Squid_ The Definitive Guide - Duane Wessels [190]
* * *
Tip
This directive doesn't determine how long credentials remain valid. It only affects whether or not an entry is removed from the username cache. Squid may decide to revalidate the credentials of a user that is in the cache. Each authentication scheme has its own way of determining when to revalidate credentials with the external helper.
* * *
Syntax
authenticate_ttl time-specification
Default
authenticate_ttl 1 hour
Example
authenticate_ttl 30 minutes
Related
authenticate_cache_garbage_interval, auth_param
Name
authenticate_cache_garbage_interval
Synopsis
This directive specifies how often Squid executes the function to clean up the proxy authentication username cache. During this process, usernames that have been inactive for some amount of time (defined by authenticate_ttl) are purged.
Syntax
authenticate_cache_garbage_interval time-specification
Default
authenticate_cache_garbage_interval 1 hour
Example
authenticate_cache_garbage_interval 8 hours
Related
authenticate_ttl, auth_param
Name
authenticate_ip_ttl
Synopsis
This directive causes Squid to deny requests if the same proxy authentication username comes from more than one IP address within a given amount of time. It's designed to discourage users from sharing their username and password with others. When Squid detects the same username from multiple IP addresses, it forces the user to reauthenticate by denying the request.
This feature is disabled by default (0 seconds). If your users normally have the same IP address (e.g., static addressing or DHCP with long leases), you can set authenticate_ip_ttl to a large value such as 1 hour. However, if your users are on dial-up connections, they may be more likely to change IP addresses within a short period of time. To make their lives easier, use a small authenticate_ip_ttl value, such as 1 minute.
Syntax
authenticate_ip_ttl time-specification
Default
authenticate_ip_ttl 0 seconds
Example
authenticate_ip_ttl 1 minute
Related
auth_param
Name
external_acl_type
Synopsis
This directive defines new ACL types implemented as external programs. See Section 6.1.3.
Syntax
external_acl_type type-name [options] format
helper-command
Default
No default
Example
external_acl_type MyAcltype %LOGIN /usr/local/squid/libexec/my-acl-prog.pl
Related
acl, http_access
Name
wais_relay_host
Synopsis
The Wide Area Information Service (WAIS) is an obsolete protocol that predates the Web. This directive is largely historical. Its purpose is to make Squid forward all WAIS requests to another proxy, perhaps a dedicated WAIS gateway. You can accomplish the same effect with ACLs and cache_peer_access.
Syntax
wais_relay_host hostname
Default
No default
Example
wais_relay_host some.host.name
Related
wais_relay_port
Name
wais_relay_port
Synopsis
If, for some reason, you use wais_relay_host, you must set the WAIS relay port number with this directive. Arguably you should be able to specify both with a single directive. However, they were split some time ago to simplify Squid's parsing code.
Syntax
wais_relay_port port-number
Default
No default
Example
wais_relay_port 8001
Related
wais_relay_host
Name
request_header_max_size
Synopsis
This directive places an upper limit on the size of headers in an HTTP request. When Squid receives an HTTP request with headers that exceed this value, it returns a 413 (Request Entity Too Large) error response. In most cases, request headers are smaller than 512 bytes. This directive exists to catch certain abnormal conditions, such as persistent connection bugs, buffer overflow attempts, and denial-of-service attacks.
Syntax
request_header_max_size size-specification