client_netmask

client_netmask

This directive is available to provide privacy for users. When Squid writes access.log and other log files, it applies this mask to the client's IP address. For example, if you set the netmask to 255.255.255.0, Squid logs a request from 1.2.3.0 instead of 1.2.3.4. Thus, if someone manages to read the log file, they know only approximately, not exactly, which host (or user) made each request.

If you use log_fqdn, Squid applies the client_netmask before issuing the DNS lookup. For example, Squid will try to find a hostname record for 1.2.3.0 instead of 1.2.3.4.

Syntax	client_netmask `IPv4-netmask`
Default	client_netmask 255.255.255.255
Example	client_netmask 255.255.255.0
Related	cache_access_log, useragent_log, referer_log, log_fqdn

Chapter 1. Introduction

Chapter 2. Getting Squid

Chapter 3. Compiling and Installing

Chapter 4. Configuration Guide for the Eager

Chapter 5. Running Squid

Chapter 6. All About Access Controls

Chapter 7. Disk Cache Basics

Chapter 8. Advanced Disk Cache Topics

Chapter 9. Interception Caching

Chapter 10. Talking to Other Squids

Chapter 11. Redirectors

Chapter 12. Authentication Helpers

Chapter 13. Log Files

Chapter 14. Monitoring Squid

Chapter 15. Server Accelerator Mode

Chapter 16. Debugging and Troubleshooting

Appendix A. Config File Reference

ssl_unclean_shutdown

udp_incoming_address

udp_outgoing_address

cache_peer_domain

neighbor_type_domain

icp_query_timeout

maximum_icp_query_timeout

mcast_icp_query_timeout

dead_peer_timeout

hierarchy_stoplist

cache_access_log

cache_store_log

emulate_httpd_log

log_ip_on_direct

cache_swap_high

maximum_object_size

minimum_object_size

maximum_object_size_in_memory

cache_replacement_policy

memory_replacement_policy

store_dir_select_algorithm

client_netmask

ftp_sanitycheck

cache_dns_program

dns_retransmit_interval

dns_nameservers

unlinkd_program

redirect_program

redirect_children

redirect_rewrites_host_header

redirector_access

redirector_bypass

authenticate_ttl

authenticate_cache_garbage_interval

authenticate_ip_ttl

external_acl_type

wais_relay_host

wais_relay_port

request_header_max_size

request_body_max_size

refresh_pattern

quick_abort_min

quick_abort_max

quick_abort_pct

positive_dns_ttl

negative_dns_ttl

range_offset_limit

connect_timeout

peer_connect_timeout

request_timeout

persistent_request_timeout

client_lifetime

half_closed_clients

shutdown_lifetime

http_reply_access

cache_peer_access

ident_lookup_access

tcp_outgoing_tos

tcp_outgoing_address

reply_body_max_size

cache_effective_user

cache_effective_group

visible_hostname

unique_hostname

hostname_aliases

announce_period

httpd_accel_host

httpd_accel_port

httpd_accel_single_host

httpd_accel_with_proxy

httpd_accel_uses_host_header

tcp_recv_bufsize

memory_pools_limit

log_icp_queries

minimum_direct_hops

minimum_direct_rtt

cachemgr_passwd

store_avg_object_size

store_objects_per_bucket

netdb_ping_period

test_reachability

reload_into_ims

error_directory

maximum_single_addr_tries

snmp_incoming_address

snmp_outgoing_address

as_whois_server

wccp_incoming_address

wccp_outgoing_address

delay_parameters

delay_initial_bucket_level

incoming_icp_average

incoming_http_average

incoming_dns_average

min_icp_poll_cnt

min_dns_poll_cnt

min_http_poll_cnt

max_open_disk_fds

mcast_miss_addr

mcast_miss_port

mcast_miss_encode_key

nonhierarchical_direct

strip_query_terms

ignore_unknown_nameservers

digest_generation

digest_bits_per_entry

digest_rebuild_period

digest_rewrite_period

digest_swapout_chunk_size

digest_rebuild_chunk_percentage

client_persistent_connections

server_persistent_connections

pipeline_prefetch

extension_methods

request_entities

high_response_time_warning

high_page_fault_warning

high_memory_warning

vary_ignore_expire

sleep_after_fork

Appendix B. The Memory Cache

Appendix C. Delay Pools

Appendix D. Filesystem Performance Benchmarks

Appendix E. Squid on Windows

Appendix F. Configuring Squid Clients