diff options
| author |   Donny Davies <woodchip@gentoo.org> | 2002-03-21 01:23:36 +0000 |
|---|---|---|
| committer | Donny Davies <woodchip@gentoo.org> | 2002-03-21 01:23:36 +0000 |
| commit | 45ef61a113272d51dd44de40cd6556ad88093286 (patch) | |
| tree | 447a9344714ab36051ea2c0f2dccee1801e40e6c /net-www/squid | |
| parent | *** empty log message *** (diff) | |
| download | gentoo-2-45ef61a113272d51dd44de40cd6556ad88093286.tar.gz gentoo-2-45ef61a113272d51dd44de40cd6556ad88093286.tar.bz2 gentoo-2-45ef61a113272d51dd44de40cd6556ad88093286.zip | |
Updated to latest release, fixing several bugs along the way.
Please read the Gentoo ChangeLog for details.
Diffstat (limited to 'net-www/squid')
| -rw-r--r-- | net-www/squid/ChangeLog | 30 | ||||
| -rw-r--r-- | net-www/squid/files/digest-squid-2.3.4s-r3 | 8 | ||||
| -rw-r--r-- | net-www/squid/files/digest-squid-2.3.4s-r4 | 8 | ||||
| -rw-r--r-- | net-www/squid/files/digest-squid-2.4.2s | 1 | ||||
| -rw-r--r-- | net-www/squid/files/digest-squid-2.4.2s-r6 | 1 | ||||
| -rw-r--r-- | net-www/squid/files/digest-squid-2.4.6 | 2 | ||||
| -rw-r--r-- | net-www/squid/files/squid-2.4.2s-debian.diff | 375 | ||||
| -rw-r--r-- | net-www/squid/files/squid-2.4.2s-gentoo.diff | 89 | ||||
| -rw-r--r-- | net-www/squid/files/squid-2.4.6-debian.diff | 413 | ||||
| -rw-r--r-- | net-www/squid/files/squid-2.4.6-gentoo.diff | 40 | ||||
| -rw-r--r-- | net-www/squid/files/squid.conf | 2167 | ||||
| -rw-r--r-- | net-www/squid/files/squid.confd | 6 | ||||
| -rw-r--r-- | net-www/squid/files/squid.pam.new | 7 | ||||
| -rw-r--r-- | net-www/squid/files/squid.rc5 | 40 | ||||
| -rw-r--r-- | net-www/squid/files/squid.rc6 | 62 | ||||
| -rw-r--r-- | net-www/squid/squid-2.3.4s-r3.ebuild | 105 | ||||
| -rw-r--r-- | net-www/squid/squid-2.3.4s-r4.ebuild | 108 | ||||
| -rw-r--r-- | net-www/squid/squid-2.4.2s-r6.ebuild | 103 | ||||
| -rw-r--r-- | net-www/squid/squid-2.4.2s.ebuild | 96 | ||||
| -rw-r--r-- | net-www/squid/squid-2.4.6.ebuild | 120 |
20 files changed, 658 insertions, 3123 deletions
diff --git a/net-www/squid/ChangeLog b/net-www/squid/ChangeLog index f52210ced356..2860f41b7bde 100644 --- a/net-www/squid/ChangeLog +++ b/net-www/squid/ChangeLog @@ -1,6 +1,34 @@ # ChangeLog for net-www/squid # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL -# $Header: /var/cvsroot/gentoo-x86/net-www/squid/ChangeLog,v 1.3 2002/02/08 09:59:00 woodchip Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-www/squid/ChangeLog,v 1.4 2002/03/21 01:23:36 woodchip Exp $ + +*squid-2.4.6 (20 Mar 2002) + + 20 Mar 2002; Donny Davies <woodchip@gentoo.org> files/squid.rc6, files/squid.confd, + squid-2.4.6.ebuild, files/squid-2.4.6-debian.diff, squid-2.4.6-gentoo.diff, + files/squid.pam.new, files/digest-squid-2.4.6, squid-2.3.4s-r3.ebuild, + squid-2.3.4s-r4.ebuild, squid-2.4.2s.ebuild, files/digest-squid-2.3.4s-r3, + files/digest-squid-2.3.4s-r4, files/digest-squid-2.4.2s, + files/squid-2.4.2s-debian.diff, files/squid-2.4.2s-gentoo.diff + files/squid.conf, files/squid.rc5 : + + Be sure to upgrade! This version fixes some security glitches in older squids! + + Updated to latest available release; fixed permissions on /usr/lib/squid/*_auth + programs, made the initscript stop() function more robust, grabbed Debian's latest + patch which includes tweaking SQUID_MAXFD (works this time ;) plus other fixes. + We now install the error pages for all available languages, defaulting to English. + Simply change the errors symlink in /etc/squid to whichever you prefer. Changed + the cache location to /var/cache/squid; sorry if this bothers anybody but it fits + better here and matches /etc/passwd properly now. If you're upgrading you could + make /var/cache/squid a symlink to /var/spool/squid, or move the subdirectories + manually. Heads up :) + + Changed some ./configure options; enabled cache-digests, disabled the pinger + and added two more auth-modules. Added ability to compile without debugging. + Removed the stale config file and the old rc5 initscript. Also removed the older + ebuilds; they had numerous bugs. Added a pam_stack aware pam config, for future + deployment. 8 Feb 2002; Donny Davies <woodchip@gentoo.org> files/squid.rc6 : diff --git a/net-www/squid/files/digest-squid-2.3.4s-r3 b/net-www/squid/files/digest-squid-2.3.4s-r3 deleted file mode 100644 index baf9bd961e13..000000000000 --- a/net-www/squid/files/digest-squid-2.3.4s-r3 +++ /dev/null @@ -1,8 +0,0 @@ -MD5 c38c083f44c222a8d026fa129c30b98f squid-2.3.STABLE4-src.tar.gz 970769 -MD5 f1383b24672f9a8317c2c16302a94eaa squid-2.3.stable4-ftp_icon_not_found.patch 794 -MD5 bec46f5a1fcbd9aa1deb9d518c5c11a5 squid-2.3.stable4-internal_dns_rcode_table_formatting.patch 693 -MD5 4453c53a712280a26fdca42c950bc94f squid-2.3.stable4-ipfw_configure.patch 2672 -MD5 436eb77056bed5d45547c739d1123bd3 squid-2.3.stable4-invalid_ip_acl_entry.patch 1746 -MD5 db8e4eb9c1712a4adde7e9aaed0b5249 squid-2.3.stable4-accel_only_access.patch 953 -MD5 68228709d011c93c2cccd9ac723fb462 squid-2.3.stable4-html_quoting.patch 17061 -MD5 c3d48a2b4fc26c0d90eb4c30ae34d3d6 squid-2.3.stable4-carp-assertion.patch 740 diff --git a/net-www/squid/files/digest-squid-2.3.4s-r4 b/net-www/squid/files/digest-squid-2.3.4s-r4 deleted file mode 100644 index baf9bd961e13..000000000000 --- a/net-www/squid/files/digest-squid-2.3.4s-r4 +++ /dev/null @@ -1,8 +0,0 @@ -MD5 c38c083f44c222a8d026fa129c30b98f squid-2.3.STABLE4-src.tar.gz 970769 -MD5 f1383b24672f9a8317c2c16302a94eaa squid-2.3.stable4-ftp_icon_not_found.patch 794 -MD5 bec46f5a1fcbd9aa1deb9d518c5c11a5 squid-2.3.stable4-internal_dns_rcode_table_formatting.patch 693 -MD5 4453c53a712280a26fdca42c950bc94f squid-2.3.stable4-ipfw_configure.patch 2672 -MD5 436eb77056bed5d45547c739d1123bd3 squid-2.3.stable4-invalid_ip_acl_entry.patch 1746 -MD5 db8e4eb9c1712a4adde7e9aaed0b5249 squid-2.3.stable4-accel_only_access.patch 953 -MD5 68228709d011c93c2cccd9ac723fb462 squid-2.3.stable4-html_quoting.patch 17061 -MD5 c3d48a2b4fc26c0d90eb4c30ae34d3d6 squid-2.3.stable4-carp-assertion.patch 740 diff --git a/net-www/squid/files/digest-squid-2.4.2s b/net-www/squid/files/digest-squid-2.4.2s deleted file mode 100644 index c21f789ff38a..000000000000 --- a/net-www/squid/files/digest-squid-2.4.2s +++ /dev/null @@ -1 +0,0 @@ -MD5 6d0329b0078aea2b6e0cf58911d8ae15 squid-2.4.STABLE2-src.tar.gz 1075738 diff --git a/net-www/squid/files/digest-squid-2.4.2s-r6 b/net-www/squid/files/digest-squid-2.4.2s-r6 deleted file mode 100644 index c21f789ff38a..000000000000 --- a/net-www/squid/files/digest-squid-2.4.2s-r6 +++ /dev/null @@ -1 +0,0 @@ -MD5 6d0329b0078aea2b6e0cf58911d8ae15 squid-2.4.STABLE2-src.tar.gz 1075738 diff --git a/net-www/squid/files/digest-squid-2.4.6 b/net-www/squid/files/digest-squid-2.4.6 new file mode 100644 index 000000000000..d70a73ba7606 --- /dev/null +++ b/net-www/squid/files/digest-squid-2.4.6 @@ -0,0 +1,2 @@ +MD5 421639665478f20ba0df7f4f527a0456 FAQ.sgml 451518 +MD5 103fe9d03aca06f89218740f29730527 squid-2.4.STABLE6-src.tar.gz 1081327 diff --git a/net-www/squid/files/squid-2.4.2s-debian.diff b/net-www/squid/files/squid-2.4.2s-debian.diff deleted file mode 100644 index a6614dc187d8..000000000000 --- a/net-www/squid/files/squid-2.4.2s-debian.diff +++ /dev/null @@ -1,375 +0,0 @@ -These patches comes from Debian. Heres the original README for -them, but they're not all necessarily included here.. I made -some changes. ---- - -Upstream patches against the release, that will be integrated into -the next stable release (http://www.squid-cache.org/Versions/v2/2.4/bugs/) - -squid-2.4.stable2-aio_close_fix.patch -squid-2.4.stable2-fix_mkdir-only_put_requests.patch - -Debian specific patches: -All patches that were in the debian squid-2.2.5 and squid-2.3.4 have been -applied to squid-2.4.2 as well, if they hadn't been integrated yet. - -cf.data.debian.patch Debian specific squid.conf patches -dfl-error-dir.patch Default error dir is under /usr/lib/squid for Debian -htcp-off.patch Makes it possible to turn htcp off in squid.conf -icp_hit_stale.patch Don't return 504 on cache-only requests for - stale objects if icp_hit_stale is on. -linux-increase-fds.patch - A hack to squid.h so that FD_SETSIZE can be - redefined on Linux for more open filedescriptors. -no_append_domain_localhost.patch - Don't apply "append_domain" setting to "localhost" - in unqualified URLs. -pipeline-shutup.patch Lower priority of some debug msgs of pipelining code -smb_auth.sh.patch Read password with '-r' so backslashes work -syslog.patch Log to daemon.log instead of local4.log -unlinkd.patch Compile in unlinkd support even with async io - -Not applied (yet?): - -vms-ftp.patch.NOT-YET Not finished and not working - -Dropped patches: - -pipeline.patch.NOMORE Perhaps pipelining is stable in squid-2.4. If - not, there's a new configuration directive to - turn it off: pipeline_prefetch in squid.conf - -diff -ruN squid-2.4.1.orig/src/cf.data.pre squid-2.4.1/src/cf.data.pre ---- squid-2.4.1.orig/src/cf.data.pre Thu Mar 1 22:49:25 2001 -+++ squid-2.4.1/src/cf.data.pre Thu Mar 22 21:23:51 2001 -@@ -98,12 +98,12 @@ - NAME: htcp_port - IFDEF: USE_HTCP - TYPE: ushort --DEFAULT: 4827 -+DEFAULT: 0 - LOC: Config.Port.htcp - DOC_START - The port number where Squid sends and receives HTCP queries to -- and from neighbor caches. Default is 4827. To disable use -- "0". -+ and from neighbor caches. To turn it on you want to set it 4827. -+ By default it is set to "0" (disabled). - - To enable this option, you must use --enable-htcp with the - configure script. -@@ -1721,6 +1721,7 @@ - acl Safe_ports port 488 # gss-http - acl Safe_ports port 591 # filemaker - acl Safe_ports port 777 # multiling http -+acl purge method PURGE - acl CONNECT method CONNECT - NOCOMMENT_END - DOC_END -@@ -1754,6 +1755,9 @@ - # Only allow cachemgr access from localhost - http_access allow manager localhost - http_access deny manager -+# Only allow purge requests from localhost -+http_access allow purge localhost -+http_access deny purge - # Deny requests to unknown ports - http_access deny !Safe_ports - # Deny CONNECT to other than SSL ports -@@ -2648,12 +2655,15 @@ - NAME: snmp_port - TYPE: ushort - LOC: Config.Port.snmp --DEFAULT: 3401 -+DEFAULT: 0 - IFDEF: SQUID_SNMP - DOC_START - Squid can now serve statistics and status information via SNMP. - By default it listens to port 3401 on the machine. If you don't - wish to use SNMP, set this to "0". -+ -+ Note: on Debian/Linux, the default is zero - you need to -+ set it to 3401 to enable it. Also on Gentoo. - - NOTE: SNMP support requires use the --enable-snmp configure - command line option. ---- squid-2.4.2.orig/src/htcp.c Sun Apr 1 18:52:45 2001 -+++ squid-2.4.2/src/htcp.c Mon Oct 1 14:03:25 2001 -@@ -843,6 +843,18 @@ - void - htcpInit(void) - { -+ if (Config.Port.htcp <= 0) { -+ /* -+ * Need to allocate a bit of memory anyway, otherwise -+ * mem.c::memCheckInit() will bail out. -+ */ -+ memDataInit(MEM_HTCP_SPECIFIER, "htcpSpecifier", -+ sizeof(htcpSpecifier), 0); -+ memDataInit(MEM_HTCP_DETAIL, "htcpDetail", sizeof(htcpDetail), 0); -+ htcpInSocket = -1; -+ debug(31, 1) ("HTCP Disabled.\n"); -+ return; -+ } - enter_suid(); - htcpInSocket = comm_open(SOCK_DGRAM, - 0, -@@ -890,6 +902,8 @@ - Packer pa; - MemBuf mb; - http_state_flags flags; -+ -+ if (htcpInSocket < 0) return; - memset(&flags, '\0', sizeof(flags)); - snprintf(vbuf, sizeof(vbuf), "%d/%d", - req->http_ver.major, req->http_ver.minor); -Date: Sat, 15 Jul 2000 10:42:59 +1000 -Message-Id: <200007150042.e6F0gwU25807@gondor.apana.org.au> -From: <herbert@gondor.apana.org.au> -Subject: squid: [PATCH] Make icp_hit_stale useful again -To: submit@bugs.debian.org -X-Mailer: bug 3.3.4 -Delivered-To: submit@bugs.debian.org - -Package: squid -Version: 2.2.5-3 -Severity: normal - -Recent versions of squid will return 504 when a client makes a cache-only -request and the object happens to be stale. - -This effectively makes icp_hit_stale because in that case the object is -almost guaranteed to be stale and if the client is a sibling squid, it will -always be cache-only. - -The follow patch addresses this by check for icp_hit_stale in this case. - - -diff -ruN squid-2.4.1.orig/src/client_side.c squid-2.4.1/src/client_side.c ---- squid-2.4.1.orig/src/client_side.c Sun Mar 4 01:55:10 2001 -+++ squid-2.4.1/src/client_side.c Thu Mar 22 21:05:08 2001 -@@ -352,7 +352,7 @@ - * @?@: Instead of a 504 (Gateway Timeout) reply, we may want to return - * a stale entry *if* it matches client requirements - */ -- if (clientOnlyIfCached(http)) { -+ if (clientOnlyIfCached(http) && !Config.onoff.icp_hit_stale) { - clientProcessOnlyIfCachedMiss(http); - return; - } ---- squid-2.4.1.orig/src/squid.h Thu Feb 22 22:39:14 2001 -+++ squid-2.4.1/src/squid.h Thu Jun 28 15:20:47 2001 -@@ -45,10 +45,24 @@ - */ - #define CHANGE_FD_SETSIZE 1 - --/* Cannot increase FD_SETSIZE on Linux */ -+/* -+ * Cannot increase FD_SETSIZE on Linux, but we can increase __FD_SETSIZE -+ * with glibc 2.2 (or later? remains to be seen). We do this by including -+ * bits/types.h which defines __FD_SETSIZE first, then we redefine -+ * FD_SETSIZE. Ofcourse a user program may NEVER include bits/whatever.h -+ * directly, so this is a dirty hack! -+ */ - #if defined(_SQUID_LINUX_) --#undef CHANGE_FD_SETSIZE --#define CHANGE_FD_SETSIZE 0 -+# undef CHANGE_FD_SETSIZE -+# define CHANGE_FD_SETSIZE 0 -+# include <features.h> -+# if (__GLIBC__ > 2) || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 2) -+# if SQUID_MAXFD > DEFAULT_FD_SETSIZE -+# include <bits/types.h> -+# undef __FD_SETSIZE -+# define __FD_SETSIZE SQUID_MAXFD -+# endif -+# endif - #endif - - /* - -Ignore append_domain setting for the string "localhost". - -diff -ruN squid-2.4.1.orig/src/url.c squid-2.4.1/src/url.c ---- squid-2.4.1.orig/src/url.c Fri Jan 12 01:51:54 2001 -+++ squid-2.4.1/src/url.c Thu Mar 22 21:06:07 2001 -@@ -308,7 +308,7 @@ - /* remove duplicate dots */ - while ((t = strstr(host, ".."))) - xmemmove(t, t + 1, strlen(t)); -- if (Config.appendDomain && !strchr(host, '.')) -+ if (Config.appendDomain && !strchr(host, '.') && strcasecmp(host, "localhost") != 0) - strncat(host, Config.appendDomain, SQUIDHOSTNAMELEN); - if (port == 0) { - debug(23, 3) ("urlParse: Invalid port == 0\n"); ---- squid-2.4.1/src/client_side.c.orig Thu Mar 22 21:05:08 2001 -+++ squid-2.4.1/src/client_side.c Tue Mar 27 17:14:05 2001 -@@ -1699,7 +1699,7 @@ - fd, storeUrl(entry), (int) http->out.offset); - if (conn->chr != http) { - /* there is another object in progress, defer this one */ -- debug(33, 1) ("clientSendMoreData: Deferring %s\n", storeUrl(entry)); -+ debug(33, 3) ("clientSendMoreData: Deferring %s\n", storeUrl(entry)); - memFree(buf, MEM_CLIENT_SOCK_BUF); - return; - } else if (entry && EBIT_TEST(entry->flags, ENTRY_ABORTED)) { -@@ -1873,7 +1873,7 @@ - * execution will resume after the operation completes. - */ - } else { -- debug(33, 1) ("clientKeepaliveNextRequest: FD %d Sending next\n", -+ debug(33, 3) ("clientKeepaliveNextRequest: FD %d Sending next\n", - conn->fd); - assert(entry); - if (0 == storeClientCopyPending(http->sc, entry, http)) { -From: Jeff Licquia <jlicquia@scinet.springfieldclinic.com> -Subject: squid: SMB auth proxy has problems with some passwords -To: submit@bugs.debian.org -X-Mailer: bug 3.2.7 -Message-Id: <20000718174501.0B4A132915@scinet.springfieldclinic.com> -Date: Tue, 18 Jul 2000 12:45:01 -0500 (CDT) - -Package: squid -Version: 2.2.5-2 -Severity: normal - - -The SMB authenticator doesn't handle passwords with backslashes in them -correctly. The fix appears to be easy; just put a -r in the "read SMBPASS" -line in smb_auth.sh. - -diff -ruN squid-2.4.1.orig/auth_modules/SMB/smb_auth.sh squid-2.4.1/auth_modules/SMB/smb_auth.sh ---- squid-2.4.1.orig/auth_modules/SMB/smb_auth.sh Thu Dec 30 18:35:54 1999 -+++ squid-2.4.1/auth_modules/SMB/smb_auth.sh Thu Mar 22 21:08:13 2001 -@@ -24,7 +24,7 @@ - read AUTHSHARE - read AUTHFILE - read SMBUSER --read SMBPASS -+read -r SMBPASS - - # Find domain controller - echo "Domain name: $DOMAINNAME" - -This patch wasn't announced anywhere, but it's in the current squid-2.4 -CVS series and together with the "fix_mkdir-only_put_requests" patch -they are the only serious fixes I could find -- miquels - -diff -ruN squid-2.4.STABLE2/src/fs/aufs/store_io_aufs.c squid-2.4-200109302300/src/fs/aufs/store_io_aufs.c ---- squid-2.4.STABLE2/src/fs/aufs/store_io_aufs.c Fri Jan 5 01:30:39 2001 -+++ squid-2.4-200109302300/src/fs/aufs/store_io_aufs.c Fri Sep 7 02:51:49 2001 -@@ -296,6 +296,8 @@ - storeAufsKickWriteQueue(sio); - else if (sio->mode == O_RDONLY) - storeAufsKickReadQueue(sio); -+ if (aiostate->flags.close_request) -+ storeAufsIOCallback(sio, errflag); - debug(78, 3) ("storeAufsOpenDone: exiting\n"); - } - - -http://www.squid-cache.org/bugs/show_bug.cgi?id=233 - -Squid crashes on Fix "mkdir-only" PUT requests - ---- squid-2.4.1/src/ftp.c 2001/01/12 00:51:47 1.298.2.4 -+++ squid-2.4.1/src/ftp.c 2001/09/18 13:51:25 -@@ -2450,8 +2450,10 @@ - err->ftp.request = xstrdup(ftpState->ctrl.last_command); - if (ftpState->old_reply) - err->ftp.reply = xstrdup(ftpState->old_reply); -- else -+ else if (ftpState->ctrl.last_reply) - err->ftp.reply = xstrdup(ftpState->ctrl.last_reply); -+ else -+ err->ftp.reply = xstrdup(""); - errorAppendEntry(ftpState->entry, err); - storeBufferFlush(ftpState->entry); - ftpSendQuit(ftpState); -diff -ruN squid-2.4.1.orig/src/debug.c squid-2.4.1/src/debug.c ---- squid-2.4.1.orig/src/debug.c Fri Jan 12 01:51:46 2001 -+++ squid-2.4.1/src/debug.c Thu Mar 22 21:10:38 2001 -@@ -180,9 +180,9 @@ - } - debugOpenLog(logfile); - --#if HAVE_SYSLOG && defined(LOG_LOCAL4) -+#if HAVE_SYSLOG - if (opt_syslog_enable) -- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); - #endif /* HAVE_SYSLOG */ - - } -diff -ruN squid-2.4.1.orig/src/main.c squid-2.4.1/src/main.c ---- squid-2.4.1.orig/src/main.c Fri Jan 12 01:51:50 2001 -+++ squid-2.4.1/src/main.c Thu Mar 22 21:17:28 2001 -@@ -835,7 +855,7 @@ - int nullfd; - if (*(argv[0]) == '(') - return; -- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); -+ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); - if ((pid = fork()) < 0) - syslog(LOG_ALERT, "fork failed: %s", xstrerror()); - else if (pid > 0) - -When async io is compiled in, unlinkd support is not compiled in. This -patch makes sure that unlinkd is always compiled in, but only starts -it if there is at least one cache_dir of type "ufs". - - Miquel van Smoorenburg 06-Nov-2000 - -diff -ruN squid-2.4.1.orig/src/main.c squid-2.4.1/src/main.c ---- squid-2.4.1.orig/src/main.c Fri Jan 12 01:51:50 2001 -+++ squid-2.4.1/src/main.c Thu Mar 22 21:17:28 2001 -@@ -320,6 +320,20 @@ - asnFreeMemory(); - } - -+#if USE_UNLINKD -+static int -+needUnlinkd(void) -+{ -+ int i; -+ int r = 0; -+ for (i = 0; i < Config.cacheSwap.n_configured; i++) { -+ if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0) -+ r++; -+ } -+ return r; -+} -+#endif -+ - static void - mainReconfigure(void) - { -@@ -344,6 +358,9 @@ - #endif - redirectShutdown(); - authenticateShutdown(); -+#if USE_UNLINKD -+ unlinkdClose(); -+#endif - storeDirCloseSwapLogs(); - errorClean(); - mimeFreeMemory(); -@@ -362,6 +379,9 @@ - #if USE_WCCP - wccpInit(); - #endif -+#if USE_UNLINKD -+ if (needUnlinkd()) unlinkdInit(); -+#endif - serverConnectionsOpen(); - if (theOutIcpConnection >= 0) { - if (!Config2.Accel.on || Config.onoff.accel_with_proxy) -@@ -507,7 +527,7 @@ - - if (!configured_once) { - #if USE_UNLINKD -- unlinkdInit(); -+ if (needUnlinkd()) unlinkdInit(); - #endif - urlInitialize(); - cachemgrInit(); diff --git a/net-www/squid/files/squid-2.4.2s-gentoo.diff b/net-www/squid/files/squid-2.4.2s-gentoo.diff deleted file mode 100644 index 6112183d0bc0..000000000000 --- a/net-www/squid/files/squid-2.4.2s-gentoo.diff +++ /dev/null @@ -1,89 +0,0 @@ -diff -ur squid-2.4.STABLE2.orig/src/Makefile.in squid-2.4.STABLE2/src/Makefile.in ---- squid-2.4.STABLE2.orig/src/Makefile.in Wed Apr 4 02:01:12 2001 -+++ squid-2.4.STABLE2/src/Makefile.in Wed Oct 24 22:31:22 2001 -@@ -37,16 +37,16 @@ - DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf - DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf - DEFAULT_DNSSERVER = $(libexecdir)/$(DNSSERVER_EXE) --DEFAULT_CACHE_LOG = $(localstatedir)/logs/cache.log --DEFAULT_ACCESS_LOG = $(localstatedir)/logs/access.log --DEFAULT_STORE_LOG = $(localstatedir)/logs/store.log --DEFAULT_PID_FILE = $(localstatedir)/logs/squid.pid --DEFAULT_SWAP_DIR = $(localstatedir)/cache -+DEFAULT_CACHE_LOG = $(localstatedir)/log/squid/cache.log -+DEFAULT_ACCESS_LOG = $(localstatedir)/log/squid/access.log -+DEFAULT_STORE_LOG = $(localstatedir)/log/squid/store.log -+DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid -+DEFAULT_SWAP_DIR = $(localstatedir)/spool/squid - DEFAULT_PINGER = $(libexecdir)/$(PINGER_EXE) - DEFAULT_UNLINKD = $(libexecdir)/$(UNLINKD_EXE) - DEFAULT_DISKD = $(libexecdir)/$(DISKD_EXE) --DEFAULT_ICON_DIR = $(sysconfdir)/icons --DEFAULT_ERROR_DIR = $(sysconfdir)/errors -+DEFAULT_ICON_DIR = $(libexecdir)/icons -+DEFAULT_ERROR_DIR = $(libexecdir)/errors - DEFAULT_MIB_PATH = $(sysconfdir)/mib.txt - - CC = @CC@ -@@ -326,11 +326,6 @@ - echo "mkdir $(localstatedir)"; \ - mkdir -p $(localstatedir); \ - fi -- -@if test ! -d $(localstatedir)/logs; then \ -- echo "mkdir $(localstatedir)/logs"; \ -- mkdir -p $(localstatedir)/logs; \ -- fi -- - # Michael Lupp <mike@nemesis.saar.de> wants to know about additions - # to the install target. - install: all install-mkdirs -diff -ur squid-2.4.STABLE2.orig/icons/Makefile.in squid-2.4.STABLE2/icons/Makefile.in ---- squid-2.4.STABLE2.orig/icons/Makefile.in Tue Jan 16 16:12:30 2001 -+++ squid-2.4.STABLE2/icons/Makefile.in Mon Oct 22 05:23:21 2001 -@@ -15,7 +15,7 @@ - - INSTALL = @INSTALL@ - INSTALL_FILE = @INSTALL_DATA@ --DEFAULT_ICON_DIR = $(sysconfdir)/icons -+DEFAULT_ICON_DIR = $(libexecdir)/icons - - ICONS = anthony-binhex.gif \ - anthony-bomb.gif \ -diff -ur squid-2.4.STABLE2.orig/src/cf.data.pre squid-2.4.STABLE2/src/cf.data.pre ---- squid-2.4.STABLE2.orig/src/cf.data.pre Wed Apr 4 02:01:12 2001 -+++ squid-2.4.STABLE2/src/cf.data.pre Mon Oct 22 05:25:59 2001 -@@ -1890,19 +1890,19 @@ - - NAME: cache_effective_user - TYPE: string --DEFAULT: nobody -+DEFAULT: squid - LOC: Config.effectiveUser - DOC_NONE - - NAME: cache_effective_group - TYPE: string --DEFAULT: nogroup -+DEFAULT: squid - LOC: Config.effectiveGroup - DOC_START - - If the cache is run as root, it will change its effective/real - UID/GID to the UID/GID specified below. The default is to -- change to UID to nobody and GID to nogroup. -+ change to UID to squid and GID to squid. - - If Squid is not started as root, the default is to keep the - current UID/GID. Note that if Squid is not started as root then -diff -ur squid-2.4.STABLE2.orig/src/defines.h squid-2.4.STABLE2/src/defines.h ---- squid-2.4.STABLE2.orig/src/defines.h Thu Jan 11 19:51:46 2001 -+++ squid-2.4.STABLE2/src/defines.h Mon Oct 22 05:27:01 2001 -@@ -219,7 +219,7 @@ - #define N_COUNT_HOUR_HIST (86400 * 3) / (60 * COUNT_INTERVAL) - - /* were to look for errors if config path fails */ --#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors" -+#define DEFAULT_SQUID_ERROR_DIR "/usr/lib/squid/errors" - - /* gb_type operations */ - #define gb_flush_limit (0x3FFFFFFF) diff --git a/net-www/squid/files/squid-2.4.6-debian.diff b/net-www/squid/files/squid-2.4.6-debian.diff new file mode 100644 index 000000000000..b6ae92586746 --- /dev/null +++ b/net-www/squid/files/squid-2.4.6-debian.diff @@ -0,0 +1,413 @@ +These patches are borrowed from Debian's squid-2.4.4 patch. Here's +the README file describing them: +--- + +Upstream patches against the release, that will be integrated into +the next stable release (http://www.squid-cache.org/Versions/v2/2.4/bugs/) + +[currently none] + +Debian specific patches: +All patches that were in the debian squid-2.2.5 and squid-2.3.4 have been +applied to squid-2.4.3 as well, if they hadn't been integrated yet. + +cf.data.debian.patch Debian specific squid.conf patches +dfl-error-dir.patch Default error dir is under /usr/lib/squid for Debian +linux-increase-fds.patch + A hack to squid.h so that FD_SETSIZE can be + redefined on Linux for more open filedescriptors. +no_append_domain_localhost.patch + Don't apply "append_domain" setting to "localhost" + in unqualified URLs. +pipeline-shutup.patch Lower priority of some debug msgs of pipelining code +smb_auth.patch Read password with '-r' so backslashes work + Patch awk regexp to read correct field from nmblookup +syslog.patch Log to daemon.log instead of local4.log +unlinkd.patch Only run unlinkd for diskd and ufs storage methods +debug.c.patch Fix debug output corruption (and crash) when + debug_options is set to 11,3 +webdav-search.patch Reckognize SEARCH webdav method - the Exchange 2000 + web frontend uses it (sigh). +pam-auth-reload.patch Make PAM reload time configurable on command line + +--- squid-2.4.4.orig/auth_modules/PAM/pam_auth.c ++++ squid-2.4.4/auth_modules/PAM/pam_auth.c +@@ -42,6 +42,7 @@ + #include <stdio.h> + #include <assert.h> + #include <stdlib.h> ++#include <unistd.h> + #include <string.h> + #include <signal.h> + #include <time.h> +@@ -56,8 +57,8 @@ + #define SQUID_PAM_SERVICE "squid" + #endif + +-/* How often to reinitialize PAM, in seconds. Undefined = never, 0=always */ +-/* #define PAM_CONNECTION_TTL 60 */ ++/* How often to reinitialize PAM, in seconds. -1 = never, 0=always */ ++#define PAM_CONNECTION_TTL -1 + + static int reset_pam = 1; /* Set to one if it is time to reset PAM processing */ + +@@ -111,6 +112,13 @@ + } + + int ++usage(void) ++{ ++ fprintf(stderr, "Usage: pam_auth [-r seconds]\n"); ++ exit(1); ++} ++ ++int + main(int argc, char *argv[]) + { + pam_handle_t *pamh = NULL; +@@ -119,6 +127,18 @@ + /* char *password; */ + char buf[BUFSIZE]; + time_t pamh_created = 0; ++ int c, pam_connection_ttl = PAM_CONNECTION_TTL; ++ extern char *optarg; ++ extern int optind; ++ ++ while ((c = getopt(argc, argv, "r:")) != EOF) switch (c) { ++ case 'r': ++ pam_connection_ttl = atoi(optarg); ++ break; ++ default: ++ usage(); ++ } ++ if (optind < argc) usage(); + + signal(SIGHUP, signal_received); + +@@ -142,10 +162,10 @@ + } + *password++ = '\0'; + conv.appdata_ptr = (char *) password; /* from buf above. not allocated */ +-#ifdef PAM_CONNECTION_TTL +- if (pamh_created + PAM_CONNECTION_TTL >= time(NULL)) ++ if (pam_connection_ttl >= 0 && ++ pamh_created + pam_connection_ttl <= time(NULL)) + reset_pam = 1; +-#endif ++ + if (reset_pam && pamh) { + /* Close previous PAM connection */ + retval = pam_end(pamh, retval); +--- squid-2.4.4.orig/auth_modules/SMB/Makefile.in ++++ squid-2.4.4/auth_modules/SMB/Makefile.in +@@ -11,7 +11,8 @@ + # by using the --prefix option when configuring Samba, you need to change + # SAMBAPREFIX accordingly. + +-SAMBAPREFIX=/usr/local/samba ++#SAMBAPREFIX=/usr/local/samba ++SAMBAPREFIX=/usr + + prefix = @prefix@ + exec_prefix = @exec_prefix@ +--- squid-2.4.4.orig/auth_modules/SMB/smb_auth.sh ++++ squid-2.4.4/auth_modules/SMB/smb_auth.sh +@@ -24,7 +24,7 @@ + read AUTHSHARE + read AUTHFILE + read SMBUSER +-read SMBPASS ++read -r SMBPASS + + # Find domain controller + echo "Domain name: $DOMAINNAME" +@@ -47,7 +47,7 @@ + addropt="" + fi + echo "Query address options: $addropt" +-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` ++dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` + echo "Domain controller IP address: $dcip" + [ -n "$dcip" ] || exit 1 + +--- squid-2.4.4.orig/src/cf.data.pre ++++ squid-2.4.4/src/cf.data.pre +@@ -98,12 +98,12 @@ + NAME: htcp_port + IFDEF: USE_HTCP + TYPE: ushort +-DEFAULT: 4827 ++DEFAULT: 0 + LOC: Config.Port.htcp + DOC_START + The port number where Squid sends and receives HTCP queries to +- and from neighbor caches. Default is 4827. To disable use +- "0". ++ and from neighbor caches. To turn it on you want to set it 4827. ++ By default it is set to "0" (disabled). + + To enable this option, you must use --enable-htcp with the + configure script. +@@ -1294,7 +1294,7 @@ + 'Max' is an upper limit on how long objects without an explicit + expiry time will be considered fresh. + +- options: overrsde-expire ++ options: override-expire + override-lastmod + reload-into-ims + ignore-reload +@@ -1730,6 +1730,8 @@ + acl Safe_ports port 488 # gss-http + acl Safe_ports port 591 # filemaker + acl Safe_ports port 777 # multiling http ++acl Safe_ports port 901 # SWAT ++acl purge method PURGE + acl CONNECT method CONNECT + NOCOMMENT_END + DOC_END +@@ -1763,6 +1765,9 @@ + # Only allow cachemgr access from localhost + http_access allow manager localhost + http_access deny manager ++# Only allow purge requests from localhost ++http_access allow purge localhost ++http_access deny purge + # Deny requests to unknown ports + http_access deny !Safe_ports + # Deny CONNECT to other than SSL ports +@@ -1890,19 +1895,19 @@ + + NAME: cache_effective_user + TYPE: string +-DEFAULT: nobody ++DEFAULT: squid + LOC: Config.effectiveUser + DOC_NONE + + NAME: cache_effective_group + TYPE: string +-DEFAULT: nogroup ++DEFAULT: squid + LOC: Config.effectiveGroup + DOC_START + + If the cache is run as root, it will change its effective/real + UID/GID to the UID/GID specified below. The default is to +- change to UID to nobody and GID to nogroup. ++ change to UID to squid and GID to squid. + + If Squid is not started as root, the default is to keep the + current UID/GID. Note that if Squid is not started as root then +@@ -2657,12 +2665,15 @@ + NAME: snmp_port + TYPE: ushort + LOC: Config.Port.snmp +-DEFAULT: 3401 ++DEFAULT: 0 + IFDEF: SQUID_SNMP + DOC_START + Squid can now serve statistics and status information via SNMP. + By default it listens to port 3401 on the machine. If you don't + wish to use SNMP, set this to "0". ++ ++ Note: on Gentoo Linux, the default is zero - you need to ++ set it to 3401 to enable it. + + NOTE: SNMP support requires use the --enable-snmp configure + command line option. +--- squid-2.4.4.orig/src/client_side.c ++++ squid-2.4.4/src/client_side.c +@@ -1702,7 +1702,7 @@ + fd, storeUrl(entry), (int) http->out.offset); + if (conn->chr != http) { + /* there is another object in progress, defer this one */ +- debug(33, 1) ("clientSendMoreData: Deferring %s\n", storeUrl(entry)); ++ debug(33, 2) ("clientSendMoreData: Deferring %s\n", storeUrl(entry)); + memFree(buf, MEM_CLIENT_SOCK_BUF); + return; + } else if (entry && EBIT_TEST(entry->flags, ENTRY_ABORTED)) { +@@ -1876,7 +1876,7 @@ + * execution will resume after the operation completes. + */ + } else { +- debug(33, 1) ("clientKeepaliveNextRequest: FD %d Sending next\n", ++ debug(33, 2) ("clientKeepaliveNextRequest: FD %d Sending next\n", + conn->fd); + assert(entry); + if (0 == storeClientCopyPending(http->sc, entry, http)) { +--- squid-2.4.4.orig/src/debug.c ++++ squid-2.4.4/src/debug.c +@@ -74,6 +74,9 @@ + #else + format = va_arg(args1, const char *); + #endif ++ /* give a chance to context-based debugging to print current context */ ++ if (debug_log && !Ctx_Lock) ++ ctx_print(); + snprintf(f, BUFSIZ, "%s| %s", + debugLogTime(squid_curtime), + format); +@@ -94,9 +97,6 @@ + { + if (debug_log == NULL) + return; +- /* give a chance to context-based debugging to print current context */ +- if (!Ctx_Lock) +- ctx_print(); + vfprintf(debug_log, format, args); + if (!Config.onoff.buffered_logs) + fflush(debug_log); +@@ -201,9 +201,9 @@ + } + debugOpenLog(logfile); + +-#if HAVE_SYSLOG && defined(LOG_LOCAL4) ++#if HAVE_SYSLOG + if (opt_syslog_enable) +- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); + #endif /* HAVE_SYSLOG */ + + } +--- squid-2.4.4.orig/src/defines.h ++++ squid-2.4.4/src/defines.h +@@ -219,7 +219,7 @@ + #define N_COUNT_HOUR_HIST (86400 * 3) / (60 * COUNT_INTERVAL) + + /* were to look for errors if config path fails */ +-#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors" ++#define DEFAULT_SQUID_ERROR_DIR "/usr/lib/squid/errors/English" + + /* gb_type operations */ + #define gb_flush_limit (0x3FFFFFFF) +--- squid-2.4.4.orig/src/enums.h ++++ squid-2.4.4/src/enums.h +@@ -393,6 +393,7 @@ + METHOD_EXT17, + METHOD_EXT18, + METHOD_EXT19, ++ METHOD_SEARCH, /* Exchange 2000 web frontend */ + METHOD_ENUM_END + }; + typedef unsigned int method_t; +--- squid-2.4.4.orig/src/main.c ++++ squid-2.4.4/src/main.c +@@ -83,7 +83,7 @@ + usage(void) + { + fprintf(stderr, +- "Usage: %s [-dhsvzCDFNRVYX] [-f config-file] [-[au] port] [-k signal]\n" ++ "Usage: %s [-hsvzCDFNRSVXY] [-d level] [-f file] [-[au] port] [-k signal]\n" + " -a port Specify HTTP port number (default: %d).\n" + " -d level Write debugging to stderr also.