Home Solutions Knowledge Base FAQs E-mail Support Live Chat Buy Support

Disclaimer: This manual is NOT a Squid tutorial. It is only a reference material that provides detailed explanation of all configuration parameters available in Squid 3.0. The reader is expected to have prior knowledge of basic Squid installation and configuration. For Complete tutorial on Squid, please visit http://www.squid-cache.org

Squid 3.0 Configuration Manual MISCELLANEOUS This section covers configurations that could not be explicitly bundled in with any of the previous categories. Examples of features covered here are limiting the growth of log files, displaying customized information to clients upon error conditions or access denial, defining memory pools for Squid, network management by enabling SNMP, co-ordination with neighbor caches by enabling WCCP, directing the requests either to the origin server or to the neighbor cache, etc. dns_testnames logfile_rotate append_domain tcp_recv_bufsize err_html_text email_err_data deny_info memory_pools memory_pools_limit via forwarded_for log_icp_queries icp_hit_stale minimum_direct_hops minimum_direct_rtt cachemgr_passwd store_avg_object_size store_objects_per_bucket client_db netdb_low netdb_high netdb_ping_period query_icmp test_reachability buffered_logs reload_into_ims always_direct never_direct header_access header_replace icon_directory error_directory maximum_single_addr_tries snmp_port snmp_access snmp_incoming_address snmp_outgoing_address as_whois_server wccp_router wccp_version wccp_incoming_address wccp_outgoing_address

TAG NAME                   dns_testnames Description  This points to a number of hosts that Squid can use to test if DNS service is working properly on your network Build Option  Default Usage  dns_testnames url  Default  dns_testnames netscape.com internic.net nlanr.net microsoft.com Synopsis If DNS isn't working properly, Squid will not be able to service requests, so it will refuse to start, with a brief message regarding why in the cache.log. It is recommended that you select two or more host names on the internet and one or two host names on your intranet, assuming you have one and Squid is expected to service it. By default, the  dns_testnames directive checks a few well known and popular sites: netscape.com, internic.net, nlanr.net, and microsoft.com. Arguments url  Sites on which DNS test to be done Example(s) dns_testnames visolve.com       TAG NAME                   logfile_rotate Description  Used to specify the number of old rotated log files Squid will keep Build Option  Default Usage  logfile_rotate number Default  logfile_rotate 10 Synopsis The value in this tag defines number of rotated log files to be generated. This defaults to 10, which means Squid will keep 10 old log files before overwriting the oldest. Squid -k rotate is the command line usage to implement this function. Arguments number  Number of rotations Example(s) logfile_rotate 5       TAG NAME                   append_domain Description  The domain that Squid will append to requests that are not possibly fully qualified domain names (more precisely,  those that have no dots in them) Build Option  Default Usage  append_domain domainname Default  none Synopsis Using this tag, you can append the domain names to the requests that are not fully qualified domains names. Note: append_domain must begin with a period. Arguments dimainname  Domain name to be appended Example(s) append_domain .cgi.com       TAG NAME                   tcp_recv_bufsize Description  Defines the size of the buffer used for TCP packets being received Build Option  Default Usage  tcp_recv_bufsize bytes Default  tcp_recv_bufsize 0 bytes Synopsis When defined to a non-zero value, this determines the TCP packets receiving buffer size. By default Squid uses whatever the default buffer size for your operating system is. This is done by setting its value to zero. Arguments bytes  Buffer size Example(s) tcp_recv_bufsize 500 bytes       TAG NAME                   err_html_text Description  Provides a means to automatically add some extra information to Squid's error pages Build Option  Default Usage  err_htmal_text text Default  none Synopsis You can add HTML or plain text comments or links here, which will be added to the error messages displayed to clients. To include this in your error messages, you must rewrite the error template files (found in the "errors" directory). Wherever you want the err_html_text line to appear, insert a %L tag in the error template file. Arguments text  Message to be displayed Example(s) err_html_text squid@visolve.com Consider you want to display this mail Id when access denied error occurs, then edit the corresponding file (ERR_ACCESS_DENIED in '$prefix/etc/errors' directory) with %L where this mail Id should be displayed.       TAG NAME                  email_err_data Description  If enabled, information about the occurred error will be included in the mailto links of the ERR pages (if %W is set) so  that the email body contains the data Build Option  Default Usage  email_err_data on|off Default  email_err_data on           Synopsis Enabling this feature, information about the occurred error will be included in the mailto links of the ERR pages Syntax is <A HREF="mailto:%w%W">%w</A> Arguments on/off  Enable or disable       TAG NAME                   deny_info Description  Used to define a customized error page for the requests which gets denied by http_access rules Build Option  Default Usage  deny_info err_page_name acl  deny_info link acl Default  none Synopsis You might have defied certain rules which filters access to certain domains. While accessing those domains, Squid normally displays a default error page. Using this tag, we can define a customized error page. Arguments err_page_name  Customized error page to be displayed acl  acl for which the page to be displayed link  Link to be displayed on deny access Example(s) acl test1 urlpath_regex -i .index.html http_access deny test1 deny_info http://www.google.co.in test1 On satisfying http_access, instead of the default error page, the site google will be loaded.       TAG NAME                   memory_pools Description  This allows Squid to keep memory that it has allocated (but no longer needs), so that it will not need to reallocate  memory in the future Build Option  Default Usage  memory_pools on|off Default  memory_pools on Synopsis Memory pools can improve performance to a small margin by allocating memory, but may need to be turned off if memory is at a premium on your system. This option defaults to on. Arguments on/off  Enable or disable memory pool feature       TAG NAME                   memory_pools_limit Description  The amount of memory Squid will keep allocated, assuming the Keep memory for future use option is turned on Build Option  Default Usage  memory_pools_limit bytes Default  none Synopsis Any non-zero value to this tag will instruct Squid not to keep more than that amount allocated, and if Squid requires more memory than that to fulfill a request, it will use your system's malloc library. Squid does not pre-allocate memory, so it is safe to set this reasonably high. If your Squid runs on a dedicated host, it is probably wisest to leave it to its default of unlimited. If it must share the system with other server processes (like Apache or Sendmail) then it might be appropriate to limit it somewhat. Arguments bytes  Memory pool limit size Example(s) memory_pools_limit 50 MB       TAG NAME                   via Description  Enable/disable via header Build Option  Default Usage  via on|off Default  via on Synopsis If set (default), Squid will include a Via header in requests and replies as required by RFC2616. Arguments on/off  Enable/disable via header       TAG NAME                   forwarded_for Description  This option allows you to choose whether Squid will report the host name of the system that originally made the  request to the origin server Build Option  Default Usage  forwarded_for on|off Default  forwarded_for on Synopsis If set, Squid will include your system's IP address or name in the HTTP requests it forwards.  By default it looks like this: X-Forwarded-For: 192.1.2.3 If you disable this, it will appear as X-Forwarded-For: unknown Arguments on/off  Enable or disable       TAG NAME                   log_icp_queries Description  Dictates whether Squid will log ICP requests Build Option  Default Usage  log_icp_queries on|off Default  log_icp_queries on Synopsis When you fell if ICP loads are very high, you can disable it otherwise you can enable for logging ICP requests. Arguments on/off  Enable or disable logging ICP queries       TAG NAME                  icp_hit_stale Description  Enable/disable to return ICP_HIT for stale cache objects Build Option  Default Usage  icp_hit_stale on|off Default  icp_hit_stale off Synopsis If you want to return ICP_HIT for stale cache objects, set this option to 'on'.  If you have sibling relationships with caches in other administrative domains, this should be 'off'.  If you only have sibling relationships with caches under your control, then it is probably okay to set this to 'on'. If set to 'on', then your siblings should use the option "allow-miss" on their cache_peer lines for connecting to you. Arguments on/off  Enable or disable       TAG NAME                  minimum_direct_hops Description  Define minimum number of direct hops after which it directs Squid to do direct fetches Build Option  Default Usage  minimum_direct_hops number Default  minimum_direct_hops 4 Synopsis When using ICMP pinging features of Squid to determine distance to peers and origin servers, this configures when Squid should prefer going direct over a peer. This parameter plays a role in deciding latency. Arguments number  Number of hops Example(s) minimum_direct_hops 