I'll put these into HTML once the content seems 'ok'.
Makes you realise whats gone into squid 2.5...
====
Version 2.5 Release Notes
Changes to squid-2.5 ():
- Major rewrite of proxy authentication to support other schemes
than basic. First in the line is NTLM support but others can
easily be added (minimal digest is present). See the Programmers
Guide for the internals.
Thanks to the SAMBA team for some excellent collaboration on the
NTLM support!
(Robert Collins & Francesco Chemolli)
- Reworked how request bodies are passed down to the protocols.
Now all client side processing is inside client_side.c, and
the pass and pump modules is no longer used.
- Optimized searching in proxy_auth and ident ACL types. Squid
should now handle large access lists a lot more efficiently.
(Francesco Chemolli)
- Fixed forwarding/peer loop detection code (Brian Degenhardt) -
now a peer is ignored if it turns out to be us, rather than
committing suicide
- Changed the internal URL code to obey appendDomain for
internal objects if it needs appending. This fixes weirdnesses
where a machine can think it is "foo.bar.com", and "foo" is
requested.
(Brian Degenhardt)
- Added the use of Automake to create the Makefile.in's in the
squid source tree. This will allow libtool in the future, and
immediately allows better dependency tracking - with or
without gcc - as well as the dist-all and distcheck targets
for developers which respectively build a tar.gz and a tar.bz2
distribution, and check that what will be distributed builds.
(Robert Collins)
- Added TOS and source address selection based on ACLs,
written by Roger Venning. This allows administrators to set
the TOS precedence bits and/or the source IP from a set of
available IPs based upon some ACLs, generally to map different
users to different outgoing links and traffic profiles.
- Added 'max-conn' option to 'cache_peer'
- Added SSL gatewaying support, allowing Squid to act as a SSL
server in accelerator setups.
- SASL authentication helper by Ian Castle
- msntauth updated to v2.0.3
- no_cache now applies to cache hits as well as cache misses
- the Gopher client in Squid has been significantly improved
- Squid now sanity checks FTP data connections to ensure the
connection is from the requested server. Can be disabled if
needed by turning off the ftp_sanitycheck option.
- external acl support. A mechanism where flexible ACL checks
can be driven by external helpers. See the external_acl_type
and acl external directives.
- Countless other small things and fixes
- HTML pages generated by Squid or CacheMgr as well as the
ERR documents now contain a doctype declaration so that
browsers know which HTML specification the document uses.
In addition to that they have a new look
(background-color, font) and are valid according to the HTML
standards at www.w3.org.
(Clemens Löser)
- Login and password send to Basic auth helpers is now URL
escaped to allow for spaces and other "odd" characters in
logins and passwords
- Responses with Vary: in the header are now cached by squid.
(Henrik Nordstrom).
Changes to squid.conf
http_port Allows ip address specification.
https_port This is an option for use with SSL acceleration
- it determines where squid listens for SSL
requests.
ssl_unclean_shutdown This is used to handle some bugs in browsers
that don't fully support SSL.
tcp_incoming_address This has been removed - use the http_port line
to specify ip address's.
cache_peer login= has been extended to allow pass through
authentication, fixed password authentication
and maximum connection limits.
hosts_file Directs squid to read in a set of name-address
associations upon startup and reconfiguration.
authenticate_program Removed. See auth_param.
authenticate_children Removed. See auth_param.
proxy_auth_realm Removed. See auth_param.
auth_param This replaces the authenticate_program
directive. It allows configuration of multiple
authentication helpers, one for each of the
supported authentication schemes. Such schemes
include "NTLM", "Digest (from RFC 2617)", and
"Basic".
authenticate_cache_garbage_interval
This directive sets the garbage collection
interval for the authentication cache.
external_acl_type This directive configures the new external ACL
Helper interface. VERY useful for authenticating
by group membership - i.e. from an LDAP server
or NT domain.
request_body_max_size The default for this is now 0 - unlimited.
reply_body_max_size Now multiple size limits are allowed based on
ACL lists.
refresh_pattern The default is now blank - users must uncomment
the suggested default to use it. This allows
the use of blank config if desired.
request_timeout Raised the default to 5 minutes.
persistent_request_timeout
New directive - how long to wait after a reply
is completed before closing the connection.
acl New acl types
- referer_regex (match Referer headers),
- max_user_ip (limit concurrent IP's a single
user may use)
- rep_mime_type (filter replies based on their
content type).
- external (use an external helper)
http_reply_access Limit HTTP replies based on ACL's. This is
complementary to http_access.
tcp_outgoing_tos These three directives allow marking of outbound
tcp_outgoing_ds connections at the IP level - i.e. for choosing
tcp_outgoing_dscp routes based on the usercode.
tcp_outgoing_address Allows mapping of requests onto specific
outbound IP address's.
anonymize_headers Removed. See header_access.
header_access Allow granular filtering of HTTP headers.
header_replace Replace specific headers with custom values.
pipeline_prefetch Now defaults to off for bandwidth management and
access logging reasons.
vary_ignore_expire Enables a workaround for web servers that
immediately expire Varied objects because they
think squid is unable to handle Vary:.
sleep_after_fork Give the OS a small amount of time to accomodate
the fork+exec used to launch helpers - if squid
has a lot of virtual memory allocated the OS may
run out of virtual memory during helper spawning
otherwise.
====
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:14 MST