QQ登录

只需一步,快速开始

 找回密码
 注册

QQ登录

只需一步,快速开始

查看: 932|回复: 8

请问squid的用法,我的启动不了

[复制链接]
发表于 2004-7-26 15:06:45 | 显示全部楼层 |阅读模式
各位老大,我在启动squid时,它报错 “could not determin full qualified hostname.please set visible hostname"
请问应该检查那里出的毛病,怎样解决,多谢!
发表于 2004-7-26 17:13:32 | 显示全部楼层
你能将你的/etc/squid/squid.conf配置部分挂出来吗?
回复

使用道具 举报

 楼主| 发表于 2004-7-27 13:20:36 | 显示全部楼层
好的,我 看看
回复

使用道具 举报

 楼主| 发表于 2004-7-27 13:28:13 | 显示全部楼层
#        WELCOME TO SQUID 2
#        ------------------
#
#        This is the default Squid configuration file. You may wish
#        to look at the Squid home page (http://www.squid-cache.org/)
#        for the FAQ and other documentation.
#
#        The default Squid config file shows what the defaults for
#        various options happen to be.  If you don't need to change the
#        default, you shouldn't uncomment the line.  Doing so may cause
#        run-time problems.  In some cases "none" refers to no default
#        setting at all, while in other cases it refers to a valid
#        option - the comments for that keyword indicate if this is the
#        case.
#


# NETWORK OPTIONS
# -----------------------------------------------------------------------------

#  TAG: http_port
#        Usage:        port
#                hostname:port
#                1.2.3.4:port
#
#        The socket addresses where Squid will listen for HTTP client
#        requests.  You may specify multiple socket addresses.
#        There are three forms: port alone, hostname with port, and
#        IP address with port.  If you specify a hostname or IP
#        address, then Squid binds the socket to that specific
#        address.  This replaces the old 'tcp_incoming_address'
#        option.  Most likely, you do not need to bind to a specific
#        address, so you can use the port number alone.
#
#        The default port number is 3128.
#
#        If you are running Squid in accelerator mode, then you
#        probably want to listen on port 80 also, or instead.
#
#        The -a command line option will override the *first* port
#        number listed here.   That option will NOT override an IP
#        address, however.
#
#        You may specify multiple socket addresses on multiple lines.
#
#        If you run Squid on a dual-homed machine with an internal
#        and an external interface then we recommend you to specify the
#        internal address:port in http_port. This way Squid will only be
#        visible on the internal address.
#
#Default:
# http_port 3128

#  TAG: https_port
#        Usage:  [ip:]port cert=certificate.pem [key=key.pem] [options...]
#
#        The socket address where Squid will listen for HTTPS client
#        requests.
#
#        This is really only useful for situations where you are running
#        squid in accelerator mode and you want to do the SSL work at the
#        accelerator level.
#
#        You may specify multiple socket addresses on multiple lines,
#        each with their own SSL certificate and/or options.
#                             
#        Options:
#
#           cert=        Path to SSL certificate (PEM format)
#               
#           key=                Path to SSL private key file (PEM format)
#                        if not specified, the certificate file is
#                        assumed to be a combined certificate and
#                        key file
#
#           version=        The version of SSL/TLS supported
#                            1        automatic (default)
#                            2        SSLv2 only
#                            3        SSLv3 only
#                            4        TLSv1 only
#
#           cipher=        Colon separated list of supported ciphers
#
#           options=        Varions SSL engine options. The most important
#                        being:
#                            NO_SSLv2  Disallow the use of SSLv2
#                            NO_SSLv3  Disallow the use of SSLv3
#                            NO_TLSv1  Disallow the use of TLSv1
#                        See src/ssl_support.c or OpenSSL documentation
#                        for a more complete list.
#
#Default:
# none

#  TAG: ssl_unclean_shutdown
#        Some browsers (especially MSIE) bugs out on SSL shutdown
#        messages.
#
#Default:
# ssl_unclean_shutdown off

#  TAG: icp_port
#        The port number where Squid sends and receives ICP queries to
#        and from neighbor caches.  Default is 3130.  To disable use
#        "0".  May be overridden with -u on the command line.
#
#Default:
# icp_port 3130

#  TAG: htcp_port
# Note: This option is only available if Squid is rebuilt with the
#       --enable-htcp option
#
#        The port number where Squid sends and receives HTCP queries to
#        and from neighbor caches.  Default is 4827.  To disable use
#        "0".
#
#Default:
# htcp_port 4827

#  TAG: mcast_groups
#        This tag specifies a list of multicast groups which your server
#        should join to receive multicasted ICP queries.
#
#        NOTE!  Be very careful what you put here!  Be sure you
#        understand the difference between an ICP _query_ and an ICP
#        _reply_.  This option is to be set only if you want to RECEIVE
#        multicast queries.  Do NOT set this option to SEND multicast
#        ICP (use cache_peer for that).  ICP replies are always sent via
#        unicast, so this option does not affect whether or not you will
#        receive replies from multicast group members.
#
#        You must be very careful to NOT use a multicast address which
#        is already in use by another group of caches.
#
#        If you are unsure about multicast, please read the Multicast
#        chapter in the Squid FAQ (http://www.squid-cache.org/FAQ/).
#
#        Usage: mcast_groups 239.128.16.128 224.0.1.20
#
#        By default, Squid doesn't listen on any multicast groups.
#
#Default:
# none

#  TAG: udp_incoming_address
#  TAG: udp_outgoing_address
#        udp_incoming_address        is used for the ICP socket receiving packets
#                                from other caches.
#        udp_outgoing_address        is used for ICP packets sent out to other
#                                caches.
#
#        The default behavior is to not bind to any specific address.
#
#        A udp_incoming_address value of 0.0.0.0 indicates that Squid should
#        listen for UDP messages on all available interfaces.
#
#        If udp_outgoing_address is set to 255.255.255.255 (the default)
#        then it will use the same socket as udp_incoming_address. Only
#        change this if you want to have ICP queries sent using another
#        address than where this Squid listens for ICP queries from other
#        caches.
#
#        NOTE, udp_incoming_address and udp_outgoing_address can not
#        have the same value since they both use port 3130.
#
#Default:
# udp_incoming_address 0.0.0.0
# udp_outgoing_address 255.255.255.255


# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------

#  TAG: cache_peer
#        To specify other caches in a hierarchy, use the format:
#
#                cache_peer hostname type http_port icp_port
#
#        For example,
#
#        #                                        proxy  icp
#        #          hostname             type     port   port  options
#        #          -------------------- -------- ----- -----  -----------
#        cache_peer parent.foo.net       parent    3128  3130  [proxy-only]
#        cache_peer sib1.foo.net         sibling   3128  3130  [proxy-only]
#        cache_peer sib2.foo.net         sibling   3128  3130  [proxy-only]
#
#              type:  either 'parent', 'sibling', or 'multicast'.
#
#        proxy_port:  The port number where the cache listens for proxy
#                     requests.
#
#          icp_port:  Used for querying neighbor caches about
#                     objects.  To have a non-ICP neighbor
#                     specify '7' for the ICP port and make sure the
#                     neighbor machine has the UDP echo port
#                     enabled in its /etc/inetd.conf file.
#
#            options: proxy-only
#                     weight=n
#                     ttl=n
#                     no-query
#                     default
#                     round-robin
#                     multicast-responder
#                     closest-only
#                     no-digest
#                     no-netdb-exchange
#                     no-delay
#                     login=user:password | PASS | *:password
#                     connect-timeout=nn
#                     digest-url=url
#                     allow-miss
#                     max-conn
#
#                     use 'proxy-only' to specify that objects fetched
#                     from this cache should not be saved locally.
#
#                     use 'weight=n' to specify a weighted parent.
#                     The weight must be an integer.  The default weight
#                     is 1, larger weights are favored more.
#
#                     use 'ttl=n' to specify a IP multicast TTL to use
#                     when sending an ICP queries to this address.
#                     Only useful when sending to a multicast group.
#                     Because we don't accept ICP replies from random
#                     hosts, you must configure other group members as
#                     peers with the 'multicast-responder' option below.
#
#                     use 'no-query' to NOT send ICP queries to this
#                     neighbor.
#
#                     use 'default' if this is a parent cache which can
#                     be used as a "last-resort." You should probably
#                     only use 'default' in situations where you cannot
#                     use ICP with your parent cache(s).
#
#                     use 'round-robin' to define a set of parents which
#                     should be used in a round-robin fashion in the
#                     absence of any ICP queries.
#
#                     'multicast-responder' indicates that the named peer
#                     is a member of a multicast group.  ICP queries will
#                     not be sent directly to the peer, but ICP replies
#                     will be accepted from it.
#
#                     'closest-only' indicates that, for ICP_OP_MISS
#                     replies, we'll only forward CLOSEST_PARENT_MISSes
#                     and never FIRST_PARENT_MISSes.
#
#                     use 'no-digest' to NOT request cache digests from
#                     this neighbor.
#
#                     'no-netdb-exchange' disables requesting ICMP
#                     RTT database (NetDB) from the neighbor.
#
#                     use 'no-delay' to prevent access to this neighbor
#                     from influencing the delay pools.
#
#                     use 'login=user:password' if this is a personal/workgroup
#                     proxy and your parent requires proxy authentication.
#                     Note: The string can include URL escapes (i.e. %20 for
#                     spaces). This also means that % must be written as %%.
#
#                     use 'login=PASS' if users must authenticate against
#                     the upstream proxy. This will pass the users credentials
#                     as they are to the peer proxy. This only works for the
#                     Basic HTTP authentication sheme. Note: To combine this
#                     with proxy_auth both proxies must share the same user
#                     database as HTTP only allows for one proxy login.
#                     Also be warned that this will expose your users proxy
#                     password to the peer. USE WITH CAUTION
#
#                     use 'login=*:password' to pass the uname to the
#                     upstream cache, but with a fixed password. This is meant
#                     to be used when the peer is in another administrative
#                     domain, but it is still needed to identify each user.
#                     The star can optionally be followed by some extra
#                     information which is added to the uname. This can
#                     be used to identify this proxy to the peer, similar to
#                     the login=username:password option above.
#
#                     use 'connect-timeout=nn' to specify a peer
#                     specific connect timeout (also see the
#                     peer_connect_timeout directive)
#
#                     use 'digest-url=url' to tell Squid to fetch the cache
#                     digest (if digests are enabled) for this host from
#                     the specified URL rather than the Squid default
#                     location.
#
#                     use 'allow-miss' to disable Squid's use of only-if-cached
#                     when forwarding requests to siblings. This is primarily
#                     useful when icp_hit_stale is used by the sibling. To
#                     extensive use of this option may result in forwarding
#                     loops, and you should avoid having two-way peerings
#                     with this option. (for example to deny peer usage on
#                     requests from peer by denying cache_peer_access if the
#                     source is a peer)
#
#                     use 'max-conn' to limit the amount of connections Squid
#                     may open to this peer.
#
#        NOTE: non-ICP neighbors must be specified as 'parent'.
#
#Default:
# none

#  TAG: cache_peer_domain
#        Use to limit the domains for which a neighbor cache will be
#        queried.  Usage:
#
#        cache_peer_domain cache-host domain [domain ...]
#        cache_peer_domain cache-host !domain
#
#        For example, specifying
#
#                cache_peer_domain parent.foo.net        .edu
#
#        has the effect such that UDP query packets are sent to
#        'bigserver' only when the requested object exists on a
#        server in the .edu domain.  Prefixing the domainname
#        with '!' means that the cache will be queried for objects
#        NOT in that domain.
#
#        NOTE:        * Any number of domains may be given for a cache-host,
#                  either on the same or separate lines.
#                * When multiple domains are given for a particular
#                  cache-host, the first matched domain is applied.
#                * Cache hosts with no domain restrictions are queried
#                  for all requests.
#                * There are no defaults.
#                * There is also a 'cache_peer_access' tag in the ACL
#                  section.
#
#Default:
# none

#  TAG: neighbor_type_domain
#        usage: neighbor_type_domain parent|sibling domain domain ...
#
#        Modifying the neighbor type for specific domains is now
#        possible.  You can treat some domains differently than the the
#        default neighbor type specified on the 'cache_peer' line.
#        Normally it should only be necessary to list domains which
#        should be treated differently because the default neighbor type
#        applies for hostnames which do not match domains listed here.
#
#EXAMPLE:
#        cache_peer  parent cache.foo.org 3128 3130
#        neighbor_type_domain cache.foo.org sibling .com .net
#        neighbor_type_domain cache.foo.org sibling .au .de
#
#Default:
# none

#  TAG: icp_query_timeout        (msec)
#        Normally Squid will automatically determine an optimal ICP
#        query timeout value based on the round-trip-time of recent ICP
#        queries.  If you want to override the value determined by
#        Squid, set this 'icp_query_timeout' to a non-zero value.  This
#        value is specified in MILLISECONDS, so, to use a 2-second
#        timeout (the old default), you would write:
#
#                icp_query_timeout 2000
#
#Default:
# icp_query_timeout 0

#  TAG: maximum_icp_query_timeout        (msec)
#        Normally the ICP query timeout is determined dynamically.  But
#        sometimes it can lead to very large values (say 5 seconds).
#        Use this option to put an upper limit on the dynamic timeout
#        value.  Do NOT use this option to always use a fixed (instead
#        of a dynamic) timeout value. To set a fixed timeout see the
#        'icp_query_timeout' directive.
#
#Default:
# maximum_icp_query_timeout 2000

#  TAG: mcast_icp_query_timeout        (msec)
#        For Multicast peers, Squid regularly sends out ICP "probes" to
#        count how many other peers are listening on the given multicast
#        address.  This value specifies how long Squid should wait to
#        count all the replies.  The default is 2000 msec, or 2
#        seconds.
#
#Default:
# mcast_icp_query_timeout 2000

#  TAG: dead_peer_timeout        (seconds)
#        This controls how long Squid waits to declare a peer cache
#        as "dead."  If there are no ICP replies received in this
#        amount of time, Squid will declare the peer dead and not
#        expect to receive any further ICP replies.  However, it
#        continues to send ICP queries, and will mark the peer as
#        alive upon receipt of the first subsequent ICP reply.
#
#        This timeout also affects when Squid expects to receive ICP
#        replies from peers.  If more than 'dead_peer' seconds have
#        passed since the last ICP reply was received, Squid will not
#        expect to receive an ICP reply on the next query.  Thus, if
#        your time between requests is greater than this timeout, you
#        will see a lot of requests sent DIRECT to origin servers
#        instead of to your parents.
#
#Default:
# dead_peer_timeout 10 seconds

#  TAG: hierarchy_stoplist
#        A list of words which, if found in a URL, cause the object to
#        be handled directly by this cache.  In other words, use this
#        to not query neighbor caches for certain objects.  You may
#        list this option multiple times.
#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

#  TAG: no_cache
#        A list of ACL elements which, if matched, cause the request to
#        not be satisfied from the cache and the reply to not be cached.
#        In other words, use this to force certain objects to never be cached.
#
#        You must use the word 'DENY' to indicate the ACL names which should
#        NOT be cached.
#
#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY


# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------

#  TAG: cache_mem        (bytes)
#        NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS SIZE.
#        IT ONLY PLACES A LIMIT ON HOW MUCH ADDITIONAL MEMORY SQUID WILL
#        USE AS A MEMORY CACHE OF OBJECTS. SQUID USES MEMORY FOR OTHER
#        THINGS AS WELL. SEE THE SQUID FAQ SECTION 8 FOR DETAILS.
#
#        'cache_mem' specifies the ideal amount of memory to be used
#        for:
#                * In-Transit objects
#                * Hot Objects
#                * Negative-Cached objects
#
#        Data for these objects are stored in 4 KB blocks.  This
#        parameter specifies the ideal upper limit on the total size of
#        4 KB blocks allocated.  In-Transit objects take the highest
#        priority.
#
#        In-transit objects have priority over the others.  When
#        additional space is needed for incoming data, negative-cached
#        and hot objects will be released.  In other words, the
#        negative-cached and hot objects will fill up any unused space
#        not needed for in-transit objects.
#
#        If circumstances require, this limit will be exceeded.
#        Specifically, if your incoming request rate requires more than
#        'cache_mem' of memory to hold in-transit objects, Squid will
#        exceed this limit to satisfy the new requests.  When the load
#        decreases, blocks will be freed until the high-water mark is
#        reached.  Thereafter, blocks will be used to store hot
#        objects.
#
#Default:
# cache_mem 8 MB

#  TAG: cache_swap_low        (percent, 0-100)
#  TAG: cache_swap_high        (percent, 0-100)
#
#        The low- and high-water marks for cache object replacement.
#        Replacement begins when the swap (disk) usage is above the
#        low-water mark and attempts to maintain utilization near the
#        low-water mark.  As swap utilization gets close to high-water
#        mark object eviction becomes more aggressive.  If utilization is
#        close to the low-water mark less replacement is done each time.
#       
#        Defaults are 90% and 95%. If you have a large cache, 5% could be
#        hundreds of MB. If this is the case you may wish to set these
#        numbers closer together.
#
#Default:
# cache_swap_low 90
# cache_swap_high 95

#  TAG: maximum_object_size        (bytes)
#        Objects larger than this size will NOT be saved on disk.  The
#        value is specified in kilobytes, and the default is 4MB.  If
#        you wish to get a high BYTES hit ratio, you should probably
#        increase this (one 32 MB object hit counts for 3200 10KB
#        hits).  If you wish to increase speed more than your want to
#        save bandwidth you should leave this low.
#
#        NOTE: if using the LFUDA replacement policy you should increase
#        this value to maximize the byte hit rate improvement of LFUDA!
#        See replacement_policy below for a discussion of this policy.
#
#Default:
# maximum_object_size 4096 KB

#  TAG: minimum_object_size        (bytes)
#        Objects smaller than this size will NOT be saved on disk.  The
#        value is specified in kilobytes, and the default is 0 KB, which
#        means there is no minimum.
#
#Default:
# minimum_object_size 0 KB

#  TAG: maximum_object_size_in_memory        (bytes)
#        Objects greater than this size will not be attempted to kept in
#        the memory cache. This should be set high enough to keep objects
#        accessed frequently in memory to improve performance whilst low
#        enough to keep larger objects from hoarding cache_mem .
#
#Default:
# maximum_object_size_in_memory 8 KB

#  TAG: ipcache_size        (number of entries)
#  TAG: ipcache_low        (percent)
#  TAG: ipcache_high        (percent)
#        The size, low-, and high-water marks for the IP cache.
#
#Default:
# ipcache_size 1024
# ipcache_low 90
# ipcache_high 95

#  TAG: fqdncache_size        (number of entries)
#        Maximum number of FQDN cache entries.
#
#Default:
# fqdncache_size 1024

#  TAG: cache_replacement_policy
#        The cache replacement policy parameter determines which
#        objects are evicted (replaced) when disk space is needed.
#
#            lru       : Squid's original list based LRU policy
#            heap GDSF : Greedy-Dual Size Frequency
#            heap LFUDA: Least Frequently Used with Dynamic Aging
#            heap LRU  : LRU policy implemented using a heap
#
#        Applies to any cache_dir lines listed below this.
#
#        The LRU policies keeps recently referenced objects.
#
#        The heap GDSF policy optimizes object hit rate by keeping smaller
#        popular objects in cache so it has a better chance of getting a
#        hit.  It achieves a lower byte hit rate than LFUDA though since
#        it evicts larger (possibly popular) objects.
#
#        The heap LFUDA policy keeps popular objects in cache regardless of
#        their size and thus optimizes byte hit rate at the expense of
#        hit rate since one large, popular object will prevent many
#        smaller, slightly less popular objects from being cached.
#
#        Both policies utilize a dynamic aging mechanism that prevents
#        cache pollution that can otherwise occur with frequency-based
#        replacement policies.
#
#        NOTE: if using the LFUDA replacement policy you should increase
#        the value of maximum_object_size above its default of 4096 KB to
#        to maximize the potential byte hit rate improvement of LFUDA.
#
#        For more information about the GDSF and LFUDA cache replacement
#        policies see http://www.hpl.hp.com/techreports/1999/HPL-1999-69.html
#        and http://fog.hpl.external.hp.com/techreports/98/HPL-98-173.html.
#
#Default:
# cache_replacement_policy lru

#  TAG: memory_replacement_policy
#        The memory replacement policy parameter determines which
#        objects are purged from memory when memory space is needed.
#
#        See cache_replacement_policy for details.
#
#Default:
# memory_replacement_policy lru


# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

#  TAG: cache_dir
#        Usage:
#       
#        cache_dir Type Directory-Name Fs-specific-data [options]
#
#        cache_dir diskd Maxobjsize Directory-Name MB L1 L2 Q1 Q2
#
#        You can specify multiple cache_dir lines to spread the
#        cache among different disk partitions.
#
#        Type specifies the kind of storage system to use. Only "ufs"
#        is built by default. To eanble any of the other storage systems
#        see the --enable-storeio configure option.
#
#        'Directory' is a top-level directory where cache swap
#        files will be stored.  If you want to use an entire disk
#        for caching, then this can be the mount-point directory.
#        The directory must exist and be writable by the Squid
#        process.  Squid will NOT create this directory for you.
#
#        The ufs store type:
#
#        "ufs" is the old well-known Squid storage format that has always
#        been there.
#
#        cache_dir ufs Directory-Name Mbytes L1 L2 [options]
#
#        'Mbytes' is the amount of disk space (MB) to use under this
#        directory.  The default is 100 MB.  Change this to suit your
#        configuration.  Do NOT put the size of your disk drive here.
#        Instead, if you want Squid to use the entire disk drive,
#        subtract 20% and use that value.
#
#        'Level-1' is the number of first-level subdirectories which
#        will be created under the 'Directory'.  The default is 16.
#
#        'Level-2' is the number of second-level subdirectories which
#        will be created under each first-level directory.  The default
#        is 256.
#
#        The aufs store type:
#
#        "aufs" uses the same storage format as "ufs", utilizing
#        POSIX-threads to avoid blocking the main Squid process on
#        disk-I/O. This was formerly known in Squid as async-io.
#
#        cache_dir aufs Directory-Name Mbytes L1 L2 [options]
#
#        see argument descriptions under ufs above
#
#        The diskd store type:
#
#        "diskd" uses the same storage format as "ufs", utilizing a
#        separate process to avoid blocking the main Squid process on
#        disk-I/O.
#
#        cache_dir diskd Directory-Name Mbytes L1 L2 [options] [Q1=n] [Q2=n]
#
#        see argument descriptions under ufs above
#
#        Q1 specifies the number of unacknowledged I/O requests when Squid
#        stops opening new files. If this many messages are in the queues,
#        Squid won't open new files. Default is 64
#
#        Q2 specifies the number of unacknowledged messages when Squid
#        starts blocking.  If this many messages are in the queues,
#        Squid blocks until it recevies some replies. Default is 72
#
#        Common options:
#
#        read-only, this cache_dir is read only.
#
#        max-size=n, refers to the max object size this storedir supports.
#        It is used to initially choose the storedir to dump the object.
#        Note: To make optimal use of the max-size limits you should order
#        the cache_dir lines with the smallest max-size value first and the
#        ones with no max-size specification last.
#
#Default:
# cache_dir ufs /var/spool/squid 100 16 256

