Squid 2.6.STABLE16 release notes

Squid Developers

$Id: release-2.6.html,v 1.44.2.13 2007/09/05 22:25:23 hno Exp $
This document contains the release notes for version 2.6 of Squid. Squid is a WWW Cache application developed by the Web Caching community.

1. Key changes from squid 2.5

2. Changes to squid.conf

3. Known issues

4. Known limitations

5. Other issues

6. Windows support

7. Key changes squid-2.6.STABLE1 to 2.6.STABLE2

8. Key changes squid-2.6.STABLE2 to 2.6.STABLE3

9. Key changes squid-2.6.STABLE3 to 2.6.STABLE4

10. Key changes squid-2.6.STABLE4 to 2.6.STABLE5

11. Key changes squid-2.6.STABLE5 to 2.6.STABLE6

12. Key changes squid-2.6.STABLE6 to 2.6.STABLE7

13. Key changes squid-2.6.STABLE7 to 2.6.STABLE8

14. Key changes squid-2.6.STABLE8 to 2.6.STABLE9

15. Key changes squid-2.6.STABLE9 to 2.6.STABLE10

16. Key changes squid-2.6.STABLE10 to 2.6.STABLE11

17. Key changes squid-2.6.STABLE11 to 2.6.STABLE12

18. Key changes squid-2.6.STABLE12 to 2.6.STABLE13

19. Key changes squid-2.6.STABLE13 to 2.6.STABLE14

20. Key changes squid-2.6.STABLE14 to 2.6.STABLE15

21. Key changes squid-2.6.STABLE15 to 2.6.STABLE16


1. Key changes from squid 2.5

2. Changes to squid.conf

http_port

Now takes a list of options in addition to the port address, specifying the purpose of this http_port. Default is plain Internet proxy as usual.

httpd_accel_* for transparent proxy

Now implemented by the "transparent" http_port option

httpd_accel_* for accelerator mode

Now implemented by other options and the http_port accel option. See individual directives below.

httpd_accel_host

Replaced by defaultsite http_port option and cache_peer originserver option.

httpd_accel_port

No longer needed. Server port defined by the cache_peer port.

httpd_accel_uses_host_header

Replaced by vhost http_port option

https_port

Many new options. Reconstructs URLs as https:// by default.

cache_peer

Many new options to support origin servers and SSL encryption

ssl_engine

New directive for hardware assisted SSL encryption

sslproxy_*

New directives defining how to gateway http->https

sslpassword_program

New helper directive to query an external program for SSL key encryption password (if any)

no_cache

Renamed to cache to better reflect the functionaliy. no_cache still accepted.

cache

New name for the old no_cache directive.

cache_vary

New directive to disable caching of Vary:ing responses

broken_vary_encoding

New directive to work around known broken compression modules which hasn't understood the meaning of the ETag HTTP header in relation to Accept-Encoding.

logformat

New directive for defining custom log formats

cache_access_log

Renamed to access_log

access_log

Select what requests to log where any by what format. Support for multiple log files and multiple log formats.

check_hostnames

New option to disable the hostname validity/sanity checks usually performed by Squid, replacing the similar build time configure option in 2.5.

allow_underscore

New option to allow _ in hostnames, replacing the similar build time configure option in 2.5 and earlier.

dns_defnames

Allow for domain searches. Now possible even when using the internal DNS client

redirect_*

Renamed to url_rewrite_* to better reflect the functionality of this helper (rewriting requested URLs)

url_rewrite_concurrency

Activates a new and more efficient helper protocol. Requires changes in the helper.

location_rewrite_*

New helper hook for rewriting Location headers

auth_param basic blankpassword

New option to allow the use of blank passwords.

auth_param basic/digest concurrency

New option enabling a multiplexed helper protocol allowing the same helper to process multiple concurrent requests in an efficient manner. Requires support from the helper. (2.6.STABLE2 and later)

auth_param ntlm max_challenge_reuse / max_challenge_lifetime

No longer supported

auth_param ntlm use_ntlm_negotiate

Directive no longer supported. Use of NTLM negotiate packet is always on.

auth_param ntlm keep_alive

New option to fine-tune the use of HTTP keep-alive in combination with NTLM

auth_param negotiate

New Negotiate authentication scheme, the "next generation" scheme in the family of Microsoft authentication.

external_acl_type

Many new format options %SRCPORT, %MYADDR, %MYPORT, %PATH, %USER_CERT, %ACL, %DATA and a few variants. Helper protocol defaults to the simpler "3.0" protocol, and there is support for a highly efficient protocol via the concurrency= option if supported by the helper.

refresh_pattern

Several new HTTP override/ignore options

read_ahead_gap

New directive to set the response buffer size.

collapsed_forwarding

New directive to enable an alternative optimized forwarding path when there is very many concurrent requests for the same URL.

refresh_stale_hit

New directive similar to collapsed_forwarding and activates an alternative optimized request processing when there is very many concurrent requests for the same recently expired URL.

acl urlgroup

New acl class

acl user_cert

New acl class matching the user SSL certificate (https_port)

acl ca_cert

New acl class matching the CA of the user SSL certificate (https_port)

acl ext_user / ext_user_regex

New acl matching usernames returned by external acl

follow_x_forwarded_for

New option to enable parsing of X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies

http_access2

New http_access type directive but evaluated after url rewrites

htcp_access, htcp_clr_access

Access control on HTCP requests

log_access

New directive to limit what gets logged.

httpd_suppress_version_string

Enable hiding of the Squid version

umask

New directive to specify the minimum umask Squid should run under

error_map

New directive to allow dynamic rewrites of error pages

via

New directive to disable the use of the Via directive

wccp2_*

WCCP2 protocol support

minimum_expiry_time

tune the magic 60 seconds limit of what is considered cachable when the object doesn't have any cache validators. (2.6.STABLE2)

wccp2_rebuild_wait

make Squid delay registering with a WCCP router until store rebuild have finished. Default on. (2.6.STABLE2)

wccp2_weight

Cache server load weigth in the cluster. (2.6.STABLE4)

check_hostnames

Control if Squid should check the sanity of host names before trying to look them up in DNS

allow_underscores

Control if _ is to be considered a valid character in hostnames or not

cache_peer carp-load-factor

Option removed. CARP now uses the weight parameter instead.

