Following the cleanup of squid.conf to minimal config here is a patch
which modifies the remaining defaults to make their explicit
configuration unnecessary.
Please check this.
A few config changes I think are harmless, but worth double-checking ...
icp_port was made a 0 default (for safety?), but the port config line
left uncommented. fixed that.
(most won't need it, those who do need to configure it anyway)
icp_access lines to allow local network now commented out, background
default 'deny all' untouched.
(ditto on above reason)
miss_access default moved from explicit configured, to background
default. Implicit absent default was documented to be same as explicit
config default anyway.
access_log config moved to a background default + documented. rather
than explicit config only.
cache_store_log moved to default none + commented out. We've been
recommending that for a while now anyway.
request_header_max_size boosted to 64KB from 20KB.
HTTP/1.1 needs big headers. I think that should be okay?
reply_header_max_size boosted to 64KB from 20KB.
HTTP/1.1 needs big headers. I think that should be okay?
This one I think is good but want other opinions.
cache_dir default to no disk cache.
Our old default was insufficient for many uses and I couldn't be
bothered investigating a good one.
maximum_object_size_in_memory - boosted to 512KB.
Update to at least 64KB was needed anyway to match modern web traffic.
Picked 512KB to maximize HIT with new default cache above.
Options remaining to consider for removal:
hierarchy_stoplist
coredump_dir
Plus all the default values probably need to be checked.
Amos
--
Please use Squid 2.7.STABLE4 or 3.0.STABLE8
=== modified file 'src/cf.data.pre'
--- src/cf.data.pre 2008-08-09 06:24:33 +0000
+++ src/cf.data.pre 2008-09-03 12:52:05 +0000
@@ -831,8 +831,8 @@
NOCOMMENT_START
#Allow ICP queries from local networks only
-icp_access allow localnet
-icp_access deny all
+#icp_access allow localnet
+#icp_access deny all
NOCOMMENT_END
DOC_END
@@ -856,8 +856,8 @@
NOCOMMENT_START
#Allow HTCP queries from local networks only
-htcp_access allow localnet
-htcp_access deny all
+#htcp_access allow localnet
+#htcp_access deny all
NOCOMMENT_END
DOC_END
@@ -883,7 +883,7 @@
NAME: miss_access
TYPE: acl_access
LOC: Config.accessList.miss
-DEFAULT: none
+DEFAULT: allow all
DOC_START
Use to force your neighbors to use you as a sibling instead of
a parent. For example:
@@ -897,11 +897,6 @@
By default, allow all clients who passed the http_access rules
to fetch MISSES from us.
-
-NOCOMMENT_START
-#Default setting:
-# miss_access allow all
-NOCOMMENT_END
DOC_END
NAME: ident_lookup_access
@@ -1555,9 +1550,7 @@
icp-port: Used for querying neighbor caches about
objects. To have a non-ICP neighbor
- specify '7' for the ICP port and make sure the
- neighbor machine has the UDP echo port
- enabled in its /etc/inetd.conf file.
+ specify '0' for the ICP port.
NOTE: Also requires icp_port option enabled to send/receive
requests via this method.
@@ -1955,7 +1948,7 @@
NAME: maximum_object_size_in_memory
COMMENT: (bytes)
TYPE: b_size_t
-DEFAULT: 8 KB
+DEFAULT: 512 KB
LOC: Config.Store.maxInMemObjSize
DOC_START
Objects greater than this size will not be attempted to kept in
@@ -2124,7 +2117,7 @@
which can be changed with the --with-coss-membuf-size=N configure
option.
NOCOMMENT_START
-cache_dir ufs @DEFAULT_SWAP_DIR@ 100 16 256
+# cache_dir ufs @DEFAULT_SWAP_DIR@ 100 16 256
NOCOMMENT_END
DOC_END
@@ -2291,7 +2284,7 @@
NAME: access_log cache_access_log
TYPE: access_log
LOC: Config.Log.accesslogs
-DEFAULT: none
+DEFAULT: @DEFAULT_ACCESS_LOG@ squid
DOC_START
These files log client request activities. Has a line every HTTP or
ICP request. The format is:
@@ -2314,9 +2307,9 @@
And priority could be any of:
err, warning, notice, info, debug.
-NOCOMMENT_START
-access_log @DEFAULT_ACCESS_LOG@ squid
-NOCOMMENT_END
+
+ Default:
+ access_log @DEFAULT_ACCESS_LOG@ squid
DOC_END
NAME: log_access
@@ -2342,14 +2335,17 @@
NAME: cache_store_log
TYPE: string
-DEFAULT: @DEFAULT_STORE_LOG@
+DEFAULT: none
LOC: Config.Log.store
DOC_START
Logs the activities of the storage manager. Shows which
objects are ejected from the cache, and which objects are
- saved and for how long. To disable, enter "none". There are
- not really utilities to analyze this data, so you can safely
+ saved and for how long. To disable, enter "none" or remove the line.
+ There are not really utilities to analyze this data, so you can safely
disable it.
+NOCOMMENT_START
+# cache_store_log @DEFAULT_STORE_LOG@
+NOCOMMENT_END
DOC_END
NAME: cache_swap_state cache_swap_log
@@ -3085,7 +3081,7 @@
NAME: request_header_max_size
COMMENT: (KB)
TYPE: b_size_t
-DEFAULT: 20 KB
+DEFAULT: 64 KB
LOC: Config.maxRequestHeaderSize
DOC_START
This specifies the maximum size for HTTP headers in a request.
@@ -3098,7 +3094,7 @@
NAME: reply_header_max_size
COMMENT: (KB)
TYPE: b_size_t
-DEFAULT: 20 KB
+DEFAULT: 64 KB
LOC: Config.maxReplyHeaderSize
DOC_START
This specifies the maximum size for HTTP headers in a reply.
@@ -3962,6 +3958,7 @@
DEFAULT: 0.0.0.0
IFDEF: USE_WCCP
DOC_NONE
+
NAME: wccp2_router
TYPE: IPAddress_list
LOC: Config.Wccp2.router
@@ -4087,7 +4084,6 @@
wccp2_service dynamic 80 # a dynamic service type which will be
# fleshed out with subsequent options.
wccp2_service standard 0 password=foo
-
DOC_END
NAME: wccp2_service_info
@@ -4138,6 +4134,7 @@
DEFAULT: 0.0.0.0
IFDEF: USE_WCCP
DOC_NONE
+
NAME: wccp2_address
TYPE: address
LOC: Config.Wccp2.address
@@ -4315,13 +4312,14 @@
DEFAULT: 0.0.0.0
IFDEF: SQUID_SNMP
DOC_NONE
+
NAME: snmp_outgoing_address
TYPE: address
LOC: Config.Addrs.snmp_outgoing
DEFAULT: 255.255.255.255
IFDEF: SQUID_SNMP
DOC_START
- Just like 'udp_incoming_address' above, but for the SNMP port.
+ Just like 'udp_incoming_address', but for the SNMP port.
snmp_incoming_address is used for the SNMP socket receiving
messages from SNMP agents.
@@ -4354,7 +4352,7 @@
and from neighbor caches. The standard UDP port for ICP is 3130.
Default is disabled (0).
NOCOMMENT_START
-icp_port @DEFAULT_ICP_PORT@
+#icp_port @DEFAULT_ICP_PORT@
NOCOMMENT_END
DOC_END
