Squid Frequently Asked Questions

SQUID Frequently Asked Questions
© 2004 Team Squid, info@squid-cache.org
Frequently Asked Questions (with answers!) about the Squid InternetObject Cache software.
You can download the FAQ asHTML,PDF,compressed Postscript,plain text,linuxdoc SGML source or as acompressed tar of HTML.
About Squid, this FAQ, and other Squid information resources
What is Squid?
What is Internet object caching?
Why is it called Squid?
What is the latest version of Squid?
Who is responsible for Squid?
Where can I get Squid?
What Operating Systems does Squid support?
Does Squid run on Windows NT?
What Squid mailing lists are available?
I can‘t figure out how to unsubscribe from your mailing list.
What other Squid-related documentation is available?
Does Squid support SSL/HTTPS/TLS?
What‘s the legal status of Squid?
Is Squid year-2000 compliant?
Can I pay someone for Squid support?
Squid FAQ contributors
About This Document
Getting and Compiling Squid
Which file do I download to get Squid?
How do I compile Squid?
What kind of compiler do I need?
What else do I need to compile Squid?
Do you have pre-compiled binaries available?
How do I apply a patch or a diff?
configure options
undefined reference to __inet_ntoa
How can I get true DNS TTL info into Squid‘s IP cache?
My platform is BSD/OS or BSDI and I can‘t compile Squid
Problems compiling libmiscutil.a on Solaris
I have problems compiling Squid on Platform Foo.
I see a lot warnings while compiling Squid.
Building Squid on OS/2
Installing and Running Squid
How big of a system do I need to run Squid?
How do I install Squid?
What does the squid.conf file do?
Do you have a squid.conf example?
How do I start Squid?
How do I start Squid automatically when the system boots?
How do I tell if Squid is running?
squid command line options
How do I see how Squid works?
Can Squid benefit from SMP systems?
Is it okay to use separate drives and RAID on Squid?
Configuration issues
How do I join a cache hierarchy?
How do I join NLANR‘s cache hierarchy?
Why should I want to join NLANR‘s cache hierarchy?
How do I register my cache with NLANR‘s registration service?
How do I find other caches close to me and arrange parent/child/sibling relationships with them?
My cache registration is not appearing in the Tracker database.
What is the httpd-accelerator mode?
How do I configure Squid to work behind a firewall?
How do I configure Squid forward all requests to another proxy?
I have dnsserver processes that aren‘t being used, should I lower the number in squid.conf?
My dnsserver average/median service time seems high, how can I reduce it?
How can I easily change the default HTTP port?
Is it possible to control how big each cache_dir is?
What cache_dir size should I use?
I‘m adding a new cache_dir. Will I lose my cache?
Squid and http-gw from the TIS toolkit.
What is ``HTTP_X_FORWARDED_FOR‘‘? Why does squid provide it to WWW servers, and how can I stop it?
Can Squid anonymize HTTP requests?
Can I make Squid go direct for some sites?
Can I make Squid proxy only, without caching anything?
Can I prevent users from downloading large files?
Communication between browsers and Squid
Netscape manual configuration
Netscape automatic configuration
Lynx and Mosaic configuration
Redundant Proxy Auto-Configuration
Proxy Auto-Configuration with URL Hashing
Microsoft Internet Explorer configuration
Netmanage Internet Chameleon WebSurfer configuration
Opera 2.12 proxy configuration
How do I tell Squid to use a specific username for FTP urls?
Configuring Browsers for WPAD
Configuring Browsers for WPAD with DHCP
IE 5.0x crops trailing slashes from FTP URL‘s
IE 6.0 SP1 fails when using authentication
Squid Log Files
squid.out
cache.log
useragent.log
store.log
hierarchy.log
access.log
Squid result codes
HTTP status codes
Request methods
Hierarchy Codes
cache/log (Squid-1.x)
swap.state (Squid-2.x)
Which log files can I delete safely?
How can I disable Squid‘s log files?
My log files get very big!
I want to use another tool to maintain the log files.
Managing log files
Why do I get ERR_NO_CLIENTS_BIG_OBJ messages so often?
What does ERR_LIFETIME_EXP mean?