10       TAG NAME                  minimum_direct_rtt Description  Defines minimum rtt after which it directs Squid to do direct fetches Build Option  Default Usage  minimum_direct_rtt timeunits Default  minimum_direct_rtt 400            Synopsis If using the ICMP pinging stuff, do direct fetches for sites which are no more than this many rtt milliseconds away. Arguments timeunits  Round Trip Time Example(s) minimum_direct_rtt 200       TAG NAME                  cachemgr_passwd Description  Specify passwords for cachemgr operations Build Option  Default Usage  cachemgr_passwd password action action ... Default  none            Synopsis By using this we can have secured administration over the Squid. Actions: 5min, 60min, asndb, authenticator, cbdata, client_list, comm_incoming, config *, counters, delay, digest_stats, dns, events, filedescriptors, fqdncache, histograms, http_headers, info, io, ipcache, mem, menu, netdb, non_peers, objects, offline_toggle *, pconn, peer_select, redirector, refresh, server_list, shutdown *, store_digest, storedir, utilization, via_headers, vm_objects. * Indicates actions which will not be performed without a valid password, others can be performed if not listed here. To disable an action, set the password to "disable". To allow performing an action without a password, set the password to "none". Use the keyword "all" to set the same password for all actions. Arguments password  Password for the action action  Action as described above   Example(s) cachemgr_passwd secret shutdown       TAG NAME                  store_avg_object_size Description  Average object size, used to estimate number of objects your cache can hold. Build Option  Default Usage  store_avg_object_size size(Kbytes) Default  store_avg_object_size 13 KB            Synopsis To Estimate the number of objects your cache can hold: NUM_OBJ = cache_swap / store_avg_object_size where, cache_swap is the size of the cache. Arguments size  Size of the object Example(s) store_avg_object_size 100 KB       TAG NAME                  store_objects_per_bucket Description  Defines the number of objects in each store hash table Build Option  Default Usage  store_objects_per_bucket number Default  store_objects_per_bucket 20            Synopsis Target number of objects per bucket in the store hash table. Lowering this value increases the total number of buckets and also the storage maintenance rate. Arguments number  Number of objects Example(s) store_objects_per_bucket 50       TAG NAME                  client_db Description  Allows you to choose whether Squid will keep statistics regarding each individual client Build Option  Default Usage  client_db on|off Default  client_db on            Synopsis If you want to disable collecting per-client statistics, then turn off client_db here. Arguments on/off  Enable or disable collecting client statistics       TAG NAME                  netdb_low, netdb_high Description  Defines low and high water marks for the ICMP measurement database Build Option  Default Usage  netdb_low number  netdb_high number Default  netdb_low 900  netdb_high 1000            Synopsis These measurements are counts and not percentage. The defaults are 900 and 1000.  When the high water mark is reached, database entries will be deleted until the low mark is reached. Arguments number  Number of entries Example(s) netdb_low 500 netdb_high 800       TAG NAME                  netdb_ping_period Description  Defines minimum period for measuring a site Build Option  Default Usage  netdb_ping_period timeunits Default  netdb_ping_period 5 minutes            Synopsis When this is defined, there will be at least this much delay between successive pings to the same network. The default is five minutes. Arguments timeunits  Time period between successive pings Example(s) netdb_ping_period 15 minutes       TAG NAME                  query_icmp Description  Enabling this option, makes Squid to ask your peers to include ICMP data in their ICP replies Build Option  --enable-icmp Usage  query_icmp on|off Default  query_icmp off            Synopsis If your peer has configured Squid (during compilation) with '--enable-icmp' then that peer will send ICMP pings to origin server sites of the URLs it receives.  If you enable this option then the ICP replies from that peer will include the ICMP data (if available). Then, when choosing a parent cache, Squid will choose the parent with the minimal RTT to the origin server.  When this happens, the hierarchy field of the access.log will be "CLOSEST_PARENT_MISS".  