Squid 3.2


Squid-3.2 is CONSIDERED DANGEROUS as the security people say. Due to unfixed vulnerabilities CVE-2014-7141, CVE-2014-7142, CVE-2014-6270, CVE-2014-3609, and CVE-2014-0128 and any other recently discovered issues.

Feb 2013

the Squid-3.2 series became DEPRECATED with the release of Squid-3.3 series

Aug 2012

Released for production use.

The features have been set and large code changes are reserved for later versions.

Additions are limited to:

  • Security fixes
  • Stability fixes
  • small optimizations

Features Ported from 2.7 in this release:

  • Unique Sequence numbering for access.log lines
  • Features/LogModules (including log daemon module)

  • Cache-Control: stale-if-error handling and other staleness limits.

  • acl urllogin type (available from 3.2.4)

Basic new features in 3.2:

Packages of squid 3.2 source code are available at http://www.squid-cache.org/Versions/v3/3.2/

Security Advisories

See our Advisories list.

Open Bugs

Squid-3.2 default config

From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.

  • /!\

    This minimal configuration does not work with versions earlier than 3.2 which are missing special cleanup done to the code.

http_port 3128

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

acl localnet src     # RFC 1918 possible internal network
acl localnet src  # RFC 1918 possible internal network
acl localnet src # RFC 1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all

Squid-3.2 (last edited 2015-02-02 15:55:44 by AmosJeffries)