Retrieving ``lost‘‘ files from the cache
Can I use store.log to figure out if a response was cachable?
Operational issues
How do I see system level Squid statistics?
How can I find the biggest objects in my cache?
I want to restart Squid with a clean cache
How can I proxy/cache Real Audio?
How can I purge an object from my cache?
Using ICMP to Measure the Network
Why are so few requests logged as TCP_IMS_MISS?
How can I make Squid NOT cache some servers or URLs?
How can I delete and recreate a cache directory?
Why can‘t I run Squid as root?
Can you tell me a good way to upgrade Squid with minimal downtime?
Can Squid listen on more than one HTTP port?
Can I make origin servers see the client‘s IP address when going through Squid?
Memory
Why does Squid use so much memory!?
How can I tell how much memory my Squid process is using?
My Squid process grows without bounds.
I set cache_mem to XX, but the process grows beyond that!
How do I analyze memory usage from the cache manger output?
The ``Total memory accounted‘‘ value is less than the size of my Squid process.
xmalloc: Unable to allocate 4096 bytes!
fork: (12) Cannot allocate memory
What can I do to reduce Squid‘s memory usage?
Using an alternate malloc library.
How much memory do I need in my Squid server?
The Cache Manager
What is the cache manager?
How do you set it up?
Cache manager configuration for CERN httpd 3.0
Cache manager configuration for Apache
Cache manager configuration for Roxen 2.0 and later
Cache manager ACLs in squid.conf
Why does it say I need a password and a URL?
I want to shutdown the cache remotely. What‘s the password?
How do I make the cache host default to my cache?
What‘s the difference between Squid TCP connections and Squid UDP connections?
It says the storage expiration will happen in 1970!
What do the Meta Data entries mean?
In the utilization section, what is Other?
In the utilization section, why is the Transfer KB/sec
In the utilization section, what is the Object Count?
In the utilization section, what is the Max/Current/Min KB?
What is the I/O section about?
What is the Objects section for?
What is the VM Objects section for?
What does AVG RTT mean?
In the IP cache section, what‘s the difference between a hit, a negative hit and a miss?
What do the IP cache contents mean anyway?
What is the fqdncache and how is it different from the ipcache?
What does ``Page faults with physical i/o: 4897‘‘ mean?
What does the IGNORED field mean in the ‘cache server list‘?
Access Controls
Introduction
How do I allow my clients to use the cache?
how do I configure Squid not to cache a specific server?
How do I implement an ACL ban list?
How do I block specific users or groups from accessing my cache?
Do you have a CGI program which lets users change their own proxy passwords?
Is there a way to do ident lookups only for a certain host and compare the result with a userlist in squid.conf?
Common Mistakes
I set up my access controls, but they don‘t work! why?
Proxy-authentication and neighbor caches
Is there an easy way of banning all Destination addresses except one?
Does anyone have a ban list of porn sites and such?
Squid doesn‘t match my subdomains
Why does Squid deny some port numbers?
Does Squid support the use of a database such as mySQL for storing the ACL list?
How can I allow a single address to access a specific URL?
How can I allow some clients to use the cache at specific times?
How can I allow some users to use the cache at specific times?
Problems with IP ACL‘s that have complicated netmasks
Can I set up ACL‘s based on MAC address rather than IP?
Debugging ACLs
Can I limit the number of connections from a client?
I‘m trying to deny foo.com, but it‘s not working.
I want to customize, or make my own error messages.
I want to use local time zone in error messages
I want to put ACL parameters in an external file.
Troubleshooting
Why am I getting ``Proxy Access Denied?‘‘
I can‘t get local_domain to work; Squid is caching the objects from my local servers.
I get Connection Refused when the cache tries to retrieve an object located on a sibling, even though the sibling thinks it delivered the object to my cache.
Running out of filedescriptors
What are these strange lines about removing objects?
Can I change a Windows NT FTP server to list directories in Unix format?
Why am I getting ``Ignoring MISS from non-peer x.x.x.x?‘‘
DNS lookups for domain names with underscores (_) always fail.
Why does Squid say: ``Illegal character in hostname; underscores are not allowed?‘
Why am I getting access denied from a sibling cache?