#  TAG: cache_access_log
#        Logs the client request activity.  Contains an entry for
#        every HTTP and ICP queries received. To disable, enter "none".
#
#Default:
# cache_access_log /var/log/squid/access.log

#  TAG: cache_log
#        Cache logging file. This is where general information about
#        your cache's behavior goes. You can increase the amount of data
#        logged to this file with the "debug_options" tag below.
#
#Default:
# cache_log /var/log/squid/cache.log

#  TAG: cache_store_log
#        Logs the activities of the storage manager.  Shows which
#        objects are ejected from the cache, and which objects are
#        saved and for how long.  To disable, enter "none". There are
#        not really utilities to analyze this data, so you can safely
#        disable it.
#
#Default:
# cache_store_log /var/log/squid/store.log

#  TAG: cache_swap_log
#        Location for the cache "swap.log."  This log file holds the
#        metadata of objects saved on disk.  It is used to rebuild the
#        cache during startup.  Normally this file resides in each
#        'cache_dir' directory, but you may specify an alternate
#        pathname here.  Note you must give a full filename, not just
#        a directory. Since this is the index for the whole object
#        list you CANNOT periodically rotate it!
#
#        If %s can be used in the file name then it will be replaced with a
#        a representation of the cache_dir name where each / is replaced
#        with '.'. This is needed to allow adding/removing cache_dir
#        lines when cache_swap_log is being used.
#       
#        If have more than one 'cache_dir', and %s is not used in the name
#        then these swap logs will have names such as:
#
#                cache_swap_log.00
#                cache_swap_log.01
#                cache_swap_log.02
#
#        The numbered extension (which is added automatically)
#        corresponds to the order of the 'cache_dir' lines in this
#        configuration file.  If you change the order of the 'cache_dir'
#        lines in this file, then these log files will NOT correspond to
#        the correct 'cache_dir' entry (unless you manually rename
#        them).  We recommend that you do NOT use this option.  It is
#        better to keep these log files in each 'cache_dir' directory.
#
#Default:
# none

#  TAG: emulate_httpd_log        on|off
#        The Cache can emulate the log file format which many 'httpd'
#        programs use.  To disable/enable this emulation, set
#        emulate_httpd_log to 'off' or 'on'.  The default
#        is to use the native log format since it includes useful
#        information that Squid-specific log analyzers use.
#
#Default:
# emulate_httpd_log off

#  TAG: log_ip_on_direct        on|off
#        Log the destination IP address in the hierarchy log tag when going
#        direct. Earlier Squid versions logged the hostname here. If you
#        prefer the old way set this to off.
#
#Default:
# log_ip_on_direct on

#  TAG: mime_table
#        Pathname to Squid's MIME table. You shouldn't need to change
#        this, but the default file contains examples and formatting
#        information if you do.
#
#Default:
# mime_table /etc/squid/mime.conf

#  TAG: log_mime_hdrs        on|off
#        The Cache can record both the request and the response MIME
#        headers for each HTTP transaction.  The headers are encoded
#        safely and will appear as two bracketed fields at the end of
#        the access log (for either the native or httpd-emulated log
#        formats).  To enable this logging set log_mime_hdrs to 'on'.
#
#Default:
# log_mime_hdrs off

#  TAG: useragent_log
# Note: This option is only available if Squid is rebuilt with the
#       --enable-useragent-log option
#
#        Squid will write the User-Agent field from HTTP requests
#        to the filename specified here.  By default useragent_log
#        is disabled.
#
#Default:
# none

#  TAG: referer_log
# Note: This option is only available if Squid is rebuilt with the
#       --enable-referer-log option
#
#        Squid will write the Referer field from HTTP requests to the
#        filename specified here.  By default referer_log is disabled.
#
#Default:
# none

#  TAG: pid_filename
#        A filename to write the process-id to.  To disable, enter "none".
#
#Default:
# pid_filename /var/run/squid.pid

#  TAG: debug_options
#        Logging options are set as section,level where each source file
#        is assigned a unique section.  Lower levels result in less
#        output,  Full debugging (level 9) can result in a very large
#        log file, so be careful.  The magic word "ALL" sets debugging
#        levels for all sections.  We recommend normally running with
#        "ALL,1".
#
#Default:
# debug_options ALL,1

#  TAG: log_fqdn        on|off
#        Turn this on if you wish to log fully qualified domain names
#        in the access.log. To do this Squid does a DNS lookup of all
#        IP's connecting to it. This can (in some situations) increase
#        latency, which makes your cache seem slower for interactive
#        browsing.
#
#Default:
# log_fqdn off

#  TAG: client_netmask
#        A netmask for client addresses in logfiles and cachemgr output.
#        Change this to protect the privacy of your cache clients.
#        A netmask of 255.255.255.0 will log all IP's in that range with
#        the last digit set to '0'.
#
#Default:
# client_netmask 255.255.255.255


# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------

#  TAG: ftp_user
#        If you want the anonymous login password to be more informative
#        (and enable the use of picky ftp servers), set this to something
#        reasonable for your domain, like [email protected]
#
#        The reason why this is domainless by default is that the
#        request can be made on the behalf of a user in any domain,
#        depending on how the cache is used.
#        Some ftp server also validate that the email address is valid
#        (for example perl.com).
#
#Default:
# ftp_user Squid@

#  TAG: ftp_list_width
#        Sets the width of ftp listings. This should be set to fit in
#        the width of a standard browser. Setting this too small
#        can cut off long filenames when browsing ftp sites.
#
#Default:
# ftp_list_width 32

#  TAG: ftp_passive
#        If your firewall does not allow Squid to use passive
#        connections, then turn off this option.
#
#Default:
# ftp_passive on

#  TAG: ftp_sanitycheck
#        For security and data integrity reasons Squid by default performs
#        sanity checks of the addresses of FTP data connections ensure the
#        data connection is to the requested server. If you need to allow
#        FTP connections to servers using another IP address for the data
#        connection then turn this off.
#
#Default:
# ftp_sanitycheck on

#  TAG: cache_dns_program
# Note: This option is only available if Squid is rebuilt with the
#       --disable-internal-dns option
#
#        Specify the location of the executable for dnslookup process.
#
#Default:
# cache_dns_program /usr/lib/squid/

#  TAG: dns_children
# Note: This option is only available if Squid is rebuilt with the
#       --disable-internal-dns option
#
#        The number of processes spawn to service DNS name lookups.
#        For heavily loaded caches on large servers, you should
#        probably increase this value to at least 10.  The maximum
#        is 32.  The default is 5.
#
#        You must have at least one dnsserver process.
#
#Default:
# dns_children 5

#  TAG: dns_retransmit_interval
#        Initial retransmit interval for DNS queries. The interval is
#        doubled each time all configured DNS servers have been tried.
#
#
#Default:
# dns_retransmit_interval 5 seconds

#  TAG: dns_timeout
#        DNS Query timeout. If no response is received to a DNS query
#        within this time then all DNS servers for the queried domain
#        is assumed to be unavailable.
#
#Default:
# dns_timeout 5 minutes

