children 15

      TAG NAME                  url_rewrite_concurrency 







Description  The number of requests each redirector helper can handle in parallel.
Build Option
  Default
Usage
  url_rewrite_concurrency number
Default
  url_rewrite_concurrency 0 

Synopsis
The number of requests each redirector helper can handle in parallel. Defaults to 0 which indicates that the redirector is a old-style singlethreaded redirector.

Arguments
number
  Number of requests to be handle

Example(s)
url_rewrite_concurrency 10

      TAG NAME                  url_rewrite_host_header [previously called as redirect_rewrites_host_header]







Description  Enable/disable Squid rewriting any host header in redirected requests
Build Option
  Default
Usage
  url_rewrite_host_header on|off
Default
  url_rewrite_host_header on