[zopeorg-checkins] CVS: NZO_SiteLayout/etc - squid.conf.in:1.2
Chris McDonough
chrism at zope.com
Thu May 2 01:18:56 EDT 2002
Update of /cvs-zopeorg/NZO_SiteLayout/etc
In directory cvs.zope.org:/tmp/cvs-serv3569/etc
Modified Files:
squid.conf.in
Log Message:
Changes to make Squid work.
=== NZO_SiteLayout/etc/squid.conf.in 1.1.1.1 => 1.2 ===
# http_port 3128
+http_port %HTTP_PORT%
+
# TAG: icp_port
# The port number where Squid sends and receives ICP queries to
# and from neighbor caches. Default is 3130. To disable use
@@ -55,6 +57,8 @@
#Default:
# icp_port 3130
+icp_port %ICP_PORT%
+
# TAG: htcp_port
# Note: This option is only available if Squid is rebuilt with the
# --enable-htcp option
@@ -305,6 +309,8 @@
#Default:
# icp_query_timeout 0
+icp_query_timeout 1000
+
# TAG: maximum_icp_query_timeout (msec)
# Normally the ICP query timeout is determined dynamically. But
# sometimes it can lead to very large values (say 5 seconds).
@@ -316,6 +322,8 @@
#Default:
# maximum_icp_query_timeout 2000
+maximum_icp_query_timeout 2000
+
# TAG: mcast_icp_query_timeout (msec)
# For Multicast peers, Squid regularly sends out ICP "probes" to
# count how many other peers are listening on the given multicast
@@ -364,7 +372,7 @@
#
#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
-no_cache deny QUERY
+#no_cache deny QUERY
# OPTIONS WHICH AFFECT THE CACHE SIZE
@@ -405,6 +413,8 @@
#Default:
# cache_mem 8 MB
+cache_mem %CACHE_MEM_MB% MB
+
# TAG: cache_swap_low (percent, 0-100)
# TAG: cache_swap_high (percent, 0-100)
#
@@ -455,6 +465,8 @@
#Default:
# maximum_object_size_in_memory 8 KB
+maximum_object_size_in_memory 30 KB
+
# TAG: ipcache_size (number of entries)
# TAG: ipcache_low (percent)
# TAG: ipcache_high (percent)
@@ -599,14 +611,19 @@
# ones with no max-size specification last.
#
#Default:
-# cache_dir ufs /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/cache 100 16 256
+# cache_dir ufs %PACKAGE_DIR%/cache 100 16 256
+
+cache_dir ufs %CACHE_DIR% 4000 16 256
# TAG: cache_access_log
# Logs the client request activity. Contains an entry for
# every HTTP and ICP queries received.
#
#Default:
-# cache_access_log /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/logs/access.log
+# cache_access_log %PACKAGE_DIR%/logs/access.log
+
+cache_access_log %LOG_DIR%/access.log
+
# TAG: cache_log
# Cache logging file. This is where general information about
@@ -614,7 +631,9 @@
# logged to this file with the "debug_options" tag below.
#
#Default:
-# cache_log /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/logs/cache.log
+# cache_log %PACKAGE_DIR%/logs/cache.log
+
+cache_log %LOG_DIR%/cache.log
# TAG: cache_store_log
# Logs the activities of the storage manager. Shows which
@@ -624,7 +643,9 @@
# disable it.
#
#Default:
-# cache_store_log /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/logs/store.log
+# cache_store_log %PACKAGE_DIR%/logs/store.log
+
+cache_store_log %LOG_DIR%/store.log
# TAG: cache_swap_log
# Location for the cache "swap.log." This log file holds the
@@ -682,7 +703,7 @@
# information if you do.
#
#Default:
-# mime_table /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/etc/mime.conf
+# mime_table %PACKAGE_DIR%/etc/mime.conf
# TAG: log_mime_hdrs on|off
# The Cache can record both the request and the response MIME
@@ -719,7 +740,9 @@
# A filename to write the process-id to. To disable, enter "none".
#
#Default:
-# pid_filename /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/logs/squid.pid
+# pid_filename %PACKAGE_DIR%/logs/squid.pid
+
+pid_filename %VAR_DIR%/squid.pid
# TAG: debug_options
# Logging options are set as section,level where each source file
@@ -791,7 +814,7 @@
# Specify the location of the executable for dnslookup process.
#
#Default:
-# cache_dns_program /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/libexec/squid/
+# cache_dns_program %PACKAGE_DIR%/libexec/squid/
# TAG: dns_children
# Note: This option is only available if Squid is rebuilt with the
@@ -852,13 +875,13 @@
# diskd as one of the store io modules.
#
#Default:
-# diskd_program /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/libexec/squid/diskd
+# diskd_program %PACKAGE_DIR%/libexec/squid/diskd
# TAG: unlinkd_program
# Specify the location of the executable for file deletion process.
#
#Default:
-# unlinkd_program /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/libexec/squid/unlinkd
