CONTENT

CHANGES

Szukaj

#top Konfiguracja¶

[<<]|[<]|[^]|[v]|[>]|[>>]|[Zwiń]|[#top]|[X]

#top Listen¶

Zobacz także Listen dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja SQUID: http_port
Składnia: port [options]
Składnia: hostname:port [options]
Składnia: 1.2.3.4:port [options]
Opis: The socket addresses where Squid will listen for HTTP client requests. There are three forms: port alone, hostname with port, and IP address with port.

EXAMPLES

# Squid normally listens to port 3128
http_port 3128

#top Timeout¶

Zobacz także Timeout dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja SQUID: connect_timeout
Składnia: connect_timeout 1 minute
Opis: This parameter specifies how long to wait for the TCP connect to the requested server or peer to complete before Squid should attempt to find another path where to forward the request.

Dokumentacja SQUID: read_timeout
Składnia: read_timeout 15 minutes
Opis: Applied on peer server connections.
After each successful read(), the timeout will be extended by this amount. If no data is read again after this amount of time, the request is aborted and logged with ERR_READ_TIMEOUT.
The default is 15 minutes.

Dokumentacja SQUID: write_timeout
Składnia: write_timeout 15 minutes
Opis: This timeout is tracked for all connections that have data available for writing and are waiting for the socket to become ready. After each successful write, the timeout is extended by the configured amount. If Squid has data to write but the connection is not ready for the configured duration, the transaction associated with the connection is terminated. The default is 15 minutes.

Dokumentacja SQUID: request_timeout
Składnia: request_timeout 5 minutes
Opis: How long to wait for complete HTTP request headers after initial connection establishment.

Dokumentacja SQUID: persistent_request_timeout
Składnia: persistent_request_timeout 2 minutes
Opis: How long to wait for the next HTTP request on a persistent connection after the previous request completes.

Dokumentacja SQUID: forward_timeout
Składnia: forward_timeout 4 minutes
Opis: This parameter specifies how long Squid should at most attempt in finding a forwarding path for the request before giving up.

Dokumentacja SQUID: dns_timeout
Składnia: dns_timeout 30 seconds
Opis: DNS Query timeout. If no response is received to a DNS query within this time all DNS servers for the queried domain are assumed to be unavailable.

Dokumentacja SQUID: peer_connect_timeout
Składnia: peer_connect_timeout 30 seconds
Opis: This parameter specifies how long to wait for a pending TCP connection to a peer cache. The default is 30 seconds. You may also set different timeout values for individual neighbors with the 'connect-timeout' option on a 'cache_peer' line.

Dokumentacja SQUID: dead_peer_timeout
Składnia: dead_peer_timeout 10 seconds
Opis: This controls how long Squid waits to declare a peer cache as "dead." If there are no ICP replies received in this amount of time, Squid will declare the peer dead and not expect to receive any further ICP replies. However, it continues to send ICP queries, and will mark the peer as alive upon receipt of the first subsequent ICP reply.
This timeout also affects when Squid expects to receive ICP replies from peers. If more than 'dead_peer' seconds have passed since the last ICP reply was received, Squid will not expect to receive an ICP reply on the next query. Thus, if your time between requests is greater than this timeout, you will see a lot of requests sent DIRECT to origin servers instead of to your parents.

Dokumentacja SQUID: client_idle_pconn_timeout
Składnia: client_idle_pconn_timeout 2 minutes
Opis: How long to wait for the next HTTP request on a persistent client connection after the previous request completes.

Dokumentacja SQUID: server_idle_pconn_timeout
Składnia: server_idle_pconn_timeout 1 minute
Opis: Timeout for idle persistent connections to servers and other proxies.

Dokumentacja SQUID: ftp_client_idle_timeout
Składnia: ftp_client_idle_timeout 30 minutes
Opis: How long to wait for an FTP request on a connection to Squid ftp_port. Many FTP clients do not deal with idle connection closures well, necessitating a longer default timeout than client_idle_pconn_timeout used for incoming HTTP requests.