\n" + " -f file Use given config-file instead of\n" +@@ -320,6 +320,21 @@ + asnFreeMemory(); + } + ++#if USE_UNLINKD ++static int ++needUnlinkd(void) ++{ ++ int i; ++ int r = 0; ++ for (i = 0; i < Config.cacheSwap.n_configured; i++) { ++ if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0 || ++ strcmp(Config.cacheSwap.swapDirs[i].type, "diskd") == 0) ++ r++; ++ } ++ return r; ++} ++#endif ++ + static void + mainReconfigure(void) + { +@@ -344,6 +359,9 @@ + #endif + redirectShutdown(); + authenticateShutdown(); ++#if USE_UNLINKD ++ unlinkdClose(); ++#endif + storeDirCloseSwapLogs(); + errorClean(); + mimeFreeMemory(); +@@ -362,6 +380,9 @@ + #if USE_WCCP + wccpInit(); + #endif ++#if USE_UNLINKD ++ if (needUnlinkd()) unlinkdInit(); ++#endif + serverConnectionsOpen(); + if (theOutIcpConnection >= 0) { + if (!Config2.Accel.on || Config.onoff.accel_with_proxy) +@@ -507,7 +528,7 @@ + + if (!configured_once) { + #if USE_UNLINKD +- unlinkdInit(); ++ if (needUnlinkd()) unlinkdInit(); + #endif + urlInitialize(); + cachemgrInit(); +@@ -835,7 +856,7 @@ + int nullfd; + if (*(argv[0]) == '(') + return; +- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); ++ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); + if ((pid = fork()) < 0) + syslog(LOG_ALERT, "fork failed: %s", xstrerror()); + else if (pid > 0) +--- squid-2.4.4.orig/src/squid.h ++++ squid-2.4.4/src/squid.h +@@ -45,10 +45,24 @@ + */ + #define CHANGE_FD_SETSIZE 1 + +-/* Cannot increase FD_SETSIZE on Linux */ ++/* ++ * Cannot increase FD_SETSIZE on Linux, but we can increase __FD_SETSIZE ++ * with glibc 2.2 (or later? remains to be seen). We do this by including ++ * bits/types.h which defines __FD_SETSIZE first, then we redefine ++ * FD_SETSIZE. Ofcourse a user program may NEVER include bits/whatever.h ++ * directly, so this is a dirty hack! ++ */ + #if defined(_SQUID_LINUX_) +-#undef CHANGE_FD_SETSIZE +-#define CHANGE_FD_SETSIZE 0 ++# undef CHANGE_FD_SETSIZE ++# define CHANGE_FD_SETSIZE 0 ++# include <features.h> ++# if (__GLIBC__ > 2) || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 2) ++# if SQUID_MAXFD > DEFAULT_FD_SETSIZE ++# include <bits/types.h> ++# undef __FD_SETSIZE ++# define __FD_SETSIZE SQUID_MAXFD ++# endif ++# endif + #endif + + /* +--- squid-2.4.4.orig/src/url.c ++++ squid-2.4.4/src/url.c +@@ -77,6 +77,7 @@ + "%EXT17", + "%EXT18", + "%EXT19", ++ "SEARCH", /* Exchange 2000 web frontend */ + "ERROR" + }; + +@@ -308,7 +309,7 @@ + /* remove duplicate dots */ + while ((t = strstr(host, ".."))) + xmemmove(t, t + 1, strlen(t)); +- if (Config.appendDomain && !strchr(host, '.')) ++ if (Config.appendDomain && !strchr(host, '.') && strcasecmp(host, "localhost") != 0) + strncat(host, Config.appendDomain, SQUIDHOSTNAMELEN); + if (port == 0) { + debug(23, 3) ("urlParse: Invalid port == 0\n"); diff --git a/net-www/squid/files/squid-2.4.6-gentoo.diff b/net-www/squid/files/squid-2.4.6-gentoo.diff new file mode 100644 index 000000000000..c24a27016174 --- /dev/null +++ b/net-www/squid/files/squid-2.4.6-gentoo.diff @@ -0,0 +1,40 @@ +diff -ur squid-2.4.STABLE4.orig/icons/Makefile.in squid-2.4.STABLE4/icons/Makefile.in +--- squid-2.4.STABLE4.orig/icons/Makefile.in Tue Jan 16 16:12:30 2001 ++++ squid-2.4.STABLE4/icons/Makefile.in Wed Mar 20 09:40:19 2002 +@@ -15,7 +15,7 @@ + + INSTALL = @INSTALL@ + INSTALL_FILE = @INSTALL_DATA@ +-DEFAULT_ICON_DIR = $(sysconfdir)/icons ++DEFAULT_ICON_DIR = $(libexecdir)/icons + + ICONS = anthony-binhex.gif \ + anthony-bomb.gif \ +diff -ur squid-2.4.STABLE6.orig/src/Makefile.in squid-2.4.STABLE6/src/Makefile.in +--- squid-2.4.STABLE6.orig/src/Makefile.in Wed Apr 4 03:01:12 2001 ++++ squid-2.4.STABLE6/src/Makefile.in Wed Mar 20 14:18:58 2002 +@@ -37,17 +37,17 @@ + DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf + DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf + DEFAULT_DNSSERVER = $(libexecdir)/$(DNSSERVER_EXE) +-DEFAULT_CACHE_LOG = $(localstatedir)/logs/cache.log +-DEFAULT_ACCESS_LOG = $(localstatedir)/logs/access.log +-DEFAULT_STORE_LOG = $(localstatedir)/logs/store.log +-DEFAULT_PID_FILE = $(localstatedir)/logs/squid.pid +-DEFAULT_SWAP_DIR = $(localstatedir)/cache ++DEFAULT_CACHE_LOG = $(localstatedir)/log/squid/cache.log ++DEFAULT_ACCESS_LOG = $(localstatedir)/log/squid/access.log ++DEFAULT_STORE_LOG = $(localstatedir)/log/squid/store.log ++DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid ++DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid + DEFAULT_PINGER = $(libexecdir)/$(PINGER_EXE) + DEFAULT_UNLINKD = $(libexecdir)/$(UNLINKD_EXE) + DEFAULT_DISKD = $(libexecdir)/$(DISKD_EXE) +-DEFAULT_ICON_DIR = $(sysconfdir)/icons ++DEFAULT_ICON_DIR = $(libexecdir)/icons + DEFAULT_ERROR_DIR = $(sysconfdir)/errors +-DEFAULT_MIB_PATH = $(sysconfdir)/mib.txt ++DEFAULT_MIB_PATH = $(libexecdir)/mib.txt + + CC = @CC@ + MAKEDEPEND = @MAKEDEPEND@ diff --git a/net-www/squid/files/squid.conf b/net-www/squid/files/squid.conf deleted file mode 100644 index 38ff46655901..000000000000 --- a/net-www/squid/files/squid.conf +++ /dev/null @@ -1,2167 +0,0 @@ - -# WELCOME TO SQUID 2 -# ------------------ -# -# This is the default Squid configuration file. You may wish -# to look at the Squid home page (http://squid.nlanr.net/) -# for the FAQ and other documentation. -# -# The default Squid config file shows what the defaults for -# various options happen to be. If you don't need to change the -# default, you shouldn't uncomment the line. Doing so may cause -# run-time problems. In some cases "none" refers to no default -# setting at all, while in other cases it refers to a valid -# option - the comments for that keyword indicate if this is the -# case. -# - - -# NETWORK OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: http_port -# Usage: port -# hostname:port -# 1.2.3.4:port -# -# The socket addresses where Squid will listen for HTTP client -# requests. You may specify multiple socket addresses. -# There are three forms: port alone, hostname with port, and -# IP address with port. If you specify a hostname or IP -# address, then Squid binds the socket to that specific -# address. This replaces the old 'tcp_incoming_address' -# option. Most likely, you do not need to bind to a specific -# address, so you can use the port number alone. -# -# The default port number is 3128. -# -# If you are running Squid in accelerator mode, then you -# probably want to listen on port 80 also, or instead. -# -# The -a command line option will override the *first* port -# number listed here. That option will NOT override an IP -# address, however. -# -# You may specify multiple socket addresses on multiple lines. -# -#http_port 3128 - -# TAG: icp_port -# The port number where Squid sends and receives ICP queries to -# and from neighbor caches. Default is 3130. To disable use -# "0". May be overridden with -u on the command line. -# -#icp_port 3130 - -# TAG: htcp_port -# The port number where Squid sends and receives HTCP queries to -# and from neighbor caches. Default is 4827. To disable use -# "0". -# -# To enable this option, you must use --enable-htcp with the -# configure script. -#htcp_port 4827 - -# TAG: mcast_groups -# This tag specifies a list of multicast groups which your server -# should join to receive multicasted ICP queries. -# -# NOTE! Be very careful what you put here! Be sure you -# understand the difference between an ICP _query_ and an ICP -# _reply_. This option is to be set only if you want to RECEIVE -# multicast queries. Do NOT set this option to SEND multicast -# ICP (use cache_peer for that). ICP replies are always sent via -# unicast, so this option does not affect whether or not you will -# receive replies from multicast group members. -# -# You must be very careful to NOT use a multicast address which -# is already in use by another group of caches. -# -# If you are unsure about multicast, please read the Multicast -# chapter in the Squid FAQ (http://squid.nlanr.net/Squid/FAQ/). -# -# Usage: mcast_groups 239.128.16.128 224.0.1.20 -# -# By default, Squid doesn't listen on any multicast groups. -# -#mcast_groups 239.128.16.128 - -# TAG: tcp_outgoing_address -# TAG: udp_incoming_address -# TAG: udp_outgoing_address -# Usage: tcp_incoming_address 10.20.30.40 -# udp_outgoing_address fully.qualified.domain.name -# -# tcp_outgoing_address is used for connections made to remote -# servers and other caches. -# udp_incoming_address is used for the ICP socket receiving packets -# from other caches. -# udp_outgoing_address is used for ICP packets sent out to other -# caches. -# -# The default behavior is to not bind to any specific address. -# -# NOTE, udp_incoming_address and udp_outgoing_address can not -# have the same value (unless it is 0.0.0.0) since they both use -# port 3130. -# -# NOTE, tcp_incoming_address has been removed. You can now -# specify IP addresses on the 'http_port' line. -# -#tcp_outgoing_address 0.0.0.0 -#udp_incoming_address 0.0.0.0 -#udp_outgoing_address 0.0.0.0 - - -# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM -# ----------------------------------------------------------------------------- - -# TAG: cache_peer -# To specify other caches in a hierarchy, use the format: -# -# hostname type http_port icp_port -# -# For example, -# -# # proxy icp -# # hostname type port port options -# # -------------------- -------- ----- ----- ----------- -# cache_peer parent.foo.net parent 3128 3130 [proxy-only] -# cache_peer sib1.foo.net sibling 3128 3130 [proxy-only] -# cache_peer sib2.foo.net sibling 3128 3130 [proxy-only] -# -# type: either 'parent', 'sibling', or 'multicast'. -# -# proxy_port: The port number where the cache listens for proxy -# requests. -# -# icp_port: Used for querying neighbor caches about -# objects. To have a non-ICP neighbor -# specify '7' for the ICP port and make sure the -# neighbor machine has the UDP echo port -# enabled in its /etc/inetd.conf file. -# -# options: proxy-only -# weight=n -# ttl=n -# no-query -# default -# round-robin -# multicast-responder -# closest-only -# no-digest -# no-netdb-exchange -# no-delay -# login=user:password -# connect-timeout=nn -# digest-url=url -# -# use 'proxy-only' to specify that objects fetched -# from this cache should not be saved locally. -# -# use 'weight=n' to specify a weighted parent. -# The weight must be an integer. The default weight -# is 1, larger weights are favored more. -# -# use 'ttl=n' to specify a IP multicast TTL to use -# when sending an ICP queries to this address. -# Only useful when sending to a multicast group. -# Because we don't accept ICP replies from random -# hosts, you must configure other group members as -# peers with the 'multicast-responder' option below. -# -# use 'no-query' to NOT send ICP queries to this -# neighbor. -# -# use 'default' if this is a parent cache which can -# be used as a "last-resort." You should probably -# only use 'default' in situations where you cannot -# use ICP with your parent cache(s). -# -# use 'round-robin' to define a set of parents which -# should be used in a round-robin fashion in the -# absence of any ICP queries. -# -# 'multicast-responder' indicates that the named peer -# is a member of a multicast group. ICP queries will -# not be sent directly to the peer, but ICP replies -# will be accepted from it. -# -# 'closest-only' indicates that, for ICP_OP_MISS -# replies, we'll only forward CLOSEST_PARENT_MISSes -# and never FIRST_PARENT_MISSes. -# -# use 'no-digest' to NOT request cache digests from -# this neighbor. -# -# 'no-netdb-exchange' disables requesting ICMP -# RTT database (NetDB) from the neighbor. -# -# use 'no-delay' to prevent access to this neighbor -# from influencing the delay pools. -# -# use 'login=user:password' if this is a personal/workgroup -# proxy and your parent requires proxy authentication. -# -# use 'connect-timeout=nn' to specify a peer -# specific connect timeout (also see the -# peer_connect_timeout directive) -# -# use 'digest-url=url' to tell Squid to fetch the cache -# digest (if digests are enabled) for this host from -# the specified URL rather than the Squid default -# location. -# -# NOTE: non-ICP neighbors must be specified as 'parent'. -# -#cache_peer hostname type 3128 3130 - -# TAG: cache_peer_domain -# Use to limit the domains for which a neighbor cache will be -# queried. Usage: -# -# cache_peer_domain cache-host domain [domain ...] -# cache_peer_domain cache-host !domain -# -# For example, specifying -# -# cache_peer_domain parent.foo.net .edu -# -# has the effect such that UDP query packets are sent to -# 'bigserver' only when the requested object exists on a -# server in the .edu domain. Prefixing the domainname -# with '!' means that the cache will be queried for objects -# NOT in that domain. -# -# NOTE: * Any number of domains may be given for a cache-host, -# either on the same or separate lines. -# * When multiple domains are given for a particular -# cache-host, the first matched domain is applied. -# * Cache hosts with no domain restrictions are queried -# for all requests. -# * There are no defaults. -# * There is also a 'cache_peer_access' tag in the ACL -# section. - -# TAG: neighbor_type_domain -# usage: neighbor_type_domain parent|sibling domain domain ... -# -# Modifying the neighbor type for specific domains is now -# possible. You can treat some domains differently than the the -# default neighbor type specified on the 'cache_peer' line. -# Normally it should only be necessary to list domains which -# should be treated differently because the default neighbor type -# applies for hostnames which do not match domains listed here. -# -#EXAMPLE: -# cache_peer parent cache.foo.org 3128 3130 -# neighbor_type_domain cache.foo.org sibling .com .net -# neighbor_type_domain cache.foo.org sibling .au .de - -# TAG: icp_query_timeout (msec) -# Normally Squid will automatically determine an optimal ICP -# query timeout value based on the round-trip-time of recent ICP -# queries. If you want to override the value determined by -# Squid, set this 'icp_query_timeout' to a non-zero value. This -# value is specified in MILLISECONDS, so, to use a 2-second -# timeout (the old default), you would write: -# -# icp_query_timeout 2000 -# -#icp_query_timeout 0 - -# TAG: maximum_icp_query_timeout (msec) -# Normally the ICP query timeout is determined dynamically. But -# sometimes it can lead to very large values (say 5 seconds). -# Use this option to put an upper limit on the dynamic timeout -# value. Do NOT use this option to always use a fixed (instead -# of a dynamic) timeout value. -# -# If 'icp_query_timeout' is set to zero, then this value is -# ignored. -#maximum_icp_query_timeout 2000 - -# TAG: mcast_icp_query_timeout (msec) -# For Multicast peers, Squid regularly sends out ICP "probes" to -# count how many other peers are listening on the given multicast -# address. This value specifies how long Squid should wait to -# count all the replies. The default is 2000 msec, or 2 -# seconds. -# -#mcast_icp_query_timeout 2000 - -# TAG: dead_peer_timeout (seconds) -# This controls how long Squid waits to declare a peer cache -# as "dead." If there are no ICP replies received in this -# amount of time, Squid will declare the peer dead and not -# expect to receive any further ICP replies. However, it -# continues to send ICP queries, and will mark the peer as -# alive upon receipt of the first subsequent ICP reply. -# -# This timeout also affects when Squid expects to receive ICP -# replies from peers. If more than 'dead_peer' seconds have -# passed since the last ICP reply was received, Squid will not -# expect to receive an ICP reply on the next query. Thus, if -# your time between requests is greater than this timeout, you -# will see a lot of requests sent DIRECT to origin servers -# instead of to your parents. -# -#dead_peer_timeout 10 seconds - -# TAG: hierarchy_stoplist -# A list of words which, if found in a URL, cause the object to -# be handled directly by this cache. In other words, use this -# to not query neighbor caches for certain objects. You may -# list this option multiple times. -# -# The default is to directly fetch URLs containing 'cgi-bin' or '?'