From 5dcdeaed65444e21d523c79158865e0354759d8a Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Thu, 2 May 2013 23:45:28 -0300 Subject: squid3 - mv squid files from squid-reverse to squid3/31 --- config/squid3/31/squid_upstream.xml | 357 ++++++++++++++++++++++++++++++++++++ 1 file changed, 357 insertions(+) create mode 100644 config/squid3/31/squid_upstream.xml (limited to 'config/squid3/31/squid_upstream.xml') diff --git a/config/squid3/31/squid_upstream.xml b/config/squid3/31/squid_upstream.xml new file mode 100644 index 00000000..049d301c --- /dev/null +++ b/config/squid3/31/squid_upstream.xml @@ -0,0 +1,357 @@ + + + + + + . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + squidremote + none + Proxy server: Remote proxy settings + /usr/local/pkg/squid.inc + + + General + /pkg_edit.php?xml=squid.xml&id=0 + + + Remote Cache + /pkg.php?xml=squid_upstream.xml + + + + Local Cache + /pkg_edit.php?xml=squid_cache.xml&id=0 + + + ACLs + /pkg_edit.php?xml=squid_nac.xml&id=0 + + + Traffic Mgmt + /pkg_edit.php?xml=squid_traffic.xml&id=0 + + + Authentication + /pkg_edit.php?xml=squid_auth.xml&id=0 + + + Users + /pkg.php?xml=squid_users.xml + + + Real time + /squid_monitor.php + + + Sync + /pkg_edit.php?xml=squid_sync.xml + + + + + Status + enable + + + name + proxyaddr + + + Port + proxyport + + + ICP + icpport + + + Peer type + hierarchy + + + Method + peermethod + + + + + + General Settings + listtopic + + + Enable + enable + This option enables the proxy server to forward requests to an upstream/neighbor server. + checkbox + + + + Hostname + proxyaddr + Enter here the IP address or host name of the upstream proxy. + input + 35 + + + + Name + proxyname + Unique name for the peer.Required if you have multiple peers on the same host but different ports. + input + 35 + + + + TCP port + proxyport + Enter the port to use to connect to the upstream proxy. + input + 5 + 3128 + + + + Timeout + connecttimeout + A peer-specific connect timeout. Also see the peer_connect_timeout directive. + input + 5 + + + Fail Limit + connectfailLimit + How many times connecting to a peer must fail before it is marked as down. Default is 10. + input + 5 + 10 + + + Max + maxconn + Limit the amount of connections Squid may open to this peer. + input + 5 + + + Allow Miss + allowmiss + allow-miss - Disable Squid's use of only-if-cached when forwarding requests to siblings. This is primarily useful when icp_hit_stale is used by the sibling.

+ no-tproxy - Do not use the client-spoof TPROXY support when forwarding requests to this peer. Use normal address selection instead.

+ proxy-only - Objects fetched from the peer will not be stored locally.]]> + select + allow-miss + + + + + + + 4 + + + Peer settings + listtopic + + + Hierarchy + hierarchy + Specify remote caches hierarchy. + select + parent + + + + + + + + Select method + peermethod +
+ default - This is a parent cache which can be used as a "last-resort" if a peer cannot be located by any of the peer-selection methods.
+ If specified more than once, only the first is used.

+ round-robin - Load-Balance parents which should be used in a round-robin fashion in the absence of any ICP queries.
weight=N can be used to add bias.

+ weighted-round-robin - Load-Balance parents which should be used in a round-robin fashion with the frequency of each parent being based on the round trip time.
+ Closer parents are used more often. Usually used for background-ping parents. weight=N can be used to add bias.

+ carp - Load-Balance parents which should be used as a CARP array. The requests will be distributed among the parents based on the CARP load balancing hash function based on their weight.

+ userhash - Load-balance parents based on the client proxy_auth or ident username.

+ sourcehash - Load-balance parents based on the client source IP.