Dokumentacja SQUID: url_rewrite_timeout
Składnia: Squid waits for the helper response forever
Opis: Squid times active requests to redirector. The timeout value and Squid reaction to a timed out request are configurable using the following format:
url_rewrite_timeout timeout time-units on_timeout=<action> [response=<quoted-response>]
supported timeout actions:
fail Squid return a ERR_GATEWAY_FAILURE error page
bypass Do not re-write the URL
retry Send the lookup to the helper again
use_configured_response Use the <quoted-response> as helper response

EXAMPLES

# default values
connect_timeout 1 minute
read_timeout 15 minutes
write_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 2 minutes
forward_timeout 4 minutes
dns_timeout 30 seconds
peer_connect_timeout 30 seconds
dead_peer_timeout 10 seconds

#top Signature¶

Zobacz także Signature dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja SQUID: httpd_suppress_version_string
Dokumentacja SQUID: via
Składnia: httpd_suppress_version_string off
Opis: Suppress Squid version string info in HTTP headers and HTML error pages.
Składnia: via on
Opis: If set (default), Squid will include a Via header in requests and replies as required by RFC2616.

EXAMPLES

#  TAG: httpd_suppress_version_string   on|off
#   Suppress Squid version string info in HTTP headers and HTML error pages.
#Default:
# httpd_suppress_version_string off
httpd_suppress_version_string off

#  TAG: via on|off
#   If set (default), Squid will include a Via header in requests and
#   replies as required by RFC2616.
#Default:
# via on
via on

Zalecana konfiguracja

# zalecana konfiguracja: wyłączenie informacji o wersji serwera w nagłówkach HTTP oraz obecności serwera proxy

#  TAG: httpd_suppress_version_string   on|off
#   Suppress Squid version string info in HTTP headers and HTML error pages.
#Default:
# httpd_suppress_version_string off
httpd_suppress_version_string off

#  TAG: via on|off
#   If set (default), Squid will include a Via header in requests and
#   replies as required by RFC2616.
#Default:
# via on
via off

#top vhosts default¶

#top vhosts SSL¶

#top ErrorLog¶

#top AccessLog¶

Zobacz także AccessLog dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja SQUID: access_log
Składnia: access_log <filepath> [<logformat name> [acl acl ...]]
Składnia: access_log none [acl acl ...]]
Opis: These files log client request activities. Has a line every HTTP or ICP request. Will log to the specified file using the specified format (which must be defined in a logformat directive) those entries which match ALL the acl's specified (which must be defined in acl clauses). If no acl is specified, all requests will be logged to this file.

EXAMPLES

access_log /var/log/squid/access.log squid
access_log /var/log/squid/access-apache.log squidapache

#top LogFormat¶

The <format specification> is a string with embedded % format codes % format codes all follow the same basic structure where all but the formatcode is optional. Output strings are automatically escaped as required according to their context and the output format modifiers are usually not needed, but can be specified if an explicit output format is desired.
% ["|[|'|#] [-] [[0]width] [{argument}] formatcode

" - output in quoted string format
[ - output in squid text log format as used by log_mime_hdrs
# - output in URL quoted format
' - output as-is

- - left aligned
width - field width. If starting with 0 the output is zero padded
{arg} - argument such as header name etc

Format codes:
% - a literal % character
>a - Client source IP address
>A - Client FQDN
>p - Client source port
<A - Server IP address or peer name
la - Local IP address (http_port)
lp - Local port number (http_port)
<la - Local IP address of the last server or peer connection
<lp - Local port number of the last server or peer connection
ts - Seconds since epoch
tu - subsecond time (milliseconds)
tl - Local time. Optional strftime format argument default %d/%b/%Y:%H:%M:%S %z
tg - GMT time. Optional strftime format argument default %d/%b/%Y:%H:%M:%S %z
tr - Response time (milliseconds)
dt - Total time spent making DNS lookups (milliseconds)

Składnia: logformat <name> <format specification>

EXAMPLES

#logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
logformat squidapache %>a %ui %un [%{%Y/%m/%d-%H:%M:%S}tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh

#top Access Restrictions¶

#top AccessAllow¶

Zobacz także AccessAllow dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja SQUID: http_access
Dokumentacja SQUID: adapted_http_access
Dokumentacja SQUID: acl
Składnia: acl aclname acltype argument ...
Składnia: acl aclname acltype "file" ... (When using "file", the file should contain one item per line.)
Opis:

EXAMPLES

# Deny requests to certain unsafe ports
acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
http_access deny !Safe_ports

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

#top AccessDeny¶

Zobacz także AccessDeny dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja SQUID: http_access
Dokumentacja SQUID: adapted_http_access
Dokumentacja SQUID: acl
Składnia: acl aclname acltype argument ...
Składnia: acl aclname acltype "file" ... (When using "file", the file should contain one item per line.)
Opis:

EXAMPLES

# Deny requests to certain unsafe ports
acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
http_access deny !Safe_ports

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

#top server status¶

#top Modules¶

#top mod-logging¶

#top mod-misc¶

#top mod-auth¶

#top mod-headers¶

#top mod-proxy¶

#top headers¶

#top HTTP Header Add¶

request_header_add X-Client-CA "CA=%ssl::>cert_issuer" all

#top HTTP Header Set¶

reply_header_replace Server Foo/1.0

#top HTTP Header Remove¶

request_header_access Range deny all
request_header_access HTTP-header-name deny all

#top Header Access¶

#top Header MIME¶

#top TLS Engine¶

#top TLS Enable¶

#top TLS Cert/Key File¶

Zobacz także TLS Cert/Key File dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja SQUID: sslproxy_cafile
Dokumentacja SQUID: sslproxy_capath
Dokumentacja SQUID: sslproxy_client_certificate
Dokumentacja SQUID: sslproxy_client_key
Składnia: sslproxy_cafile cafile
Składnia: sslproxy_capath capath
Składnia: sslproxy_client_certificate client_cert
Składnia: sslproxy_client_key client_key
Opis:

EXAMPLES

sslproxy_cafile /etc/pki/tls/certs/ca-bundle.crt
sslproxy_capath /etc/pki/tls/certs/
sslproxy_client_certificate /etc/pki/tls/certs/squid.crt
sslproxy_client_key /etc/pki/tls/certs/squid.key

#top TLS Protocols¶

Zobacz także TLS Protocols dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja SQUID: sslproxy_options
Dokumentacja SQUID: http_port
Składnia: sslproxy_options [options]
Składnia: port version=[version]
Składnia: hostname:port version=[version]
Składnia: 1.2.3.4:port version=[version]
Opis:

EXAMPLES

# Wyłączenie protokołu w wersji SSLv2 (NO_SSLv2 - Disallow the use of SSLv2)
sslproxy_options NO_SSLv2
# Wyłączenie protokołu w wersji SSLv3 (NO_SSLv3 - Disallow the use of SSLv3)
sslproxy_options NO_SSLv3
# Wyłączenie protokołu w wersji TLSv1 (NO_TLSv1 - Disallow the use of TLSv1)
sslproxy_options NO_TLSv1

# Squid normally listens to port 3128
# Włączenie wszystkich obsługiwanych protokołów
http_port 3128 version=1
# Włączenie tylko protokołu TLSv1.0
http_port 3128 version=4
# Włączenie tylko protokołu TLSv1.1
http_port 3128 version=5
# Włączenie tylko protokołu TLSv1.2
http_port 3128 version=6

#top TLS CipherSuite¶

sslproxy_cipher ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2

#top TLS Compression¶

sslproxy_cipher

#top TLS Options¶

sslproxy_flags DONT_VERIFY_PEER

Zmodyfikowany ostatnio: 2018/01/04 19:49:27 (7 lat temu), textsize: 29,1 kB, htmlsize: 48,0 kB

Zapraszam do komentowania, zgłaszania sugestii, propozycji, własnych przykładów, ...

Dodaj komentarzKomentarze użytkowników