Differences between revisions 23 and 24
Revision 23 as of 2018-02-27 03:18:19
Size: 5471
Editor: AmosJeffries
Comment: better major bugs listing accuracy
Revision 24 as of 2018-07-02 05:40:49
Size: 5464
Editor: AmosJeffries
Comment: 3.5 deprecated by 4.1 release
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
## || month year ||<style="background-color: yellow;"> Squid-3.5 series became '''DEPRECATED''' with the release of [[Squid-3.6]] series || || Jul 2018 ||<style="background-color: yellow;"> Squid-3.5 series became '''DEPRECATED''' with the release of [[Squid-4]] series ||

Squid 3.5

Jul 2018

Squid-3.5 series became DEPRECATED with the release of Squid-4 series

Jan 2015

Released for production use.

The features have been set and large code changes are reserved for later versions.

  • Additions are limited to:
  • Security fixes
  • Stability fixes
  • Bug fixes
  • Documentation updates

Features ported from 2.7 in this release:

Basic new features in 3.5:

  • eCAP version 1.0 support
  • Authentication helper query extensions (see auth_param)

  • Caching large (>32KB) objects in Rock storage

  • Extended cache HIT/MISS decision control (see send_hit, store_miss)

  • Logging of transaction start time (see logformat)

  • Adaptation service performed ACL test
  • Support named services
  • Upgraded squidclient tool
  • Helper support for concurrency channels (Digest Authentication, StoreID, URL-rewrite)
  • Native FTP protocol relay

  • Initial support for PROXY protocol

  • Basic authentication MSNT helper changes

Added in 3.5.13:

  • Support Elliptic Curve ciphers in TLS

Features removed in 3.5:

  • COSS storage type has been superceded by Rock storage type.

  • dnsserver helper has been superceded by DNS internal client.
  • DNS helper API has been superceded by DNS internal client.

The intention with this series is to improve performance and HTTP support. Some remaining Squid-2.7 missing features are listed as regressions in http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#ss5.1

Packages of what will become squid 3.5 source code are available at http://www.squid-cache.org/Versions/v3/3.5/

Security Advisories

See our Advisories list.

Open Bugs

Squid-3.5 default config

From 3.5 a few performance improvements have been done. The manager regex ACLs have been moved after the DoS and protocol smuggling attack protections.

  • /!\

    This minimal configuration does not work with versions earlier than 3.2 which are missing special cleanup done to the code.

http_port 3128

acl localnet src     # RFC1918 possible internal network
acl localnet src  # RFC1918 possible internal network
acl localnet src # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 1025-65535  # unregistered ports


http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager


http_access allow localnet
http_access allow localhost
http_access deny all

coredump_dir /squid/var/cache/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

Squid-3.5 (last edited 2018-07-02 05:40:49 by AmosJeffries)