Squid 2.6.STABLE1 release notes

Squid Developers

$Id: release-2.6.html,v 1.19 2006/07/02 22:45:53 hno Exp $
This document contains the release notes for version 2.6 of Squid. Squid is a WWW Cache application developed by the Web Caching community.

1. Key changes from squid 2.5

2. Changes to squid.conf

3. Known issues

4. Known limitations

5. Other issues

6. Windows support

1. Key changes from squid 2.5

2. Changes to squid.conf


Now takes a list of options in addition to the port address, specifying the purpose of this http_port. Default is plain Internet proxy as usual.

httpd_accel_* for transparent proxy

Now implemented by the "transparent" http_port option


Replaced by defaultsite http_port option and cache_peer originserver option.


No longer needed. Server port defined by the cache_peer port.


Replaced by vhost http_port option


Many new options. Reconstructs URLs as https:// by default.


Many new options to support origin servers and SSL encryption


New directive for hardware assisted SSL encryption


New directives defining how to gateway http->https


New helper directive to query an external program for SSL key encryption password (if any)


Renamed to cache to better reflect the functionaliy. no_cache still accepted.


New name for the old no_cache directive.


New directive to disable caching of Vary:ing responses


New directive to work around known broken compression modules which hasn't understood the meaning of the ETag HTTP header in relation to Accept-Encoding.


New directive for defining custom log formats


Renamed to access_log


Select what requests to log where any by what format. Support for multiple log files and multiple log formats.


New option to disable the hostname validity/sanity checks usually performed by Squid, replacing the similar build time configure option in 2.5.


New option to allow _ in hostnames, replacing the similar build time configure option in 2.5 and earlier.


Allow for domain searches. Now possible even when using the internal DNS client


Renamed to url_rewrite_* to better reflect the functionality of this helper (rewriting requested URLs)


Activates a new and more efficient helper protocol. Requires changes in the helper.


New helper hook for rewriting Location headers

auth_param basic blankpassword

New option to allow the use of blank passwords.

auth_param ntlm max_challenge_reuse / max_challenge_lifetime

No longer supported

auth_param ntlm use_ntlm_negotiate

Directive no longer supported. Use of NTLM negotiate packet is always on.

auth_param ntlm keep_alive

New option to fine-tune the use of HTTP keep-alive in combination with NTLM

auth_param negotiate

New Negotiate authentication scheme, the "next generation" scheme in the family of Microsoft authentication.


Many new format options %SRCPORT, %MYADDR, %MYPORT, %PATH, %USER_CERT, %ACL, %DATA and a few variants. Helper protocol defaults to the simpler "3.0" protocol, and there is support for a highly efficient protocol via the concurrency= option if supported by the helper.


Several new HTTP override/ignore options


New directive to set the response buffer size.


New directive to enable an alternative optimized forwarding path when there is very many concurrent requests for the same URL.


New directive similar to collapsed_forwarding and activates an alternative optimized request processing when there is very many concurrent requests for the same recently expired URL.

acl urlgroup

New acl class

acl user_cert

New acl class matching the user SSL certificate (https_port)

acl ca_cert

New acl class matching the CA of the user SSL certificate (https_port)

acl ext_user / ext_user_regex

New acl matching usernames returned by external acl


New option to enable parsing of X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies


New http_access type directive but evaluated after url rewrites

htcp_access, htcp_clr_access

Access control on HTCP requests


New directive to limit what gets logged.


Enable hiding of the Squid version


New directive to specify the minimum umask Squid should run under


New directive to allow dynamic rewrites of error pages


New directive to disable the use of the Via directive


WCCP2 protocol support

3. Known issues

There is a few known issues in this version of Squid which we hope to correct in a later release

Bug #1590

"ETag Loop" warnings in cache.log

Bug #761

assertion failed: cbdata.c:249: "c->locks > 0" when using diskd

Bug #1640

unstable if mixing coss cache_dir type with other cache_dir types (ufs/aufs/diskd).

Bug #1602

Need to implement TCP fallback on truncated (large) DNS responses

4. Known limitations

In addition there is a set of limitations in this version of Squid which we hope to correct later

Bug #1420

302 responses with an Expires header is always cached

Bug #1584

WCCPv2 unable to register with more than one router on Linux

Bug #1059

mime.conf and referenced icons must be within chroot

Bug #692

tcp_outgoing_address using an ident ACL does not work

Bug #581

acl max_user_ip and multiple authentication schemes

Bug #528

miss_access fails on "slow" acl types such as dst.

Bug #513

squid -F is starting server sockets to early

Bug #457

does not handle swap.state corruption properly

Bug #410

unstable if runs out of disk space

Bug #355

diskd may appear slow on low loads

Bug #219

delay_pools stops working on -k reconfigure

5. Other issues

Ipfilter 4.x compile problem on HP Tru64

6. Windows support

This Squid version can run on Windows as a system service using the Cygwin environment.
Windows NT 4 and later are supported.
On Windows 2000/XP/2003 the service is configured to use the Windows Service Recovery option restarting automatically after 60 seconds.


Some new command line options was added for the Windows service support:

The service installation is made with -i command line switch, it's possible to use -f switch at the same time for specify a different config-file settings for the Squid Service that will be stored on the Windows Registry.

A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed. "Squid" is the default when the switch is not used.

So, to install the service, the syntax is:

squid -i [-f file] [-n name]

Service uninstallation is made with -r command line switch with the appropriate -n switch.

The -k switch family must be used with the appropriate -f and -n switches, so the syntax is:

squid -k command [-f file] -n service-name
where service-name is the name specified with -n options at service install time.

To use the Squid original command line, the new -O switch must be used ONCE, the syntax is:

squid -O cmdline [-n service-name]
If multiple service command line options must be specified, use quote. The -n switch is needed only when a non default service name is in use.

Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are specific to Windows services functionality and Squid is not designed for understand they.

In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130":

squid -O "-D -u 3130" -n squidsvc

Registry DNS lookup

On Windows platforms, if no value is specified in the dns_nameservers option on squid.conf or in the /etc/resolv.conf file, the list of DNS name servers are taken from the Windows registry, both static and dynamic DHCP configurations are supported.

Compatibility Notes

Known Limitations: