Squid manual

The document overview is as follows. Introductory header markup as shown followed by any applicable sections. Which are detailed in more depth below.

TH binary. Marked not for translation. A one-line description of the file. Suitable for use in a title. If a version number is relevant state it in a separate paragraph below the name details. For example:. PP Version 1. Version 1. If an option takes a parameter those parameter descriptors are to be left open for translation. All other parts of the syntax are to be marked not for translation.

B squid. B ] documents: squid [-dh] [-f config-file ]. It should but is not required to begin with the file name in bold. Paragraphs in the description are separated by. PP tags. Any words which name a file or binary should be marked out in bold.

Unlike traditional caching software, Squid handles all requests in a single, non-blocking process. With an empty line between each. The table column offset of the description text is 12 characters, set on the first. TP tag. The option switch and any accepted variable names are marked not for translation unlike in synopsis. The option description is open for translation.

Any repetition of the variable name is highlighted in bold. TP Configuration files have their syntax covered under. Usually from squid. Actual config snippets are to be marked not for translation. For a multi-line configuration block use. For example, URL re-writers would have something like this:. PP Command line options sent to a helper script or binary are added to.

Like so:. Simple set of. PP paragraphs outlining the problems which are known with using the program or script. Each paragraph ending with a list of author names and contacts and separated by a.

PP tag. For a simple binary or script where the manual was also authored by the same individual s :. PP Based on prior work in. B older. Set the icp-port to 7 or 0 if the ICP port of the parent is not known and its use is irrelevant to the provider. In addition, default and no-query may be specified after the port numbers to prohibit the use of the ICP protocol. Squid then behaves like a normal browser as far as the provider's proxy is concerned.

This entry defines the amount of memory Squid can use for very popular replies. The default is 8 MB. This does not specify the memory usage of Squid and may be exceeded. The numbers at the end indicate the maximum disk space in MB to use and the number of directories in the first and second level. The ufs parameter should be left alone.

When specifying the disk space to use, leave sufficient reserve disk space. The last two numbers for the directories should only be increased with caution, because too many directories can also lead to performance problems. These three entries specify the paths where Squid logs all its actions.

Normally, nothing is changed here. If Squid is experiencing a heavy usage burden, it might make sense to distribute the cache and the log files over several disks. If the entry is set to on , obtain readable log files. Some evaluation programs cannot interpret this, however. With this entry, mask IP addresses of clients in the log files.

The last digit of the IP address is set to zero if you enter You may protect the privacy of your clients this way. With this, set the password Squid should use for the anonymous FTP login. It can make sense to specify a valid e-mail address here, because some FTP servers check these for validity. An e-mail address to which Squid sends a message if it unexpectedly crashes. The default is webmaster.

If you run squid -k rotate , Squid can rotate secured log files. The files are numbered in this process and, after reaching the specified value, the oldest file is overwritten. Usually, your own domain is entered here, so entering www in the browser accesses your own Web server. Otherwise it adds a line to the header like. Normally, you do not need to change these values. If you have a dial-up connection, however, the Internet may, at times, not be accessible.

Squid makes a note of the failed requests then refuses to issue new ones, although the Internet connection has been reestablished. In a case such as this, change the minutes to seconds. Then, after clicking Reload in the browser, the dial-up process should be reengaged after a few seconds.

To prevent Squid from taking requests directly from the Internet, use the above command to force connection to another proxy. This might be necessary, for example, if you are using a provider that strictly stipulates the use of its proxies or denies its firewall direct Internet access.

Squid provides a detailed system for controlling the access to the proxy. By implementing ACLs, it can be configured easily and comprehensively. This involves lists with rules that are processed sequentially.

ACLs must be defined before they can be used. Some default ACLs, such as all and localhost , already exist. However, the mere definition of an ACL does not mean that it is actually applied. An ACL requires at least three specifications to define it. The following are some simple examples:. For this, ACLs must be given. In the following example, the localhost has free access to everything while all other hosts are denied access completely.

