| What about proxy authentication via LDAP? SSL options? Are these enabled by
| default?
|
| Along the lines of the PHP, Apache feature/module comparison tables (that
were
| posted earlier in this mailing list), it would be useful to see a feature
list
| of Squid comparing the other OS distributions vs the one that would be part
of SFW.
============================================
Here is a comparison with various distributions.
All except coolstack are on squid 2.6.STABLE1X
cool stack on squid 2.5. I will add more soon.
Notes: . is default, x is set, - not set, ? tentative
-p is may negatively affect performance
+p is may positively affect performance
+c adds dependencies
============================================
CoolStack FreeBSD 6.1 FedoraRPM Win32 SUNWsquid
--enable-dlmalloc - - - - -
--enable-gnuregex - - - - -
--enable-carp - - - - x
--with-aufs-threads 8 - - - x
--with-aio - - - - -
--enable-storeio
aufs x - x x x
coss x - x x x
diskd x x x - x
ufs x x x x x
null x x x x x
--enable-removal-policies
heap x x x x x
lru x x x x x
--enable-icmp - - - - -
--enable-delay-pools x - x x x
--enable-useragent-log x - x x ? (-p)
--enable-referer-log x - x x ? (-p)
--enable-wccp - - - x -
--enable-wccpV2 - - x x x
--enable-forward-log - - - - ? (-p)
--enable-multicast-miss - - - - -
--enable-snmp x - x x ? (-p)
--enable-arp-acl - - - x -
--enable-htcp - - - x x
--enable-ssl - - x x ? (+c)
--enable-forw-via-db - - - - -
--enable-cache-digests - - x x x
--enable-coss-aio-ops - - - x -
--enable-select - - - - .
--enable-select-simple - - - - .
--enable-poll x x - - .
--enable-epoll - - x - .
--enable-kqueue - - - - .
--enable-devpoll - - - - .
--disable-http-violations - - - - -
--enable-ipf-transparent - - - - -
--enable-pf-transparent - - - - -
--with-large-files - - x - -
--enable-large-cache-files - - - x x
--disable-ident-lookups x x - - ? (+p)
--disable-internal-dns - - - - -
--enable-truncate - - - - -
--disable-hostname-checks - - - - -
--enable-underscores x x x - x
--enable-auth
basic - x x x x
digest - x x x x
negotiate - - - x -
ntlm - x x x ? (+c)
--enable-basic-auth-helpers
DB - x - - -
NCSA - x x x -
YP - - x - -
LDAP - - x x ? (+c)
PAM - x x - -
getpwnam - - x - -
MSNT - x x - -
POP3 - - - - -
mswin_sspi - x - x -
SASL - - x - -
multi-domain-NTLM - - x - -
SMB - x x - -
--enable-ntlm-auth-helpers
SMB - x x - -
mswin_sspi - x - x -
fakeauth - - x x -
nocheck - - - - -
--enable-digest-auth-helpers
ldap - - - x ? (+c)
password - x x x x
--enable-negotiate-auth-helpers
mswin_sspi - - - x -
squid_kerb_auth - - - - -
--enable-ntlm-fail-open - - - - -
--enable-external-acl-helpers
ip_user - x - - -
mswin_lm_group - x - x -
unix_group - x - - -
ldap_group - - - x -
session - - - - -
wbinfo_group - x - - -
--disable-unlinkd - - - - -
--enable-x-accelerator-vary x x - - -
--enable-follow-x-forwarded-for - - x - -
==============================================================================
Explanations.
==============================================================================
--enable-dlmalloc=LIB Compile & use the malloc package by Doug Lea
--enable-gnuregex Compile GNUregex. Unless you have reason to use this
option, you should not enable it. This library file
is usually only required on Windows and very old
Unix boxes which do not have their own regex library
built in.
--disable-carp Disable CARP support
--enable-async-io=N_THREADS
Shorthand for
--with-aufs-threads=N_THREADS
--with-pthreads
--enable-storeio=ufs,aufs
--enable-storeio="list of modules"
Build support for the list of store I/O modules.
The default is only to build the "ufs" module.
See src/fs for a list of available modules, or
Programmers Guide section <not yet written>
for details on how to build your custom store module
--enable-heap-replacement
Backwards compatibility option. Please use the
new --enable-removal-policies directive instead.
--enable-removal-policies="list of policies"
Build support for the list of removal policies.
The default is only to build the "lru" module.
See src/repl for a list of available modules, or
Programmers Guide section 9.9 for details on how
to build your custom policy
--enable-icmp Enable ICMP pinging (keep track of gateways)
--enable-delay-pools Enable delay pools to limit bandwidth usage
--enable-useragent-log Enable logging of User-Agent header
--enable-referer-log Enable logging of Referer header
--disable-wccp Disable Web Cache Coordination V1 Protocol
--disable-wccpv2 Disable Web Cache Coordination V2 Protocol
--enable-kill-parent-hack
Kill parent on shutdown
--enable-forward-log Enable experimental forward_log directive
--enable-multicast-miss Enable experimental multicast notification of
cachemisses
--enable-snmp Enable SNMP monitoring
--enable-cachemgr-hostname=hostname
Make cachemgr.cgi default to this host
--enable-arp-acl Enable use of ARP ACL lists (ether address)
--enable-htcp Enable HTCP protocol
--enable-ssl Enable ssl gatewaying support using OpenSSL
--enable-forw-via-db Enable Forw/Via database
--enable-cache-digests Use Cache Digests
see http://www.squid-cache.org/FAQ/FAQ-16.html
--enable-coss-aio-ops Enable COSS I/O with Posix AIO (default is aufs I/O)
--enable-select Force the use of select support.
