Common settings |
| Enabled on <Interface> |
This enables the Proxy Server to listen for requests on the selected interface (GREEN or BLUE). |
| Transparent on <Interface> |
If the transparent mode is enabled, all requests for the destination port 80 will be automatically forwarded to the Proxy Server. |
| Proxy Port |
This is the port the Proxy Server will listen for client requests. The default is 800. |
| Visible hostname |
This is the visible hostname of the proxy server which can be different from the real hostname. |
| Cache administrator e-mail |
This mail address will be shown on the Proxy Server error messages. |
| Error messages language |
Select the language in which the Proxy Server error messages will be shown to the clients. |
| Error messages design |
Select the design in which the Proxy Server error messages will be shown to the clients. |
| Suppress version information |
This removes the Squid version information from the HTTP headers and from the error messages. |
| Squid Cache version |
This shows the version number of the Squid proxy. |
|
Back to the Quick Reference overview
|
| |
Upstream Proxy |
| Proxy address forwarding |
This enables the HTTP VIA header for forwarding the proxy servers IP address/hostname and port. |
| Client IP address forwarding |
This enables the HTTP X-FORWARDED-FOR header for forwarding the clients internal IP address. |
| Username forwarding |
This enables the forwarding of the username to the parent proxy. This is only for remote ACLs or logging but not for authentication. |
| Upstream proxy (host:port) |
If you are using a parent cache, so enter the IP address and port of this upstream Proxy Server |
| Upstream username |
Enter the username for the upstream Proxy Server (only if required). |
| Upstream password |
Enter the password for the upstream Proxy Server (only if required). |
| No connection oriented authentication forwarding |
This option lets you turn off some header information for Windows clients that may cause errors on misconfigured IIS webservers. |
|
|
Back to the Quick Reference overview
|
| |
Log Settings |
| Enable log |
This enables the Web Proxy logging feature. |
| Log query terms |
Enabling this option will let the complete URL be logged, even the dynamic part used for data queries. |
| Log useragents |
Enabling this option writes the useragent string to a log file. |
|
|
Back to the Quick Reference overview
|
| |
Cache Management |
| Harddisk cache size |
This is the amount of disk space (MB) to use for cached objects. |
| Memory cache size |
This is the amount of physical RAM to be used for negative-cached and in-transit objects. |
| Min object size |
Objects smaller than this size will not be saved on disk. |
| Max object size |
Objects larger than this size will not be saved on disk. |
| Number of level-1 subdirectories |
Select the number of level-1 subdirectories for the harddisk cache. The recommended value for standard installations is 16. |
| Memory replacement policy |
Policy how to determine which objects are purged from memory, when memory space is needed. |
| Cache replacement policy |
Policy how to decide which cached objects are evicted (replaced) to create space for the new objects. |
Possible replacement policies:
- LRU : Squid's original list based LRU policy
- heap GDSF : Greedy-Dual Size Frequency
- heap LFUDA : Least Frequently Used with Dynamic Aging
- heap LRU : LRU policy implemented using a heap
|
| Enable offline mode |
Turns off the validation of cached objects. This mode gives access to more cached information. |
| Do not cache these domains |
Use this to force objects from certain domains to never be cached. |
|
|
Back to the Quick Reference overview
|
| |
Destination ports |
| Allowed standard ports |
All requests to these destination ports will be allowed. |
| Allowed SSL ports |
All SSL encrypted requests to these destination ports will be allowed. |
|
|
Back to the Quick Reference overview
|
| |
Network based access control |
| Allowed subnets |
All listed subnets are allowed to access the Proxy Server. |
| Disable internal proxy access |
This prevents direct HTTP access through the internal proxy server to web servers on any local subnet. |
| Disable internal proxy access to Green from other subnets |
This prevents direct HTTP access through the internal proxy server to web servers on Green from any other subnet (e.g. Blue). |
| Disable internal proxy access from Blue to other subnets |
This prevents direct HTTP access through the internal proxy server from Blue to web servers on any other subnet (e.g.Green). |
| Unrestricted IP addresses |
All client IP addresses in this list will override global restrictions. |
| Unrestricted MAC addresses |
All client MAC addresses in this list will override global restrictions |
| Banned IP addresses or subnets |
All requests from clients (IP addresses or subnets) in this list will be blocked. |
| Banned MAC addresses |
All requests from clients in this list will be blocked. |
|
|
Back to the Quick Reference overview
|
| |
Time restrictions |
| Access |
The option "allow" allows web access and the option "deny" blocks web access within the selected time. |
| Day and time selection |
The default is set to allow access every day around the clock. |
|
|
Back to the Quick Reference overview
|
| |
Transfer limits |
| Max upload size (KB) |
The default is set to 0 KB for upload. This value turns off any limitation. |
| Max download size (KB) |
The default is set to 0 KB for download. This value turns off any limitation. |
|
|
Back to the Quick Reference overview
|
| |
Download throttling |
| Overall limit on <Interface> |
Sets an overall maximum download speed limit per interface (GREEN or BLUE). |
| Limit per host on <Interface> |
Sets a download speed limit per host. The total amount of all hosts will be limited by the maximum download speed per interface (GREEN or BLUE). |
| Enable content based throttling: |
| Binary files |
Allow full speed for web browsing, but apply limits to the download of binary files (exe, zip, tar, etc.) |
| CD images |
Allow full speed for web browsing, but apply limits to the download of CD and DVD images (iso, ccd, nrg, etc.) |
| Multimedia |
Allow full speed for web browsing, but apply limits to the download of audio and video files (mp3, mpeg, avi, etc.) |
|
|
Back to the Quick Reference overview
|
| |
MIME type filter |
| Enabled |
If enabled, the filter checks all incoming headers for their MIME type. |
| Block these MIME types |
If the requested MIME type is listed to be blocked, the access to this content will be denied. |
|
|
Back to the Quick Reference overview
|
| |
Web browser |
| Enable browser check |
If this option is enabled, only the selected clients will be able to pass the Proxy Server. |
| Client definitions |
The most important web clients are already listed. You can create your own definitions. |
|
|
Back to the Quick Reference overview
|
| |
Privacy |
| Fake useragent |
The useragent header field can be rewritten with this string. |
| Fake referer |
The referer header field can be rewritten with this string. |
|
|
Back to the Quick Reference overview
|
| |
URL filter |
| Enabled |
This is an optional configuration item and is only available if the URL filter add-on is installed. |
|
|
Back to the Quick Reference overview
|
| |
Update accelerator |
| Enabled |
This is an optional configuration item and is only available if the Update accelerator add-on is installed. |
|
|
Back to the Quick Reference overview
|
| |
Authentication method |
| None |
Authentication is disabled. |
| Local authentication |
The user management resides on the Proxy Server. |
| identd |
Clients are running a RFC1413 compliant identd service. |
| LDAP |
Users will have to authenticate against an existing LDAP Server. |
| Windows |
Users will have to authenticate against an existing Windows or SMB Server |
| RADIUS |
Users will have to authenticate against an existing RADIUS Server. |
|
|
Back to the Quick Reference overview
|