. -# -#hierarchy_stoplist cgi-bin ? - -# TAG: no_cache -# A list of ACL elements which, if matched, cause the reply to -# immediately removed from the cache. In other words, use this -# to force certain objects to never be cached. -# -# You must use the word 'DENY' to indicate the ACL names which should -# NOT be cached. -# -# There is no default. We recommend you uncomment the following -# two lines. -# -#acl QUERY urlpath_regex cgi-bin \? -#no_cache deny QUERY - - -# OPTIONS WHICH AFFECT THE CACHE SIZE -# ----------------------------------------------------------------------------- - -# TAG: cache_mem (bytes) -# NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS -# SIZE. IT PLACES A LIMIT ON ONE ASPECT OF SQUID'S MEMORY -# USAGE. SQUID USES MEMORY FOR OTHER THINGS AS WELL. -# YOUR PROCESS WILL PROBABLY BECOME TWICE OR THREE TIMES -# BIGGER THAN THE VALUE YOU PUT HERE -# -# 'cache_mem' specifies the ideal amount of memory to be used -# for: -# * In-Transit objects -# * Hot Objects -# * Negative-Cached objects -# -# Data for these objects are stored in 4 KB blocks. This -# parameter specifies the ideal upper limit on the total size of -# 4 KB blocks allocated. In-Transit objects take the highest -# priority. -# -# In-transit objects have priority over the others. When -# additional space is needed for incoming data, negative-cached -# and hot objects will be released. In other words, the -# negative-cached and hot objects will fill up any unused space -# not needed for in-transit objects. -# -# If circumstances require, this limit will be exceeded. -# Specifically, if your incoming request rate requires more than -# 'cache_mem' of memory to hold in-transit objects, Squid will -# exceed this limit to satisfy the new requests. When the load -# decreases, blocks will be freed until the high-water mark is -# reached. Thereafter, blocks will be used to store hot -# objects. -# -# The default is 8 Megabytes. -# -#cache_mem 8 MB - -# TAG: cache_swap_low (percent, 0-100) -# TAG: cache_swap_high (percent, 0-100) -# -# The low- and high-water marks for cache object replacement. -# Replacement begins when the swap (disk) usage is above the -# low-water mark and attempts to maintain utilization near the -# low-water mark. As swap utilization gets close to high-water -# mark object eviction becomes more aggressive. If utilization is -# close to the low-water mark less replacement is done each time. -# -# Defaults are 90% and 95%. If you have a large cache, 5% could be -# hundreds of MB. If this is the case you may wish to set these -# numbers closer together. -# -#cache_swap_low 90 -#cache_swap_high 95 - -# TAG: maximum_object_size (bytes) -# Objects larger than this size will NOT be saved on disk. The -# value is specified in kilobytes, and the default is 4MB. If -# you wish to get a high BYTES hit ratio, you should probably -# increase this (one 32 MB object hit counts for 3200 10KB -# hits). If you wish to increase speed more than your want to -# save bandwidth you should leave this low. -# -# NOTE: if using the LFUDA replacement policy you should increase -# this value to maximize the byte hit rate improvement of LFUDA! -# See replacement_policy below for a discussion of this policy. -# -#maximum_object_size 4096 KB - -# TAG: minimum_object_size (bytes) -# Objects smaller than this size will NOT be saved on disk. The -# value is specified in kilobytes, and the default is 0 KB, which -# means there is no minimum. -#minimum_object_size 0 KB - -# TAG: ipcache_size (number of entries) -# TAG: ipcache_low (percent) -# TAG: ipcache_high (percent) -# The size, low-, and high-water marks for the IP cache. -# -#ipcache_size 1024 -#ipcache_low 90 -#ipcache_high 95 - -# TAG: fqdncache_size (number of entries) -# Maximum number of FQDN cache entries. -#fqdncache_size 1024 - - -# LOGFILE PATHNAMES AND CACHE DIRECTORIES -# ----------------------------------------------------------------------------- - -# TAG: cache_dir -# Usage: -# -# cache_dir Type Directory-Name Mbytes Level-1 Level2 -# -# You can specify multiple cache_dir lines to spread the -# cache among different disk partitions. -# -# Type specifies the kind of storage system to use. Most -# everyone will want to use "ufs" as the type. If you are using -# Async I/O (--enable async-io) on Linux or Solaris, then you may -# want to try "asyncufs" as the type. Async IO support may be -# buggy, however, so beware. -# -# 'Directory' is a top-level directory where cache swap -# files will be stored. If you want to use an entire disk -# for caching, then this can be the mount-point directory. -# The directory must exist and be writable by the Squid -# process. Squid will NOT create this directory for you. -# -# If no 'cache_dir' lines are specified, the following -# default will be used: /usr/cache. -# -# 'Mbytes' is the amount of disk space (MB) to use under this -# directory. The default is 100 MB. Change this to suit your -# configuration. -# -# 'Level-1' is the number of first-level subdirectories which -# will be created under the 'Directory'. The default is 16. -# -# 'Level-2' is the number of second-level subdirectories which -# will be created under each first-level directory. The default -# is 256. -# -cache_dir ufs /var/cache/squid 100 16 256 - -# TAG: cache_access_log -# Logs the client request activity. Contains an entry for -# every HTTP and ICP queries received. -# -cache_access_log /var/log/squid/squid.access - -# TAG: cache_log -# Cache logging file. This is where general information about -# your cache's behavior goes. You can increase the amount of data -# logged to this file with the "debug_options" tag below. -# -cache_log /var/log/squid/squid.cache - -# TAG: cache_store_log -# Logs the activities of the storage manager. Shows which -# objects are ejected from the cache, and which objects are -# saved and for how long. To disable, enter "none". There are -# not really utilities to analyze this data, so you can safely -# disable it. -# -cache_store_log /var/log/squid/squid.store - -# TAG: cache_swap_log -# Location for the cache "swap.log." This log file holds the -# metadata of objects saved on disk. It is used to rebuild the -# cache during startup. Normally this file resides in the first -# 'cache_dir' directory, but you may specify an alternate -# pathname here. Note you must give a full filename, not just -# a directory. Since this is the index for the whole object -# list you CANNOT periodically rotate it! -# -# If you have more than one 'cache_dir', these swap logs will -# have names such as: -# -# cache_swap_log.00 -# cache_swap_log.01 -# cache_swap_log.02 -# -# The numbered extension (which is added automatically) -# corresponds to the order of the 'cache_dir' lines in this -# configuration file. If you change the order of the 'cache_dir' -# lines in this file, then these log files will NOT correspond to -# the correct 'cache_dir' entry (unless you manually rename -# them). We recommend that you do NOT use this option. It is -# better to keep these log files in each 'cache_dir' directory. -# -#cache_swap_log - -# TAG: emulate_httpd_log on|off -# The Cache can emulate the log file format which many 'httpd' -# programs use. To disable/enable this emulation, set -# emulate_httpd_log to 'off' or 'on'. The default -# is to use the native log format since it includes useful -# information that Squid-specific log analyzers use. -# -#emulate_httpd_log off - -# TAG: mime_table -# Pathname to Squid's MIME table. You shouldn't need to change -# this, but the default file contains examples and formatting -# information if you do. -# -#mime_table /etc/squid/mime.conf - -# TAG: log_mime_hdrs on|off -# The Cache can record both the request and the response MIME -# headers for each HTTP transaction. The headers are encoded -# safely and will appear as two bracketed fields at the end of -# the access log (for either the native or httpd-emulated log -# formats). To enable this logging set log_mime_hdrs to 'on'. -# -#log_mime_hdrs off - -# TAG: useragent_log -# If configured with the "--enable-useragent_log" configure -# option, Squid will write the User-Agent field from HTTP -# requests to the filename specified here. By default -# useragent_log is disabled. -# -#useragent_log none - -# TAG: pid_filename -# A filename to write the process-id to. To disable, enter "none". -# -pid_filename /var/run/squid.pid - -# TAG: debug_options -# Logging options are set as section,level where each source file -# is assigned a unique section. Lower levels result in less -# output, Full debugging (level 9) can result in a very large -# log file, so be careful. The magic word "ALL" sets debugging -# levels for all sections. We recommend normally running with -# "ALL,1". -# -#debug_options ALL,1 - -# TAG: log_fqdn on|off -# Turn this on if you wish to log fully qualified domain names -# in the access.log. To do this Squid does a DNS lookup of all -# IP's connecting to it. This can (in some situations) increase -# latency, which makes your cache seem slower for interactive -# browsing. -# -#log_fqdn off - -# TAG: client_netmask -# A netmask for client addresses in logfiles and cachemgr output. -# Change this to protect the privacy of your cache clients. -# A netmask of 255.255.255.0 will log all IP's in that range with -# the last digit set to '0'. -# -#client_netmask 255.255.255.255 - - -# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS -# ----------------------------------------------------------------------------- - -# TAG: ftp_user -# If you want the anonymous login password to be more informative -# (and enable the use of picky ftp servers), set this to something -# reasonable for your domain, like wwwuser@somewhere.net -# -# The reason why this is domainless by default is that the -# request can be made on the behalf of a user in any domain, -# depending on how the cache is used. -# Some ftp server also validate that the email address is valid -# (for example perl.com). -# -#ftp_user Squid@ - -# TAG: ftp_list_width -# Sets the width of ftp listings. This should be set to fit in -# the width of a standard browser. Setting this too small -# can cut off long filenames when browsing ftp sites. -# -#ftp_list_width 32 - -# TAG: ftp_passive -# If your firewall does not allow Squid to use passive -# connections, then turn off this option. -##ftp_passive on - -# TAG: cache_dns_program -# Specify the location of the executable for dnslookup process. -# -#cache_dns_program /usr/bin/dnsserver - -# TAG: dns_children -# The number of processes spawn to service DNS name lookups. -# For heavily loaded caches on large servers, you should -# probably increase this value to at least 10. The maximum -# is 32. The default is 5. -# -# You must have at least one dnsserver process. -# -#dns_children 5 - -# TAG: dns_defnames on|off -# Normally the 'dnsserver' disables the RES_DEFNAMES resolver -# option (see res_init(3)). This prevents caches in a hierarchy -# from interpreting single-component hostnames locally. To allow -# dnsserver to handle single-component names, enable this -# option. -# -#dns_defnames off - -# TAG: dns_nameservers -# Use this if you want to specify a list of DNS name servers -# (IP addresses) to use instead of those given in your -# /etc/resolv.conf file. -# -# Example: dns_nameservers 10.0.0.1 192.172.0.4 -# -#dns_nameservers none - -# TAG: unlinkd_program -# Specify the location of the executable for file deletion process. -# This isn't needed if you are using async-io since it's handled by -# a thread. -# -#unlinkd_program /usr/bin/unlinkd - -# TAG: pinger_program -# Specify the location of the executable for the pinger process. -# This is only useful if you configured Squid (during compilation) -# with the '--enable-icmp' option. -# -#pinger_program /usr/bin/pinger - -# TAG: redirect_program -# Specify the location of the executable for the URL redirector. -# Since they can perform almost any function there isn't one included. -# See the Release-Notes for information on how to write one. -# By default, a redirector is not used. -# -#redirect_program none - -# TAG: redirect_children -# The number of redirector processes to spawn. If you start -# too few Squid will have to wait for them to process a backlog of -# URLs, slowing it down. If you start too many they will use RAM -# and other system resources. -# -#redirect_children 5 - -# TAG: redirect_rewrites_host_header -# By default Squid rewrites any Host: header in redirected -# requests. If you are running a accelerator then this may -# not be a wanted effect of a redirector. -#redirect_rewrites_host_header on - -# TAG: redirector_access -# If defined, this access list specifies which requests are -# sent to the redirector processes. By default all requests -# are sent. - -# TAG: authenticate_program -# Specify the command for the external authenticator. Such a -# program reads a line containing "username password" and replies -# "OK" or "ERR" in an endless loop. If you use an authenticator, -# make sure you have 1 acl of type proxy_auth. By default, the -# authenticator_program is not used. -# -# If you want to use the traditional proxy authentication, -# jump over to the ../auth_modules/NCSA directory and -# type: -# % make -# % make install -# -# Then, set this line to something like -# -# authenticate_program /usr/bin/ncsa_auth /usr/etc/passwd -# -#authenticate_program none - -# TAG: authenticate_children -# The number of authenticator processes to spawn (default 5). If you -# start too few Squid will have to wait for them to process a backlog -# of usercode/password verifications, slowing it down. When password -# verifications are done via a (slow) network you are likely to need -# lots of authenticator processes. -# -#authenticate_children 5 - -# TAG: authenticate_ttl -# The time a checked username/password combination remains cached -# (default 3600). If a wrong password is given for a cached user, -# the user gets removed from the username/password cache forcing -# a revalidation. -# -#authenticate_ttl 3600 - -# TAG: authenticate_ip_ttl -# With this option you control how long a proxy authentication -# will be bound to a specific IP address. If a request using -# the same user name is received during this time then access -# will be denied and both users are required to reauthenticate -# them selves. The idea behind this is to make it annoying -# for people to share their password to their friends, but -# yet allow a dialup user to reconnect on a different dialup -# port. -# -# The default is 0 to disable the check. Recommended value -# if you have dialup users are no more than 60 (seconds). If -# all your users are stationary then higher values may be -# used. -# -#authenticate_ip_ttl 0 - - -# OPTIONS FOR TUNING THE CACHE -# ----------------------------------------------------------------------------- - -# TAG: wais_relay_host -# TAG: wais_relay_port -# Relay WAIS request to host (1st arg) at port (2 arg). -# -#wais_relay_host localhost -#wais_relay_port 8000 - -# TAG: request_header_max_size (KB) -# This specifies the maximum size for HTTP headers in a request. -# Request headers are usually relatively small (about 512 bytes). -# Placing a limit on the request header size will catch certain -# bugs (for example with persistent connections) and possibly -# buffer-overflow or denial-of-service attacks. -#request_header_max_size 10 KB - -# TAG: request_body_max_size (KB) -# This specifies the maximum size for an HTTP request body. -# In other words, the maximum size of a PUT/POST request. -# A user who attempts to send a request with a body larger -# than this limit receives an "Invalid Request" error message. -# If you set this parameter to a zero, there will be no limit -# imposed. -#request_body_max_size 1 MB - -# TAG: reply_body_max_size (KB) -# This option specifies the maximum size of a reply body. It -# can be used to prevent users from downloading very large files, -# such as MP3's and movies. The reply size is checked twice. -# First when we get the reply headers, we check the -# content-length value. If the content length value exists and -# is larger than this parameter, the request is denied and the -# user receives an error message that says "the request or reply -# is too large." If there is no content-length, and the reply -# size exceeds this limit, the client's connection is just closed -# and they will receive a partial reply. -# -# NOTE: downstream caches probably can not detect a partial reply -# if there is no content-length header, so they will cache -# partial responses and give them out as hits. You should NOT -# use this option if you have downstream caches. -# -# If you set this parameter to zero (the default), there will be -# no limit imposed. -#reply_body_max_size 0 - -# TAG: refresh_pattern -# usage: refresh_pattern [-i] regex min percent max [options] -# -# By default, regular expressions are CASE-SENSITIVE. To make -# them case-insensitive, use the -i option. -# -# 'Min' is the time (in minutes) an object without an explicit -# expiry time should be considered fresh. The recommended -# value is 0, any higher values may cause dynamic applications -# to be erroneously cached unless the application designer -# has taken the appropriate actions. -# -# 'Percent' is a percentage of the objects age (time since last -# modification age) an object without explicit expiry time -# will be considered fresh. -# -# 'Max' is an upper limit on how long objects without an explicit -# expiry time will be considered fresh. -# -# options: override-expire -# override-lastmod -# reload-into-ims -# ignore-reload -# -# override-expire enforces min age even if the server -# sent a Expires: header. Doing this VIOLATES the HTTP -# standard. Enabling this feature could make you liable -# for problems which it causes. -# -# override-lastmod enforces min age even on objects -# that was modified recently. -# -# reload-into-ims changes client no-cache or ``reload'' -# to If-Modified-Since requests. Doing this VIOLATES the -# HTTP standard. Enabling this feature could make you -# liable for problems which it causes. -# -# ignore-reload ignores a client no-cache or ``reload'' -# header. Doing this VIOLATES the HTTP standard. Enabling -# this feature could make you liable for problems which -# it causes. -# -# Please see the file doc/Release-Notes-1.1.txt for a full -# description of Squid's refresh algorithm. Basically a -# cached object is: (the order is changed from 1.1.X) -# -# FRESH if expires < now, else STALE -# STALE if age > max -# FRESH if lm-factor < percent, else STALE -# FRESH if age < min -# else STALE -# -# The refresh_pattern lines are checked in the order listed here. -# The first entry which matches is used. If none of the entries -# match, then the default will be used. -# -#Default: -refresh_pattern ^ftp: 1440 20% 10080 -refresh_pattern ^gopher: 1440 0% 1440 -refresh_pattern . 