Helper Programs

FTP column width

The column width for auto-generated web pages of FTP sites queried through Squid when Squid is in forward proxy mode. Squid provides limited FTP proxy features to allow browsers (even older, non-FTP aware browsers) to communicate with FTP servers. This option gives some control over how Squid formats the resulting file lists. This option correlates to the ftp_list_width and defaults to 32 .

Anon FTP login

The email address Squid uses to log in to remote FTP servers anonymously. This can simply be a username followed by an @ symbol, which your domain name can be automatically attached to. Or it can be a full email address. This should be something reasonable for your domain, such as wwwuser@mydomain.com, or in the domainless case first mentioned, Squid@ , which happens to be the default for this option. This corresponds to the ftp_user directive.

Squid DNS program

The helper program to use for DNS resolution. Because Squid requires a nonblocking resolver for its queries, an external program called dnsserver is included in the standard distribution. In Squid versions prior to 2.3, this program is the only standard choice for resolution, and the path to the file can be entered here. In Squid versions later than 2.3, there is a new default option, which is an internal non-blocking resolver that is more memory and CPU efficient. This option rarely needs to be changed from its default value. This option configures cache_dns_program directive.

Number of DNS programs

The number of external DNS resolver processes that will be started in order to serve requests . The default value of five is enough for many networks, however, if your Squid serves a large number of users, this value may need to be increased to avoid errors. However, increasing the number of processes also increases the load on system resources and may actually hinder performance if set too high. More than 10 is probably overkill. This option correlates to the dns_children directive.

Append domain to requests

When enabled, causes the dnsserver to add the local domain name to single component host names. It is normally disabled to prevent caches in a hierarchy from interpreting single component host names locally. This option configures the dns_defnames directive.

DNS server addresses

Normally defaults to From resolv.conf, which simply means that Squid's parent DNS servers will be drawn from the /etc/resolv.conf file found on the system Squid runs on. It is possible to select other DNS servers if needed-for example, to choose a more local caching DNS server or a remote Internet connected server. This option corresponds to the dns_nameservers directive.

Cache clearing program

The name of the helper program that deletes, or unlinks, old files in the cache to make room for newer objects. In all current versions of Squid, this helper is known as unlinkd and should probably not be changed from this unless you know what you're doing. This option configures the unlinkd_program directive.

Squid ping program

An external program that provides Squid with ICMP RTT information so that it can more effectively choose between multiple remote parent caches for request fulfillment. There are special cases when this option is required, and your Squid must have been compiled with the --enable-icmp configure option in order for it to work. This option should only be used on caches that have multiple parent caches on different networks that it must choose between. The default program to use for this task is called pinger . This option configures the pinger_program directive.

Custom redirect program, Number of redirect programs

Provides access to the redirector interface in Squid, so a redirector can be selected and the number of redirector processes needed configured. A redirector is, in short, just what it sounds like: a program that, when given a URL that matches some circumstances, redirects Squid to another URL. To be a little less brief and perhaps more complete, a redirector provides a method to export a request to an external program and then to import that program's response and act as though the client sent the resulting request. This allows for interesting functionality with Squid and an external redirector. To configure a redirector, enter the path to the redirector and the redirector filename, as shown in Figure 12-10. You should also enter any options to be passed to the redirector in the same field, as in the example shown.

Figure 12-10: Configuring a redirector

One common usage is to block objectionable content using a tool like SquidGuard [http://www.squidguard.org/]. Another popular use is to block advertising banners using the simple but effective Ad Zapper [http://www.zip.com.au/~cs/adzap/index.html ]. The Ad Zapper not only allows one to block ads, it can also remove those pesky flashing New images and moving line images used in place of standard horizontal rules. Several other general-purpose redirectors exist that provide URL remapping for many different purposes. Two popular and well-supported general redirectors are Squirm [http://www.senet.com.au/squirm/ ] and JesRed [http://ivs.cs.uni-magdeburg.de/~elkner/webtools/ jesred]. Finally, it is possible to write a custom redirector to provide any kind of functionality needed from your Squid. While it is not possible to use the redirector interface to alter a web page's content it is possible to perform in-line editing of some or all URLs to force many different types of results. The two redirect options configure the redirect_program and redirect_children directives.

Custom Authentication program, Number of authentication programs

Provides an interface to the external authentication interface within Squid. There are a large number of authentication modules for use with Squid, allowing users to be authenticated in a number of ways. The simplest authentication type is known as ncsa_auth, which uses a standard htpasswd-style password file to check for login name and password. More advanced options include a new NTLM module that allows authentication against a Windows NT domain controller, and LDAP authentication that allows use of Lightweight Directory Access Protocol servers. Most authentication modules work the same way and quite similarly to a redirector as discussed above. In Figure 12-11, you'll see the standard ncsa_auth authenticator and the location of the passwd file it should use for authenticating users. You'll notice the number of authenticator child processes has been increased from the default of 5 to 10, in order to handle quite heavy loads. These options edit the authenticate_program and authenticate_children directives, respectively.

Figure 12-11: Authentication configuration