SQUID Frequently Asked Questions

Duane Wessels, wessels@nlanr.net

1. About Squid, this FAQ, and other Squid information resources

• 1.1 What is Squid?
• 1.2 What is Internet object caching?
• 1.3 Why is it called Squid?
• 1.4 What is the latest version of Squid?
• 1.5 Who is responsible for Squid?
• 1.6 Where can I get Squid?
• 1.7 What Squid mailing lists are available?
• 1.8 What Squid web pages are available?
• 1.9 Does Squid support SSL?
• 1.10 What's the legal status of Squid?
• 1.11 Squid FAQ contributors
• 1.12 About This Doument

2. Installation

• 2.1 Which file do I download to get Squid?
• 2.2 How do I install Squid?
• 2.3 What Operating Systems does Squid support?
• 2.4 What does the squid.conf file do?
• 2.5 Do you have a squid.conf example?
• 2.6 How do I start Squid?
• 2.7 How do I start Squid automatically when the system boots?
• 2.8 How do I tell if Squid is running?
• 2.9 How do I apply a patch or a diff?

3. Compiling

• 3.1 src/Makefile options
• 3.2 undefined reference to __inet_ntoa
• 3.3 Using GNU malloc
• 3.4 How can I get true DNS TTL info into Squid's IP cache?
• 3.5 My platform is BSD/OS or BSDI and I can't compile Squid
• 3.6 Problems compiling libmiscutil.a on Solaris

4. Configuration issues

• 4.1 How do I join a cache hierarchy?
• 4.2 How do I join NLANR's cache hierarchy?
• 4.3 Why should I want to join NLANR's cache hierarchy?
• 4.4 How do I register my cache with NLANR's registration service?
• 4.5 How do I find other caches close to me and arrange parent/child/sibling relationships with them?
• 4.6 My cache registration is not appearing in the Tracker database.
• 4.7 What is the httpd-accelerator mode?
• 4.8 How do I configure Squid to work behind a firewall?
• 4.9 I have dnsserver processes that aren't being used, should I lower the number in squid.conf?
• 4.10 Does Squid support Socks?
• 4.11 How does Squid decide when to refresh a cached object?
• 4.12 How can I easily change the default HTTP port?
• 4.13 Is it possible to control how big each cache_dir is?
• 4.14 Squid and http-gw from the TIS toolkit.
• 4.15 What is ``HTTP_X_FORWARDED_FOR''? Why does squid provide it to WWW servers, and how can I stop it?
• 4.16 Can I use the redirector to return HTTP redirect messages?

5. Communication between browsers and Squid

• 5.1 Netscape manual configuration
• 5.2 Netscape automatic configuration
• 5.3 Lynx and Mosaic configuration
• 5.4 Redundant Auto-Proxy-Configuration
• 5.5 Microsoft Internet Explorer configuration
• 5.6 Netmanage Internet Chameleon WebSurfer configuration
• 5.7 Opera 2.12 proxy configuration
• 5.8 How can I make my users' browsers use my cache without configuring the browsers for proxying?

6. Squid Log Files

• 6.1 access.log
• 6.2 hierarchy.log
• 6.3 store.log
• 6.4 Field Definitions
• 6.5 Cache Result Codes
• 6.6 Peer Status Coces
• 6.7 HTTP status codes
• 6.8 cache/log
• 6.9 Which log files can I delete safely?
• 6.10 Why do I get ERR_NO_CLIENTS_BIG_OBJ messages so often?
• 6.11 What does ERR_LIFETIME_EXP mean?
• 6.12 Retrieving ``lost'' files from the cache

7. Operational issues

• 7.1 How do I see system level Squid statistics?
• 7.2 How can I find the biggest objects in my cache?
• 7.3 I want to restart Squid with a clean cache
• 7.4 How can I proxy/cache Real Audio?
• 7.5 How can I purge an object from my cache?
• 7.6 Using ICMP to Measure the Network
• 7.7 Where so few requests logged as TCP_IMS_MISS?

8. The Cache Manager

• 8.1 What is the cache manager?
• 8.2 How do you set it up?
• 8.3 Cache manager configuration for CERN httpd 3.0
• 8.4 Cache manager configuration for Apache
• 8.5 Cache manager ACLs in squid.conf
• 8.6 Why does it say I need a password and a URL?
• 8.7 I want to shutdown the cache remotely. What's the password?
• 8.8 How do I make the cache host default to my cache?
• 8.9 What's the difference between Squid TCP connections and Squid UDP connections?
• 8.10 It says the storage expiration will happen in 1970!
• 8.11 What do the Meta Data entries mean?
• 8.12 The pool for in-memory objects is huge, and it doesn't get smaller! Is this a memory leak?
• 8.13 The ``Total accounted'' field in the meta data isn't the same as the size of my squid!
• 8.14 In the utilization section, what is Other?
• 8.15 In the utilization section, why is the Transfer KB/sec
• 8.16 In the utilization section, what is the Object Count?
• 8.17 In the utilization section, what is the Max/Current/Min KB?
• 8.18 What is the I/O section about?
• 8.19 What is the Objects section for?
• 8.20 What is the VM Objects section for?
• 8.21 What does AVG RTT mean?
• 8.22 In the IP cache section, what's the difference between a hit, a negative hit and a miss?
• 8.23 What do the IP cache contents mean anyway?
• 8.24 How do I analyze memory usage from cachemgr.cgi's output?
• 8.25 What is the fqdncache and how is it different from the ipcache?
• 8.26 What does ``Page faults with physical i/o: 4897'' mean?

9. Access Controls

• 9.1 How do I implement an ACL ban list?
• 9.2 How do I block specific users or groups from accessing my cache?
• 9.3 Is there a way to do ident lookups only for a certain host and compare the result with a userlist in squid.conf?
• 9.4 Common Mistakes
• 9.5 I set up my access controls, but they don't work! why?
• 9.6 Proxy-authentication and neighbor caches

10. Troubleshooting

• 10.1 Why am I getting ``Proxy Access Denied?''
• 10.2 I can't get local_domain to work; Squid is caching the objects from my local servers.
• 10.3 I get Connection Refused when the cache tries to retrieve an object located on a sibling, even though the sibling thinks it delivered the object to my cache.
• 10.4 Running out of filedescriptors
• 10.5 My squid dies periodically, and I see log entries complaining about being unable to malloc(3) more memory, but my system has lots of RAM available!
• 10.6 What are these strange lines about removing objects?
• 10.7 Can I change a Windows NT FTP server to list directories in Unix format?
• 10.8 Why does Squid use so much memory!?
• 10.9 Why am I getting ``Ignoring MISS from non-peer x.x.x.x?''
• 10.10 DNS lookups for domain names with underscores (_) always fail.
• 10.11 Why am I getting access denied from a sibling cache?
• 10.12 Cannot bind socket FD NN to *:8080 (125) Address already in use
• 10.13 icpDetectClientClose: ERROR xxx.xxx.xxx.xxx: (32) Broken pipe
• 10.14 icpDetectClientClose: FD 135, 255 unexpected bytes
• 10.15 How come Squid doesn't work with NTLM Authorization.
• 10.16 The default parent option isn't working!
• 10.17 ``Hot Mail'' complains about: Intrusion Logged. Access denied.
• 10.18 My Squid becomes very slow after it has been running for some time.
• 10.19 WARNING: Failed to start 'dnsserver'
• 10.20 Sending in Squid bug reports
• 10.21 fork: (12) Cannot allocate memory
• 10.22 FATAL: ipcache_init: DNS name lookup tests failed
• 10.23 FATAL: Failed to make swap directory /var/spool/cache: (13) Permission denied
• 10.24 You need to recompile with a larger value for MAX_SWAP_FILE
• 10.25 When using a username and password, I can not access some files.

11. How does Squid work?

• 11.1 What are cachable objects?
• 11.2 What is the ICP protocol?
• 11.3 What is the dnsserver?
• 11.4 What is the ftpget program for?
• 11.5 FTP PUT's don't work;
• 11.6 What is a cache hierarchy? What are parents and siblings?
• 11.7 What is the Squid cache resolution algorithm?
• 11.8 What features are Squid developers currently working on?
• 11.9 Tell me more about Internet traffic workloads
• 11.10 What are the tradeoffs of caching with the NLANR cache system?
• 11.11 Where can I find out more about firewalls?
• 11.12 What is the ``Storage LRU Expiration Age?''
• 11.13 What is ``Failure Ratio at 1.01; Going into hit-only-mode for 5 minutes''?
• 11.14 Does squid perodically re-read its configuration file?
• 11.15 How does unlinkd work?

12. Multicast

• 12.1 What is Multicast?
• 12.2 How do I know if I'm on the Mbone?
• 12.3 Should I be using Multicast ICP?
• 12.4 How do I configure Squid to send Multicast ICP queries?
• 12.5 How do I know what Multicast TTL to use?
• 12.6 How do I configure Squid to receive and respond to Multicast ICP?

13. System-Dependent Wierdnesses

• 13.1 Solaris
• 13.2 FreeBSD
• 13.3 OSF1/3.2
• 13.4 BSD/OS
• 13.5 Linux

14. Terms and Definitions

• 14.1 Neighbor