This arbitrary restriction is to prevent recursive include references from causing Squid entering an infinite loop whilst trying to load configuration files. Values with byte units Squid accepts size units on some size related directives. All such directives are documented with a default value displaying a unit. Units accepted by Squid are: bytes - byte KB - Kilobyte bytes MB - Megabyte GB - Gigabyte Values with spaces, quotes, and other special characters Squid supports directive parameters with spaces, quotes, and other special characters.
Surround such parameters with "double quotes". The keywords "if", "else", and "endif" must be typed on their own lines, as if they were regular configuration directives. NOTE: An else-if condition is not supported. These individual conditions types are supported: true Always evaluates to true.
Squid performs a 'Happy Eyeballs' algorithm, the 'fallback' algorithm is no longer relevant. The behaviour has changed, please read the documentation before altering. The feature is supported by default in storage types where update is implemented.
DNS is no longer tested on startup. All valid methods for HTTP are accepted by default. Default: SMP support disabled. Sets mapping between Squid processes and CPU cores. CPU cores are numbered starting from 1. See also: workers Default: Let operating system decide. IE has a bug it's not RFC compliant in that it will use the basic scheme if basic is the first entry presented, even if more secure schemes are presented.
For now use the order in the recommended settings section below. If other browsers have difficulties don't recognize the schemes offered even if you are using basic either put basic first, or disable the other schemes by commenting out their program entry. Once an authentication scheme is fully configured, it can only be shutdown by shutting squid down and restarting. Changes can be made on the fly and activated with a reconfigure.
You can change to a different helper, but not unconfigure the helper completely. Please note that while this directive defines how Squid processes authentication it does not automatically activate authentication.
WARNING: authentication can't be used in a transparently intercepting proxy as the client then thinks it is talking to an origin server and not the proxy. Ports flagged 'transparent', 'intercept', or 'tproxy' have authentication disabled. By default, each authentication scheme is not used unless a program is specified.
It can be used to autenticate different users with identical user names e. It will also force users to authenticate from scratch whenever their IP changes. It is commonly part of the text the user will see when prompted for their username and password. For Basic the default is "Squid proxy-caching web server".
For Digest there is no default, this parameter is mandatory. If you start too few Squid will have to wait for them to process a backlog of credential verifications, slowing it down. When password verifications are done via a slow network you are likely to need lots of authenticator processes. The default of 0 is used for helpers who only supports one request at a time.
Concurrency must not be set unless it's known the helper supports the input format with channel-ID fields. This is a trade-off between memory utilization long intervals - say 2 days and CPU short intervals - say 1 minute. Only change if you have good reason to. When the garbage interval passes, all user credentials that have passed their TTL are removed from memory. Use a small value e. You might be safe using a larger value e.
Squid will spawn this many at once whenever load rises above the capabilities of existing processes. Up to the value of children-max. Only used with helpers capable of processing more than one query at a time. The default is to auto-detect IPv6 and use it when available. If not used then any arguments is automatically added at the end of the line sent to the helper. NOTE: this will encode the arguments as one token, whereas the default will pass each separately. Useful for helpers which need an unchanging input format.
Request values sent to the helper are URL escaped to protect each value in requests against whitespaces. The query channel tag is a number between 0 and concurrency This value must be echoed back unchanged to Squid as the first part of the response relating to its request. BH An internal error occurred in the helper, preventing a result being identified. The meaning of 'a match' is determined by your squid. See the Squid wiki for details.
Only sets a tag once, does not alter existing tags. The wrapping double quotes are removed before the value is interpreted by Squid. When using "file", the file should contain one item per line. Some acl types supports options which changes their default behaviour. To make them case-insensitive, use the -i option. If lookup or conversion is required because the parameter type IP or domain name does not match the message address type domain name or IP , then the ACL would immediately declare a mismatch without any warnings or lookups.
Those which do are marked with the tag [slow], those which don't are marked as [fast]. IP address the client connected to [fast] acl aclname arp mac-address If the client is on a different subnet, then Squid cannot find out its address. The name "none" is used if the reverse lookup fails. Here's an example for routing all requests for AS and only those to mycache. TCP port the client connected to [fast] NP: for interception mode this is usually '80' acl aclname myportname Will use proxy authentication in forward-proxy scenarios, and plain http authenticaiton in reverse-proxy scenarios NOTE: when a Proxy-Authentication header is sent but it is not needed during ACL checking the username is NOT logged in access.