0 20% 4320 - -# TAG: replacement_policy -# The cache replacement policy parameter determines which -# objects are evicted (replaced) when disk space is needed. -# Squid used to have only a single replacement policy, LRU. -# But when built with -DHEAP_REPLACEMENT you can choose -# between two new, enhanced policies: -# -# GDSF: Greedy-Dual Size Frequency -# LFUDA: Least Frequently Used with Dynamic Aging -# -# Both of these policies are frequency based rather than recency -# based, and perform better than LRU. -# -# The GDSF policy optimizes object hit rate by keeping smaller -# popular objects in cache so it has a better chance of getting a -# hit. It achieves a lower byte hit rate than LFUDA though since -# it evicts larger (possibly popular) objects. -# -# The LFUDA policy keeps popular objects in cache regardless of -# their size and thus optimizes byte hit rate at the expense of -# hit rate since one large, popular object will prevent many -# smaller, slightly less popular objects from being cached. -# -# Both policies utilize a dynamic aging mechanism that prevents -# cache pollution that can otherwise occur with frequency-based -# replacement policies. -# -# NOTE: if using the LFUDA replacement policy you should increase -# the value of maximum_object_size above its default of 4096 KB to -# to maximize the potential byte hit rate improvement of LFUDA. -# -# For more information about these cache replacement policies see -# http://www.hpl.hp.com/techreports/1999/HPL-1999-69.html and -# http://fog.hpl.external.hp.com/techreports/98/HPL-98-173.html. -# -#replacement_policy LFUDA - -# TAG: reference_age -# As a part of normal operation, Squid performs Least Recently -# Used removal of cached objects. The LRU age for removal is -# computed dynamically, based on the amount of disk space in -# use. The dynamic value can be seen in the Cache Manager 'info' -# output. -# -# The 'reference_age' parameter defines the maximum LRU age. For -# example, setting reference_age to '1 week' will cause objects -# to be removed if they have not been accessed for a week or -# more. The default value is one year. -# -# Specify a number here, followed by units of time. For example: -# 1 week -# 3.5 days -# 4 months -# 2.2 hours -# -# NOTE: this parameter is not used when using the enhanced -# replacement policies, GDSH or LFUDA. -# -#reference_age 1 year - -# TAG: quick_abort_min (KB) -# TAG: quick_abort_max (KB) -# TAG: quick_abort_pct (percent) -# The cache can be configured to continue downloading aborted -# requests. This may be undesirable on slow (e.g. SLIP) links -# and/or very busy caches. Impatient users may tie up file -# descriptors and bandwidth by repeatedly requesting and -# immediately aborting downloads. -# -# When the user aborts a request, Squid will check the -# quick_abort values to the amount of data transfered until -# then. -# -# If the transfer has less than 'quick_abort_min' KB remaining, -# it will finish the retrieval. Setting 'quick_abort_min' to -1 -# will disable the quick_abort feature. -# -# If the transfer has more than 'quick_abort_max' KB remaining, -# it will abort the retrieval. -# -# If more than 'quick_abort_pct' of the transfer has completed, -# it will finish the retrieval. -# -#quick_abort_min 16 KB -#quick_abort_max 16 KB -#quick_abort_pct 95 - -# TAG: negative_ttl time-units -# Time-to-Live (TTL) for failed requests. Certain types of -# failures (such as "connection refused" and "404 Not Found") are -# negatively-cached for a configurable amount of time. The -# default is 5 minutes. Note that this is different from -# negative caching of DNS lookups. -# -#negative_ttl 5 minutes - -# TAG: positive_dns_ttl time-units -# Time-to-Live (TTL) for positive caching of successful DNS lookups. -# Default is 6 hours (360 minutes). If you want to minimize the -# use of Squid's ipcache, set this to 1, not 0. -# -#positive_dns_ttl 6 hours - -# TAG: negative_dns_ttl time-units -# Time-to-Live (TTL) for negative caching of failed DNS lookups. -# -#negative_dns_ttl 5 minutes - -# TAG: range_offset_limit (bytes) -# Sets a upper limit on how far into the the file a Range request -# may be to cause Squid to prefetch the whole file. If beyond this -# limit then Squid forwards the Range request as it is and the result -# is NOT cached. -# -# This is to stop a far ahead range request (lets say start at 17MB) -# from making Squid fetch the whole object up to that point before -# sending anything to the client. -# -# A value of -1 causes Squid to always fetch the object from the -# beginning so that it may cache the result. (2.0 style) -# -# A value of 0 causes Squid to never fetch more than the client -# client requested. (default) -# -#range_offset_limit 0 KB - - -# TIMEOUTS -# ----------------------------------------------------------------------------- - -# TAG: connect_timeout time-units -# Some systems (notably Linux) can not be relied upon to properly -# time out connect(2) requests. Therefore the Squid process -# enforces its own timeout on server connections. This parameter -# specifies how long to wait for the connect to complete. The -# default is two minutes (120 seconds). -# -#connect_timeout 120 seconds - -# TAG: peer_connect_timeout time-units -# This parameter specifies how long to wait for a pending TCP -# connection to a peer cache. The default is 30 seconds. You -# may also set different timeout values for individual neighbors -# with the 'connect-timeout' option on a 'cache_peer' line. -#peer_connect_timeout 30 seconds - -# TAG: siteselect_timeout time-units -# For URN to multiple URL's URL selection -# -#siteselect_timeout 4 seconds - -# TAG: read_timeout time-units -# The read_timeout is applied on server-side connections. After -# each successful read(), the timeout will be extended by this -# amount. If no data is read again after this amount of time, -# the request is aborted and logged with ERR_READ_TIMEOUT. The -# default is 15 minutes. -# -#read_timeout 15 minutes - -# TAG: request_timeout -# How long to wait for an HTTP request after connection -# establishment. For persistent connections, wait this long -# after the previous request completes. -# -#request_timeout 30 seconds - -# TAG: client_lifetime time-units -# The maximum amount of time that a client (browser) is allowed to -# remain connected to the cache process. This protects the Cache -# from having a lot of sockets (and hence file descriptors) tied up -# in a CLOSE_WAIT state from remote clients that go away without -# properly shutting down (either because of a network failure or -# because of a poor client implementation). The default is one -# day, 1440 minutes. -# -# NOTE: The default value is intended to be much larger than any -# client would ever need to be connected to your cache. You -# should probably change client_lifetime only as a last resort. -# If you seem to have many client connections tying up -# filedescriptors, we recommend first tuning the read_timeout, -# request_timeout, pconn_timeout and quick_abort values. -# -#client_lifetime 1 day - -# TAG: half_closed_clients -# Some clients may shutdown the sending side of their TCP -# connections, while leaving their receiving sides open. Sometimes, -# Squid can not tell the difference between a half-closed and a -# fully-closed TCP connection. By default, half-closed client -# connections are kept open until a read(2) or write(2) on the -# socket returns an error. Change this option to 'off' and Squid -# will immediately close client connections when read(2) returns -# "no more data to read." -# -#half_closed_clients on - -# TAG: pconn_timeout -# Timeout for idle persistent connections to servers and other -# proxies. -#pconn_timeout 120 seconds - -# TAG: ident_timeout -# Maximum time to wait for IDENT requests. If this is too high, -# and you enabled 'ident_lookup', then you might be susceptible -# to denial-of-service by having many ident requests going at -# once. -# -# Only src type ACL checks are fully supported. A src_domain -# ACL might work at times, but it will not always provide -# the correct result. -# -# This option may be disabled by using --disable-ident with -# the configure script. -#ident_timeout 10 seconds - -# TAG: shutdown_lifetime time-units -# When SIGTERM or SIGHUP is received, the cache is put into -# "shutdown pending" mode until all active sockets are closed. -# This value is the lifetime to set for all open descriptors -# during shutdown mode. Any active clients after this many -# seconds will receive a 'timeout' message. -# -#shutdown_lifetime 30 seconds - - -# ACCESS CONTROLS -# ----------------------------------------------------------------------------- - -# TAG: acl -# Defining an Access List -# -# acl aclname acltype string1 ... -# acl aclname acltype "file" ... -# -# when using "file", the file should contain one item per line -# -# acltype is one of src dst srcdomain dstdomain url_pattern -# urlpath_pattern time port proto method browser user -# -# By default, regular expressions are CASE-SENSITIVE. To make -# them case-insensitive, use the -i option. -# -# acl aclname src ip-address/netmask ... (clients IP address) -# acl aclname src addr1-addr2/netmask ... (range of addresses) -# acl aclname dst ip-address/netmask ... (URL host's IP address) -# acl aclname myip ip-address/netmask ... (local socket IP address) -# -# acl aclname srcdomain .foo.com ... # reverse lookup, client IP -# acl aclname dstdomain .foo.com ... # Destination server from URL -# acl aclname srcdom_regex [-i] xxx ... # regex matching client name -# acl aclname dstdom_regex [-i] xxx ... # regex matching server -# # For dstdomain and dstdom_regex a reverse lookup is tried if a IP -# # based URL is used. The name "none" is used if the reverse lookup -# # fails. -# -# acl aclname time [day-abbrevs] [h1:m1-h2:m2] -# day-abbrevs: -# S - Sunday -# M - Monday -# T - Tuesday -# W - Wednesday -# H - Thursday -# F - Friday -# A - Saturday -# h1:m1 must be less than h2:m2 -# acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL -# acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path -# acl aclname port 80 70 21 ... -# acl aclname port 0-1024 ... # ranges allowed -# acl aclname myport 3128 ... # (local socket TCP port) -# acl aclname proto HTTP FTP ... -# acl aclname method GET POST ... -# acl aclname browser [-i] regexp -# # pattern match on User-Agent header -# acl aclname ident username ... -# # string match on ident output. -# # use REQUIRED to accept any non-null ident. -# acl aclname src_as number ... -# acl aclname dst_as number ... -# # Except for access control, AS numbers can be used for -# # routing of requests to specific caches. Here's an -# # example for routing all requests for AS#1241 and only -# # those to mycache.mydomain.net: -# # acl asexample dst_as 1241 -# # cache_peer_access mycache.mydomain.net allow asexample -# # cache_peer_access mycache_mydomain.net deny all -# -# acl aclname proxy_auth username ... -# # list of valid usernames -# # use REQUIRED to accept any valid username. -# # -# # NOTE: when a Proxy-Authentication header is sent but it is not -# # needed during ACL checking the username is NOT logged -# # in access.log. -# # -# # NOTE: proxy_auth requires a EXTERNAL authentication program -# # to check username/password combinations (see -# # authenticate_program). -# # -# # WARNING: proxy_auth can't be used in a transparent proxy. It -# # collides with any authentication done by origin servers. It may -# # seem like it works at first, but it doesn't. -# -# acl aclname snmp_community string ... -# # A community string to limit access to your SNMP Agent -# # Example: -# # -# # acl snmppublic snmp_community public -# -# acl aclname maxconn number -# # This will be matched when the client's IP address has -# # more than <number> HTTP connections established. -# -# -#Examples: -#acl myexample dst_as 1241 -#acl password proxy_auth REQUIRED -# -#Defaults: -acl all src 0.0.0.0/0.0.0.0 -acl manager proto cache_object -acl localhost src 127.0.0.1/255.255.255.255 -acl SSL_ports port 443 563 -acl Safe_ports port 80 21 443 563 70 210 1025-65535 -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http -acl CONNECT method CONNECT - -# TAG: http_access -# Allowing or Denying access based on defined access lists -# -# Access to the HTTP port: -# http_access allow|deny [!]aclname ... -# -# Access to the ICP port: -# icp_access allow|deny [!]aclname ... -# -# NOTE on default values: -# -# If there are no "access" lines present, the default is to allow -# the request. -# -# If none of the "access" lines cause a match, the default is the -# opposite of the last line in the list. If the last line was -# deny, then the default is allow. Conversely, if the last line -# is allow, the default will be deny. For these reasons, it is a -# good idea to have an "deny all" or "allow all" entry at the end -# of your access lists to avoid potential confusion. -# -#Default configuration: -http_access allow manager localhost -http_access deny manager -http_access deny !Safe_ports -http_access deny CONNECT !SSL_ports -# -# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS -# -http_access deny all - -# TAG: icp_access -# Reply to all ICP queries we receive -# -icp_access allow all - -# TAG: miss_access -# Use to force your neighbors to use you as a sibling instead of -# a parent. For example: -# -# acl localclients src 172.16.0.0/16 -# miss_access allow localclients -# miss_access deny !localclients -# -# This means that only your local clients are allowed to fetch -# MISSES and all other clients can only fetch HITS. -# -# By default, allow all clients who passed the http_access rules -# to fetch MISSES from us. -miss_access allow all - -# TAG: cache_peer_access -# Similar to 'cache_peer_domain' but provides more flexibility by -# using ACL elements. -# -# cache_peer_access cache-host allow|deny [!]aclname ... -# -# The syntax is identical to 'http_access' and the other lists of -# ACL elements. See the comments for 'http_access' below, or -# the Squid FAQ (http://squid.nlanr.net/Squid/FAQ/FAQ-10.html). - -# TAG: proxy_auth_realm -# Specifies the realm name which is to be reported to the client for -# proxy authentication (part of the text the user will see when -# prompted their username and password). -# -#proxy_auth_realm Squid proxy-caching web server - -# TAG: ident_lookup_access -# A list of ACL elements which, if matched, cause an ident -# (RFC 931) lookup to be performed for this request. For -# example, you might choose to always perform ident lookups -# for your main multi-user Unix boxes, but not for your Macs -# and PCs. By default, ident lookups are not performed for -# any requests. -# -# To enable ident lookups for specific client addresses, you -# can follow this example: -# -# acl ident_aware_hosts src 198.168.1.0/255.255.255.0 -# ident_lookup_access allow ident_aware_hosts -# ident_lookup_access deny all -# -# This option may be disabled by using --disable-ident with -# the configure script. -#ident_lookup_access deny all - - -# ADMINISTRATIVE PARAMETERS -# ----------------------------------------------------------------------------- - -# TAG: cache_mgr -# Email-address of local cache manager who will receive -# mail if the cache dies. The default is "webmaster." -# -#cache_mgr webmaster - -# TAG: cache_effective_user -# TAG: cache_effective_group -# -# If the cache is run as root, it will change its effective/real -# UID/GID to the UID/GID specified below. The default is to -# change to UID to nobody and GID to nogroup. -# -# If Squid is not started as root, the default is to keep the -# current UID/GID. Note that if Squid is not started as root then -# you cannot set http_port to a value lower than 1024. -# -cache_effective_user squid -cache_effective_group daemon - -# TAG: visible_hostname -# If you want to present a special hostname in error messages, etc, -# then define this. Otherwise, the return value of gethostname() -# will be used. If you have multiple caches in a cluster and -# get errors about IP-forwarding you must set them to have individual -# names with this setting. -# -#visible_hostname www-cache.foo.org - -# TAG: unique_hostname -# If you want to have multiple machines with the same -# 'visible_hostname' then you must give each machine a different -# 'unique_hostname' so that forwarding loops can be detected. -# -#unique_hostname www-cache1.foo.org - -# TAG: hostname_aliases -# A list of other DNS names that your cache has. - - -# OPTIONS FOR THE CACHE REGISTRATION SERVICE -# ----------------------------------------------------------------------------- -# -# This section contains parameters for the (optional) cache -# announcement service. This service is provided to help -# cache administrators locate one another in order to join or -# create cache hierarchies. -# -# An 'announcement' message is sent (via UDP) to the registration -# service by Squid. By default, the announcement message is NOT -# SENT unless you enable it with 'announce_period' below. -# -# The announcement message includes your hostname, plus the -# following information from this configuration file: -# -# http_port -# icp_port -# cache_mgr -# -# All current information is processed regularly and made -# available on the Web at http://ircache.nlanr.net/Cache/Tracker/. - -# TAG: announce_period -# This is how frequently to send cache announcements. The -# default is `0' which disables sending the announcement -# messages. -# -# To enable announcing your cache, just uncomment the line -# below. -# -#announce_period 1 day - -# TAG: announce_host -# TAG: announce_file -# TAG: announce_port -# announce_host and announce_port set the hostname and port -# number where the registration message will be sent. -# -# Hostname will default to 'tracker.ircache.net' and port will -# default default to 3131. If the 'filename' argument is given, -# the contents of that file will be included in the announce -# message. -# -#announce_host tracker.ircache.net -#announce_port 3131 - - -# HTTPD-ACCELERATOR OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: httpd_accel_host -# TAG: httpd_accel_port -# If you want to run Squid as an httpd accelerator, define the -# host name and port number where the real HTTP server is. -# -# If you want virtual host support then specify the hostname -# as "virtual". -# -# NOTE: enabling httpd_accel_host disables proxy-caching and -# ICP. If you want these features enabled also, then set -# the 'httpd_accel_with_proxy' option. -# -#httpd_accel_host hostname -#httpd_accel_port port - -# TAG: httpd_accel_with_proxy on|off -# If you want to use Squid as both a local httpd accelerator -# and as a proxy, change this to 'on'. -# -#httpd_accel_with_proxy off - -# TAG: httpd_accel_uses_host_header on|off -# HTTP/1.1 requests include a Host: header which is basically the -# hostname from the URL. Squid can be an accelerator for -# different HTTP servers by looking at this header. However, -# Squid does NOT check the value of the Host header, so it opens -# a big security hole. We recommend that this option remain -# disabled unless you are sure of what you are doing. -# -# However, you will need to enable this option if you run Squid -# as a transparent proxy. Otherwise, virtual servers which -# require the Host: header will not be properly cached. -#httpd_accel_uses_host_header off - - -# MISCELLANEOUS -# ----------------------------------------------------------------------------- - -# TAG: dns_testnames -# The DNS tests exit as soon as the first site is successfully looked up -# -# If you want to disable DNS tests, do not comment out or delete this -# list. Instead use the -D command line option -# -#dns_testnames netscape.com internic.net nlanr.net microsoft.com - -# TAG: logfile_rotate -# Specifies the number of logfile rotations to make when you -# type 'squid -k rotate'. The default is 10, which will rotate -# with extensions 0 through 9. Setting logfile_rotate to 0 will -# disable the rotation, but the logfiles are still closed and -# re-opened. This will enable you to rename the logfiles -# yourself just before sending the rotate signal. -# -# Note, the 'squid -k rotate' command normally sends a USR1 -# signal to the running squid process. In certain situations -# (e.g. on Linux with Async I/O), USR1 is used for other -# purposes, so -k rotate uses another signal. It is best to get -# in the habit of using 'squid -k rotate' instead of 'kill -USR1 -# <pid>'. -# -#logfile_rotate 10 - -# TAG: append_domain -# Appends local domain name to hostnames without any dots in -# them. append_domain must begin with a period. -# -#append_domain .yourdomain.com - -# TAG: tcp_recv_bufsize (bytes) -# Size of receive buffer to set for TCP sockets. Probably just -# as easy to change your kernel's default. Set to zero to use -# the default buffer size. -# -#tcp_recv_bufsize 0 bytes - -# TAG: err_html_text -# HTML text to include in error messages. Make this a "mailto" -# URL to your admin address, or maybe just a link to your -# organizations Web page. -# -# To include this in your error messages, you must rewrite -# the error template files (found in the "errors" directory). -# Wherever you want the 'err_html_text' line to appear, -# insert a %L tag in the error template file. -#err_html_text - -# TAG: deny_info -# Usage: deny_info err_page_name acl -# Example: deny_info ERR_CUSTOM_ACCESS_DENIED bad_guys -# -# This can be used to return a ERR_ page for requests which -# do not pass the 'http_access' rules. A single ACL will cause -# the http_access check to fail. If a 'deny_info' line exists -# for that ACL then Squid returns a corresponding error page. -# -# You may use ERR_ pages that come with Squid or create your own pages -# and put them into the configured errors/ directory. - -# TAG: memory_pools on|off -# If set, Squid will keep pools of allocated (but unused) memory -# available for future use. If memory is a premium on your -# system and you believe your malloc library outperforms Squid -# routines, disable this. -# -#memory_pools on - -# TAG: memory_pools_limit (bytes) -# Used only with memory_pools on: -# memory_pools_limit 50 MB -# -# If set to a non-zero value, Squid will keep at most the specified -# limit of allocated (but unused) memory in memory pools. All free() -# requests that exceed this limit will be handled by your malloc -# library. Squid does not pre-allocate any memory, just safe-keeps -# objects that otherwise would be free()d. Thus, it is safe to set -# memory_pools_limit to a reasonably high value even if your -# configuration will use less memory. -# -# If not set (default) or set to zero, Squid will keep all memory it -# can. That is, there will be no limit on the total amount of memory -# used for safe-keeping. -# -# To disable memory allocation optimization, do not set -# memory_pools_limit to 0. Set memory_pools to "off" instead. -# -# An overhead for maintaining memory pools is not taken into account -# when the limit is checked. This overhead is close to four bytes per -# object kept. However, pools may actually _save_ memory because of -# reduced memory thrashing in your malloc library. - -# TAG: forwarded_for on|off -# If set, Squid will include your system's IP address or name -# in the HTTP requests it forwards. By default it looks like -# this: -# -# X-Forwarded-For: 192.1.2.3 -# -# If you disable this, it will appear as -# -# X-Forwarded-For: unknown -# -#forwarded_for on - -# TAG: log_icp_queries on|off -# If set, ICP queries are logged to access.log. You may wish -# do disable this if your ICP load is VERY high to speed things -# up or to simplify log analysis. -# -#log_icp_queries on - -# TAG: icp_hit_stale on|off -# If you want to return ICP_HIT for stale cache objects, set this -# option to 'on'. If you have sibling relationships with caches -# in other administrative domains, this should be 'off'. If you only -# have sibling relationships with caches under your control, then -# it is probably okay to set this to 'on'. -# -#icp_hit_stale off - -# TAG: minimum_direct_hops -# If using the ICMP pinging stuff, do direct fetches for sites -# which are no more than this many hops away. -# -#minimum_direct_hops 4 - -# TAG: cachemgr_passwd -# Specify passwords for cachemgr operations. -# -# Usage: cachemgr_passwd password action action ... -# -# Some valid actions are (see cache manager menu for a full list): -# 5min -# 60min -# asndb -# authenticator -# cbdata -# client_list -# comm_incoming -# config * -# counters -# delay -# digest_stats -# dns -# events -# filedescriptors -# fqdncache -# histograms -# http_headers -# info -# io -# ipcache -# mem -# menu -# netdb -# non_peers -# objects -# pconn -# peer_select -# redirector -# refresh -# server_list -# shutdown * -# store_digest -# storedir -# utilization -# via_headers -# vm_objects -# -# * Indicates actions which will not be performed without a -# valid password, others can be performed if not listed here. -# -# To disable an action, set the password to "disable". -# To allow performing an action without a password, set the -# password to "none". -# -# Use the keyword "all" to set the same password for all actions. -# -#cachemgr_passwd secret shutdown -#cachemgr_passwd lesssssssecret info stats/objects -#cachemgr_passwd disable all - -# TAG: store_avg_object_size (kbytes) -# Average object size, used to estimate number of objects your -# cache can hold. See doc/Release-Notes-1.1.txt. The default is -# 13 KB. -# -#store_avg_object_size 13 KB - -# TAG: store_objects_per_bucket -# Target number of objects per bucket in the store hash table. -# Lowering this value increases the total number of buckets and -# also the storage maintenance rate. The default is 50. -# -#store_objects_per_bucket 50 - -# TAG: client_db on|off -# If you want to disable collecting per-client statistics, then -# turn off client_db here. -# -#client_db on - -# TAG: netdb_low -# TAG: netdb_high -# The low and high water marks for the ICMP measurement -# database. These are counts, not percents. The defaults are -# 900 and 1000. When the high water mark is reached, database -# entries will be deleted until the low mark is reached. -# -#netdb_low 900 -#netdb_high 1000 - -# TAG: netdb_ping_period -# The minimum period for measuring a site. There will be at -# least this much delay between successive pings to the same -# network. The default is five minutes. -# -#netdb_ping_period 5 minutes - -# TAG: query_icmp on|off -# If you want to ask your peers to include ICMP data in their ICP -# replies, enable this option. -# -# If your peer has configured Squid (during compilation) with -# '--enable-icmp' then that peer will send ICMP pings to origin server -# sites of the URLs it receives. If you enable this option then the -# ICP replies from that peer will include the ICMP data (if available). -# Then, when choosing a parent cache, Squid will choose the parent with -# the minimal RTT to the origin server. When this happens, the -# hierarchy field of the access.log will be -# "CLOSEST_PARENT_MISS". This option is off by default. -# -#query_icmp off - -# TAG: test_reachability on|off -# When this is 'on', ICP MISS replies will be ICP_MISS_NOFETCH -# instead of ICP_MISS if the target host is NOT in the ICMP -# database, or has a zero RTT. -# -#test_reachability off - -# TAG: buffered_logs on|off -# Some log files (cache.log, useragent.log) are written with -# stdio functions, and as such they can be buffered or -# unbuffered. By default they will be unbuffered. Buffering them -# can speed up the writing slightly (though you are unlikely to -# need to worry). -#buffered_logs off - -# TAG: reload_into_ims on|off -# When you enable this option, client no-cache or ``reload'' -# requests will be changed to If-Modified-Since requests. -# Doing this VIOLATES the HTTP standard. Enabling this -# feature could make you liable for problems which it -# causes. -# -# see also refresh_pattern for a more selective approach. -# -# This option may be disabled by using --disable-http-violations -# with the configure script. -#reload_into_ims off - -# TAG: always_direct -# Usage: always_direct allow|deny [!]aclname ... -# -# Here you can use ACL elements to specify requests which should -# ALWAYS be forwarded directly to origin servers. For example, -# to always directly forward requests for local servers use -# something like: -# -# acl local-servers dstdomain my.domain.net -# always_direct allow local-servers -# -# To always forward FTP requests directly, use -# -# acl FTP proto FTP -# always_direct allow FTP -# -# NOTE: There is a similar, but opposite option named -# 'never_direct'. You need to be aware that "always_direct deny -# foo" is NOT the same thing as "never_direct allow foo". You -# may need to use a deny rule to exclude a more-specific case of -# some other rule. Example: -# -# acl local-external dstdomain external.foo.net -# acl local-servers dstdomain foo.net -# always_direct deny local-external -# always_direct allow local-servers -# -# This option replaces some v1.1 options such as local_domain -# and local_ip. - -# TAG: never_direct -# Usage: never_direct allow|deny [!]aclname ... -# -# never_direct is the opposite of always_direct. Please read -# the description for always_direct if you have not already. -# -# With 'never_direct' you can use ACL elements to specify -# requests which should NEVER be forwarded directly to origin -# servers. For example, to force the use of a proxy for all -# requests, except those in your local domain use something like: -# -# acl local-servers dstdomain foo.net -# acl all src 0.0.0.0/0.0.0.0 -# never_direct deny local-servers -# never_direct allow all -# -# or if squid is inside a firewall and there is local intranet -# servers inside the firewall then use something like: -# -# acl local-intranet dstdomain foo.net -# acl local-external dstdomain external.foo.net -# always_direct deny local-external -# always_direct allow local-intranet -# never_direct allow all -# -# This option replaces some v1.1 options such as inside_firewall -# and firewall_ip. - -# TAG: anonymize_headers -# Usage: anonymize_headers allow|deny header_name ... -# -# This option replaces the old 'http_anonymizer' option with -# something that is much more configurable. You may now -# specify exactly which headers are to be allowed, or which -# are to be removed from outgoing requests. -# -# There are two methods of using this option. You may either -# allow specific headers (thus denying all others), or you -# may deny specific headers (thus allowing all others). -# -# For example, to achieve the same behavior as the old -# 'http_anonymizer standard' option, you should use: -# -# anonymize_headers deny From Referer Server -# anonymize_headers deny User-Agent WWW-Authenticate Link -# -# Or, to reproduce the old 'http_anonymizer paranoid' feature -# you should use: -# -# anonymize_headers allow Allow Authorization Cache-Control -# anonymize_headers allow Content-Encoding Content-Length -# anonymize_headers allow Content-Type Date Expires Host -# anonymize_headers allow If-Modified-Since Last-Modified -# anonymize_headers allow Location Pragma Accept -# anonymize_headers allow Accept-Encoding Accept-Language -# anonymize_headers allow Content-Language Mime-Version -# anonymize_headers allow Retry-After Title Connection -# anonymize_headers allow Proxy-Connection -# -# NOTE: You can not mix "allow" and "deny". All 'anonymize_headers' -# lines must have the same second argument. -# -# By default, all headers are allowed (no anonymizing is -# performed). -# -#anonymize_headers - -# TAG: fake_user_agent -# If you filter the User-Agent header with 'anonymize_headers' it -# may cause some Web servers to refuse your request. Use this to -# fake one up. For example: -# -# fake_user_agent Nutscrape/1.0 (CP/M; 8-bit) -# (credit to Paul Southworth pauls@etext.org for this one!) -# -#fake_user_agent none - -# TAG: icon_directory -# Where the icons are stored. These are normally kept in -# /etc/squid/icons - -# TAG: error_directory -# If you wish to create your own versions of the default -# (English) error files, either to customize them to suit your -# language or company copy the template English files to another -# directory and point this tag at them. - -# TAG: minimum_retry_timeout (seconds) -# This specifies the minimum connect timeout, for when the -# connect timeout is reduced to compensate for the availability -# of multiple IP addresses. -# -# When a connection to a host is initiated, and that host has -# several IP addresses, the default connection timeout is reduced -# by dividing it by the number of addresses. So, a site with 15 -# addresses would then have a timeout of 8 seconds for each -# address attempted. To avoid having the timeout reduced to the -# point where even a working host would not have a chance to -# respond, this setting is provided. The default, and the -# minimum value, is five seconds, and the maximum value is sixty -# seconds, or half of connect_timeout, whichever is greater and -# less than connect_timeout. -# -#minimum_retry_timeout 5 seconds - -# TAG: maximum_single_addr_tries -# This sets the maximum number of connection attempts for a -# host that only has one address (for multiple-address hosts, -# each address is tried once). -# -# The default value is three tries, the (not recommended) -# maximum is 255 tries. A warning message will be generated -# if it is set to a value greater than ten. -# -#maximum_single_addr_tries 3 - -# TAG: snmp_port -# Squid can now serve statistics and status information via SNMP. -# By default it listens to port 3401 on the machine. If you don't -# wish to use SNMP, set this to "0". -# -# NOTE: SNMP support requires use the --enable-snmp configure -# command line option. -#snmp_port 3401 - -# TAG: snmp_access -# Allowing or denying access to the SNMP port. -# -# All access to the agent is denied by default. -# usage: -# -# snmp_access allow|deny [!]aclname ... -# -#Example: -#snmp_access allow snmppublic localhost -#snmp_access deny all - -# TAG: snmp_incoming_address -# TAG: snmp_outgoing_address -# Just like 'udp_incoming_address' above, but for the SNMP port. -# -# snmp_incoming_address is used for the SNMP socket receiving -# messages from SNMP agents. -# snmp_outgoing_address is used for SNMP packets returned to SNMP -# agents. -# -# The default behavior is to not bind to any specific address. -# -# NOTE, snmp_incoming_address and snmp_outgoing_address can not have -# the same value since they both use port 3130. -# -#snmp_incoming_address 0.0.0.0 -#snmp_outgoing_address 0.0.0.0 - -# TAG: as_whois_server -# WHOIS server to query for AS numbers. NOTE: AS numbers are -# queried only when Squid starts up, not for every request. - -# TAG: wccp_router -# Use this option to define your WCCP ``home'' router for -# Squid. Setting the 'wccp_router' to 0.0.0.0 (the default) -# disables WCCP. -#wccp_router 0.0.0.0 - -# TAG: wccp_version -# According to some users, Cisco IOS 11.2 only supports WCCP -# version 3. If you're using that version of IOS, change -# this value to 3. -#wccp_version 4 - -# TAG: wccp_incoming_address -# TAG: wccp_outgoing_address -# wccp_incoming_address Use this option if you require WCCP -# messages to be received on only one -# interface. Do NOT use this option if -# you're unsure how many interfaces you -# have, or if you know you have only one -# interface. -# -# wccp_outgoing_address Use this option if you require WCCP -# messages to be sent out on only one -# interface. Do NOT use this option if -# you're unsure how many interfaces you -# have, or if you know you have only one -# interface. -# -# The default behavior is to not bind to any specific address. -# -# NOTE, wccp_incoming_address and wccp_outgoing_address can not have -# the same value since they both use port 2048. -# -#wccp_incoming_address 0.0.0.0 -#wccp_outgoing_address 0.0.0.0 - - -# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option) -# ----------------------------------------------------------------------------- - -# TAG: delay_pools -# This represents the number of delay pools to be used. For example, -# if you have one class 2 delay pool and one class 3 delays pool, you -# have a total of 2 delay pools. -# -# To enable this option, you must use --enable-delay-pools with the -# configure script. -#delay_pools 0 - -# TAG: delay_class -# This defines the class of each delay pool. There must be exactly one -# delay_class line for each delay pool. For example, to define two -# delay pools, one of class 2 and one of class 3, the settings above -# and here would be: -# -#delay_pools 2 # 2 delay pools -#delay_class 1 2 # pool 1 is a class 2 pool -#delay_class 2 3 # pool 2 is a class 3 pool -# -# The delay pool classes are: -# -# class 1 Everything is limited by a single aggregate -# bucket. -# -# class 2 Everything is limited by a single aggregate -# bucket as well as an "individual" bucket chosen -# from bits 25 through 32 of the IP address. -# -# class 3 Everything is limited by a single aggregate -# bucket as well as a "network" bucket chosen -# from bits 17 through 24 of the IP address and a -# "individual" bucket chosen from bits 17 through -# 32 of the IP address. -# -# NOTE: If an IP address is a.b.c.d -# -> bits 25 through 32 are "d" -# -> bits 17 through 24 are "c" -# -> bits 17 through 32 are "c * 256 + d" - -# TAG: delay_access -# This is used to determine which delay pool a request falls into. -# The first matched delay pool is always used, i.e., if a request falls -# into delay pool number one, no more delay are checked, otherwise the -# rest are checked in order of their delay pool number until they have -# all been checked. For example, if you want some_big_clients in delay -# pool 1 and lotsa_little_clients in delay pool 2: -# -#delay_access 1 allow some_big_clients -#delay_access 1 deny all -#delay_access 2 allow lotsa_little_clients -#delay_access 2 deny all - -# TAG: delay_parameters -# This defines the parameters for a delay pool. Each delay pool has -# a number of "buckets" associated with it, as explained in the -# description of delay_class. For a class 1 delay pool, the syntax is: -# -#delay_parameters pool aggregate -# -# For a class 2 delay pool: -# -#delay_parameters pool aggregate individual -# -# For a class 3 delay pool: -# -#delay_parameters pool aggregate network individual -# -# The variables here are: -# -# pool a pool number - ie, a number between 1 and the -# number specified in delay_pools as used in -# delay_class lines. -# -# aggregate the "delay parameters" for the aggregate bucket -# (class 1, 2, 3). -# -# individual the "delay parameters" for the individual -# buckets (class 2, 3). -# -# network the "delay parameters" for the network buckets -# (class 3). -# -# A pair of delay parameters is written restore/maximum, where restore is -# the number of bytes (not bits - modem and network speeds are usually -# quoted in bits) per second placed into the bucket, and maximum is the -# maximum number of bytes which can be in the bucket at any time. -# -# For example, if delay pool number 1 is a class 2 delay pool as in the -# above example, and is being used to strictly limit each host to 64kbps -# (plus overheads), with no overall limit, the line is: -# -#delay_parameters 1 -1/-1 8000/8000 -# -# Note that the figure -1 is used to represent "unlimited". -# -# And, if delay pool number 2 is a class 3 delay pool as in the above -# example, and you want to limit it to a total of 256kbps (strict limit) -# with each 8-bit network permitted 64kbps (strict limit) and each -# individual host permitted 4800bps with a bucket maximum size of 64kb -# to permit a decent web page to be downloaded at a decent speed -# (if the network is not being limited due to overuse) but slow down -# large downloads more significantly: -# -#delay_parameters 2 32000/32000 8000/8000 600/64000 -# -# There must be one delay_parameters line for each delay pool. - -# TAG: delay_initial_bucket_level (percent, 0-100) -# The initial bucket percentage is used to determine how much is put -# in each bucket when squid starts, is reconfigured, or first notices -# a host accessing it (in class 2 and class 3, individual hosts and -# networks only have buckets associated with them once they have been -# "seen" by squid). -# -#delay_initial_bucket_level 50 - -# TAG: incoming_icp_average -# TAG: incoming_http_average -# TAG: min_icp_poll_cnt -# TAG: min_http_poll_cnt -# Heavy voodoo here. I can't even believe you are reading this. -# Are you crazy? Don't even think about adjusting these unless -# you understand the algorithms in comm_select.c first! -# -#incoming_icp_average 6 -#incoming_http_average 4 -#min_icp_poll_cnt 8 -#min_http_poll_cnt 8 - -# TAG: max_open_disk_fds -# TAG: offline_mode -# Enable this option and Squid will never try to validate cached -# objects. - -# TAG: uri_whitespace -# What to do with requests that have whitespace characters in the -# URI. Options: -# -# strip: The whitespace characters are stripped out of the URL. -# This is the behavior recommended by RFC2616. -# deny: The request is denied. The user receives an "Invalid -# Request" message. -# allow: The request is allowed and the URI is not changed. The -# whitespace characters remain in the URI. Note the -# whitespace is passed to redirector processes if they -# are in use. -# encode: The request is allowed and the whitespace characters are -# encoded according to RFC1738. This could be considered -# a violation of the HTTP/1.1 -# RFC because proxies are not allowed to rewrite URI's. -# chop: The request is allowed and the URI is chopped at the -# first whitespace. This might also be considered a -# violation. -#uri_whitespace strip - -# TAG: broken_posts -# A list of ACL elements which, if matched, causes Squid to send -# a extra CRLF pair after the body of a PUT/POST request. -# -# Some HTTP servers has broken implementations of PUT/POST, -# and rely on a extra CRLF pair sent by some WWW clients. -# -# Quote from RFC 2068 section 4.1 on this matter: -# -# Note: certain buggy HTTP/1.0 client implementations generate an -# extra CRLF's after a POST request. To restate what is explicitly -# forbidden by the BNF, an HTTP/1.1 client must not preface or follow -# a request with an extra CRLF. -# -#acl buggy_server url_regex ^http://.... -#broken_posts allow buggy_server - -# TAG: mcast_miss_addr -# If you enable this option, every "cache miss" URL will -# be sent out on the specified multicast address. -# -# Do not enable this option unless you are are absolutely -# certain you understand what you are doing. - -# TAG: mcast_miss_ttl -# This is the time-to-live value for packets multicasted -# when multicasting off cache miss URLs is enabled. By -# default this is set to 'site scope', i.e. 16. - -# TAG: mcast_miss_port -# This is the port number to be used in conjunction with -# 'mcast_miss_addr'. - -# TAG: mcast_miss_encode_key -# The URLs that are sent in the multicast miss stream are -# encrypted. This is the encryption key. - -# TAG: prefer_direct -# By default, if the ICP, HTCP, Cache Digest, etc. techniques -# do not yield a parent cache, Squid gives higher preference -# to forwarding the request direct to origin servers, rather -# than selecting a parent cache anyway. -# -# If you want Squid to give higher precedence to a parent -# cache, instead of going direct, then turn this option off. -#prefer_direct on - -# TAG: strip_query_terms -# By default, Squid strips query terms from requested URLs before -# logging. This protects your user's privacy. -#strip_query_terms on - -# TAG: coredump_dir -# By default Squid leaves core files in the first cache_dir -# directory. If you set 'coredump_dir' to a directory -# that exists, Squid will chdir() to that directory at startup -# and coredump files will be left there. - -# TAG: redirector_bypass -# When this is 'on', a request will not go through the -# redirector if all redirectors are busy. If this is 'off' -# and the redirector queue grows too large, Squid will exit -# with a FATAL error and ask you to increase the number of -# redirectors. You should only enable this if the redirectors -# are not critical to your caching system. If you use -# redirectors for access control, and you enable this option, -# then users may have access to pages that they should not -# be allowed to request. - -# TAG: ignore_unknown_nameservers -# By default Squid checks that DNS responses are received -# from the same IP addresses that they are sent to. If they -# don't match, Squid ignores the response and writes a warning -# message to cache.log. You can allow responses from unknown -# nameservers by setting this option to 'off'. -#ignore_unknown_nameservers on - -# TAG: digest_generation -# This controls whether the server will generate a Cache Digest -# of its contents. By default, Cache Digest generation is -# enabled if Squid is compiled with USE_CACHE_DIGESTS defined. -#digest_generation on - -# TAG: digest_bits_per_entry -# This is the number of bits of the server's Cache Digest which -# will be associated with the Digest entry for a given HTTP -# Method and URL (public key) combination. The default is 5. -#digest_bits_per_entry 5 - -# TAG: digest_rebuild_period (seconds) -# This is the number of seconds between Cache Digest rebuilds. -# By default the server's Digest is rebuilt every hour. -#digest_rebuild_period 1 hour - -# TAG: digest_rewrite_period (seconds) -# This is the number of seconds between Cache Digest writes to -# disk. By default the server's Digest is written to disk every -# hour. -#digest_rewrite_period 1 hour - -# TAG: digest_swapout_chunk_size (bytes) -# This is the number of bytes of the Cache Digest to write to -# disk at a time. It defaults to 4096 bytes (4KB), the Squid -# default swap page. -#digest_swapout_chunk_size 4096 bytes - -# TAG: digest_rebuild_chunk_percentage (percent, 0-100) -# This is the percentage of the Cache Digest to be scanned at a -# time. By default it is set to 10% of the Cache Digest. -#digest_rebuild_chunk_percentage 10 - -# TAG: chroot -# Use this to have Squid do a chroot() while initializing. This -# also causes Squid to fully drop root privileges after -# initializing. This means, for example, that if you use a HTTP -# port less than 1024 and try to reconfigure, you will get an -# error. - -# TAG: client_persistent_connections -# TAG: server_persistent_connections -# Persistent connection support for clients and servers. By -# default, Squid uses persistent connections (when allowed) -# with its clients and servers. You can use these options to -# disable persistent connections with clients and/or servers. -#client_persistent_connections on -#server_persistent_connections on - diff --git a/net-www/squid/files/squid.confd b/net-www/squid/files/squid.confd index 66e6ec294470..2b66d32a0702 100644 --- a/net-www/squid/files/squid.confd +++ b/net-www/squid/files/squid.confd @@ -1,7 +1,7 @@ # Config file for /etc/init.d/squid -# you may move these variables to your rc.conf file if you wish SQUID_OPTS="-DYC" -# default 1024, maximum 4096; tune up if a busy cache -SQUID_MAXFD=1024 +# Max. number of filedescriptors to use. You can increase this on a busy +# cache to a maximum of (currently) 4096 filedescriptors. Default is 1024. +SQUID_MAXFD=1024 diff --git a/net-www/squid/files/squid.pam.new b/net-www/squid/files/squid.pam.new new file mode 100644 index 000000000000..32d833633c68 --- /dev/null +++ b/net-www/squid/files/squid.pam.new @@ -0,0 +1,7 @@ +#%PAM-1.0 +auth required /lib/security/pam_stack.so service=system-auth +auth required /lib/security/pam_nologin.so +account required /lib/security/pam_stack.so service=system-auth +password required /lib/security/pam_stack.so service=system-auth +session required /lib/security/pam_stack.so service=system-auth +session required /lib/security/pam_limits.so diff --git a/net-www/squid/files/squid.rc5 b/net-www/squid/files/squid.rc5 deleted file mode 100644 index c996447d24c3..000000000000 --- a/net-www/squid/files/squid.rc5 +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh -#RCUPDATE:2 3 4:75:This line is required for script management - -source /etc/rc.d/config/functions - -SERVICE=squid -opts="start stop restart" - -PIDFILE=/var/run/squid.pid -EXE=/usr/bin/squid - -start() { - local cachedir - cachedir=`cat /etc/squid/squid.conf | grep '^cache_dir' | awk '{ print $3 }'` - if [ ! -d ${cachedir}/00 ] - then - ebegin "Initializing squid cache" - $EXE -z - eend $? "Initialized cache." "Error initializing cache." - fi - ebegin "Starting $SERVICE" - start-stop-daemon --start --quiet --exec $EXE -- -sYD - eend $? "Started $SERVICE." "Error Starting $SERVICE." -} - -stop() { - ebegin "Stopping $SERVICE" - start-stop-daemon --stop --quiet --exec $EXE - eend $? "Stopped $SERVICE." "Error Stopping $SERVICE." -} - -restart() { - - stop - start -} - -doservice ${@} - - diff --git a/net-www/squid/files/squid.rc6 b/net-www/squid/files/squid.rc6 index cdb0fdac41e9..e69d363e9b73 100644 --- a/net-www/squid/files/squid.rc6 +++ b/net-www/squid/files/squid.rc6 @@ -1,37 +1,35 @@ #!/sbin/runscript # Copyright 1999-2002 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License, v2 or later -# $Header: /var/cvsroot/gentoo-x86/net-www/squid/files/squid.rc6,v 1.4 2002/02/08 09:58:06 woodchip Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-www/squid/files/squid.rc6,v 1.5 2002/03/21 01:23:36 woodchip Exp $ depend() { need net } -maxfiledescriptors() { +# +# Try to increase the # of filedescriptors we can open. +# +maxfds() { [ -n "$SQUID_MAXFD" ] || return - [ -f /proc/sys/fs/file-max ] || return + [ -f /proc/sys/fs/file-max ] || return 0 [ $SQUID_MAXFD -le 4096 ] || SQUID_MAXFD=4096 global_file_max=`cat /proc/sys/fs/file-max` minimal_file_max=$(($SQUID_MAXFD + 4096)) - if [ "$global_file_max" -lt $minimal_file_max ] ; then + if [ "$global_file_max" -lt $minimal_file_max ] + then echo $minimal_file_max > /proc/sys/fs/file-max fi ulimit -n $SQUID_MAXFD } checkconfig() { - if [ ! -e /etc/squid/squid.conf ] ; then - eerror "You need an /etc/squid/squid.conf to run squid" - eerror "There is a sample file in /usr/share/doc/squid" - return 1 - fi - - maxfiledescriptors - + maxfds CACHE_SWAP=`sed -e 's/#.