3. Known issues

There is a few known issues in this version of Squid which we hope to correct in a later release

4. Known limitations

In addition there is a set of limitations in this version of Squid which we hope to correct later

5. Other issues

Ipfilter 4.x compile problem on HP Tru64

6. Windows support

This Squid version can run on Windows as a system service using the Cygwin emulation environment, or can be compiled in Windows native mode using the MinGW + MSYS development environment. Windows NT 4 SP4 and later are supported.
On Windows 2000 and later the service is configured to use the Windows Service Recovery option restarting automatically after 60 seconds.

Usage

Some new command line options was added for the Windows service support:

The service installation is made with -i command line switch, it's possible to use -f switch at the same time for specify a different config-file settings for the Squid Service that will be stored on the Windows Registry.

A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed. "Squid" is the default when the switch is not used.

So, to install the service, the syntax is:

squid -i [-f file] [-n name]

Service uninstallation is made with -r command line switch with the appropriate -n switch.

The -k switch family must be used with the appropriate -f and -n switches, so the syntax is:

squid -k command [-f file] -n service-name
where service-name is the name specified with -n options at service install time.

To use the Squid original command line, the new -O switch must be used ONCE, the syntax is:

squid -O cmdline [-n service-name]
If multiple service command line options must be specified, use quote. The -n switch is needed only when a non default service name is in use.

Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are specific to Windows services functionality and Squid is not designed for understand they.

In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130":

squid -O "-D -u 3130" -n squidsvc

PSAPI.DLL (Process Status Helper) Considerations

The process status helper functions make it easier for you to obtain information about processes and device drivers running on Microsoft� Windows NT�/Windows� 2000. These functions are available in PSAPI.DLL, which is distributed in the Microsoft� Platform Software Development Kit (SDK). The same information is generally available through the performance data in the registry, but it is more difficult to get to it. PSAPI.DLL is freely redistributable.

PSAPI.DLL is available only on Windows NT, 2000, XP and 2003. The implementation in Squid is aware of this, and try to use it only on the right platform.

On Windows NT PSAPI.DLL can be found as component of many applications, if you need it, you can find it on Windows NT Resource KIT. If you have problem, it can be downloaded from here: http://download.microsoft.com/download/platformsdk/Redist/4.0.1371.1/NT4/EN-US/psinst.EXE

On Windows 2000 and later it is available installing the Windows Support Tools, located on the Support\Tools folder of the installation Windows CD-ROM.

Registry DNS lookup

On Windows platforms, if no value is specified in the dns_nameservers option on squid.conf or in the /etc/resolv.conf file, the list of DNS name servers are taken from the Windows registry, both static and dynamic DHCP configurations are supported.

Compatibility Notes

Known Limitations:

Building Squid on Windows:

A reasonably recent release of Cygwin or MinGW is needed.
The usage of the Cygwin environment is very similar to other Unix/Linux environments, and -devel version of libraries must be installed.
For the MinGW environment, the packages MSYS, MinGW and msysDTK must be installed. Some additional libraries and tools must be downloaded separately:

OpenSSL: Shining Light Productions Win32 OpenSSL
libcrypt: MinGW packages repository
db-1.85: TinyCOBOL download area
uudecode: Native Win32 ports of some GNU utilities

When running configure, --disable-wccp and --disable-wccpv2 options should always specified to avoid compile errors.


Before build Squid with SSL support, some operations are needed (in the following example OpenSSL is installed in C:\OpenSSL and MinGW in C:\MinGW):

Using cache manager on Windows:

On Windows, cache manager (cachemgr.cgi) can be used with Microsoft IIS or Apache.
Some specific configuration could be needed:

7. Key changes squid-2.6.STABLE1 to 2.6.STABLE2

8. Key changes squid-2.6.STABLE2 to 2.6.STABLE3

9. Key changes squid-2.6.STABLE3 to 2.6.STABLE4

10. Key changes squid-2.6.STABLE4 to 2.6.STABLE5

11. Key changes squid-2.6.STABLE5 to 2.6.STABLE6

12. Key changes squid-2.6.STABLE6 to 2.6.STABLE7

13. Key changes squid-2.6.STABLE7 to 2.6.STABLE8

14. Key changes squid-2.6.STABLE8 to 2.6.STABLE9

15. Key changes squid-2.6.STABLE9 to 2.6.STABLE10

16. Key changes squid-2.6.STABLE10 to 2.6.STABLE11

17. Key changes squid-2.6.STABLE11 to 2.6.STABLE12

18. Key changes squid-2.6.STABLE12 to 2.6.STABLE13

19. Key changes squid-2.6.STABLE13 to 2.6.STABLE14

20. Key changes squid-2.6.STABLE14 to 2.6.STABLE15

21. Key changes squid-2.6.STABLE15 to 2.6.STABLE16