Without -s Squid will just annoy the user by "randomly" denying requests. Based on the probability given. Probability may be written as a decimal 0. You cannot use this to match the returned file type.
Can be used to detect file download or some types HTTP tunneling requests. Only the first tag will match with this ACL. Use the 'note' ACL instead for handling multiple tag values. With value s , matches any annotation with a given name that also has one of the given values. Names and values are compared using a string equality test. This ACL must be defined after the corresponding adaptation service is named in squid.
ACLs from multiple any-of lines with the same name are ORed. ACLs from multiple all-of lines with the same name are ORed. Recommended minimum configuration: Example rule allowing access from your local networks. Adapt to list your internal IP networks from where browsing should be allowed acl localnet src Requests may pass through a chain of several other proxies before reaching us. This directive is solely for validating new PROXY protocol connections received from a port flagged with require-proxy-header.
It is checked only once after TCP connection setup. A deny match results in TCP connection closure. This may enable remote hosts to bypass any access control restrictions that are based on the client's source addresses.
This clause only supports fast acl types. If a request reaches us from a source that is allowed by this directive, then we trust the information it provides regarding the IP of the client it received from if any. If found the header values are iterated in reverse order and an allow match is required for Squid to continue on to the next value.
The verification ends when a value receives a deny match, cannot be tested, or there are no more values to test. The end result of this process is an IP address that we will refer to as the indirect client address. For example: acl localhost src So no match.
This has no effect on requests arriving in non-tproxy mode ports. This clause supports fast acl types. NOTE on default values: If there are no "access" lines present, the default is to deny the request. If none of the "access" lines cause a match, the default is the opposite of the last line in the list.
If the last line was deny, the default is allow. Conversely, if the last line is allow, the default will be deny.
For these reasons, it is a good idea to have an "deny all" entry at the end of your access lists to avoid potential confusion.
This clause supports both fast and slow acl types. Default: Deny, unless rules exist in squid. Allowing access control based on their output. Default: Allow, unless rules exist in squid.
NOTE: if there are no access lines present, the default is to allow all replies. If none of the access lines cause a match the opposite of the last line will apply. Thus it is good practice to end the rules with an "allow all" or "deny all" entry. This default may cause problems with peers using ICP. This default may cause problems with peers using the htcp option.
For example; to force your neighbors to use you as a sibling instead of a parent. For example, you might choose to always perform ident lookups for your main multi-user Unix boxes, but not for your Macs and PCs.
By default, ident lookups are not performed for any requests. A srcdomain ACL might work at times, but it will not always provide the correct result. Default: Unless rules exist in squid. It can be used to prevent users from downloading very large files, such as MP3's and movies. This size is checked twice. First when we get the reply headers, we check the content-length value.
If the content length value exists and is larger than the allowed size, the request is denied and the user receives an error message that says "the request or reply is too large. WARNING: downstream caches probably can not detect a partial reply if there is no content-length header, so they will cache partial responses and give them out as hits.
You should NOT use this option if you have downstream caches. Ensure that the smallest non-zero value you use is greater that the maximum header size plus the size of your largest error page.
If you set this parameter none the default , there will be no limit imposed. You may specify multiple socket addresses. There are three forms: port alone, hostname with port, and IP address with port. If you specify a hostname or IP address, Squid binds the socket to that specific address.
Most likely, you do not need to bind to a specific address, so you can use the port number alone. If you are running Squid in accelerator mode, you probably want to listen on port 80 also, or instead. The -a command line option may be used to specify additional port s where Squid listens for proxy request. Such ports will be plain proxy ports with no options. You may specify multiple socket addresses on multiple lines. NP: disables authentication on the port.
Omitting the mode flag causes default forward proxy mode to be used. Determines what site not origin server accelerators should consider the default. Using the specified port number instead of the port passed on Host: headers. When enabled, the cert and key options are used to sign generated certificates.
Otherwise generated certificate will be selfsigned. If there is a CA certificate lifetime of the generated certificate equals lifetime of the CA certificate. If generated certificate is selfsigned lifetime is three years. This option is enabled by default when ssl-bump is used. See the ssl-bump option above for more information. If set to zero, caching is disabled. The default value is 4MB. If those settings are omitted the ciphers may be silently ignored by the OpenSSL library.
If unset clientca will be used. See OpenSSL documentation for details on how to create this file. Each connection will result in a new SSL session. In many setups of transparently intercepting proxies Path-MTU discovery can not work on traffic towards the clients.
This is the case when the intercepting device does not fully track connections and fails to forward ICMP must fragment messages to the cache server. If you have such setup and experience that certain clients sporadically hang or never complete requests set disable-pmtu-discovery option to 'transparent'. In seconds; idle is the initial time before TCP starts probing the connection, interval how often to probe, and timeout the time before giving up. This way Squid will only be visible on the internal address.
This is most useful for situations where you are running squid in accelerator mode and you want to do the SSL work at the accelerator level. NP: disables authentication and IPv6 on the port. NP: disables authentication and maybe IPv6 on the port.
Requires tproxy or intercept. If there is CA certificate life time of generated certificate equals lifetime of CA certificate. This option is enabled by default when SslBump is used. See the sslBump option above for more information.
Some Squid modules e. Test well before deploying! This allows Squid to examine, adapt, block, and log FTP exchanges. The FTP origin address is determined based on the intended destination of the intercepted connection.
By default i. Defaults to the port address. Usable with myportname ACL. Tracking is disabled by default. Defaults to FTP. No other accepted values have been tested with. Note that only multiples of 4 are usable as the two rightmost bits have been redefined for use by ECN RFC section The squid parser will enforce this by masking away the ECN bits. Processing proceeds in the order specified, and stops at first fully matching line.
Only fast ACLs are supported. For platforms using netfilter, allows you to set a netfilter mark value instead of, or in addition to, a TOS value. By default this functionality is disabled. Default settings will result in the netfilter mark or TOS value being copied from the upstream connection to the client. It is not currently possible to copy the mark or TOS value from the client to the upstream connection request.
TOS values really only have local significance - so you should know what you're specifying. Mark values can be any unsigned bit integer value. Takes precedence over the preserve-miss feature see below , unless mask is specified, in which case only the bits specified in the mask are written. By default, the existing TOS or netfilter mark value of the response coming from the remote server will be retained and masked with miss-mark.
All of these features require the --enable-zph-qos compilation flag enabled by default. For example; Forwarding clients with dedicated IPs for certain subnets. Squid will add an implicit IP version test to each line. Requests going to IPv4 websites will use the outgoing Default: Address selection is performed by the operating system.
Squid verifies that the destination IP address matches the Host header for forward-proxy and reverse-proxy traffic as well. When set to OFF the default : Squid allows suspicious requests to continue but logs a security warning and blocks caching of the response.
The cause of this is that such applets are allowed to perform their own HTTP stack, in which case the same-origin policy of the browser sandbox only verifies that the applet tries to contact the same IP as from where it was loaded at the IP level. The Host: header may be different from the connected IP and approved origin. Using Host to locate alternative servers can provide faster connectivity with a range of failure recovery options.
But can also lead to connectivity trouble when the client and server are attempting stateful interactions unaware of the proxy. The clients original destination IP and port will be used instead. Regardless of this option setting, when dealing with intercepted traffic Squid will verify the Host: header and any traffic which fails Host verification will be treated as if this option were ON.
You will need to set this if you would like to use hardware SSL acceleration for example. Valid algorithm names depend on the OpenSSL library used. The following names are usually available: sha1, sha, sha, and md5.
Please see your OpenSSL library manual for the available hashes. By default, Squids that support this option use sha hashes. Squid does not forcefully purge cached certificates that were generated with an algorithm other than the currently configured one.
They remain in the cache, subject to the regular cache eviction policy, and become useful if the algorithm changes again. The following bumping actions are currently supported: splice Become a TCP tunnel without decrypting proxied traffic. This is the default action. Peeking at the server certificate during step 2 usually precludes bumping of the connection at step 3.
Staring at the server certificate during step 2 usually precludes splicing of the connection at step 3. Backward compatibility actions available at step SslBump1: client-first Bump the connection. Establish a secure connection with the client first, then connect to the server.
Establish a secure connection with the server first, then establish a secure connection with the client, using a mimicked server certificate. XXX: Remove. Rules with actions that are impossible at the current step are ignored.
If no rules match, the splice action is used. Example: Bump all requests except those originating from localhost or those going to example. For example, the following lines will bypass all validation errors when talking to servers for example. Using slow acl types may result in server crashes Without this option, all server certificate validation errors terminate the transaction to protect Squid and the client. Default: Server certificate errors terminate the transaction.
The following certificate signing algorithms are supported: signTrusted Sign using the configured CA certificate which is usually placed in and trusted by end-user browsers. This is the default for trusted origin server certificates. This is the default for untrusted origin server certificates that are not self-signed see ssl::certUntrusted. This is the default for self-signed origin server certificates see ssl::certSelfSigned.
If no acl s match, the default signing algorithm is determined by errors detected when obtaining and validating the origin server certificate. The following certificate adaptation algorithms are supported: setValidAfter Sets the "Not After" property to the "Not After" property of the CA certificate used to sign generated certificates.
It is a misconfiguration to use setCommonName without an explicit parameter for intercepted or tproxied SSL connections. If no acl s match, the default mimicking action takes place. If not specified keys must either be unencrypted, or Squid started with the -N option to allow it to query interactively for the passphrase.
The key file name is given as argument to the program allowing selection of the right password if you have multiple encrypted keys. The maximum this may be safely set to is When set to zero the first request will cause spawning of the first child process to handle it. Starting too few children temporary slows Squid under load while it tries to spawn enough additional processes to cope with traffic.
When traffic begins to rise above what the existing processes can handle this many more will be spawned up to the maximum configured. A minimum setting of 1 is required. A value of 0 indicates the certficate validator does not support concurrency. Defaults to 1. The request ID from the request must be echoed back with the response to that request. For other Squid proxies this is usually For web servers this is usually 80 icp-port: Used for querying neighbor caches about objects.
The defaults will prevent peer traffic using ICP. This is used to keep the neighbor round trip time updated and is usually used in conjunction with weighted-round-robin. The defaults will prevent peer traffic using HTCP. You probably also want to set the "icp-port" to instead of This directive accepts a comma separated list of options described below.
This cannot be used with only-clr. This cannot be used with no-clr. These options can be used for better load balancing. If specified more than once, only the first is used. Closer parents are used more often. Usually used for background-ping parents. The requests will be distributed among the parents based on the CARP load balancing hash function based on their weight. ALL members of this multicast group have "sibling" relationship with it, not "parent". This is to a multicast group when the requested object would be fetched only from a "parent" cache, anyway.
It's useful, e. The weight must be an integer; default is 1, larger weights are favored more. This option does not affect parent selection if a peering protocol is not in use. It is subtracted before division by weight in calculating which parent to fectch from.
If the rtt is less than the base time the rtt is set to a minimal value. Only useful when sending to a multicast group. Because we don't accept ICP replies from random hosts, you must configure other group members as peers with the 'multicast-responder' option. Meant to be used in accelerator setups when the peer is a web server. Useful in accelerator setups where the server peer expects a certain domain name but clients may request others.
Note: The string can include URL escapes i. Authentication is not required by Squid for this to work. Note: This will pass any form of authentication but only Basic auth will work through a proxy unless the connection-auth options are also used. Authentication is not required by this option. Also be warned this will expose your users proxy password to the peer. This is meant to be used when the peer is in another administrative domain, but it is still needed to identify each user.
The star can optionally be followed by some extra information which is added to the username. Negotiate often assumes end-to-end authentication and a single-client. Which is not strictly true here. Default is auto to automatically determine the status of the peer.
If 'sslkey' is not specified 'sslcert' is assumed to reference a combined file containing both the certificate and the key. The list of valid SSL ciphers to use when connecting to this peer. A file containing additional CA certificates to use when verifying the peer certificate.
A directory containing additional CA certificates to use when verifying the peer certificate. A certificate revocation list file to use when verifying the peer certificate. Used for verifying the correctness of the received peer certificate.
If not specified the peer hostname will be used. Standby connection failures count towards this limit. Default is Excessive use of this option may result in forwarding loops. One way to prevent peering loops when using this option, is to deny cache peer usage on requests from a peer: acl fromPeer There is no peer-specific connection limit by default. A peer exceeding the limit is not used for new requests unless a standby connection is available. By default and with zero N, no such pool is maintained.
N must not exceed the max-conn limit if any. At start or after reconfiguration, Squid opens new TCP standby connections until there are N connections available and then replenishes the standby pool as opened connections are used up for requests. A used connection never goes back to the standby pool, but may go to the regular idle persistent connection pool shared by all peers and origin servers.
Squid never opens multiple new standby connections concurrently. This one-at-a-time approach minimizes flooding-like effect on peers. Furthermore, just a few standby connections should be sufficient in most cases to supply most new requests with a ready-to-use connection. For the feature to work as intended, the peer must be configured to accept and keep them open longer than the idle timeout at the connecting Squid, to minimize race conditions typical to idle used persistent connections.
