Squid 2.6.STABLE1 release notes

Squid Developers

$Id: release-2.6.html,v 1.17 2006/06/25 12:06:39 serassio Exp $
This document contains the release notes for version 2.6 of Squid. Squid is a WWW Cache application developed by the Web Caching community. Squid was initially developed by the National Laboratory for Applied Network Research and members of the Web Caching community.

1. Key changes from squid 2.5:

2. Changes to squid.conf

http_port

Now takes a list of options in addition to the port address, specifying the purpose of this http_port. Default is plain Internet proxy as usual.

httpd_accel_* for transparent proxy

Now implemented by the "transparent" http_port option

httpd_accel_host

Replaced by defaultsite http_port option and cache_peer originserver option.

httpd_accel_port

No longer needed. Server port defined by the cache_peer port.

httpd_accel_uses_host_header

Replaced by vhost http_port option

https_port

Many new options. Reconstructs URLs as https:// by default.

cache_peer

Many new options to support origin servers and SSL encryption

ssl_engine

New directive for hardware assisted SSL encryption

sslproxy_*

New directives defining how to gateway http->https

sslpassword_program

New helper directive to query an external program for SSL key encryption password (if any)

no_cache

Renamed to cache to better reflect the functionaliy. no_cache still accepted.

cache

New name for the old no_cache directive.

cache_vary

New directive to disable caching of Vary:ing responses

broken_vary_encoding

New directive to work around known broken compression modules which hasn't understood the meaning of the ETag HTTP header.

logformat

New directive for defining custom log formats

cache_access_log

Renamed to access_log

access_log

Select what requests to log where any by what format. Support for multiple log files and multiple log formats.

check_hostnames

New option to disable the hostname validity/sanity checks usually performed by Squid, replacing the similar build time configure option in 2.5.

allow_underscore

New option to allow _ in hostnames, replacing the similar build time configure option in 2.5 and earlier.

dns_defnames

Allow for domain searches. Now possible even when using the internal DNS client

redirect_*

Renamed to url_rewrite_* to better reflect the functionality of this helper (rewriting requested URLs)

url_rewrite_concurrency

Activates a new and more efficient helper protocol. Requires changes in the helper.

location_rewrite_*

New helper hook for rewriting Location headers

auth_param basic blankpassword

New option to allow the use of blank passwords.

auth_param ntlm max_challenge_reuse / max_challenge_lifetime

No longer supported

auth_param ntlm use_ntlm_negotiate

Directive no longer supported. Use of NTLM negotiate packet is always on.

auth_param ntlm keep_alive

New option to fine-tune the use of HTTP keep-alive in combination with NTLM

auth_param negotiate

New Negotiate authentication scheme, the "next generation" scheme in the family of Microsoft authentication.

external_acl_type

Many new format options %SRCPORT, %MYADDR, %MYPORT, %PATH, %USER_CERT, %ACL, %DATA and a few variants. Helper protocol defaults to the simpler "3.0" protocol, and there is support for a highly efficient protocol via the concurrency= option if supported by the helper.

refresh_pattern

Several new HTTP override/ignore options

read_ahead_gap

New directive to set the response buffer size.

collapsed_forwarding

New directive to enable an alternative optimized forwarding path when there is very many concurrent requests for the same URL.

refresh_stale_hit

New directive similar to collapsed_forwarding and activates an alternative optimized request processing when there is very many concurrent requests for the same recently expired URL.

acl urlgroup

New acl class

acl user_cert

New acl class matching the user SSL certificate (https_port)

acl ca_cert

New acl class matching the CA of the user SSL certificate (https_port)

acl ext_user / ext_user_regex

New acl matching usernames returned by external acl

follow_x_forwarded_for

New option to enable parsing of X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies

http_access2

New http_access type directive but evaluated after url rewrites

htcp_access, htcp_clr_access

Access control on HTCP requests

log_access

New directive to limit what gets logged.

httpd_suppress_version_string

Enable hiding of the Squid version

umask

New directive to specify the minimum umask Squid should run under

error_map

New directive to allow dynamic rewrites of error pages

via

New directive to disable the use of the Via directive

wccp2_*

WCCP2 protocol support

linux_tproxy, tproxy_port

Linux TPROXY support for masquerading outgoing connections as the original client

3. Known issues and limitations

There is a few known issues in this version of Squid which we hope to correct in a later release

Bug #1584

WCCPv2 unable to register with more than one router on Linux

Bug #1590

"ETag Loop" warnings in cache.log

Bug #761

assertion failed: cbdata.c:249: "c->locks > 0" when using diskd

Bug #1420

302 responses with an Expires header is always cached

Bug #1500

diskd related memory corruption under heavy load

Ipfilter 4.x compile problem on HP Tru64

In addition there is a set of limitations in this version of Squid which we hope to correct later

Bug #1059

mime.conf and referenced icons must be within chroot

Bug #692

tcp_outgoing_address using an ident ACL does not work

Bug #581

acl max_user_ip and multiple authentication schemes

Bug #528

miss_access fails on "slow" acl types such as dst.

Bug #513

squid -F is starting server sockets to early

Bug #457

does not handle swap.state corruption properly

Bug #410

unstable if runs out of disk space

Bug #355

diskd may appear slow on low loads

Bug #219

delay_pools stops working on -k reconfigure

4. Windows support:

This Squid version can run on Windows as a system service using the Cygwin environment.
Windows NT 4 and later are supported.
On Windows 2000/XP/2003 the service is configured to use the Windows Service Recovery option restarting automatically after 60 seconds.

Usage

Some new command line options was added for the Windows service support:

The service installation is made with -i command line switch, it's possible to use -f switch at the same time for specify a different config-file settings for the Squid Service that will be stored on the Windows Registry.

A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed. "Squid" is the default when the switch is not used.

So, to install the service, the syntax is:

squid -i [-f file] [-n name]

Service uninstallation is made with -r command line switch with the appropriate -n switch.

The -k switch family must be used with the appropriate -f and -n switches, so the syntax is:

squid -k command [-f file] -n service-name
where service-name is the name specified with -n options at service install time.

To use the Squid original command line, the new -O switch must be used ONCE, the syntax is:

squid -O cmdline [-n service-name]
If multiple service command line options must be specified, use quote. The -n switch is needed only when a non default service name is in use.

Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are specific to Windows services functionality and Squid is not designed for understand they.

In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130":

squid -O "-D -u 3130" -n squidsvc

Registry DNS lookup

On Windows platforms, if no value is specified in the dns_nameservers option on squid.conf or in the /etc/resolv.conf file, the list of DNS name servers are taken from the Windows registry, both static and dynamic DHCP configurations are supported.

Compatibility Notes

Known Limitations: