Now takes a list of options in addition to the port address, specifying the purpose of this http_port. Default is plain Internet proxy as usual.
Now implemented by the "transparent" http_port option
Replaced by defaultsite http_port option and cache_peer originserver option.
No longer needed. Server port defined by the cache_peer port.
Replaced by vhost http_port option
Many new options. Reconstructs URLs as https:// by default.
Many new options to support origin servers and SSL encryption
New directive for hardware assisted SSL encryption
New directives defining how to gateway http->https
New helper directive to query an external program for SSL key encryption password (if any)
Renamed to cache to better reflect the functionaliy. no_cache still accepted.
New name for the old no_cache directive.
New directive to disable caching of Vary:ing responses
New directive to work around known broken compression modules which hasn't understood the meaning of the ETag HTTP header.
New directive for defining custom log formats
Renamed to access_log
Select what requests to log where any by what format. Support for multiple log files and multiple log formats.
New option to disable the hostname validity/sanity checks usually performed by Squid, replacing the similar build time configure option in 2.5.
New option to allow _ in hostnames, replacing the similar build time configure option in 2.5 and earlier.
Allow for domain searches. Now possible even when using the internal DNS client
Renamed to url_rewrite_* to better reflect the functionality of this helper (rewriting requested URLs)
Activates a new and more efficient helper protocol. Requires changes in the helper.
New helper hook for rewriting Location headers
New option to allow the use of blank passwords.
No longer supported
Directive no longer supported. Use of NTLM negotiate packet is always on.
New option to fine-tune the use of HTTP keep-alive in combination with NTLM
New Negotiate authentication scheme, the "next generation" scheme in the family of Microsoft authentication.
Many new format options %SRCPORT, %MYADDR, %MYPORT, %PATH, %USER_CERT, %ACL, %DATA and a few variants. Helper protocol defaults to the simpler "3.0" protocol, and there is support for a highly efficient protocol via the concurrency= option if supported by the helper.
Several new HTTP override/ignore options
New directive to set the response buffer size.
New directive to enable an alternative optimized forwarding path when there is very many concurrent requests for the same URL.
New directive similar to collapsed_forwarding and activates an alternative optimized request processing when there is very many concurrent requests for the same recently expired URL.
New acl class
New acl class matching the user SSL certificate (https_port)
New acl class matching the CA of the user SSL certificate (https_port)
New acl matching usernames returned by external acl
New option to enable parsing of X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies
New http_access type directive but evaluated after url rewrites
Access control on HTCP requests
New directive to limit what gets logged.
Enable hiding of the Squid version
New directive to specify the minimum umask Squid should run under
New directive to allow dynamic rewrites of error pages
New directive to disable the use of the Via directive
WCCP2 protocol support
Linux TPROXY support for masquerading outgoing connections as the original client
There is a few known issues in this version of Squid which we hope to correct in a later release
WCCPv2 unable to register with more than one router on Linux
"ETag Loop" warnings in cache.log
assertion failed: cbdata.c:249: "c->locks > 0" when using diskd
302 responses with an Expires header is always cached
diskd related memory corruption under heavy load
Ipfilter 4.x compile problem on HP Tru64
checking if IP-Filter header files are installed... no WARNING: Cannot find necessary IP-Filter header files Transparent Proxy support WILL NOT be enabledTo fix the problem first check if the ip_fil.h, ip_compat.h, ip_nat.h and ipl.h files are present in /usr/include/netinet and copy them from ipfilter source tree if needed. Don't forget to fix files permission and ownership after the copy.
env ac_cv_header_netinet_ip_compat_h=yes ./configure --enable-ipf-transparent
In addition there is a set of limitations in this version of Squid which we hope to correct later
mime.conf and referenced icons must be within chroot
tcp_outgoing_address using an ident ACL does not work
acl max_user_ip and multiple authentication schemes
miss_access fails on "slow" acl types such as dst.
squid -F is starting server sockets to early
does not handle swap.state corruption properly
unstable if runs out of disk space
diskd may appear slow on low loads
delay_pools stops working on -k reconfigure
This Squid version can run on Windows as a system service using the Cygwin environment.
Windows NT 4 and later are supported.
On Windows 2000/XP/2003 the service is configured to use the Windows Service Recovery option
restarting automatically after 60 seconds.
Some new command line options was added for the Windows service support:
The service installation is made with -i command line switch, it's possible to use -f switch at the same time for specify a different config-file settings for the Squid Service that will be stored on the Windows Registry.
A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed. "Squid" is the default when the switch is not used.
So, to install the service, the syntax is:
squid -i [-f file] [-n name]
Service uninstallation is made with -r command line switch with the appropriate -n switch.
The -k switch family must be used with the appropriate -f and -n switches, so the syntax is:
squid -k command [-f file] -n service-namewhere service-name is the name specified with -n options at service install time.
To use the Squid original command line, the new -O switch must be used ONCE, the syntax is:
squid -O cmdline [-n service-name]If multiple service command line options must be specified, use quote. The -n switch is needed only when a non default service name is in use.
Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are specific to Windows services functionality and Squid is not designed for understand they.
In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130":
squid -O "-D -u 3130" -n squidsvc
On Windows platforms, if no value is specified in the dns_nameservers option on squid.conf or in the /etc/resolv.conf file, the list of DNS name servers are taken from the Windows registry, both static and dynamic DHCP configurations are supported.
acl blocklist url_regex -i "c:/squid/etc/blocked1.txt"
redirect_program c:/perl/bin/perl.exe c:/squid/libexec/redir.pl redirect_program c:/winnt/system32/cmd.exe /C c:/squid/libexec/redir.cmd