This option is off by default. Arguments on/off  Enable or disable this option       TAG NAME                  test_reachability Description  When this is 'on', ICP MISS replies will be ICP_MISS_NOFETCH instead of ICP_MISS if the target host is NOT  in the   ICMP database, or has a zero RTT Build Option  Default Usage  test_reachability on|off Default  test_reachability off Synopsis If the target host is NOT in the ICMP database, or has a zero RTT, enabling this tag, ICP MISS replies will be ICP_MISS_NOFETCH instead of ICP_MISS. Arguments on/off  Enable or disable       TAG NAME                  buffered_logs Description  Buffering and unbuffering can be done while writing cache.log with stdio functions using this tag Build Option  Default Usage  buffered_logs on|off Default  buffered_logs off            Synopsis Buffering it can speed up the writing slightly. By default it will be unbuffered. Arguments on/off  Enable or disable buffering       TAG NAME                  reload_into_ims Description  When you enable this option, client no-cache or reload requests will be changed to If-Modified-Since requests Build Option  Default Usage  reload_into_ims on|off Default  reload_into_ims off            Synopsis This tag is used to change clients no-cache or reload requests to IMS(if-modified sequence). Note: Enabling this feature could make you liable for problems which it causes. Arguments on/off  Enable or disable       TAG NAME                  always_direct Description  Here you can use ACL elements to specify requests which should ALWAYS be forwarded directly to origin servers Build Option  Default Usage  always_direct allow|deny [!]aclname ... Default  none            Synopsis Allows you to easily pick which ACL matches will not be cached. Requests that match the selected ACLs will always be answered from the origin server. Example below explains the tag to a clear extent. Arguments allow/deny  Allow or deny direct access aclname  Access list on which this should act Example(s) acl local-servers dstdomain my.domain.net always_direct allow local-servers To always forward FTP requests directly, use acl FTP proto FTP always_direct allow FTP       TAG NAME                  never_direct Description  With never_direct you can use ACL elements to specify requests which should NEVER be forwarded directly to origin   servers Build Option  Default Usage  never_direct allow|deny [!] aclname ... Default  none            Synopsis never_direct is the opposite of always_direct. By default all requests are not forwarded directly to the origin server. The following example explains this tag. Arguments allow/deny  Deny or allow direct access aclname  Access list on which this should act Example(s) To force the use of a proxy for all requests, except those in your local domain use something like acl local-servers dstdomain .foo.net acl all src 0.0.0.0/0.0.0.0 never_direct deny local-servers never_direct allow all      or if Squid is inside a firewall and there is local intranet servers inside the firewall then use something like: acl local-intranet dstdomain .foo.net acl local-external dstdomain external.foo.net always_direct deny local-external always_direct allow local-intranet never_direct allow all       TAG NAME                  header_access Description  This creates a list of ACLs for each header, allowing you very fine-tuned header mangling Build Option  Default Usage  header_access allow|deny header_name ... Default  none            Synopsis This option replaces the old 'anonymize_headers' and the older 'http_anonymizer' option with something that is much more configurable. This new method creates a list of ACLs for each header, allowing you very fine-tuned header mangling. You can only specify known headers for the header name. Other headers are reclassified as 'Other'. You can also refer to all the headers with 'All'. Arguments allow/deny  Allow or deny access for the specified header name header_name  Header name Example(s) header_access Proxy-Connection allow all       TAG NAME                  header_replace Description  This option allows you to change the contents of headers denied with header_access above Build Option  Default Usage  header_replace header_name message Default  none            Synopsis For headers denied with header_access, this tag allows to replace the content of the header using the message specified This is done by replacing them with some fixed string. This replaces the old fake_user_agent option. By default, headers are removed if denied. Arguments header_name  Header for which content to be changed message  Content to be replaced with the message specified here Example(s) header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit)       TAG NAME                  icon_directory Description  Used to specify the path to icon deirectory Build Option  Default Usage  icon_directory path/directoryname Default  icon_directory /usr/local/Squid/share/icons            Synopsis This tag is used to indicate the icon directory. Arguments path/directoryname  Location path and name of the directory Example(s) icon_directory /usr/local/icons       TAG NAME                 error_directory Description  Defines path to your own error directory Build Option  Default Usage  error_directory path/directoryname Default  error_directory /usr/local/Squid/share/errors/English            Synopsis Used to specify location and name of the error directory used. Arguments path/directoryname  Location path and name of the directory Example(s) error_directory /usr/local/error       TAG NAME                 maximum_single_addr_tries Description  This sets the maximum number of connection attempts for a host that has only one address Build Option  Default Usage  maximum_single_addr_tries number Default  maximum_single_addr_tries 3            Synopsis If the host has more number of address (for multiple-address hosts), each address is tried once. The default value is three tries, the (not recommended) maximum is 255 tries. Note: A warning message will be generated if it is set to a value greater than ten. Arguments number  Number of tries Example(s) maximum_single_addr_tries 5       TAG NAME                 snmp_port Description  Squid serves statistics and status information via SNMP defined using this tag Build Option  --enable-snmp Usage  snmp_port port_number Default  snmp_port 3401            Synopsis By default it listens to port 3401 on the machine. If you don't wish to use SNMP, set this to "0". Arguments port_number  Port where Squid binds the socket Example(s) snmp_port 3401       TAG NAME                 snmp_access Description  Access to SNMP port is controlled using this tag Build Option  --enable-snmp Usage  snmp_access allow|deny [!]aclname ... Default  snmp_port 3401            Synopsis All access to the agent is denied by default. Arguments allow/deny  Allow or deny access aclname  Access list this should act on Example(s) snmp_access allow snmppublic localhost snmp_access deny all       TAG NAME                 snmp_incoming_address, snmp_outgoing_address Description  Defines the interface for snmp incoming and outgoing requests Build Option  --enable-snmp Usage  snmp_incoming_address ip_address  snmp_outgoing_address  ip_address Default  snmp_incoming_address 0.0.0.0  snmp_outgoing_address 255.255.255.255            Synopsis The default snmp_incoming_address (0.0.0.0) is to listen on all available network interfaces. If snmp_outgoing_address is set to 255.255.255.255 (the default) then it will use the same socket as snmp_incoming_address. Only change this if you want to have SNMP replies sent using another address than where this Squid listens for SNMP queries. Note: snmp_incoming_address and snmp_outgoing_address can not have the same value since they both use port 3401. Arguments ip_address  Incoming and outgoing interface address Example(s) snmp_incoming_address 172.16.1.35 snmp_outgoing_address 172.16.1.36       TAG NAME                 as_whois_server Description  This is to query AS numbers Build Option  Default Usage  as_whois_server server_name Default  as_whois_server whois.ra.net            Synopsis AS numbers are queried only when Squid starts up, not for every request. Arguments server_name  Server name for which AS numbers to be queried Example(s) as_whois_server ra.net       TAG NAME                 wccp_router Description  To define your WCCP "home'' router for Squid Build Option  Default Usage  wccp_router ip_address Default  wccp_router 0.0.0.0            Synopsis Setting the wccp_router to 0.0.0.0 (the default) disables WCCP. Arguments ip_address  ip address of the router Example(s) wccp_router 172.16.1.100       TAG NAME                 wccp_version Description  Used to specify the version of Cisco IOS used in the Router Build Option  Default Usage  wccp_version version_number Default  wccp_version 4            Synopsis According to some users, Cisco IOS 11.2 only supports WCCP version 3.  If you're using that version of IOS, change this value to 3. Arguments version_number  IOS version number Example(s) wccp_router 172.16.1.100       TAG NAME                 wccp_incoming_address, wccp_outgoing_address Description  Defines the interface through which WCCP requests will be sent and received Build Option  Default Usage  wccp_incoming_address ip_ddress  wccp_outgoing_address ip_ddress Default  wccp_incoming_address 0.0.0.0  wccp_outgoing_address 255.255.255.255            Synopsis wccp_incoming_address - Use this option if you require WCCP messages to be received on only one interface.  Do NOT use this option if you're unsure how many interfaces you have, or if you know you have only one interface. wccp_outgoing_address  - Use this option if you require WCCP messages to be sent out on only one interface.  Do NOT use this option if you're unsure how many interfaces you have, or if you know you have only one interface. The default behavior is to not bind to any specific address. Arguments ip_address  Incoming and outgoing ip_address Example(s) wccp_incoming_address 172.16.1.36 wccp_outgoing_address 172.16.1.35 Note wccp_incoming_addressand wccp_outgoing_address can not have the same value since they both use port 2048.