In another example using these rules, the group teachers always has access to the Internet. The group students only gets access Monday to Friday during lunch time. That is, between the text. With this option, specify a redirector such as squidGuard, which allows the blocking of unwanted URLs. Internet access can be individually controlled for various user groups with the help of proxy authentication and the appropriate ACLs.

In addition, an ACL is still required, so only clients with a valid login can use the Internet:. With this, have an ident request run for all ACL-defined clients to find each user's identity.

Also, an ident daemon must be running on all clients. For Linux, install the pidentd package for this purpose. For Microsoft Windows, free software is available for download from the Internet. To ensure that only clients with a successful ident lookup are permitted, define a corresponding ACL here:. Using ident can slow down the access time quite a bit, because ident lookups are repeated for each request. The usual way of working with proxy servers is the following: the Web browser sends requests to a certain port in the proxy server and the proxy provides these required objects, whether they are in its cache or not.

When working in a network, several situations may arise:. For security reasons, it is recommended that all clients use a proxy to surf the Internet. The proxy in a network is moved, but the existing clients need to retain their old configuration. In all these cases, a transparent proxy may be used. The principle is very easy: the proxy intercepts and answers the requests of the Web browser, so the Web browser receives the requested pages without knowing from where they are coming. As the name indicates, the entire process is done transparently.

In the following squid config line, this would be the port Now redirect all incoming requests via the firewall with help of a port forwarding rule to the Squid port. The configuration file consists of well-documented entries. To set a transparent proxy, you must configure several firewall options:.

In this example, only Web services are offered to the outside:. This allows accessing Web services and Squid whose default port is This service is commonly used. Otherwise, simply take it out of the above entries and set the following option to no :. The comments above show the syntax to follow.

First, enter the IP address and the netmask of the internal networks accessing the proxy firewall. Second, enter the IP address and the netmask to which these clients send their requests. In this example, Web services port 80 are redirected to the proxy port port If there are more networks or services to add, they must be separated by a blank space in the respective entry. Start Squid as shown in Section To verify that all ports are correctly configured, perform a port scan on the machine from any computer outside your network.

Only the Web services port 80 should be open. The cache manager cachemgr. It is also a more convenient way to manage the cache and view statistics without logging the server. First, a running Web server on your system is required. To check if Apache is already running, as root enter the command rcapache status. If a message like this appears:.

Apache is running on the machine. The last step to set it up is to copy the file cachemgr. For bit, this works as follows:. In a bit environment, the file cachemgr. There are some default settings in the original file required for the cache manager.

These rules assume that the Web server and Squid are running on the same machine. If the communication between the cache manager and Squid originates at the Web server on another computer, include an extra ACL as in Example Then add the rules in Example Configure a password for the manager for access to more options, like closing the cache remotely or viewing more information about the cache.

Restart Squid every time the configuration file is changed. Do this easily with rcsquid reload. Press continue and browse through the different statistics. This section is not intended to explain an extensive configuration of squidGuard, only to introduce it and give some advice for using it. It lets you define multiple access rules with different restrictions for different user groups on a Squid cache.

Before it can be used, install squidGuard. Experiment later with more complicated configuration settings. Using Apache is strongly recommended. Now, configure Squid to use squidGuard. The more processes you set, the more RAM is required. Try low numbers e. Last, have Squid load the new configuration by running rcsquid reload. Now, test your settings with a browser. It works with native Squid access log files.

Log in as root then enter cat access. It is important when piping more than one log file that the log files are chronologically ordered with older files first. These are some options of the program:.

If you have multiple similar files like access. To solve this issue, you may use the syntax access. More information about the various options can be found in the program's manual page with man calamaris. This puts the report in the directory of the Web server. Apache is required to view the reports. In addition, mailing lists are available for Squid at squid-users squid-cache.

Contents Contents. Warning: Terminating Squid Terminating Squid with kill or killall can damage the cache.