Proxy Address Port
Usage: port [mode] [options] hostname:port [mode] [options] 220.127.116.11:port [mode] [options] The socket addresses where Squid will listen for HTTP client requests. You may specify multiple socket addresses. There are three forms: port alone, hostname with port, and IP address with port. If you specify a hostname or IP address, Squid binds the socket to that specific address. Most likely, you do not need to bind to a specific address, so you can use the port number alone. If you are running Squid in accelerator mode, you probably want to listen on port 80 also, or instead. The -a command line option may be used to specify additional port(s) where Squid listens for proxy request. Such ports will be plain proxy ports with no options. You may specify multiple socket addresses on multiple lines. Modes: intercept Support for IP-Layer NAT interception delivering traffic to this Squid port. NP: disables authentication on the port. tproxy Support Linux TPROXY (or BSD divert-to) with spoofing of outgoing connections using the client IP address. NP: disables authentication on the port. accel Accelerator / reverse proxy mode ssl-bump For each CONNECT request allowed by ssl_bump ACLs, establish secure connection with the client and with the server, decrypt HTTPS messages as they pass through Squid, and treat them as unencrypted HTTP messages, becoming the man-in-the-middle. The ssl_bump option is required to fully enable bumping of CONNECT requests. Omitting the mode flag causes default forward proxy mode to be used. Accelerator Mode Options: defaultsite=domainname What to use for the Host: header if it is not present in a request. Determines what site (not origin server) accelerators should consider the default. no-vhost Disable using HTTP/1.1 Host header for virtual domain support. protocol= Protocol to reconstruct accelerated and intercepted requests with. Defaults to HTTP/1.1 for http_port and HTTPS/1.1 for https_port. When an unsupported value is configured Squid will produce a FATAL error. Values: HTTP or HTTP/1.1, HTTPS or HTTPS/1.1 vport Virtual host port support. Using the http_port number instead of the port passed on Host: headers. vport=NN Virtual host port support. Using the specified port number instead of the port passed on Host: headers. act-as-origin Act as if this Squid is the origin server. This currently means generate new Date: and Expires: headers on HIT instead of adding Age:. ignore-cc Ignore request Cache-Control headers. WARNING: This option violates HTTP specifications if used in non-accelerator setups. allow-direct Allow direct forwarding in accelerator mode. Normally accelerated requests are denied direct forwarding as if never_direct was used. WARNING: this option opens accelerator mode to security vulnerabilities usually only affecting in interception mode. Make sure to protect forwarding with suitable http_access rules when using this. SSL Bump Mode Options: In addition to these options ssl-bump requires TLS/SSL options. generate-host-certificates[=] Dynamically create SSL server certificates for the destination hosts of bumped CONNECT requests.When enabled, the cert and key options are used to sign generated certificates. Otherwise generated certificate will be selfsigned. If there is a CA certificate lifetime of the generated certificate equals lifetime of the CA certificate. If generated certificate is selfsigned lifetime is three years. This option is enabled by default when ssl-bump is used. See the ssl-bump option above for more information. dynamic_cert_mem_cache_size=SIZE Approximate total RAM size spent on cached generated certificates. If set to zero, caching is disabled. The default value is 4MB. TLS / SSL Options: cert= Path to SSL certificate (PEM format). key= Path to SSL private key file (PEM format) if not specified, the certificate file is assumed to be a combined certificate and key file. cipher= Colon separated list of supported ciphers. NOTE: some ciphers such as EDH ciphers depend on additional settings. If those settings are omitted the ciphers may be silently ignored by the OpenSSL library. options= Various SSL implementation options. The most important being: NO_SSLv3 Disallow the use of SSLv3 NO_TLSv1 Disallow the use of TLSv1.0 NO_TLSv1_1 Disallow the use of TLSv1.1...