Cannot bind socket FD NN to *:8080 (125) Address already in use
icpDetectClientClose: ERROR xxx.xxx.xxx.xxx: (32) Broken pipe
icpDetectClientClose: FD 135, 255 unexpected bytes
Does Squid work with NTLM Authentication?
The default parent option isn‘t working!
``Hot Mail‘‘ complains about: Intrusion Logged. Access denied.
My Squid becomes very slow after it has been running for some time.
WARNING: Failed to start ‘dnsserver‘
Sending in Squid bug reports
Debugging Squid
FATAL: ipcache_init: DNS name lookup tests failed
FATAL: Failed to make swap directory /var/spool/cache: (13) Permission denied
FATAL: Cannot open HTTP Port
FATAL: All redirectors have exited!
FATAL: file_map_allocate: Exceeded filemap limit
FATAL: You‘ve run out of swap file numbers.
I am using up over 95% of the filemap bits?!!
FATAL: Cannot open /usr/local/squid/logs/access.log: (13) Permission denied
When using a username and password, I can not access some files.
pingerOpen: icmp_sock: (13) Permission denied
What is a forwarding loop?
accept failure: (71) Protocol error
storeSwapInFileOpened: ... Size mismatch
Why do I get fwdDispatch: Cannot retrieve ‘https://www.buy.com/corp/ordertracking.asp‘
Squid can‘t access URLs like http://3626046468/ab2/cybercards/moreinfo.html
I get a lot of ``URI has whitespace‘‘ error messages in my cache log, what should I do?
commBind: Cannot bind socket FD 5 to 127.0.0.1:0: (49) Can‘t assign requested address
Unknown cache_dir type ‘/var/squid/cache‘
unrecognized: ‘cache_dns_program /usr/local/squid/bin/dnsserver‘
Is dns_defnames broken in Squid-2.3 and later
What does sslReadClient: FD 14: read failure: (104) Connection reset by peer mean?
What does Connection refused mean?
squid: ERROR: no running copy
FATAL: getgrnam failed to find groupid for effective group ‘nogroup‘
``Unsupported Request Method and Protocol‘‘ for https URLs.
Squid uses 100% CPU
Webmin‘s cachemgr.cgi crashes the operating system
Segment Violation at startup or upon first request
urlParse: Illegal character in hostname ‘proxy.mydomain.com:8080proxy.mydomain.com‘
Requests for international domain names does not work
Why do I sometimes get ``Zero Sized Reply‘‘?
Why do I get "The request or reply is too large" errors?
Negative or very large numbers in Store Directory Statistics, or constant complaints about cache above limit
Squid problems with WindowsUpdate v5
How does Squid work?
What are cachable objects?
What is the ICP protocol?
What is the dnsserver?
What is the ftpget program for?
FTP PUT‘s don‘t work!
What is a cache hierarchy? What are parents and siblings?
What is the Squid cache resolution algorithm?
What features are Squid developers currently working on?
Tell me more about Internet traffic workloads
What are the tradeoffs of caching with the NLANR cache system?
Where can I find out more about firewalls?
What is the ``Storage LRU Expiration Age?‘‘
What is ``Failure Ratio at 1.01; Going into hit-only-mode for 5 minutes‘‘?
Does squid periodically re-read its configuration file?
How does unlinkd work?
What is an icon URL?
Can I make my regular FTP clients use a Squid cache?
Why is the select loop average time so high?
How does Squid deal with Cookies?
How does Squid decide when to refresh a cached object?
What exactly is a deferred read?
Why is my cache‘s inbound traffic equal to the outbound traffic?
How come some objects do not get cached?
What does keep-alive ratio mean?
How does Squid‘s cache replacement algorithm work?
What are private and public keys?
What is FORW_VIA_DB for?
Does Squid send packets to port 7 (echo)? If so, why?
What does ``WARNING: Reply from unknown nameserver [a.b.c.d]‘‘ mean?
How does Squid distribute cache files among the available directories?
Why do I see negative byte hit ratio?
What does ``Disabling use of private keys‘‘ mean?
What is a half-closed filedescriptor?
What does --enable-heap-replacement do?
Why is actual filesystem space used greater than what Squid thinks?
How do positive_dns_ttl and negative_dns_ttl work?
What does swapin MD5 mismatch mean?
