11.4 Configuring Squid

The following five squid.conf directives control the behavior of redirectors in Squid.

11.4.1 redirect_program

The redirect_program directive specifies the command line for the redirector program. For example:

redirect_program /usr/local/squid/bin/my_redirector -xyz

Note, the redirector program must be executable by the Squid user ID. If, for some reason, Squid can't execute the redirector, you should see an error message in cache.log.[1] For example:

[1] This message appears only in cache.log, and not on stdout, if you use the -d option, or in syslog, if you use the -s option.

ipcCreate: /usr/local/squid/bin/my_redirector: (13) Permission denied

Due to the way Squid works, the main Squid process may be unaware of problems executing the redirector program. Squid doesn't detect the error until it tries to write a request and read a response. It then prints:

WARNING: redirector #1 (FD 6) exited

Thus, if you see such a message for the first request sent to Squid, check cache.log closely for other errors, and make sure the program is executable by Squid.

11.4.2 redirect_children

The redirect_children directive specifies how many redirector processes Squid should start. For example:

redirect_children 20

Squid warns you (via cache.log) when all redirectors are simultaneously busy:

WARNING: All redirector processes are busy.

WARNING: 1 pending requests queued.

If you see this warning, you should increase the number of child processes and restart (or reconfigure) Squid. If the queue size becomes twice the number of redirectors, Squid aborts with a fatal message.

Don't attempt to disable Squid's use of the redirectors by setting redirect_children to 0. Instead, simply remove the redirect_program line from squid.conf.

11.4.3 redirect_rewrites_host_header

Squid normally updates a request's Host header when using a redirector. That is, if the redirector returns a new URI with a different hostname, Squid puts the new hostname in the Host header. If you use Squid as a surrogate (see Chapter 15), you might want to disable this behavior by setting the redirect_rewrites_host_header directive to off:

redirect_rewrites_host_header off

11.4.4 redirector_access

Squid normally sends every request through a redirector. However, you can use the redirector_access rules to send certain requests through selectively. The syntax is identical to http_access:

redirector_access allow|deny [!]ACLname ...

For example:

acl Foo src

acl All src 0/0

redirector_access deny Foo

redirector_access allow All

In this case, Squid skips the redirector for any request that matches the Foo ACL.

11.4.5 redirector_bypass

If you enable the redirector_bypass directive, Squid bypasses the redirectors when all of them are busy. Normally, Squid queues pending requests until a redirector process becomes available. If this queue grows too large, Squid exits with a fatal error message. Enabling this directive ensures that Squid never reaches that state.

The tradeoff, of course, is that some user requests may not be redirected when the load is high. If that's all right with you, simply enable the directive with this line:

redirector_bypass on

    Appendix A. Config File Reference