+# unlinkd_program %PACKAGE_DIR%/libexec/squid/unlinkd
# TAG: pinger_program
# Note: This option is only available if Squid is rebuilt with the
@@ -869,7 +892,7 @@
# with the '--enable-icmp' option.
#
#Default:
-# pinger_program /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/libexec/squid/
+# pinger_program %PACKAGE_DIR%/libexec/squid/
# TAG: redirect_program
# Specify the location of the executable for the URL redirector.
@@ -880,6 +903,8 @@
#Default:
# none
+redirect_program %REDIRECT_BINARY%
+
# TAG: redirect_children
# The number of redirector processes to spawn. If you start
# too few Squid will have to wait for them to process a backlog of
@@ -889,6 +914,8 @@
#Default:
# redirect_children 5
+redirect_children 100
+
# TAG: redirect_rewrites_host_header
# By default Squid rewrites any Host: header in redirected
# requests. If you are running a accelerator then this may
@@ -897,6 +924,8 @@
#Default:
# redirect_rewrites_host_header on
+redirect_rewrites_host_header off
+
# TAG: redirector_access
# If defined, this access list specifies which requests are
# sent to the redirector processes. By default all requests
@@ -920,7 +949,7 @@
#
# Then, set this line to something like
#
-# authenticate_program /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/bin/ncsa_auth /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/etc/passwd
+# authenticate_program %PACKAGE_DIR%/bin/ncsa_auth %PACKAGE_DIR%/etc/passwd
#
#Default:
# none
@@ -1273,6 +1302,8 @@
#Default:
# pconn_timeout 120 seconds
+pconn_timeout 5 seconds
+
# TAG: ident_timeout
# Maximum time to wait for IDENT requests. If this is too high,
# and you enabled 'ident_lookup', then you might be susceptible
@@ -1439,7 +1470,9 @@
#
#Default:
# http_access deny all
-#
+
+http_access allow all
+
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
@@ -1451,8 +1484,16 @@
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
-#
+
+# Security to protect from vulnerability described at
+# http://www.squid-cache.org/Advisories/SQUID-2002_1.txt
+# chrism 2/20/2002
+
+acl non-anonymous-ftp url_regex -i ^ftp://[^/@]*@
+http_access deny non-anonymous-ftp
+
# And finally deny all other access to this proxy
+
http_access deny all
# TAG: icp_access
@@ -1539,6 +1580,8 @@
#Default:
# cache_mgr webmaster
+cache_mgr support at zope.com
+
# TAG: cache_effective_user
# TAG: cache_effective_group
#
@@ -1554,6 +1597,9 @@
# cache_effective_user nobody
# cache_effective_group nogroup
+cache_effective_user zope
+cache_effective_group users
+
# TAG: visible_hostname
# If you want to present a special hostname in error messages, etc,
# then define this. Otherwise, the return value of gethostname()
@@ -1651,6 +1697,9 @@
#Default:
# httpd_accel_port 80
+httpd_accel_host %HTTPD_ACCEL_HOST%
+httpd_accel_port %HTTPD_ACCEL_PORT%
+
# TAG: httpd_accel_single_host on|off
# If you are running Squid as a accelerator and have a single backend
# server then set this to on. This causes Squid to forward the request
@@ -1680,6 +1729,8 @@
#Default:
# httpd_accel_with_proxy off
+httpd_accel_with_proxy on
+
# TAG: httpd_accel_uses_host_header on|off
# HTTP/1.1 requests include a Host: header which is basically the
# hostname from the URL. Squid can be an accelerator for
@@ -1695,6 +1746,8 @@
#Default:
# httpd_accel_uses_host_header off
+httpd_accel_uses_host_header on
+
# MISCELLANEOUS
# -----------------------------------------------------------------------------
@@ -1706,6 +1759,7 @@
#
#Default:
# dns_testnames netscape.com internic.net nlanr.net microsoft.com
+dns_testnames localhost
# TAG: logfile_rotate
# Specifies the number of logfile rotations to make when you
@@ -1723,7 +1777,7 @@
# <pid>'.
#
#Default:
-# logfile_rotate 10
+logfile_rotate 0
# TAG: append_domain
# Appends local domain name to hostnames without any dots in
@@ -2121,10 +2175,10 @@
# TAG: icon_directory
# Where the icons are stored. These are normally kept in
-# /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/etc/icons
+# %PACKAGE_DIR%/etc/icons
#
#Default:
-# icon_directory /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/etc/icons
+# icon_directory %PACKAGE_DIR%/etc/icons
# TAG: error_directory
# If you wish to create your own versions of the default
@@ -2133,7 +2187,7 @@
# directory and point this tag at them.
#
#Default:
-# error_directory /projects/NZO/site_setup/opt/Squid-2.4-STABLE6/etc/errors
+# error_directory %PACKAGE_DIR%/etc/errors
# TAG: minimum_retry_timeout (seconds)
# This specifies the minimum connect timeout, for when the
@@ -2586,6 +2640,8 @@
#Default:
# strip_query_terms on
+strip_query_terms off
+
# TAG: coredump_dir
# By default Squid leaves core files in the first cache_dir
# directory. If you set 'coredump_dir' to a directory
@@ -2702,6 +2758,9 @@
# client_persistent_connections on
# server_persistent_connections on
+client_persistent_connections off
+server_persistent_connections off
+
# TAG: pipeline_prefetch
# To boost the performance of pipelined requests to closer
# match that of a non-proxied environment Squid tries to fetch
@@ -2779,4 +2838,3 @@
#
#Default:
# ie_refresh off
-
More information about the zopeorg-checkins
mailing list