Key changes from squid 2.4:

• Major rewrite of proxy authentication to support other schemes than basic. First in the line is NTLM support but others can easily be added (minimal digest is present). See the Programmers Guide for the internals. Thanks to the SAMBA team for some excellent collaboration on the NTLM support! (Robert Collins & Francesco Chemolli)
• Optimized searching in proxy_auth and ident ACL types. Squid should now handle large access lists a lot more efficiently. (Francesco Chemolli)
• Fixed forwarding/peer loop detection code (Brian Degenhardt) - now a peer is ignored if it turns out to be us, rather than committing suicide
• Changed the internal URL code to obey appendDomain for internal objects if it needs appending. This fixes weirdnesses where a machine can think it is "foo.bar.com", and "foo" is requested. (Brian Degenhardt)
• Added the use of Automake to create the Makefile.in's in the squid source tree. This will allow libtool in the future, and immediately allows better dependency tracking - with or without gcc - as well as the dist-all and distcheck targets for developers which respectively build a tar.gz and a tar.bz2 distribution, and check that what will be distributed builds. (Robert Collins)
• Added TOS and source address selection based on ACLs, written by Roger Venning. This allows administrators to set the TOS precedence bits and/or the source IP from a set of available IPs based upon some ACLs, generally to map different users to different outgoing links and traffic profiles.
• Added 'max-conn' option to 'cache_peer'
• Added SSL gatewaying support, allowing Squid to act as a SSL server in accelerator setups.
• Many new authentication helpers.
• no_cache now applies to cache hits as well as cache misses
• the Gopher client in Squid has been significantly improved
• Squid now sanity checks FTP data connections to ensure the connection is from the requested server. Can be disabled if needed by turning off the ftp_sanitycheck option.
• external acl support. A mechanism where flexible ACL checks can be driven by external helpers. See the external_acl_type and acl external directives. (MARA Systems AB)
• Countless other small things and fixes
• HTML pages generated by Squid or CacheMgr as well as the ERR documents now contain a doctype declaration so that browsers know which HTML specification the document uses. In addition to that they have a new look (background-color, font) and are valid according to the HTML standards at www.w3.org. (Clemens Löser)
• Login and password send to Basic auth helpers is now URL escaped to allow for spaces and other "odd" characters in logins and passwords
• Proxy Authentication is no longer blindly forwarded to peer caches if not used locally. If forwarding of proxy authentication is desired then it must now be configured with the login=PASS cache_peer option.
• Responses with Vary: in the header are now cached by squid. (Henrik Nordstrom).
• Support for openBSD pf interface in interception mode.
• It is now possible to send complex arguments to helpers by quoting the arguments by " and/or \
• The directory structure has changed slightly. The squid binary has been moved into sbin, errors and icons into share/, and the libexec programs are now in libexec/ (was previously libexec/squid/). See configure --help for instructions on how to move these around to exacly where you want to have them in your system.

Read More Details

Only registered users can write comments.
Please login or register.

Powered by AkoComment 1.0 beta 2!