*//g' /etc/squid/squid.conf | \ grep cache_dir | awk '{ print $3 }'` - [ -z "$CACHE_SWAP" ] && CACHE_SWAP=/var/spool/squid - cd /var/spool/squid ; umask 027 + [ -z "$CACHE_SWAP" ] && CACHE_SWAP=/var/cache/squid + umask 027 + cd /var/cache/squid for x in $CACHE_SWAP ; do if [ ! -d $x/00 ] ; then einfo "Initializing cache directory: $x" @@ -47,14 +45,42 @@ checkconfig() { start() { checkconfig || return 1 ebegin "Starting squid" - start-stop-daemon --quiet --start --exec /usr/sbin/squid -- ${SQUID_OPTS} + start-stop-daemon --quiet --start --exec /usr/sbin/squid \ + --pidfile /var/run/squid.pid -- ${SQUID_OPTS} < /dev/null sleep 1 eend $? } stop() { ebegin "Stopping squid" - start-stop-daemon --stop --quiet --pidfile /var/run/squid.pid \ - --retry -0/5/-0/5/-0/10/-0/10/-9/10 - eend $? + PID=`cat /var/run/squid.pid 2>/dev/null` + start-stop-daemon --stop --quiet --exec /usr/sbin/squid \ + --pidfile /var/run/squid.pid + # + # Now we have to wait until squid has _really_ stopped. + # + sleep 2 + if test -n "$PID" && kill -0 $PID 2>/dev/null + then + einfon "Waiting ." + cnt=0 + while kill -0 $PID 2>/dev/null + do + cnt=`expr $cnt + 1` + if [ $cnt -gt 60 ] + then + # + # Waited 120 seconds now. Fail. + # + eend 1 "Failed." + break + fi + sleep 2 + echo -n "." + done + echo -n "done." + eend 0 + else + eend 0 + fi } diff --git a/net-www/squid/squid-2.3.4s-r3.ebuild b/net-www/squid/squid-2.3.4s-r3.ebuild deleted file mode 100644 index 1fb6a28cbdb9..000000000000 --- a/net-www/squid/squid-2.3.4s-r3.ebuild +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright 1999-2000 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License, v2 or later -# Author Achim Gottinger <achim@gentoo.org> -# $Header: /var/cvsroot/gentoo-x86/net-www/squid/squid-2.3.4s-r3.ebuild,v 1.4 2001/05/30 18:24:34 achim Exp $ - -P=squid-2.3.STABLE4 - -A0=squid-2.3.stable4-ftp_icon_not_found.patch -A1=squid-2.3.stable4-internal_dns_rcode_table_formatting.patch -A2=squid-2.3.stable4-ipfw_configure.patch -A3=squid-2.3.stable4-invalid_ip_acl_entry.patch -A4=squid-2.3.stable4-accel_only_access.patch -A5=squid-2.3.stable4-html_quoting.patch -A6=squid-2.3.stable4-carp-assertion.patch - -S=${WORKDIR}/${P} -DESCRIPTION="SQUID - Web Proxy Server" -SRC_URI0="http://www.squid-cache.org/Versions/v2/2.3" -SRC_URI="$SRC_URI0/${P}-src.tar.gz - $SRC_URI0/bugs/$A0 $SRC_URI0/bugs/$A1 $SRC_URI0/bugs/$A2 - $SRC_URI0/bugs/$A3 $SRC_URI0/bugs/$A4 $SRC_URI0/bugs/$A5 - $SRC_URI0/bugs/$A6" - -HOMEPAGE="http://www.squid-cache.org/" - -RDEPEND="virtual/glibc - >=sys-libs/pam-0.72 - ldap? ( >=net-nds/openldap-1.2.11 )" -DEPEND="$RDEPEND sys-devel/perl" - -src_unpack() { - unpack ${P}-src.tar.gz - cd ${S} - patch -p0 < ${DISTDIR}/${A0} - patch -p0 < ${DISTDIR}/${A1} - patch -p0 < ${DISTDIR}/${A2} - patch -p0 < ${DISTDIR}/${A3} - patch -p0 < ${DISTDIR}/${A4} - patch -p0 < ${DISTDIR}/${A5} - -} - -src_compile() { - - LDFLAGS="$LDFLAGS -lresolv" try ./configure --host=${CHOST} \ - --prefix=/usr --sysconfdir=/etc/squid \ - --localstatedir=/var/state/squid \ - --libexecdir=/usr/lib/squid \ - --enable-useragent-log \ - --enable-async-io --enable-icmp - try make - cd ${S}/auth_modules/PAM - try make - cd ../SMB - try make - if [ "`use ldap`" ] ; then - cd ../LDAP - try make - fi - cd ../NCSA - try make - -} - -src_install() { - - - dodir /usr/{bin,lib/squid} - dodir /etc/squid - dodir /var/squid - chown squid.daemon ${D}/var/squid - try make install prefix=${D}/usr sysconfdir=${D}/etc/squid \ - localstatedir=${D}/var/state/squid libexecdir=${D}/usr/lib/squid - into /usr - cd auth_modules - if [ "`use ldap`" ] ; then - dobin LDAP/squid_ldap_auth - fi - dobin PAM/pam_auth SMB/smb_auth NCSA/ncsa_auth - cd ../doc - doman tree.3 - dodoc *.txt - cd .. - dodoc README QUICKSTART CONTRIBUTORS COPYRIGHT COPYING CREDITS - dodoc ChangeLog TODO - cp ${FILESDIR}/squid.conf ${D}/etc/squid - dodir /etc/rc.d/init.d - cp ${FILESDIR}/squid ${D}/etc/rc.d/init.d -# rm -r ${D}/var/squid - dodir /var/log/squid - dodir /var/cache/squid - fowners squid.daemon /var/log/squid - fowners squid.daemon /var/cache/squid - fperms 755 /var/log/squid - fperms 755 /var/cache/squid -} - -pkg_config() { - - . ${ROOT}/etc/rc.d/config/functions - - einfo "Generating symlinks..." - ${ROOT}/usr/sbin/rc-update add squid - -} diff --git a/net-www/squid/squid-2.3.4s-r4.ebuild b/net-www/squid/squid-2.3.4s-r4.ebuild deleted file mode 100644 index 33da7f3c10c5..000000000000 --- a/net-www/squid/squid-2.3.4s-r4.ebuild +++ /dev/null @@ -1,108 +0,0 @@ -# Copyright 1999-2000 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License, v2 or later -# Author Achim Gottinger <achim@gentoo.org> -# Modified by Parag Mehta <pm@gentoo.org> -# $Header: /var/cvsroot/gentoo-x86/net-www/squid/squid-2.3.4s-r4.ebuild,v 1.1 2001/07/11 09:53:05 pm Exp $ - -P=squid-2.3.STABLE4 - -A0=squid-2.3.stable4-ftp_icon_not_found.patch -A1=squid-2.3.stable4-internal_dns_rcode_table_formatting.patch -A2=squid-2.3.stable4-ipfw_configure.patch -A3=squid-2.3.stable4-invalid_ip_acl_entry.patch -A4=squid-2.3.stable4-accel_only_access.patch -A5=squid-2.3.stable4-html_quoting.patch -A6=squid-2.3.stable4-carp-assertion.patch - -S=${WORKDIR}/${P} -DESCRIPTION="SQUID - Web Proxy Server" -SRC_URI0="http://www.squid-cache.org/Versions/v2/2.3" -SRC_URI="$SRC_URI0/${P}-src.tar.gz - $SRC_URI0/bugs/$A0 $SRC_URI0/bugs/$A1 $SRC_URI0/bugs/$A2 - $SRC_URI0/bugs/$A3 $SRC_URI0/bugs/$A4 $SRC_URI0/bugs/$A5 - $SRC_URI0/bugs/$A6" - -HOMEPAGE="http://www.squid-cache.org/" - -RDEPEND="virtual/glibc - >=sys-libs/pam-0.72 - ldap? ( >=net-nds/openldap-1.2.11 )" -DEPEND="$RDEPEND sys-devel/perl" - -src_unpack() { - unpack ${P}-src.tar.gz - cd ${S} - patch -p0 < ${DISTDIR}/${A0} - patch -p0 < ${DISTDIR}/${A1} - patch -p0 < ${DISTDIR}/${A2} - patch -p0 < ${DISTDIR}/${A3} - patch -p0 < ${DISTDIR}/${A4} - patch -p0 < ${DISTDIR}/${A5} - -} - -src_compile() { - - LDFLAGS="$LDFLAGS -lresolv" try ./configure --host=${CHOST} \ - --prefix=/usr --sysconfdir=/etc/squid \ - --localstatedir=/var/state/squid \ - --libexecdir=/usr/lib/squid \ - --enable-useragent-log \ - --enable-async-io --enable-icmp \ - --enable-ipf-transparent --enable-cachemgr-hostname=${CHOST} \ - --enable-arp-acl - try make - cd ${S}/auth_modules/PAM - try make - cd ../SMB - try make - if [ "`use ldap`" ] ; then - cd ../LDAP - try make - fi - cd ../NCSA - try make - -} - -src_install() { - - - dodir /usr/{bin,lib/squid} - dodir /etc/squid - dodir /var/squid - chown squid.daemon ${D}/var/squid - try make install prefix=${D}/usr sysconfdir=${D}/etc/squid \ - localstatedir=${D}/var/state/squid libexecdir=${D}/usr/lib/squid - into /usr - cd auth_modules - if [ "`use ldap`" ] ; then - dobin LDAP/squid_ldap_auth - fi - dobin PAM/pam_auth SMB/smb_auth NCSA/ncsa_auth - cd ../doc - doman tree.3 - dodoc *.txt - cd .. - dodoc README QUICKSTART CONTRIBUTORS COPYRIGHT COPYING CREDITS - dodoc ChangeLog TODO - cp ${FILESDIR}/squid.conf ${D}/etc/squid - dodir /etc/rc.d/init.d - cp ${FILESDIR}/squid ${D}/etc/rc.d/init.d -# rm -r ${D}/var/squid - dodir /var/log/squid - dodir /var/cache/squid - fowners squid.daemon /var/log/squid - fowners squid.daemon /var/cache/squid - fperms 755 /var/log/squid - fperms 755 /var/cache/squid -} - -pkg_config() { - - . ${ROOT}/etc/rc.d/config/functions - - einfo "Generating symlinks..." - ${ROOT}/usr/sbin/rc-update add squid - -} diff --git a/net-www/squid/squid-2.4.2s-r6.ebuild b/net-www/squid/squid-2.4.2s-r6.ebuild deleted file mode 100644 index 3a30884fc2ad..000000000000 --- a/net-www/squid/squid-2.4.2s-r6.ebuild +++ /dev/null @@ -1,103 +0,0 @@ -# Copyright 1999-2000 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License, v2 or later -# Author Donny Davies <woodchip@gentoo.org> -# $Header: /var/cvsroot/gentoo-x86/net-www/squid/squid-2.4.2s-r6.ebuild,v 1.3 2001/12/23 23:25:19 azarah Exp $ - -DESCRIPTION="A caching web proxy, with advanced features" -HOMEPAGE="http://www.squid-cache.org/" - -P=squid-2.4.STABLE2 -S=${WORKDIR}/${P} -SRC_URI="ftp://ftp.squid-cache.org/pub/squid-2/STABLE/${P}-src.tar.gz - ftp://sunsite.auc.dk/pub/infosystems/squid/squid-2/STABLE/${P}-src.tar.gz" - -RDEPEND="virtual/glibc - ldap? ( >=net-nds/openldap-1.2.11 ) - pam? ( >=sys-libs/pam-0.72 )" -DEPEND="$RDEPEND sys-devel/perl" - - -src_unpack() { - - unpack ${A} ; cd ${S} - - # lots of nice patches, thanks debian ;) - patch -p1 < ${FILESDIR}/squid-2.4.2s-debian.diff || die - # gentoo patches: cachedir/logfile/error/icon locs, user/group - patch -p1 < ${FILESDIR}/squid-2.4.2s-gentoo.diff || die -} - -src_compile() { - - local myconf mymodules="getpwnam,YP,NCSA,SMB" - use pam && mymodules="PAM,${mymodules}" - use ldap && mymodules="LDAP,${mymodules}" - use snmp && myconf="--enable-snmp" - - ./configure \ - --prefix=/ \ - --bindir=/usr/sbin \ - --exec-prefix=/usr \ - --localstatedir=/var \ - --sysconfdir=/etc/squid \ - --libexecdir=/usr/lib/squid \ - --enable-auth-modules=${mymodules} \ - --enable-storeio="ufs,diskd,coss,aufs,null" \ - --enable-removal-policies="lru,heap" \ - --enable-linux-netfilter \ - --disable-ident-lookups \ - --enable-useragent-log \ - --enable-delay-pools \ - --enable-referer-log \ - --enable-truncate \ - --enable-arp-acl \ - --with-pthreads \ - --enable-htcp \ - --enable-carp \ - --enable-icmp \ - --host=${CHOST} ${myconf} || die - - make || die "compile problem :(" -} - -src_install() { - - make \ - prefix=${D}/usr \ - bindir=${D}/usr/sbin \ - localstatedir=${D}/var \ - sysconfdir=${D}/etc/squid \ - libexecdir=${D}/usr/lib/squid \ - install || die - - make -C src install-pinger libexecdir=${D}/usr/lib/squid || die - - # We need to do this after install, else it gets removed again - dodir /var/log /var/spool - diropts -m 770 -o root -g squid ; dodir /var/log/squid - diropts -m 770 -o root -g squid ; dodir /var/spool/squid - - - # some cleanup action - mv ${D}/usr/sbin/*_auth* ${D}/usr/lib/squid - mv ${D}/etc/squid/errors ${D}/usr/lib/squid - - # pinger needs root to bind to privelaged ports - chown root.squid ${D}/usr/lib/squid/pinger - chmod 4750 ${D}/usr/lib/squid/pinger - # pam_auth needs root to authenticate everybody. i think the others - # do too so just do them all now. keep an eye on these things.. - chown root.squid ${D}/usr/lib/squid/*_auth* - chmod 4750 ${D}/usr/lib/squid/*_auth* - - dodoc README QUICKSTART CONTRIBUTORS COPYRIGHT - dodoc COPYING CREDITS ChangeLog TODO - newdoc auth_modules/SMB/README SMB.auth.readme - newdoc auth_modules/LDAP/README LDAP.auth.readme - doman auth_modules/LDAP/*.8 doc/tree.3 - docinto txt ; dodoc doc/*.txt - - insinto /etc/pam.d ; newins ${FILESDIR}/squid.pam squid - exeinto /etc/init.d ; newexe ${FILESDIR}/squid.rc6 squid - insinto /etc/conf.d ; newins ${FILESDIR}/squid.confd squid -} diff --git a/net-www/squid/squid-2.4.2s.ebuild b/net-www/squid/squid-2.4.2s.ebuild deleted file mode 100644 index 1a00042aecfc..000000000000 --- a/net-www/squid/squid-2.4.2s.ebuild +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright 1999-2000 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License, v2 or later -# Author Donny Davies <woodchip@gentoo.org> -# $Header: /var/cvsroot/gentoo-x86/net-www/squid/squid-2.4.2s.ebuild,v 1.1 2001/11/01 19:23:29 woodchip Exp $ - -DESCRIPTION="A caching web proxy, with advanced features" -HOMEPAGE="http://www.squid-cache.org/" - -P=squid-2.4.STABLE2 -S=${WORKDIR}/${P} -SRC_URI="ftp://ftp.squid-cache.org/pub/squid-2/STABLE/${P}-src.tar.gz - ftp://sunsite.auc.dk/pub/infosystems/squid/squid-2/STABLE/${P}-src.tar.gz" - -RDEPEND="virtual/glibc - ldap? ( >=net-nds/openldap-1.2.11 ) - pam? ( >=sys-libs/pam-0.72 )" -DEPEND="$RDEPEND sys-devel/perl" - -src_unpack() { - unpack ${A} ; cd ${S} - - # lots of nice patches, thanks debian ;) - patch -p1 < ${FILESDIR}/squid-2.4.2s-debian.diff || die - # gentoo patches: cachedir/logfile/error/icon locs, user/group - patch -p1 < ${FILESDIR}/squid-2.4.2s-gentoo.diff || die -} - -src_compile() { - local myconf mymodules="getpwnam,YP,NCSA,SMB" - use pam && mymodules="PAM,${mymodules}" - use ldap && mymodules="LDAP,${mymodules}" - use snmp && myconf="--enable-snmp" - - ./configure \ - --prefix=/ \ - --bindir=/usr/sbin \ - --exec-prefix=/usr \ - --localstatedir=/var \ - --sysconfdir=/etc/squid \ - --libexecdir=/usr/lib/squid \ - --enable-auth-modules=${mymodules} \ - --enable-storeio="ufs,diskd,coss,aufs,null" \ - --enable-removal-policies="lru,heap" \ - --enable-linux-netfilter \ - --disable-ident-lookups \ - --enable-useragent-log \ - --enable-delay-pools \ - --enable-referer-log \ - --enable-truncate \ - --enable-arp-acl \ - --with-pthreads \ - --enable-htcp \ - --enable-carp \ - --enable-icmp \ - --host=${CHOST} ${myconf} || die - - make || die "compile problem :(" -} - -src_install() { - dodir /var/log /var/spool - diropts -m 770 -o root -g squid ; dodir /var/log/squid - diropts -m 770 -o root -g squid ; dodir /var/spool/squid - - make \ - prefix=${D}/usr \ - bindir=${D}/usr/sbin \ - localstatedir=${D}/var \ - sysconfdir=${D}/etc/squid \ - libexecdir=${D}/usr/lib/squid \ - install || die - - make -C src install-pinger libexecdir=${D}/usr/lib/squid || die - - # some cleanup action - mv ${D}/usr/sbin/*_auth* ${D}/usr/lib/squid - mv ${D}/etc/squid/errors ${D}/usr/lib/squid - - # pinger needs root to bind to privelaged ports - chown root.squid ${D}/usr/lib/squid/pinger - chmod 4750 ${D}/usr/lib/squid/pinger - # pam_auth needs root to authenticate everybody. i think the others - # do too so just do them all now. keep an eye on these things.. - chown root.squid ${D}/usr/lib/squid/*_auth* - chmod 4750 ${D}/usr/lib/squid/*_auth* - - dodoc README QUICKSTART CONTRIBUTORS COPYRIGHT - dodoc COPYING CREDITS ChangeLog TODO - newdoc auth_modules/SMB/README SMB.auth.readme - newdoc auth_modules/LDAP/README LDAP.auth.readme - doman auth_modules/LDAP/*.8 doc/tree.3 - docinto txt ; dodoc doc/*.txt - - insinto /etc/pam.d ; newins ${FILESDIR}/squid.pam squid - exeinto /etc/rc.d/init.d ; newexe ${FILESDIR}/squid.rc5 squid -} diff --git a/net-www/squid/squid-2.4.6.ebuild b/net-www/squid/squid-2.4.6.ebuild new file mode 100644 index 000000000000..3654b5b92800 --- /dev/null +++ b/net-www/squid/squid-2.4.6.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2002 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# $Header: /var/cvsroot/gentoo-x86/net-www/squid/squid-2.4.6.ebuild,v 1.1 2002/03/21 01:23:36 woodchip Exp $ + +# this could be cleaner.. +MY_P=${PN}-2.4.STABLE6 +S=${WORKDIR}/${MY_P} +DESCRIPTION="A caching web proxy, with advanced features" +SRC_URI="ftp://ftp.squid-cache.org/pub/squid-2/STABLE/${MY_P}-src.tar.gz + ftp://sunsite.auc.dk/pub/infosystems/squid/squid-2/STABLE/${MY_P}-src.tar.gz" +HOMEPAGE="http://www.squid-cache.org/" + +RDEPEND="virtual/glibc pam? ( >=sys-libs/pam-0.72 ) ldap? ( >=net-nds/openldap-2 )" +DEPEND="${RDEPEND} sys-devel/perl" + +src_unpack() { + unpack ${A} + cd ${S} + # see the tops of these patches for details.. + patch -p1 < ${FILESDIR}/${P}-debian.diff || die + patch -p1 < ${FILESDIR}/${P}-gentoo.diff || die + if [ -z "$DEBUG" ] + then + mv configure.in configure.in.orig + sed -e 's%LDFLAGS="-g"%LDFLAGS=""%' configure.in.orig > configure.in + autoconf || die + fi +} + +src_compile() { + local myconf mymodules + mymodules="getpwnam,YP,NCSA,SMB,MSNT,multi-domain-NTLM" + use ldap && mymodules="LDAP,${mymodules}" + use pam && mymodules="PAM,${mymodules}" + use snmp && myconf="--enable-snmp" + + ./configure \ + --prefix=/usr \ + --bindir=/usr/sbin \ + --exec-prefix=/usr \ + --sbindir=/usr/sbin \ + --localstatedir=/var \ + --sysconfdir=/etc/squid \ + --libexecdir=/usr/lib/squid \ + --enable-storeio="ufs,diskd,coss,aufs,null" \ + --enable-removal-policies="lru,heap" \ + --enable-auth-modules=${mymodules} \ + --enable-linux-netfilter \ + --disable-ident-lookups \ + --enable-useragent-log \ + --enable-cache-digests \ + --enable-delay-pools \ + --enable-referer-log \ + --enable-async-io \ + --enable-truncate \ + --enable-arp-acl \ + --with-pthreads \ + --enable-htcp \ + --enable-carp \ + --enable-poll \ + --host=${CHOST} ${myconf} || die "bad ./configure" + #--enable-icmp + + mv include/autoconf.h include/autoconf.h.orig + sed -e "s:^#define SQUID_MAXFD.*:#define SQUID_MAXFD 4096:" \ + include/autoconf.h.orig > include/autoconf.h + + emake || die "compile problem" +} + +src_install() { + make \ + prefix=${D}/usr \ + bindir=${D}/usr/sbin \ + localstatedir=${D}/var \ + sysconfdir=${D}/etc/squid \ + libexecdir=${D}/usr/lib/squid \ + install || die + + #make -C src install-pinger libexecdir=${D}/usr/lib/squid || die + #chown root.squid ${D}/usr/lib/squid/pinger + #chmod 4750 ${D}/usr/lib/squid/pinger + + mv ${D}/usr/sbin/{*_auth*,Run*} ${D}/usr/lib/squid + chown root.squid ${D}/usr/lib/squid/pam_auth + chmod 2750 ${D}/usr/lib/squid/pam_auth + + rm -rf ${D}/etc/squid/errors ${D}/var/logs + cd errors + dodir /usr/lib/squid/errors + for i in * + do + if [ -d $i ] + then + insinto /usr/lib/squid/errors/$i + doins $i/* + fi + done + cd ${S} + dosym /usr/lib/squid/errors/English /etc/squid/errors + + dodoc README QUICKSTART CONTRIBUTORS COPYRIGHT + dodoc COPYING CREDITS ChangeLog TODO + newdoc auth_modules/SMB/README SMB.auth.readme + newdoc auth_modules/LDAP/README LDAP.auth.readme + doman auth_modules/LDAP/*.8 doc/tree.3 + docinto txt + dodoc doc/*.txt + + insinto /etc/pam.d ; newins ${FILESDIR}/squid.pam squid + exeinto /etc/init.d ; newexe ${FILESDIR}/squid.rc6 squid + insinto /etc/conf.d ; newins ${FILESDIR}/squid.confd squid +} + +pkg_postinst() { + # Here since syslog logging is enabled by default. Also helpful + # if you had previously installed but never _ran_ it. + install -m0755 -o squid -g squid -d ${ROOT}/var/cache/squid + install -m0755 -o squid -g squid -d ${ROOT}/var/log/squid +} |