+ multicast-siblings - To be used only for cache peers of type "multicast".
+ ALL members of this multicast group have "sibling" relationship with it, not "parent". This is to a multicast group when the requested object would be fetched only from a "parent" cache, anyway.
+ It's useful, e.g., when configuring a pool of redundant Squid proxies, being members of the same multicast group.]]> + select + round-robin + + + + + + + + + + + + weight + weight + Use to affect the selection of a peer during any weighted peer-selection mechanisms. The weight must be an integer; default is 1,larger weights are favored more. + input + 5 + 1 + + + basetime + basetime + + It is subtracted before division by weight in calculating which parent to fectch from. If the rtt is less than the base time the rtt is set to a minimal value.]]> + input + 5 + 1 + + + ttl + ttl + + Only useful when sending to a multicast group. Because we don't accept ICP replies from random hosts, you must configure other group members as peers with the 'multicast-responder' option.]]> + input + 5 + 1 + + + no-delay + nodelay + + checkbox + + + ICP settings + listtopic + + + ICP port + icpport + Enter the port to connect to the upstream proxy for the ICP protocol. Use port number 7 to disable ICP communication between the proxies. + input + 5 + 7 + + + ICP Options + icpoptions + + The defaults will prevent peer traffic using ICP

+ no-query - Disable ICP queries to this neighbor.

+ multicast-responder -Indicates the named peer is a member of a multicast group.
+ ICP queries will not be sent directly to the peer, but ICP replies will be accepted from it.

+ closest-only - Indicates that, for ICP_OP_MISS replies, we'll only forward CLOSEST_PARENT_MISSes and never FIRST_PARENT_MISSes.

+ background-ping - To only send ICP queries to this neighbor infrequently.
+ This is used to keep the neighbor round trip time updated and is usually used in conjunction with weighted-round-robin.]]> + select + no-query + + + + + + + + + Auth settings + listtopic + + + Username + username + If the upstream proxy requires a username, specify it here. + input + + + Password + password + If the upstream proxy requires a password, specify it here. + password + + + Authentication options + authoption + login=user:password - If this is a personal/workgroup proxy and your parent requires proxy authentication.

+ login=PASSTHRU - Send login details received from client to this peer. Authentication is not required by Squid for this to work.
+ This will pass any form of authentication but only Basic auth will work through a proxy unless the connection-auth options are also used.

+ login=PASS - Send login details received from client to this peer.Authentication is not required by this option.
+ To combine this with proxy_auth both proxies must share the same user database as HTTP only allows for a single login (one for proxy, one for origin server).
+ Also be warned this will expose your users proxy password to the peer. USE WITH CAUTION

+ login=*:password - Send the username to the upstream cache, but with a fixed password. This is meant to be used when the peer is in another administrative domain, but it is still needed to identify each user.

+ login=NEGOTIATE - If this is a personal/workgroup proxy and your parent requires a secure proxy authentication.
+ The first principal from the default keytab or defined by the environment variable KRB5_KTNAME will be used.
+ WARNING: The connection may transmit requests from multiple clients. Negotiate often assumes end-to-end authentication and a single-client. Which is not strictly true here.

+ login=NEGOTIATE:principal_nameIf this is a personal/workgroup proxy and your parent requires a secure proxy authentication.
+ The principal principal_name from the default keytab or defined by the environment variable KRB5_KTNAME will be used. + WARNING: The connection may transmit requests from multiple clients. Negotiate often assumes end-to-end authentication and a single-client. Which is not strictly true here.

+ connection-auth=on - Tell Squid that this peer does support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.
+ Default is auto to automatically determine the status of the peer.

+ connection-auth=off - Tell Squid that this peer does not support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.
+ Default is auto to automatically determine the status of the peer.]]> + select + login=*:password + + + + + + + + + + + + + + squid_validate_upstream($_POST, &$input_errors); + + + squid_resync(); + + -- cgit v1.2.3