#  TAG: dns_defnames        on|off
# Note: This option is only available if Squid is rebuilt with the
#       --disable-internal-dns option
#
#        Normally the 'dnsserver' disables the RES_DEFNAMES resolver
#        option (see res_init(3)).  This prevents caches in a hierarchy
#        from interpreting single-component hostnames locally.  To allow
#        dnsserver to handle single-component names, enable this
#        option.
#
#Default:
# dns_defnames off

#  TAG: dns_nameservers
#        Use this if you want to specify a list of DNS name servers
#        (IP addresses) to use instead of those given in your
#        /etc/resolv.conf file.
#        On Windows platforms, if no value is specified here or in
#        the /etc/resolv.conf file, the list of DNS name servers are
#        taken from the Windows registry, both static and dynamic DHCP
#        configurations are supported.
#
#        Example: dns_nameservers 10.0.0.1 192.172.0.4
#
#Default:
# none

#  TAG: hosts_file
#        Location of the host-local IP name-address associations
#        database.  Most Operating Systems have such a file: under
#        Un*X it's by default in /etc/hosts MS-Windows NT/2000 places
#        that in %SystemRoot%(by default
#        c:\winnt)\system32\drivers\etc\hosts, while Windows 9x/ME
#        places that in %windir%(usually c:\windows)\hosts
#
#        The file contains newline-separated definitions, in the
#        form ip_address_in_dotted_form name [name ...] names are
#        whitespace-separated.  lines beginnng with an hash (#)
#        character are comments.
#
#        The file is checked at startup and upon configuration.  If
#        set to 'none', it won't be checked.  If append_domain is
#        used, that domain will be added to domain-local (i.e. not
#        containing any dot character) host definitions.
#
#Default:
# hosts_file /etc/hosts

#  TAG: diskd_program
#        Specify the location of the diskd executable.
#        Note that this is only useful if you have compiled in
#        diskd as one of the store io modules.
#
#Default:
# diskd_program /usr/lib/squid/diskd

#  TAG: unlinkd_program
#        Specify the location of the executable for file deletion process.
#
#Default:
# unlinkd_program /usr/lib/squid/unlinkd

#  TAG: pinger_program
# Note: This option is only available if Squid is rebuilt with the
#       --enable-icmp option
#
#        Specify the location of the executable for the pinger process.
#
#Default:
# pinger_program /usr/lib/squid/

#  TAG: redirect_program
#        Specify the location of the executable for the URL redirector.
#        Since they can perform almost any function there isn't one included.
#        See the FAQ (section 15) for information on how to write one.
#        By default, a redirector is not used.
#
#Default:
# none

#  TAG: redirect_children
#        The number of redirector processes to spawn. If you start
#        too few Squid will have to wait for them to process a backlog of
#        URLs, slowing it down. If you start too many they will use RAM
#        and other system resources.
#
#Default:
# redirect_children 5

#  TAG: redirect_rewrites_host_header
#        By default Squid rewrites any Host: header in redirected
#        requests.  If you are running an accelerator then this may
#        not be a wanted effect of a redirector.
#
#Default:
# redirect_rewrites_host_header on

#  TAG: redirector_access
#        If defined, this access list specifies which requests are
#        sent to the redirector processes.  By default all requests
#        are sent.
#
#Default:
# none

#  TAG: auth_param
#        This is used to pass parameters to the various authentication
#        schemes.
#        format: auth_param scheme parameter [setting]
#       
#        auth_param basic program /usr/bin/ncsa_auth /usr/etc/passwd       
#        would tell the basic authentication scheme it's program parameter.
#
#        The order that authentication prompts are presented to the client_agent
#        is dependant on the order the scheme first appears in config file.
#        IE has a bug (it's not rfc 2617 compliant) in that it will use the basic
#        scheme if basic is the first entry presented, even if more secure schemes
#        are presented. For now use the order in the file below. If other browsers
#        have difficulties (don't recognise the schemes offered even if you are using
#        basic) then either put basic first, or disable the other schemes (by commenting
#        out their program entry).
#
#        Once an authentication scheme is fully configured, it can only be shutdown
#        by shutting squid down and restarting. Changes can be made on the fly and
#        activated with a reconfigure. I.E. You can change to a different helper,
#        but not unconfigure the helper completely.
#
#        === Parameters for the basic scheme follow. ===
#       
#        "program" cmdline
#        Specify the command for the external authenticator.  Such a
#        program reads a line containing "username password" and replies
#        "OK" or "ERR" in an endless loop.  If you use an authenticator,
#        make sure you have 1 acl of type proxy_auth.  By default, the
#        authenticate_program is not used.
#
#        If you want to use the traditional proxy authentication,
#        jump over to the ../auth_modules/NCSA directory and
#        type:
#                % make
#                % make install
#
#        Then, set this line to something like
#
#        auth_param basic program /usr/bin/ncsa_auth /usr/etc/passwd
#
#        "children" numberofchildren
#        The number of authenticator processes to spawn (no default).
#        If you start too few Squid will have to wait for them to
#        process a backlog of usercode/password verifications, slowing
#        it down. When password verifications are done via a (slow)
#        network you are likely to need lots of authenticator
#        processes.
#        auth_param basic children 5
#
#        "realm" realmstring
#        Specifies the realm name which is to be reported to the
#        client for the basic proxy authentication scheme (part of
#        the text the user will see when prompted their uname and
#        password). There is no default.
#        auth_param basic realm Squid proxy-caching web server
#
#        "credentialsttl" timetolive
#        Specifies how long squid assumes an externally validated
#        username:password pair is valid for - in other words how
#        often the helper program is called for that user. Set this
#        low to force revalidation with short lived passwords.  Note
#        that setting this high does not impact your susceptability
#        to replay attacks unless you are using an one-time password
#        system (such as SecureID).  If you are using such a system,
#        you will be vulnerable to replay attacks unless you also
#        use the max_user_ip ACL in an http_access rule.
#
#        === Parameters for the digest scheme follow ===
#
#        "program" cmdline
#        Specify the command for the external authenticator.  Such
#        a program reads a line containing "username":"realm" and
#        replies with the appropriate H(A1) value base64 encoded.
#        See rfc 2616 for the definition of H(A1).  If you use an
#        authenticator, make sure you have 1 acl of type proxy_auth.
#        By default, authentication is not used.
#
#        If you want to use build an authenticator,
#        jump over to the ../digest_auth_modules directory and choose the
#        authenticator to use. It it's directory type
#                % make
#                % make install
#
#        Then, set this line to something like
#
#        auth_param digest program /usr/bin/digest_auth_pw /usr/etc/digpass
#
#
#        "children" numberofchildren
#        The number of authenticator processes to spawn (no default).
#        If you start too few Squid will have to wait for them to
#        process a backlog of H(A1) calculations, slowing it down.
#        When the H(A1) calculations are done via a (slow) network
#        you are likely to need lots of authenticator processes.
#        auth_param digest children 5
#
#        "realm" realmstring
#        Specifies the realm name which is to be reported to the
#        client for the digest proxy authentication scheme (part of
#        the text the user will see when prompted their uname and
#        password). There is no default.
#        auth_param digest realm Squid proxy-caching web server
#
#        "nonce_garbage_interval" timeinterval
#        Specifies the interval that nonces that have been issued
#        to client_agent's are checked for validity.
#
#        "nonce_max_duration" timeinterval
#        Specifies the maximum length of time a given nonce will be
#        valid for.
#
#        "nonce_max_count" number
#        Specifies the maximum number of times a given nonce can be
#        used.
#
#        "nonce_strictness" on|off
#        Determines if squid requires increment-by-1 behaviour for
#        nonce counts (on - the default), or strictly incrementing
#        (off - for use when useragents generate nonce counts that
#        occasionally miss 1 (ie, 1,2,4,6)).
#
#        === NTLM scheme options follow ===
#
#        "program" cmdline
#        Specify the command for the external ntlm authenticator.
#        Such a program reads a line containing the uuencoded NEGOTIATE
#        and replies with the ntlm CHALLENGE, then waits for the
#        response and answers with "OK" or "ERR" in an endless loop.
#        If you use an ntlm authenticator, make sure you have 1 acl
#        of type proxy_auth.  By default, the ntlm authenticator_program
#        is not used.
#
#        auth_param ntlm program /usr/bin/ntlm_auth
#
#        "children" numberofchildren
#        The number of authenticator processes to spawn (no default).
#        If you start too few Squid will have to wait for them to
#        process a backlog of credential verifications, slowing it
#        down. When crendential verifications are done via a (slow)
#        network you are likely to need lots of authenticator
#        processes.
#        auth_param ntlm children 5
#
#        "max_challenge_reuses" number
#        The maximum number of times a challenge given by a ntlm
#        authentication helper can be reused. Increasing this number
#        increases your exposure to replay attacks on your network.
#        0 means use the challenge only once.  (disable challenge
#        caching) See max_ntlm_challenge_lifetime for more information.
#        auth_param ntlm max_challenge_reuses 0
#
#        "max_challenge_lifetime" timespan
#        The maximum time period that a ntlm challenge is reused
#        over.  The actual period will be the minimum of this time
#        AND the number of reused challenges.
#        auth_param ntlm max_challenge_lifetime 2 minutes
#
#Recommended minimum configuration:
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param basic program <uncomment and complete this line>
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

