Description
The DNS tests exit as soon as the first site is successfully looked up This test can be disabled with the -D command line option.

Example
dns_testnames visolve.com

Description
Specifies the number of logfile rotations to make when you type 'squid -k rotate'. The default is 10, which will rotate with extensions 0 through 9. Setting logfile_rotate to 0 will disable the rotation, but the logfiles are still closed and re-opened. This will enable you to rename the logfiles yourself just before sending the rotate signal.

Example
logfile_rotate 5

Caution
Note, the 'squid -k rotate' command normally sends a USR1 signal to the running squid process. In certain situations (e.g. on Linux with Async I/O), USR1 is used for other purposes; so -k rotate uses another signal. It is best to get in the habit of using 'squid -k rotate' instead of 'kill -USR1 '

Description
Appends local domain name to hostnames without any dots in them. append_domain must begin with a period

Example
append_domain .domain.com

Description
Size of receive buffer to set for TCP sockets. Probably just as easy to change your kernel's default.

Description
This is used to specirfy the HTML text, which is to be included in error messages. Make this a "mailto" URL to your administrator address, or may be just a link to your organizations Web page.

To include this in your error messages, you must rewrite the error template files (found in the "$prefix/etc/errors" directory). Wherever you want the 'err_html_text' line to appear, insert a %L tag in the error template file

Example
err_html_text venkatesh@visolve.com

Consider you want to display this mail Id when access denied error occurs, then edit the corresponding file (ERR_ACCESS_DENIED in '$prefix/etc/errors' directory) with %L where this mail Id should be displayed.

Description
This can be used to return an ERR_ page for requests, which do not pass the 'http_access' rules. A single ACL will cause the http_access check to fail. If a 'deny_info' line exists for that ACL then Squid returns a corresponding error page.

You may use ERR_ pages that come with Squid or create your own pages and put them into the configured errors/ directory

Example
If you want to deny domain 'deny.com' and want to display access denied message specifically, add these lines in conf. And add the file called ERR_CUSTOM_ACCESS_DENIED in $prefix/etc/errors/ directory with your own format.

acl DSTDOMAIN dstdomain .deny.com
http_access deny DSTDOMAIN
http_access allow all
deny_info ERR_CUSTOM_ACCESS_DENIED DSTDOMAIN
So now if users try to browse 'deny.com' they will get your defined error message

Description
If set, Squid will keep pools of allocated (but unused) memory available for future use. If memory is a premium on your system and you believe your malloc library outperforms Squid routines, disable this.

Description
If set to a non-zero value, Squid will keep at most the specified limit of allocated (but unused) memory in memory pools. All free() requests that exceed this limit will be handled by your malloc library. Squid does not pre-allocate any memory, just safe-keeps objects that otherwise would be free()d. Thus, it is safe to set memory_pools_limit to a reasonably high value even if your configuration will use less memory.

If not set (default) or set to zero, Squid will keep all memory it can. That is, there will be no limit on the total amount of memory used for safe-keeping.

Caution
Used only with memory_pools on: To disable memory allocation optimization, do not set memory_pools_limit to 0. Set memory_pools to "off" instead. An overhead for maintaining memory pools is not taken into account when the limit is checked. This overhead is close to four bytes per object kept. However, pools may actually _save_ memory because of reduced memory thrashing in your malloc library.

Description
Current HTTP/1.1 does not provide any standard way of indicating the client address in the request. Since a number of people missed having the originating client address in the request, Squid now adds its own request header called "X-Forwarded-For" which looks like this: X-Forwarded-For: 192.1.2.3|unknown

If set, Squid will include your system's IP address or name in the HTTP requests it forwards. By default it looks like this:
X-Forwarded-For: 192.1.2.3
If you disable this, it will appear as X-Forwarded-For: unknown

Description
If set, ICP queries are logged to access.log. You may wish to disable this if your ICP load is very high to speed things up or to simplify log analysis

Description
If you want to return ICP_HIT for stale cache objects, set this option to 'on'. If you have sibling relationships with caches in other administrative domains, this should be 'off'. If you only have sibling relationships with caches under your control, then it is probably okay to set this to 'on'

Description
If using the ICMP pinging stuff, do direct fetches for sites which are no more than this many hops away. This parameter plays a role in deciding latency

Description
If using the ICMP pinging stuff, do direct fetches for sites which are no more than this many rtt milliseconds away.