What does failed to unpack swapfile meta data mean?
Why doesn‘t Squid make ident lookups in interception mode?
dnsSubmit: queue overload, rejecting blah
What are FTP passive connections?
Multicast
What is Multicast?
How do I know if my network has multicast?
Should I be using Multicast ICP?
How do I configure Squid to send Multicast ICP queries?
How do I know what Multicast TTL to use?
How do I configure Squid to receive and respond to Multicast ICP?
System-Dependent Weirdnesses
Solaris
FreeBSD
OSF1/3.2
BSD/OS
Linux
HP-UX
IRIX
SCO-UNIX
AIX
Redirectors
What is a redirector?
Why use a redirector?
How does it work?
Do you have any examples?
Can I use the redirector to return HTTP redirect messages?
FATAL: All redirectors have exited!
Redirector interface is broken re IDENT values
Cache Digests
What is a Cache Digest?
How and why are they used?
What is the theory behind Cache Digests?
How is the size of the Cache Digest in Squid determined?
What hash functions (and how many of them) does Squid use?
How are objects added to the Cache Digest in Squid?
Does Squid support deletions in Cache Digests? What are diffs/deltas?
When and how often is the local digest built?
How are Cache Digests transferred between peers?
How and where are Cache Digests stored?
How are the Cache Digest statistics in the Cache Manager to be interpreted?
What are False Hits and how should they be handled?
How can Cache Digest related activity be traced/debugged?
What about ICP?
Is there a Cache Digest Specification?
Would it be possible to stagger the timings when cache_digests are retrieved from peers?
Interception Caching/Proxying
Interception caching for Solaris, SunOS, and BSD systems
Interception caching with Linux 2.0 and ipfwadm
Interception caching with Linux 2.2 and ipchains
Interception caching with Linux 2.4 and netfilter
Interception caching with Cisco routers
Interception caching with LINUX 2.0.29 and CISCO IOS 11.1
Interception caching with FreeBSD
Interception caching with ACC Tigris digital access server
Interception caching with Foundry L4 switches
Interception caching with Cabletron/Entrasys products
The cache is trying to connect to itself...
``Connection reset by peer‘‘ and Cisco policy routing
WCCP - Web Cache Coordination Protocol
Can someone tell me what version of cisco IOS WCCP is added in?
What about WCCPv2?
Can I use proxy_auth with interception?
Interception on Linux with Squid and the Browser on the same box
Interception caching with an Alcatel OmnySwitch 7700
SNMP
Does Squid support SNMP?
Enabling SNMP in Squid
Configuring Squid 2.2
Configuring Squid 2.1
How can I query the Squid SNMP Agent
What can I use SNMP and Squid for?
How can I use SNMP with Squid?
Where can I get more information/discussion about Squid and SNMP?
Monitoring Squid with MRTG
Squid version 2
What are the new features?
How do I configure ‘ssl_proxy‘ now?
Empty placeholder
Adding a new cache disk
Empty placeholder
How do I configure proxy authentication?
Why does proxy-auth reject all users after upgrading from Squid-2.1 or earlier?
Delay Pools
Can I preserve my cache when upgrading from 1.1 to 2?
Customizable Error Messages
My squid.conf from version 1.1 doesn‘t work!
httpd-accelerator mode
What is the httpd-accelerator mode?
How do I set it up?
When using an httpd-accelerator, the port number for redirects is wrong
Related Software
Clients
Logfile Analysis
Configuration Tools
Squid add-ons
Ident Servers
DISKD
What is DISKD?
Does it perform better?
How do I use it?
FATAL: Unknown cache_dir type ‘diskd‘
If I use DISKD, do I have to wipe out my current cache?
How do I configure message queues?
How do I configure shared memory?
Sometimes shared memory and message queues aren‘t released when Squid exits.
What are the Q1 and Q2 parameters?
Authentication
How does Proxy Authentication work in Squid?
How do I use authentication in access controls?
Does Squid cache authentication lookups?
Are passwords stored in clear text or encrypted?
How do I use the Winbind authenticators?
Authentication in accelerator mode
Terms and Definitions
Neighbor
Regular Expression
Security Concerns
Open-access proxies
Mail relaying