Required if you have multiple peers on the same host but different ports. Can be used by outgoing access controls through the peername ACL type. Use normal address selection instead. Prefixing the domainname with '! This directive narrows down the selection of peering candidates, but does not determine the order in which the selected candidates are contacted.
If a deny rule matches, the corresponding peer will not be contacted for the current transaction -- Squid will not send ICP queries and will not forward HTTP requests to that peer. An allow match leaves the corresponding peer in the selection. The first match for a given peer wins for that peer. These redundant checks may be optimized away in future Squid versions. Default: No peer usage restrictions. However, it continues to send ICP queries, and will mark the peer as alive upon receipt of the first subsequent ICP reply.
This timeout also affects when Squid expects to receive ICP replies from peers. Thus, if your time between requests is greater than this timeout, you will see a lot of requests sent DIRECT to origin servers instead of to your parents. This parameter specifies the ideal upper limit on the total size of 4 KB blocks allocated. In-Transit objects take the highest priority. In-transit objects have priority over the others. When additional space is needed for incoming data, negative-cached and hot objects will be released.
In other words, the negative-cached and hot objects will fill up any unused space not needed for in-transit objects. If circumstances require, this limit will be exceeded. When the load decreases, blocks will be freed until the high-water mark is reached. Thereafter, blocks will be used to store hot objects.
If shared memory caching is enabled, Squid does not use the shared cache space for in-transit objects, but they still consume as much local memory as they need. To avoid blocking locks, shared memory uses opportunistic algorithms that do not guarantee that every cachable entity that could have been shared among SMP workers will actually be shared.
Currently, entities exceeding 32KB in size cannot be shared. Default: "on" where supported if doing memory caching with multiple SMP workers. The LRU policies keeps recently referenced objects.
The heap GDSF policy optimizes object hit rate by keeping smaller popular objects in cache so it has a better chance of getting a hit. The heap LFUDA policy keeps popular objects in cache regardless of their size and thus optimizes byte hit rate at the expense of hit rate since one large, popular object will prevent many smaller, slightly less popular objects from being cached. Both policies utilize a dynamic aging mechanism that prevents cache pollution that can otherwise occur with frequency-based replacement policies.
The value is specified in bytes, and the default is 0 KB, which means all responses can be stored. The value is specified in bytes, and the default is 4 MB. If you wish to increase hit ratio more than you want to save bandwidth you should leave this low. Type specifies the kind of storage system to use. Only "ufs" is built by default. To enable any of the other storage systems see the --enable-storeio configure option.
If you want to use an entire disk for caching, this can be the mount-point directory. The directory must exist and be writable by the Squid process.
Squid will NOT create this directory for you. The default is MB. Change this to suit your configuration. Do NOT put the size of your disk drive here. The default is This was formerly known in Squid as async-io. If this many messages are in the queues, Squid won't open new files. Default is 64 Q2 specifies the number of unacknowledged messages when Squid starts blocking. If this many messages are in the queues, Squid blocks until it receives some replies.
All cached entries are stored in a "database" file, using fixed-size slots. A single entry occupies one or more slots. Individual swap in requests i. This is necessary on file systems that buffer "too many" writes and then start blocking Squid and other processes while committing those writes to disk.
Usually used together with swap-timeout to avoid excessive delays and queue overflows when disk demand exceeds available disk "bandwidth". Currently supported by IpcIo module only. Defaults to 16KBytes. A housekeeping header is stored with each slot and smaller slot-sizes will be rejected. The header is smaller than bytes. AUFS while other stores are optimized for smaller objects e. Defaults to 0.
Default: No disk cache. Store cache ojects only in memory. Uncomment and adjust the following to add a disk cache directory. So space used to store objects and data throughput may be very unbalanced towards larger disks. A value of 0 indicates no limit. The value difference in percentages between low- and high-water marks represent an eviction rate of objects per second and the rate continues to scale in agressiveness by multiples of this above the high-water mark.
If this is the case you may wish to set these numbers closer together. As swap utilization increases towards this high-water mark object eviction becomes more agressive. Output strings are automatically escaped as required according to their context and the output format modifiers are usually not needed, but can be specified if an explicit output format is desired. String values exceeding maximum width are truncated. If no argument given all annotations logged. Currently, Squid considers the master transaction started when a complete HTTP request header initiating the transaction is received from the client.
Access Control related format codes: et Tag returned by external acl ea Log string returned by external acl un User name any available ul User name from authentication ue User name from external acl helper ui User name from ident un A user name.
The exact meaning depends on the authentication scheme: For Basic authentication, it is the password; for Digest, the realm sent by the client; for NTLM and Negotiate, the client challenge or client credentials prefixed with "YR " or "KK ". Usually differs from the request header sent by Squid, although most fields are often preserved. Excluding chunked encoding bytes. The timer starts when the last request byte is sent to the next hop and stops when the last response byte is received.
In all other cases, a single dash "-" is logged. Available only after the peek, stare, or splice SSL bumping actions. Each time value is recorded as an integer number, representing response time of one or more adaptation ICAP or eCAP transaction in milliseconds. When a failed transaction is being retried or repeated, its time is not logged individually but added to the replacement next transaction. Instead, all transaction response times are recorded individually.
Consider encoding the logged value because Subject often has spaces. Consider encoding the logged value because Issuer often has spaces. The squid, common and combined formats have a safely encoded copy of the mime headers appended to each line within a pair of brackets. The logs from Squid contain an extra status and hierarchy code appended.
Default: The format definitions squid, common, combined, referrer, useragent are built in. You can always start with an 'all' ACL to work around those restrictions.
Will log to the specified module:place using the specified format which must be defined in a logformat directive those entries which match ALL the acl's specified which must be defined in acl clauses. If no acl is specified, all requests will be logged to this destination. Defaults to 'squid'. Squid should not keep more than the specified size and, hence, should flush records before the buffer becomes full to avoid overflows under normal conditions the exact flushing algorithm is module-dependent though.
The on-error option controls overflow handling. The 'drop' action ignores i. The default 'die' action kills the affected worker. The drop action support has not been tested for modules other than tcp. Do not specify Place or logformat name. Place: the filename and path to be written. But instead of writing to disk the log line is passed to a daemon helper for asychronous handling instead.
Place: varies depending on the daemon. Place: The syslog facility and priority level for these entries. Place Format: facility. And priority could be any of: err, warning, notice, info, debug. Place: The destination host name or IP and port. The two kinds of logs share the overall configuration approach and many features.
In such cases, multiple ICAP transaction log lines will correspond to a single access log line. Similar to ru. Similar to existing rm. The HTTP body part is dechunked before its size is computed.
The timer starts when the ICAP transaction is created and stops when the transaction is completed. Similar to tr. The timer starts when the first ICAP request byte is scheduled for sending. The timers stops when the last byte of the ICAP response is received. Similar to Ss. Similar to Hs. This daemon is used to write the access and store logs, if configured. This options allows you to control which requests gets accounted in performance counters. Default: Allow logging for all transactions.
Shows which objects are ejected from the cache, and which objects are saved and for how long. There are not really utilities to analyze this data, so you can safely disable it the default. Store log uses modular logging outputs.
This index file holds the metadata of objects saved on disk. It is used to rebuild the cache during startup. Note you must give a full filename, not just a directory. We recommend you do NOT use this option. The default is 10, which will rotate with extensions 0 through 9. This will enable you to rename the logfiles yourself just before sending the rotate signal. Note, the 'squid -k rotate' command normally sends a USR1 signal to the running squid process. In certain situations e. Note, from Squid You shouldn't need to change this, but the default file contains examples and formatting information if you do.
The headers are encoded safely and will appear as two bracketed fields at the end of the access log for either the native or httpd-emulated log formats. To disable, enter "none".
Change this to protect the privacy of your cache clients. A netmask of This protects your user's privacy and reduces log size.
However, buffering increases the delay before log records become available to the final recipient e. When enabled this journal preserves netdb state between restarts. This is where general information about Squid behavior goes. Lower levels result in less output, Full debugging level 9 can result in a very large log file, so be careful.
The magic word "ALL" sets debugging levels for all sections. Internet Archive's 25th Anniversary Logo.
Search icon An illustration of a magnifying glass. User icon An illustration of a person's head and chest. Sign up Log in. Web icon An illustration of a computer application window Wayback Machine Texts icon An illustration of an open book.
Books Video icon An illustration of two cells of a film strip. Video Audio icon An illustration of an audio speaker. Audio Software icon An illustration of a 3. Software Images icon An illustration of two photographs. Images Donate icon An illustration of a heart shape Donate Ellipses icon An illustration of text ellipses.