Description
This tag is used to specify passwords for cachemgr operations. Some valid actions are (see cache manager menu for a full list):

5min
60min
asndb
authenticator
cbdata
client_list
comm_incoming
config *
counters delay
digest_stats
dns
events
filedescriptors
fqdncache
histograms
http_headers
info
io
ipcache
mem menu
netdb
non_peers
objects
pconn
peer_select
redirector
refresh
server_list
shutdown *
store_digest
storedir
utilization
via_headers
vm_objects

* Indicates actions which will not be performed without a valid password, others can be performed if not listed here.

To disable an action, set the password to "disable".

To allow performing an action without a password, set the password to "none".

Use the keyword "all" to set the same password for all actions.

cachemgr_passwd secret shutdown
cachemgr_passwd lesssssssecret info stats/objects
cachemgr_passwd disable all

Description
Average object size, used to estimate number of objects your cache can hold. To Estimate the number of objects your cache can hold: NUM_OBJ = cache_swap / store_avg_object_size Cache_swap is the size of the cache

Description
Target number of objects per bucket in the store hash table. Lowering this value increases the total number of buckets and also the storage maintenance rate. Then we estimate the number of hash buckets needed: NUM_BUCKETS = NUM_OBJ / store_objects_per_bucket NUM_OBJ is the number of objects your cache can hold, estimated by store_avg_object_size.

Example
store_objects_per_bucket 50

Description
If you want to disable collecting per-client statistics, then turn off client_db here

Description
The low and high water marks for the ICMP measurement database. These are counts, not percents. The defaults are 900 and1000. When the high water mark is reached, database entries will be deleted until the low mark is reached

Description
The minimum period for measuring a site. There will be at least this much delay between successive pings to the same network

Description
If you want to ask your peers to include ICMP data in their ICP replies, enable this option. If your peer has configured Squid (during compilation) with '--enable-icmp' then that peer will send ICMP pings to origin server sites of the URLs it receives. If you enable this option then the ICP replies from that peer will include the ICMP data (if available). Then, when choosing a parent cache, Squid will choose the parent with the minimal RTT to the origin server. When this happens, the hierarchy field of the access.log will be "CLOSEST_PARENT_MISS ".

Description
When this is 'on', ICP MISS replies will be ICP_MISS_NOFETCH instead of ICP_MISS if the target host is NOT in the ICMP database, or has a zero RTT

Description
Some log files (cache.log useragent.log) are written with stdio functions, and as such they can be buffered or unbuffered. By default they will be unbuffered. Buffering them can speed up the writing slightly (though you are unlikely to need to worry).

Description
When you enable this option, client no-cache or "reload'' requests will be changed to If-Modified-Since requests. Doing this VIOLATES the HTTP standard. Enabling this feature could make you liable for problems, which it causes.

See also refresh_pattern for a more selective approach.

This option may be disabled by using --disable-http-violations with the configure script. reload_into_ims off

Description
Here you can use ACL elements to specify requests, which should ALWAYS be forwarded directly to origin servers. This is mostly used while using cache_peer. See also never_direct . For Further reference on always_direct, please click here.

Example
For example, to always directly forward requests for local servers use something like:
acl local-servers dstdomain .my.domain.net
always_direct allow local-servers

To always forward FTP requests directly, use
acl FTP proto FTP
always_direct allow FTP

Example for denying specific domain
acl local-external dstdomain .external.foo.net
acl local-servers dstdomain .foo.net
always_direct deny local-external
always_direct allow local-servers

Caution
There is a similar, but opposite option named ' never_direct'. You need to be aware that "always_direct deny foo" is NOT the same thing as "never_direct allow foo". You may need to use a deny rule to exclude a more-specific case of some other rule.

Description
never_direct is the opposite of always_direct. Please read the description for always_direct if you have not already.

With 'never_direct' you can use ACL elements to specify requests, which should NEVER be forwarded directly to origin servers

When always_direct and never_direct are deny (By default), Squid selects based on the request type and a number of other factors if a parent should be used or not, and if a parent could not be reached it will always fallback on direct.

If always_direct is allow then Squid will always go direct to the source without considering any peers.

If never_direct is allow then Squid will never attempt to go direct to the source. Instead it tries very hard to find a parent to send the request to. If no parent can be found then an error is returned. For Further reference on never_direct, please click here.

