to provide extra functionality or to provide greater performance. Squid provides a standard API for several types of programs that provide extra services that do not fit well into the Squid
Figure 12-9: Cache helper program
Squid versions from 2.3 onward do not use the dnsserver helper program by default, replacing it with an internal
The column width for auto-generated web pages of FTP sites queried through Squid when Squid is in forward proxy mode. Squid provides limited FTP proxy features to allow browsers (even older, non-FTP aware browsers) to communicate with FTP servers. This option gives some control over how Squid formats the resulting file lists. This option correlates to the ftp_list_width and defaults to 32 .
Squid only provides FTP proxy and caching services when acting as a traditional proxy, not when acting
The email address Squid uses to log in to remote FTP servers anonymously. This can simply be a username followed by an @ symbol, which your domain
The helper program to use for DNS resolution. Because Squid requires a nonblocking resolver for its queries, an external program called
is included in the standard distribution. In Squid versions prior to 2.3, this program is the only standard choice for resolution, and the
The number of external DNS resolver processes that will be started in order to serve
When enabled, causes the dnsserver to add the local domain name to single component host names. It is normally disabled to prevent caches in a hierarchy from interpreting single component host
Normally defaults to From resolv.conf, which simply means that Squid's parent DNS servers will be drawn from the /etc/resolv.conf file found on the system Squid runs on. It is possible to select other DNS servers if needed-for example, to choose a more local caching DNS server or a remote Internet connected server. This option corresponds to the dns_nameservers directive.
The name of the helper program that deletes, or unlinks, old files in the cache to make room for
An external program that provides Squid with ICMP RTT information so that it can more effectively choose between multiple remote parent caches for request fulfillment. There are special cases when this option is required, and your Squid must have been compiled with the --enable-icmp configure option in order for it to work. This option should only be used on caches that have multiple parent caches on different networks that it must choose between. The default program to use for this task is called pinger . This option configures the pinger_program directive.
Provides access to the redirector interface in Squid, so a redirector can be selected and the number of redirector processes needed configured. A redirector is, in short, just what it sounds like: a program that, when given a URL that matches some circumstances, redirects Squid to another URL. To be a little less brief and perhaps more complete, a redirector provides a method to export a request to an external program and then to import that program's response and act as though the client sent the resulting request. This allows for interesting functionality with Squid and an external redirector. To configure a redirector, enter the path to the redirector and the redirector filename, as shown in Figure 12-10. You should also enter any options to be passed to the redirector in the same field, as in the example shown.
Figure 12-10: Configuring a redirector
One common usage is to block
Provides an interface to the external authentication interface within Squid. There are a large number of authentication modules for use with Squid, allowing users to be authenticated in a number of ways. The simplest authentication type is known as ncsa_auth, which uses a standard htpasswd-style password file to check for login name and password. More advanced options include a new NTLM module that allows authentication against a Windows NT domain controller, and LDAP authentication that allows use of Lightweight Directory Access Protocol servers. Most authentication modules work the same way and quite similarly to a redirector as discussed above. In Figure 12-11, you'll see the standard ncsa_auth authenticator and the location of the passwd file it should use for authenticating users. You'll notice the number of authenticator child processes has been increased from the default of 5 to 10, in order to handle quite heavy loads. These options edit the authenticate_program and authenticate_children directives, respectively.
Figure 12-11: Authentication configuration
Authentication has been enhanced significantly in Squid 2.5 and above, adding new types of authentication (NTLM and Digest), as well as more flexible configuration options. If you are using one of these Squid versions, read the following section,'Authentication Programs,' for more complete information.