#  TAG: authenticate_cache_garbage_interval
#        The time period between garbage collection across the
#        username cache.  This is a tradeoff between memory utilisation
#        (long intervals - say 2 days) and CPU (short intervals -
#        say 1 minute). Only change if you have good reason to.
#
#Default:
# authenticate_cache_garbage_interval 1 hour

#  TAG: authenticate_ttl
#        The time a user & their credentials stay in the logged in
#        user cache since their last request. When the garbage
#        interval passes, all user credentials that have passed their
#        TTL are removed from memory.
#
#Default:
# authenticate_ttl 1 hour

#  TAG: authenticate_ip_ttl
#        If you use proxy authentication and the 'max_user_ip' ACL,
#        this directive controls how long Squid remembers the IP
#        addresses associated with each user.  Use a small value
#        (e.g., 60 seconds) if your users might change addresses
#        quickly, as is the case with dialups.   You might be safe
#        using a larger value (e.g., 2 hours) in a corporate LAN
#        environment with relatively static address assignments.
#
#Default:
# authenticate_ip_ttl 0 seconds

#  TAG: external_acl_type
#        This option defines external acl classes using a helper program
#        to look up the status
#       
#          external_acl_type name [options] FORMAT.. /path/to/helper [helper arguments..]
#       
#        Options:
#
#          ttl=n                TTL in seconds for cached results (defaults to 3600
#                          for 1 hour)
#          negative_ttl=n
#                          TTL for cached negative lookups (default same
#                          as ttl)
#          concurrency=n        Concurrency level / number of processes spawn
#                        to service external acl lookups of this type.
#          cache=n        result cache size, 0 is unbounded (default)
#       
#        FORMAT specifications
#
#          %LOGIN        Authenticated user login name
#          %IDENT        Ident user name
#          %SRC                Client IP
#          %DST                Requested host
#          %PROTO        Requested protocol
#          %PORT                Requested port
#          %METHOD        Request method
#          %{Header}        HTTP request header
#          %{Hdr:member}        HTTP request header list member
#          %{Hdr:;member}
#                          HTTP request header list member using ; as
#                          list separator. ; can be any non-alphanumeric
#                        character.
#
#        In addition, any string specified in the referencing acl will
#        also be included in the helper request line, after the specified
#        formats (see the "acl external" directive)
#
#        The helper receives lines per the above format specification,
#        and returns lines starting with OK or ERR indicating the validity
#        of the request and optionally followed by additional keywords with
#        more details.
#
#        General result syntax:
#       
#          OK/ERR keyword=value ...
#
#        Defined keywords:
#
#          user=                The users name (login)
#          error=        Error description (only defined for ERR results)
#
#        Keyword values need to be enclosed in quotes if they may contain
#        whitespace, or the whitespace escaped using \. Any quotes or \
#        characters within the keyword value must be \ escaped.
#
#Default:
# none


# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------

#  TAG: wais_relay_host
#  TAG: wais_relay_port
#        Relay WAIS request to host (1st arg) at port (2 arg).
#
#Default:
# wais_relay_port 0

#  TAG: request_header_max_size        (KB)
#        This specifies the maximum size for HTTP headers in a request.
#        Request headers are usually relatively small (about 512 bytes).
#        Placing a limit on the request header size will catch certain
#        bugs (for example with persistent connections) and possibly
#        buffer-overflow or denial-of-service attacks.
#
#Default:
# request_header_max_size 10 KB

#  TAG: request_body_max_size        (KB)
#        This specifies the maximum size for an HTTP request body.
#        In other words, the maximum size of a PUT/POST request.
#        A user who attempts to send a request with a body larger
#        than this limit receives an "Invalid Request" error message.
#        If you set this parameter to a zero (the default), there will
#        be no limit imposed.
#
#Default:
# request_body_max_size 0 KB

#  TAG: refresh_pattern
#        usage: refresh_pattern [-i] regex min percent max [options]
#
#        By default, regular expressions are CASE-SENSITIVE.  To make
#        them case-insensitive, use the -i option.
#
#        'Min' is the time (in minutes) an object without an explicit
#        expiry time should be considered fresh. The recommended
#        value is 0, any higher values may cause dynamic applications
#        to be erroneously cached unless the application designer
#        has taken the appropriate actions.
#
#        'Percent' is a percentage of the objects age (time since last
#        modification age) an object without explicit expiry time
#        will be considered fresh.
#
#        'Max' is an upper limit on how long objects without an explicit
#        expiry time will be considered fresh.
#
#        options: override-expire
#                 override-lastmod
#                 reload-into-ims
#                 ignore-reload
#
#                override-expire enforces min age even if the server
#                sent a Expires: header. Doing this VIOLATES the HTTP
#                standard.  Enabling this feature could make you liable
#                for problems which it causes.
#
#                override-lastmod enforces min age even on objects
#                that was modified recently.
#
#                reload-into-ims changes client no-cache or ``reload''
#                to If-Modified-Since requests. Doing this VIOLATES the
#                HTTP standard. Enabling this feature could make you
#                liable for problems which it causes.
#
#                ignore-reload ignores a client no-cache or ``reload''
#                header. Doing this VIOLATES the HTTP standard. Enabling
#                this feature could make you liable for problems which
#                it causes.
#               
#        Basically a cached object is:
#
#                FRESH if expires < now, else STALE
#                STALE if age > max
#                FRESH if lm-factor < percent, else STALE
#                FRESH if age < min
#                else STALE
#
#        The refresh_pattern lines are checked in the order listed here.
#        The first entry which matches is used.  If none of the entries
#        match, then the default will be used.
#
#        Note, you must uncomment all the default lines if you want
#        to change one. The default setting is only active if none is
#        used.
#
#Suggested default:
refresh_pattern ^ftp:                1440        20%        10080
refresh_pattern ^gopher:        1440        0%        1440
refresh_pattern .                0        20%        4320

