release-notes-1.0.txt

-

disk.  

In addition, the -z option will not cause 'rm -rf [0-9][0-9]' to be
executed unless the -U option is also given.  

When swap files are not removed during restart there internal counters
for disk space taken will not match the actual disk space used.  If you
have a large cache or plenty of extra disk space, this should not be a
problem.  However, if space is an issue, you may want to use the -U
option at the cost of a slower restart.


Changes to debugging
==============================================================================
Squid has a flexible debugging scheme.  You can enable more debugging
for certain functions and less for others.  For example if you needed
to figure out why your access controls were behaving strangely, you 
could enable debugging for section 28 at level 9.  Currently, each
section corresponds to separate source code file:

	main.c:              Section 1
	cache_cf.c:          Section 3
	errorpage.c:         Section 4
	comm.c:              Section 5
	disk.c:              Section 6
	fdstat.c:            Section 7
	filemap.c:           Section 8
	ftp.c:               Section 9
	gopher.c:            Section 10
	http.c:              Section 11
	icp.c:               Section 12
	icp_lib.c:           Section 13
	ipcache.c:           Section 14
	neighbors.c:         Section 15
	objcache.c:          Section 16
	proto.c:             Section 17
	stat.c:              Section 18
	stmem.c:             Section 19
	store.c:             Section 20
	tools.c:             Section 21
	ttl.c:               Section 22
	url.c:               Section 23
	wais.c:              Section 24
	mime.c:              Section 25
	connect.c:           Section 26
	send-announce.c:     Section 27
	acl.c:               Section 28

Debugging levels are set in the configuration file with the 'debug_options'
line.  For example:

	debug_options ALL,1 28,9 22,5


New Access Control scheme
==============================================================================
The old IP-based access controls have been replaced with a much more
flexible scheme.  First you must define a set of access control lists. 
There are N types of lists:

	'src'		client IP address
	'dst'		server IP address**
	'method'	method of the request (eg, GET, POST)
	'proto'		protocol of the request (eg HTTP, WAIS)
	'domain'	domain of the URL request (eg .foo.org)
	'port'		port number of the URL request (eg 80, 21)
	'time'		time-of-day and day-of-week
			format: [SMTWHFA] [hh:mm-hh:mm]
	'pattern'	regular expression matching on the URL-path

After the access lists have been defined, you can then combine them
in way to allow or deny access.  

For example, your cache might be configured to accept requests 
from both inside and outside of your organization.  In that case you'd
probably want to allow internal clients to access anything, but limit
outside access to only sites within your organization.  It could be
done like this:

	acl ourclients src  128.138.0.0/255.255.0.0  198.117.213.0/24
	acl ourservers domain .whatsamattu.edu

	http_access deny !ourclients !ourservers
	http_access allow ourclients

If you wanted to limit FTP requests to off-peak hours, you could use:

	acl daytime time  MTWHF 08:00-17:00
	acl FTP proto FTP
	http_access deny FTP daytime

Any of the access list types can accept multiple values on the 
same line, except for 'time'.  Multiple values of an 'acl'
definition are treated with OR logic.  Multiple ACLs of
an 'http_access' are treated with AND logic.  
That is, all ACLs much match for the 'allow' or 'deny' take effect.
The order of the 'http_access' lines are important.  When a line
matches any following lines are not considered at all.

'icp_access' is the same as 'http_access' but it applies to the ICP
port.  However, it is not yet fully implemented.  It is only able to check
'src' and 'method' ACLs.

**Note, the 'dst' ACL type has been added for version 1.0.beta12.  In
that version it is implemented in a "lazy" manner.  If the URL hostname
is not already in the IP cache, the ACL checks will not match it, but
they will start a DNS lookup so that it will likely be present for
future ACL checks.  This means some users may occasionally get oddball
results.  For example, a page may fail the first time, but succeed on
the second try, or vice-versa.

Changes to cache shutdown
==============================================================================
Squid attempts to implement a "nice shutdown" upon receipt of a SIGTERM
signal.  Rather than simply breaking all current connections, it waits
a configurable number of seconds for active requests to complete.  The
default 'shutdown_lifetime' value is 30 seconds.

As soon as the SIGTERM is received, the incoming HTTP socket is closed
so that no further requests will be accepted.  


Using SIGHUP to reconfigure the cache
==============================================================================
Sending the squid process a HUP signal will prompt it to re-read its
configuration file.  Before it can be reconfigured, it must make sure
that all active connections are closed.  For this purpose squid
pretends to do a shutdown as described above; ie, it will wait up to
30 seconds for active requests to complete before re-reading the
configuration file.


ftpget server
==============================================================================
The ftpget program has been modified to act as a server for FTP
request.  You may now notice that an "ftpget -S" process is always
present while the cache is running.  The benefit of using an ftpget
server is that the cache process (which may be very large) no longer
needs to fork itself for FTP requests.


Assigning weights to cache neighbors
==============================================================================
Squid allows you to assign weights to parent caches.  The weights are 
used to calculate the ``first miss parent.''  The weight is specified in
the 'options' field of the 'cache_host' line.  For example:

     cache_host  big.foo.org parent 3128 3130 weight=5

The weight must be a non-zero integer.  It is used as a divisor to
calculate a weighted round-trip-time (RTT).  Higher weights will cause
a parent to have a ``better'' RTT.

Weights are only involved when all parent caches return MISS.  Squid still
fetches an object from the first parent or neighbor to reply with a HIT,
regardless of any weight values.

Converting 'cache/log' from cached-1.4.pl3
==============================================================================
Squid uses a slightly different format for the 'cache/log' file.  In 
particular, the words 'FILE:' and 'URL:' have been removed from each
line.  To save your on-disk cache, you will need to convert this log
file before starting Squid.  To do that use a simple awk command:

     mv log log.old
     awk '{print $2,$4,$5,$6,$7}' < log.old > log


Notes on stoplists vs ttl_pattern
==============================================================================
You can use the stoplists ('http_stop', etc) in the configuration file
to prevent objects from being cached.  Using a 'ttl_pattern' with the
TTL to zero will also prevent objects from being saved.

The 'http_stop' (etc) have a dual purpose: to prevent objects from
being cached, and to prevent some requests from being queried at
neighbor caches.  There is now a separate 'hierarchy_stoplist' which
can be used to prevent the hierarchy queries, but still allow objects
to be cached.  For example, if your parent cache does now allow FTP
requests, then your hierarchy_stoplist should contain:

    hierarchy_stoplist ftp://


SIGUSR1 now rotates log files
==============================================================================
In order to be more consistent with other daemon programs, SIGHUP is
used to reconfigure the running process.  This means that we needed to
change the signal used to rotate the log files.  We now use SIGUSR1 to
rotate the logs.


``no-query'' option for cache_host lines
==============================================================================
Some cache configurations behind firewalls may require ICP to be used
for caches behind the firewall, but not to caches on the other side
(because the firewall blocks UDP traffic).  To achieve this, use the
no-query option:

     cache_host   outside.my.org   parent   3128 3130  no-query
     cache_host   inside.my.org    neighbor 3128 3130