Example
For example, to force the use of a proxy for all requests, except those in your local domain use something like:

acl local-servers dstdomain foo.net
acl all src 0.0.0.0/0.0.0.0
never_direct deny local-servers
never_direct allow all

or if squid is inside a firewall and there are local intranet servers inside the firewall then use something like:

acl local-intranet dstdomain .foo.net
acl local-external dstdomain .external.foo.net
always_direct deny local-external
always_direct allow local-intranet
never_direct allow all

Caution
It will be better to understand always_direct before enabling this tag

Description
This option replaces the old 'http_anonymizer' option with something that is much more configurable. You may now specify exactly which headers are to be allowed, or which are to be removed from outgoing requests.

There are two methods of using this option. You may either allow specific headers (thus denying all others), or you may deny specific headers (thus allowing all others).

For example, to achieve the same behavior as the old 'http_anonymizer standard' option, you should use:

anonymize_headers deny From Referer Server
anonymize_headers deny User-Agent WWW-Authenticate Link

Or, to reproduce the old 'http_anonymizer paranoid' feature you should use:

anonymize_headers allow Allow Authorization Cache-Control
anonymize_headers allow Content-Encoding Content-Length
anonymize_headers allow Content-Type Date Expires Host
anonymize_headers allow If-Modified-Since Last-Modified
anonymize_headers allow Location Pragma Accept
anonymize_headers allow Accept-Encoding Accept-Language
anonymize_headers allow Content-Language Mime-Version
anonymize_headers allow Retry-After Title Connection
anonymize_headers allow Proxy-Connection

Example
anonymize_headers deny Proxy-Connection

Caution
You cannot mix "allow" and "deny". All 'anonymize_headers' lines must have the same second argument.

Description
If you filter the User-Agent header with ' anonymize_headers' it may cause some Web servers to refuse your request. Use this to fake one up.

Example
fake_user_agent Nutscrape/1.0 (CP/M; 8-bit)

Description
This tag is to specify the location where the icons are stored

Example
icon_directory /etc/icons

Description
If you wish to create your own versions of the default (English) error files, either to customize them to suit your language or company, copy the template English files to another directory and point this tag at them

Example
icon_directory /etc/errors

Description
This specifies the minimum connect timeout, when the connect timeout is reduced to compensate for the availability of multiple IP addresses. When a connection to a host is initiated, and that host has several IP addresses, the default connection timeout is reduced by dividing it by the number of addresses. So, a site with15 addresses would then have a timeout of 8 seconds for each address attempted. To avoid having the timeout reduced to the point where even a working host would not have a chance to respond, this setting is provided.

Description
This sets the maximum number of connection attempts for a host that only has one address (for multiple-address hosts, each address is tried once)

Caution
A warning message will be generated if it is set to a value greater than ten

Description
Squid can now serve statistics and status information via SNMP. If you don't wish to use SNMP, set this to "0".

The snmpd daemon is a server that supports both the Simple Network Management Protocol v2 and v1. It receives and responds to SNMP messages sent to the SNMP port on the local machine. snmpd.conf is the configuration file which defines how the ucd-smnp SNMP agent operates.

Caution
SNMP support requires use of the --enable-snmp configure command line option

Description
Allowing or denying access to the SNMP port. This option is only available if Squid is rebuilt with the --enable-snmp option

Example
snmp_access allow snmppublic localhost
snmp_access deny all

Description
Just like 'udp_incoming_address' above, but for the SNMP port. This option is only available if Squid is rebuilt with the--enable-snmp option

snmp_incoming_address is used for the SNMP socket receiving messages from SNMP agents. snmp_outgoing_address is used for SNMP packets returned to SNMP agents.

Example
snmp_incoming_address 172.16.1.115
snmp_outgoing_address 172.16.1.114

Caution
snmp_incoming_address and snmp_outgoing_address cannot have the same value since they both use port 3130.

Description
WHOIS server to query for AS numbers. NOTE: AS numbers are queried only when Squid starts up, not for every request.

Description
This option is used to define the WCCP ``home'' router for Squid. Setting the 'wccp_router' to 0.0.0.0 (the default) disables WCCP

Description
According to some users, Cisco IOS 11.2 only supports WCCP version 3. If you're using that version of IOS, change this value to 3.

Description
Use this option if you require WCCP messages to be received on only one interface. Do NOT use this option if you're unsure how many interfaces you have, or if you know you have only one interface

Caution
wccp_incoming_address and wccp_outgoing_address cannot have the same value since they both use port 2048.

Description
Use this option if you require WCCP messages to be sent out on only one interface. Do NOT use this option if you're unsure how many interfaces you have, or if you know you have only one interface

Caution
wccp_incoming_address and wccp_outgoing_address cannot have the same value since they both use port 2048.