squid (2.7.STABLE6-2) unstable; urgency=low Since version 2.7.STABLE6-2 error pages are not included in squid-common anymore, but are instead shipped in a separate package (squid-langpack). If the error_directory option in /etc/squid/squid.conf was customized, it should be checked against the new directory layout of squid-langpack; if it is not set correctly, squid will refuse to start. -- Luigi Gangitano Tue, 7 Jul 2009 1:48:10 +0200 squid (2.7.STABLE2-2) unstable; urgency=low Squid 2.7 introduced a long listing of new features including partial HTTP/1.1 support, modular logging, background object revalidation and configuration file includes. Release notes with details of changes can be found in /usr/share/doc/squid/RELEASENOTES.html Changes to the configuration file: *Added directives* acl myportname new acl matching the incoming port name authenticate_ip_shortcircuit_ttl authenticate_ip_shortcircuit_access controls the new IP based authentication cache. zph_mode zph_local zph_sibling zph_parent zph_option controls the Zero Penalty Hit support update_headers optimization to skip updating on-disk headers logfile_daemon new log file daemon support netdb_filename sas hardcoded to the first cache_dir storeurl_rewrite_program storeurl_rewrite_children storeurl_rewrite_concurrency storeurl_access controls the new store URL rewrite functionality rewrite_access rewrite controls the new builtin URL rewrite functionality max_stale server_http11 ignore_expect_100 Experimental HTTP/1.1 support knobs external_refresh_check new helper to allow custom cache validations in accelerator setups delay_body_max_size new way of using delay pools based on response size ignore_ims_on_miss optimization mainly targeted for accelerator setups max_filedescriptors can now be set runtime. Was previously hardcoded at build time and further limited by ulimit accept_filter optimization to avoid waking Squid up until a request has been received incoming_rate new tuning knob for high traffic conditions zero_buffers tuning knob to disable a new optimization *Changed directives* cache Suggested defaults modified cache_dir the "read-only" option has been renamed to "no-store" to better reflect the functionality cache_peer new multicast-siblings option, enabling multicast ICP sibling relations new idle=n option to keep a minimum pool of idle connections new http11 option to enable experimental HTTP/1.1 support external_acl_type New %URI format tag acl Suggested defaults cleaned up, defines a new "localnet" acl with RFC1918 addresses new "myportname" acl type matching the http_port name icp_access Suggested defaults cleaned up, now requires configuration to use ICP htcp_access Suggested defaults cleaned up, now requires configuration to use HTCP http_access Suggested defaults cleaned up, using a new "localnet" acl. http_port Accelerator mode options cleaned up (accel, defaultsite, vport, vhost and combinations thereof) new "allow-direct" option new "act-as-origin" option new "http11" option (experimental) new "name=" option nee "keepalive=" option https_port See http_port. logformat New format codes: oa (Our outgoing IP address), rp (Request URL-Path), sn (Unique sequence number) refresh_pattern Several new options: stale-while-revalidate, ignore-stale-while-revalidate, max-stale, negative-ttl Suggested defaults adjusted to match the changes in the cache directive. url_rewrite_program Future protocol change adding key=value pairs after the requests forwarded_for Has several new modes, allowing one to finetune how/if the requesting client IP should be forwarded in X-Forwarded-For *Removed directives* incoming_icp_average incoming_http_average incoming_dns_average min_icp_poll_cnt min_dns_poll_cnt min_http_poll_cnt the above tuning knobs no longer have any effect and has been removed. -- Luigi Gangitano Sun, 1 Jun 2008 04:11:08 +0200 squid (2.6.1-3) unstable; urgency=low Squid 2.6 introduced a long listing of new features including ICAP support, TPROXY support on Linux, epoll() support, WCCPv2 support and new authentication helpers. Release notes with details of changes can be found in /usr/share/doc/squid/RELEASENOTES.html Changes to the configuration file: http_port Now takes a list of options in addition to the port address, specifying the purpose of this http_port. Default is plain Internet proxy as usual. httpd_accel_* for transparent proxy Now implemented by the "transparent" http_port option httpd_accel_host Replaced by defaultsite http_port option and cache_peer originserver option. httpd_accel_port No longer needed. Server port defined by the cache_peer port. httpd_accel_uses_host_header Replaced by vhost http_port option https_port Many new options. Reconstructs URLs as https:// by default. cache_peer Many new options to support origin servers and SSL encryption ssl_engine New directive for hardware assisted SSL encryption sslproxy_* New directives defining how to gateway http->https sslpassword_program New helper directive to query an external program for SSL key encryption password (if any) no_cache Renamed to cache to better reflect the functionaliy. no_cache still accepted. cache New name for the old no_cache directive. cache_vary New directive to disable caching of Vary:ing responses broken_vary_encoding New directive to work around known broken compression modules which hasn't understood the meaning of the ETag HTTP header in relation to Accept-Encoding. logformat New directive for defining custom log formats cache_access_log Renamed to access_log access_log Select what requests to log where any by what format. Support for multiple log files and multiple log formats. check_hostnames New option to disable the hostname validity/sanity checks usually performed by Squid, replacing the similar build time configure option in 2.5. allow_underscore New option to allow _ in hostnames, replacing the similar build time configure option in 2.5 and earlier. dns_defnames Allow for domain searches. Now possible even when using the internal DNS client redirect_* Renamed to url_rewrite_* to better reflect the functionality of this helper (rewriting requested URLs) url_rewrite_concurrency Activates a new and more efficient helper protocol. Requires changes in the helper. location_rewrite_* New helper hook for rewriting Location headers auth_param basic blankpassword New option to allow the use of blank passwords. auth_param ntlm max_challenge_reuse / max_challenge_lifetime No longer supported auth_param ntlm use_ntlm_negotiate Directive no longer supported. Use of NTLM negotiate packet is always on. auth_param ntlm keep_alive New option to fine-tune the use of HTTP keep-alive in combination with NTLM auth_param negotiate New Negotiate authentication scheme, the "next generation" scheme in the family of Microsoft authentication. external_acl_type Many new format options %SRCPORT, %MYADDR, %MYPORT, %PATH, %USER_CERT, %ACL, %DATA and a few variants. Helper protocol defaults to the simpler "3.0" protocol, and there is support for a highly efficient protocol via the concurrency= option if supported by the helper. refresh_pattern Several new HTTP override/ignore options read_ahead_gap New directive to set the response buffer size. collapsed_forwarding New directive to enable an alternative optimized forwarding path when there is very many concurrent requests for the same URL. refresh_stale_hit New directive similar to collapsed_forwarding and activates an alternative optimized request processing when there is very many concurrent requests for the same recently expired URL. acl urlgroup New acl class acl user_cert New acl class matching the user SSL certificate (https_port) acl ca_cert New acl class matching the CA of the user SSL certificate (https_port) acl ext_user / ext_user_regex New acl matching usernames returned by external acl follow_x_forwarded_for New option to enable parsing of X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies http_access2 New http_access type directive but evaluated after url rewrites htcp_access, htcp_clr_access Access control on HTCP requests log_access New directive to limit what gets logged. httpd_suppress_version_string Enable hiding of the Squid version umask New directive to specify the minimum umask Squid should run under error_map New directive to allow dynamic rewrites of error pages via New directive to disable the use of the Via directive wccp2_* WCCP2 protocol support -- Luigi Gangitano Wed, 12 Jul 2006 15:11:08 +0200