Squid 2.5 release notes

Squid Developers

$Id: release-2.5.html,v 1.1.2.4 2002/09/07 15:19:47 hno Exp $
This document contains the release notes for version 2.5 of Squid. Squid is a WWW Cache application developed by the National Laboratory for Applied Network Research and members of the Web Caching community.

1. Key changes from squid 2.4:

2. Changes to squid.conf

http_port

Allows ip address specification.

https_port

This is an option for use with SSL acceleration - it determines where squid listens for SSL requests.

ssl_unclean_shutdown

This is used to handle some bugs in browsers that don't fully support SSL.

tcp_incoming_address

This has been removed - use the http_port line to specify ip address's.

cache_peer

login= has been extended to allow pass through authentication, fixed password authentication and maximum connection limits.

hosts_file

Directs squid to read in a set of name-address associations upon startup and reconfiguration.

authenticate_program
authenticate_children
proxy_auth_realm

Removed. See auth_param.

auth_param

This replaces the authenticate_program directive. It allows configuration of multiple authentication helpers, one for each of the supported authentication schemes. Such schemes include "NTLM", "Digest (from RFC 2617)", and "Basic".

authenticate_cache_garbage_interval

This directive sets the garbage collection interval for the authentication cache.

external_acl_type

This directive configures the new external ACL Helper interface. VERY useful for authenticating by group membership - i.e. from an LDAP server or NT domain.

request_body_max_size

The default for this is now 0 - unlimited.

reply_body_max_size

Now multiple size limits are allowed based on ACL lists.

refresh_pattern

The default is now blank - users must uncomment the suggested default to use it. This allows the use of a blank refresh pattern if desired.

request_timeout

Raised the default to 5 minutes.

persistent_request_timeout

New directive - how long to wait after a reply is completed before closing the connection.

acl

New acl types

http_reply_access

Limit HTTP replies based on ACL's. This is complementary to http_access.

tcp_outgoing_tos
tcp_outgoing_ds
tcp_outgoing_dscp

These three directives allow marking of outbound connections at the IP level - i.e. for choosing routes based on the usercode.

tcp_outgoing_address

Allows mapping of requests onto specific outbound IP address's.

anonymize_headers

Removed. See header_access.

header_access

Allow granular filtering of HTTP headers.

header_replace

Replace specific headers with custom values.

pipeline_prefetch

Now defaults to off for bandwidth management and access logging reasons.

vary_ignore_expire

Enables a workaround for web servers that immediately expire Varied objects because they think squid is unable to handle Vary:.

sleep_after_fork

Give the OS a small amount of time to accomodate the fork+exec used to launch helpers - if squid has a lot of virtual memory allocated the OS may run out of virtual memory during helper spawning otherwise.

reference_age

This has been removed - starting with Squid-2.4 this directive have had no effect and has now been fully removed to avoid confusion.

siteselect_timeout

This has been removed - it is not referenced anywhere in the source code.

3. Known limitations

There is a few limitations to this version of Squid that we hope to correct in a later release

deny_info

deny_info only works for http_access, not for the acls listen in http_reply_access

authentication

The proxy authentication acl types only works in http_access and partially in delay_access, not the other acl driven directives (tcp_outoing_address, redirect_access, cache_peer_access, ...)