#  TAG: quick_abort_min        (KB)
#  TAG: quick_abort_max        (KB)
#  TAG: quick_abort_pct        (percent)
#        The cache by default continues downloading aborted requests
#        which are almost completed (less than 16 KB remaining). This
#        may be undesirable on slow (e.g. SLIP) links and/or very busy
#        caches.  Impatient users may tie up file descriptors and
#        bandwidth by repeatedly requesting and immediately aborting
#        downloads.
#
#        When the user aborts a request, Squid will check the
#        quick_abort values to the amount of data transfered until
#        then.
#
#        If the transfer has less than 'quick_abort_min' KB remaining,
#        it will finish the retrieval.
#
#        If the transfer has more than 'quick_abort_max' KB remaining,
#        it will abort the retrieval.
#
#        If more than 'quick_abort_pct' of the transfer has completed,
#        it will finish the retrieval.
#
#        If you do not want any retrieval to continue after the client
#        has aborted, set both 'quick_abort_min' and 'quick_abort_max'
#        to '0 KB'.
#
#        If you want retrievals to always continue if they are being
#        cached then set 'quick_abort_min' to '-1 KB'.
#
#Default:
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95

#  TAG: negative_ttl        time-units
#        Time-to-Live (TTL) for failed requests.  Certain types of
#        failures (such as "connection refused" and "404 Not Found") are
#        negatively-cached for a configurable amount of time.  The
#        default is 5 minutes.  Note that this is different from
#        negative caching of DNS lookups.
#
#Default:
# negative_ttl 5 minutes

#  TAG: positive_dns_ttl        time-units
#        Time-to-Live (TTL) for positive caching of successful DNS lookups.
#        Default is 6 hours (360 minutes).  If you want to minimize the
#        use of Squid's ipcache, set this to 1, not 0.
#
#Default:
# positive_dns_ttl 6 hours

#  TAG: negative_dns_ttl        time-units
#        Time-to-Live (TTL) for negative caching of failed DNS lookups.
#
#Default:
# negative_dns_ttl 5 minutes

#  TAG: range_offset_limit        (bytes)
#        Sets a upper limit on how far into the the file a Range request
#        may be to cause Squid to prefetch the whole file. If beyond this
#        limit then Squid forwards the Range request as it is and the result
#        is NOT cached.
#
#        This is to stop a far ahead range request (lets say start at 17MB)
#        from making Squid fetch the whole object up to that point before
#        sending anything to the client.
#
#        A value of -1 causes Squid to always fetch the object from the
#        beginning so that it may cache the result. (2.0 style)
#
#        A value of 0 causes Squid to never fetch more than the
#        client requested. (default)
#
#Default:
# range_offset_limit 0 KB


# TIMEOUTS
# -----------------------------------------------------------------------------

#  TAG: connect_timeout        time-units
#        Some systems (notably Linux) can not be relied upon to properly
#        time out connect(2) requests.  Therefore the Squid process
#        enforces its own timeout on server connections.  This parameter
#        specifies how long to wait for the connect to complete.  The
#        default is two minutes (120 seconds).
#
#Default:
# connect_timeout 2 minutes

#  TAG: peer_connect_timeout        time-units
#        This parameter specifies how long to wait for a pending TCP
#        connection to a peer cache.  The default is 30 seconds.   You
#        may also set different timeout values for individual neighbors
#        with the 'connect-timeout' option on a 'cache_peer' line.
#
#Default:
# peer_connect_timeout 30 seconds

#  TAG: read_timeout        time-units
#        The read_timeout is applied on server-side connections.  After
#        each successful read(), the timeout will be extended by this
#        amount.  If no data is read again after this amount of time,
#        the request is aborted and logged with ERR_READ_TIMEOUT.  The
#        default is 15 minutes.
#
#Default:
# read_timeout 15 minutes

#  TAG: request_timeout
#        How long to wait for an HTTP request after initial
#        connection establishment.
#
#Default:
# request_timeout 5 minutes

#  TAG: persistent_request_timeout
#        How long to wait for the next HTTP request on a persistent
#        connection after the previous request completes.
#
#Default:
# persistent_request_timeout 1 minute

#  TAG: client_lifetime        time-units
#        The maximum amount of time that a client (browser) is allowed to
#        remain connected to the cache process.  This protects the Cache
#        from having a lot of sockets (and hence file descriptors) tied up
#        in a CLOSE_WAIT state from remote clients that go away without
#        properly shutting down (either because of a network failure or
#        because of a poor client implementation).  The default is one
#        day, 1440 minutes.
#
#        NOTE:  The default value is intended to be much larger than any
#        client would ever need to be connected to your cache.  You
#        should probably change client_lifetime only as a last resort.
#        If you seem to have many client connections tying up
#        filedescriptors, we recommend first tuning the read_timeout,
#        request_timeout, persistent_request_timeout and quick_abort values.
#
#Default:
# client_lifetime 1 day

#  TAG: half_closed_clients
#        Some clients may shutdown the sending side of their TCP
#        connections, while leaving their receiving sides open.        Sometimes,
#        Squid can not tell the difference between a half-closed and a
#        fully-closed TCP connection.  By default, half-closed client
#        connections are kept open until a read(2) or write(2) on the
#        socket returns an error.  Change this option to 'off' and Squid
#        will immediately close client connections when read(2) returns
#        "no more data to read."
#
#Default:
# half_closed_clients on

#  TAG: pconn_timeout
#        Timeout for idle persistent connections to servers and other
#        proxies.
#
#Default:
# pconn_timeout 120 seconds

#  TAG: ident_timeout
#        Maximum time to wait for IDENT lookups to complete.
#       
#        If this is too high, and you enabled IDENT lookups from untrusted
#        users, then you might be susceptible to denial-of-service by having
#        many ident requests going at once.
#
#Default:
# ident_timeout 10 seconds

#  TAG: shutdown_lifetime        time-units
#        When SIGTERM or SIGHUP is received, the cache is put into
#        "shutdown pending" mode until all active sockets are closed.
#        This value is the lifetime to set for all open descriptors
#        during shutdown mode.  Any active clients after this many
#        seconds will receive a 'timeout' message.
#
#Default:
# shutdown_lifetime 30 seconds