Normally configure automatically selects a better
alternative if available.
--disable-select Disable select support, causing configure to fail
if a better alternative is not available
--enable-select-simple Force the use of select support (POSIX).
Useful if your system only supports the bare minium
POSIX select requirements without fds_bits.
--enable-poll Force the use of poll even if automatic checks
indicate poll may be broken on your plaform.
--disable-poll Disable the use of poll.
--enable-epoll Force the use of epoll even if automatic checks
indicate epoll may not be supported.
--disable-epoll Disable the use of epoll.
--enable-kqueue Force the use of kqueue even if automatic checks
indicate kqueue may not be supported.
--disable-kqueue Disable kqueue support.
--enable-devpoll Use Solaris /dev/poll instead of poll
--disable-http-violations
This allows you to remove code which is known to
violate the HTTP protocol specification.
--enable-ipf-transparent
Enable Transparent Proxy support for systems
using IP-Filter network address redirection.
--enable-pf-transparent
Enable Transparent Proxy support for systems
using PF network address redirection.
--enable-linux-netfilter
Enable Transparent Proxy support for Linux 2.4 and
later
--enable-large-cache-files
Enable support for large cache files (>2GB).
WARNING: on-disk cache format is changed by this
option
--enable-linux-tproxy
Enable real Transparent Proxy support for Netfilter
TPROXY.
--enable-leakfinder
Enable Leak Finding code. Enabling this alone
does nothing; you also have to modify the source
code to use the leak finding functions. Probably
Useful for hackers only.
--disable-ident-lookups
This allows you to remove code that performs
Ident (RFC 931) lookups.
--disable-internal-dns This prevents Squid from directly sending and
receiving DNS messages, and instead enables the
old external 'dnsserver' processes.
--enable-truncate This uses truncate() instead of unlink() when
removing cache files. Truncate gives a little
performance improvement, but may cause problems
when used with async I/O. Truncate uses more
filesystem inodes than unlink..
--enable-default-hostsfile=path
Select default location for hosts file.
See hosts_file directive in squid.conf for details
--enable-win32-service Compile Squid as a WIN32 Service
Works only on Windows NT and Windows 2000 Platforms.
--enable-auth="list of auth scheme modules"
Build support for the list of authentication schemes.
The default is to build support for the Basic scheme.
See src/auth for a list of available modules, or
Programmers Guide section authentication schemes
for details on how to build your custom auth scheme
module
--enable-basic-auth-helpers="list of helpers"
This option selects which basic scheme proxy_auth
helpers to build and install as part of the normal
build process. For a list of available
helpers see the helpers/basic_auth directory.
--enable-ntlm-auth-helpers="list of helpers"
This option selects which proxy_auth ntlm helpers
to build and install as part of the normal build
process. For a list of available helpers see
the helpers/ntlm_auth directory.
--enable-digest-auth-helpers="list of helpers"
This option selects which digest scheme proxy_auth
helpers to build and install as part of the normal
build process. For a list of available helpers see the
helpers/digest_auth directory.
--enable-negotiate-auth-helpers="list of helpers"
This option selects which negotiate scheme
authentication
helpers to build and install as part of the normal
build
process. For a list of available helpers see the
helpers/negotiate_auth directory.
--enable-ntlm-fail-open Enable NTLM fail open, where a helper that fails one
of the
Authentication steps can allow squid to still
authenticate
the user.
--enable-external-acl-helpers="list of helpers"
This option selects which external_acl helpers to
build and install as part of the normal build
process. For a list of available helpers see the
helpers/external_acl directory.
--disable-unlinkd Do not use unlinkd
--enable-stacktraces Enable automatic call backtrace on fatal errors
--enable-x-accelerator-vary
Enable support for the X-Accelerator-Vary
HTTP header. Can be used to indicate
variance within an accelerator setup.
Typically used together with other code
that adds custom HTTP headers to the requests.
--enable-follow-x-forwarded-for
Enable support for following the X-Forwarded-For
HTTP header to try to find the IP address of the
original or indirect client when a request has
been forwarded through other proxies.
Optional Packages:
--with-aufs-threads=N_THREADS
Tune the number of worker threads for the aufs object
store.
--with-pthreads Use POSIX Threads
--with-aio Use POSIX AIO
--with-openssl=prefix
--with-coss-membuf-size COSS membuf size (default 1048576 bytes)
--with-large-files Enable support for large files (logs etc).
rahul
--
1. e4 _