# ACCESS CONTROLS
# -----------------------------------------------------------------------------

#  TAG: acl
#        Defining an Access List
#
#        acl aclname acltype string1 ...
#        acl aclname acltype "file" ...
#
#        when using "file", the file should contain one item per line
#
#        acltype is one of the types described below
#
#        By default, regular expressions are CASE-SENSITIVE.  To make
#        them case-insensitive, use the -i option.
#
#        acl aclname src      ip-address/netmask ... (clients IP address)
#        acl aclname src      addr1-addr2/netmask ... (range of addresses)
#        acl aclname dst      ip-address/netmask ... (URL host's IP address)
#        acl aclname myip     ip-address/netmask ... (local socket IP address)
#
#        acl aclname srcdomain   .foo.com ...    # reverse lookup, client IP
#        acl aclname dstdomain   .foo.com ...    # Destination server from URL
#        acl aclname srcdom_regex [-i] xxx ...   # regex matching client name
#        acl aclname dstdom_regex [-i] xxx ...   # regex matching server
#          # For dstdomain and dstdom_regex  a reverse lookup is tried if a IP
#          # based URL is used. The name "none" is used if the reverse lookup
#          # fails.
#
#        acl aclname time     [day-abbrevs]  [h1:m1-h2]
#            day-abbrevs:
#                S - Sunday
#                M - Monday
#                T - Tuesday
#                W - Wednesday
#                H - Thursday
#                F - Friday
#                A - Saturday
#            h1:m1 must be less than h2:m2
#        acl aclname url_regex [-i] ^http:// ...        # regex matching on whole URL
#        acl aclname urlpath_regex [-i] \.gif$ ...        # regex matching on URL path
#        acl aclname port     80 70 21 ...
#        acl aclname port     0-1024 ...                # ranges allowed
#        acl aclname myport   3128 ...                # (local socket TCP port)
#        acl aclname proto    HTTP FTP ...
#        acl aclname method   GET POST ...
#        acl aclname browser  [-i] regexp ...
#          # pattern match on User-Agent header
#        acl aclname referer_regex  [-i] regexp ...
#          # pattern match on Referer header
#          # Referer is highly unreliable, so use with care
#        acl aclname ident    uname ...
#        acl aclname ident_regex [-i] pattern ...
#          # string match on ident output.
#          # use REQUIRED to accept any non-null ident.
#        acl aclname src_as   number ...
#        acl aclname dst_as   number ...
#          # Except for access control, AS numbers can be used for
#          # routing of requests to specific caches. Here's an
#          # example for routing all requests for AS#1241 and only
#          # those to mycache.mydomain.net:
#          # acl asexample dst_as 1241
#          # cache_peer_access mycache.mydomain.net allow asexample
#          # cache_peer_access mycache_mydomain.net deny all
#
#        acl aclname proxy_auth uname ...
#        acl aclname proxy_auth_regex [-i] pattern ...
#          # list of valid unames
#          # use REQUIRED to accept any valid uname.
#          #
#          # NOTE: when a Proxy-Authentication header is sent but it is not
#          # needed during ACL checking the uname is NOT logged
#          # in access.log.
#          #
#          # NOTE: proxy_auth requires a EXTERNAL authentication program
#          # to check uname/password combinations (see
#          # authenticate_program).
#          #
#          # WARNING: proxy_auth can't be used in a transparent proxy. It
#          # collides with any authentication done by origin servers. It may
#          # seem like it works at first, but it doesn't.
#
#        acl aclname snmp_community string ...
#          # A community string to limit access to your SNMP Agent
#          # Example:
#          #
#          #        acl snmppublic snmp_community public
#
#        acl aclname maxconn number
#          # This will be matched when the client's IP address has
#          # more than <number> HTTP connections established.
#
#        acl aclname max_user_ip [-s] number
#          # This will be matched when the user attempts to log in from more
#          # than <number> different ip addresses. The authenticate_ip_ttl
#          # parameter controls the timeout on the ip entries.
#          # If -s is specified then the limit is strict, denying browsing
#          # from any further IP addresses until the ttl has expired. Without
#          # -s Squid will just annoy the user by "randomly" denying requests.
#          # (the counter is then reset each time the limit is reached and a
#          # request is denied)
#          # NOTE: in acceleration mode or where there is mesh of child proxies,
#          # clients may appear to come from multiple addresses if they are
#          # going through proxy farms, so a limit of 1 may cause user problems.
#
#        acl aclname req_mime_type mime-type1 ...
#          # regex match agains the mime type of the request generated
#          # by the client. Can be used to detect file upload or some
#          # types HTTP tunelling requests.
#          # NOTE: This does NOT match the reply. You cannot use this
#          # to match the returned file type.
#
#        acl aclname rep_mime_type mime-type1 ...
#          # regex match against the mime type of the reply recieved by
#          # squid. Can be used to detect file download or some
#          # types HTTP tunelling requests.
#          # NOTE: This has no effect in http_access rules. It only has
#          # effect in rules that affect the reply data stream such as
#          # http_reply_access.
#
#        acl acl_name external class_name [arguments...]
#          # external ACL lookup via a helper class defined by the
#          # external_acl_type directive.
#
#Examples:
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80                # http
acl Safe_ports port 21                # ftp
acl Safe_ports port 443 563        # https, snews
acl Safe_ports port 70                # gopher
acl Safe_ports port 210                # wais
acl Safe_ports port 1025-65535        # unregistered ports
acl Safe_ports port 280                # http-mgmt
acl Safe_ports port 488                # gss-http
acl Safe_ports port 591                # filemaker
acl Safe_ports port 777                # multiling http
acl CONNECT method CONNECT

#  TAG: http_access
#        Allowing or Denying access based on defined access lists
#
#        Access to the HTTP port:
#        http_access allow|deny [!]aclname ...
#
#        NOTE on default values:
#
#        If there are no "access" lines present, the default is to deny
#        the request.
#
#        If none of the "access" lines cause a match, the default is the
#        opposite of the last line in the list.  If the last line was
#        deny, then the default is allow.  Conversely, if the last line
#        is allow, the default will be deny.  For these reasons, it is a
#        good idea to have an "deny all" or "allow all" entry at the end
#        of your access lists to avoid potential confusion.
#
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend to uncomment the following to protect innocent
# web applications running on the proxy server who think that the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Exampe rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks

# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all

#  TAG: http_reply_access
#        Allow replies to client requests. This is complementary to http_access.
#
#        http_reply_access allow|deny [!] aclname ...
#
#        NOTE: if there are no access lines present, the default is to allow
#        all replies
#
#        If none of the access lines cause a match, then the opposite of the
#        last line will apply. Thus it is good practice to end the rules
#        with an "allow all" or "deny all" entry.
#
#Default:
# http_reply_access allow all
#
#Recommended minimum configuration:
#
# Insert your own rules here.
#
#
# and finally allow by default
http_reply_access allow all

#  TAG: icp_access
#        Allowing or Denying access to the ICP port based on defined
#        access lists
#
#        icp_access  allow|deny [!]aclname ...
#
#        See http_access for details
#
#Default:
# icp_access deny all
#
#Allow ICP queries from everyone
icp_access allow all

#  TAG: miss_access
#        Use to force your neighbors to use you as a sibling instead of
#        a parent.  For example:
#
#                acl localclients src 172.16.0.0/16
#                miss_access allow localclients
#                miss_access deny  !localclients
#
#        This means that only your local clients are allowed to fetch
#        MISSES and all other clients can only fetch HITS.
#
#        By default, allow all clients who passed the http_access rules
#        to fetch MISSES from us.
#
#Default setting:
# miss_access allow all

#  TAG: cache_peer_access
#        Similar to 'cache_peer_domain' but provides more flexibility by
#        using ACL elements.
#
#        cache_peer_access cache-host allow|deny [!]aclname ...
#
#        The syntax is identical to 'http_access' and the other lists of
#        ACL elements.  See the comments for 'http_access' below, or
#        the Squid FAQ (http://www.squid-cache.org/FAQ/FAQ-10.html).
#
#Default:
# none

#  TAG: ident_lookup_access
#        A list of ACL elements which, if matched, cause an ident
#        (RFC 931) lookup to be performed for this request.  For
#        example, you might choose to always perform ident lookups
#        for your main multi-user Unix boxes, but not for your Macs
#        and PCs.  By default, ident lookups are not performed for
#        any requests.
#
#        To enable ident lookups for specific client addresses, you
#        can follow this example:
#
#        acl ident_aware_hosts src
回复

使用道具 举报

发表于 2004-7-27 13:39:30 | 显示全部楼层
呵呵,我明白了,你压根就没有配置嘛。
回复

使用道具 举报

发表于 2004-7-27 13:49:48 | 显示全部楼层
让你 set visible_hostname 就 set 上好了:

在你的/etc/hosts里加上
  你的IP  你的机器名称

或者在squid.conf里加上
  visible_hostname 你的机器名称
回复

使用道具 举报

发表于 2004-7-27 13:52:10 | 显示全部楼层
你需要看一些squid的文档:
http://squid.visolve.com/squid/squid24s1/squid24s1.pdf
回复

使用道具 举报

 楼主| 发表于 2004-7-27 18:26:18 | 显示全部楼层
不好意思,发出去后,才发现里面居然都注释了,我居然以为有默认配置,当时看小说上瘾了,根本没检查,丢大人了,谢谢各位老大啊
回复

使用道具 举报

发表于 2004-7-28 13:41:23 | 显示全部楼层
U'r Welcome!
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

GMT+8, 2024-11-16 14:03 , Processed in 0.045636 second(s), 16 queries .

© 2021 Powered by Discuz! X3.5.

快速回复 返回顶部 返回列表