Helper Programs
Squid uses helper programs to provide extra functionality, or provide greater performance. Squid provides a standard API for several types of program to provide extra services that do not fit well into the Squid core. Helper programs could be viewed as a simple means of modular design, allowing third parties to write modules to improve the features of Squid. That being said, some of Squids standard functionality is also provided as helper programs. The standard helper programs include dnsserver, pinger, and several authentication modules. Third party modules include redirectors, ad blockers, and additional authentication modules.
 | Squid versions from 2.3 onward do not use the dnsserver helper program by default, replacing it with an internal non-blocking DNS resolver. This new internal DNS resolver is more memory and processor efficient, so is preferred. But in some circumstances, the older helper program is the better choice. If your Squid must be able to resolve based on any source other than a DNS server, such as via a hosts file or NIS, then you must use the external dnsserver helper. |
FTP column width defines the column width for auto-generated web pages of FTP sites queried through Squid when Squid is in forward proxy mode. Squid provides limited FTP proxy features to allow browsers (even older, non-FTP aware browsers) to communicate with FTP servers. This option gives some control over how Squid formats the resulting file lists. This option correlates to the ftp_list_width and defaults to 32.
| Squid only provides FTP proxy and caching services when acting as a traditional proxy, not when acting transparently. Squid does not currently provide complete FTP caching or proxying. |
Anon FTP login sets the email address Squid uses to login to remote FTP servers anonymously. This can simply be a username followed by an @ symbol, which your domain name can be automatically attached to. Or it can be a full email address. This should be something reasonable for your domain, such as wwwuser@mydomain.com, or in the domainless case first mentioned, Squid@, which happens to be the default for this option. This corresponds to the ftp_user directive.
Squid DNS program is the helper program to use for DNS resolution. Because Squid requires a non-blocking resolver for its queries, an external program called dnsserver is included in the standard distribution. In Squid versions prior to 2.3, this program is the only standard choice for resolution, and the path to the file can be entered here. In Squid versions later than 2.3, there is a new default option, which is an internal non-blocking resolver that is more memory and CPU efficient. This option rarely needs to be changed from its default value. This option configures cache_dns_program directive.
Number of DNS programs simply defines the number of external DNS resolver processes will be started in order to server requests. The default value of five is enough for many networks, however, if your Squid serves a large number of users, this value may need to be increased to avoid errors. However, increasing the number of processes also increases the load on system resources and may actually hinder performance if set too high. More than 10 is probably overkill. Correlates to the dns_children directive.
Append domain to requests, when enabled, causes the dnsserver to add the local domain name to single component hostnames. It is normally disabled to prevent caches in a hierarchy from interpreting single component hostnames locally. This option configures the dns_defnames directive.
DNS server addresses, normally defaults to From resolv.conf, which simply means that Squids parent DNS servers will be drawn from the /etc/resolv.conf file found on the system Squid runs on. It is possible to select other DNS servers if needed, for example to choose a more local caching DNS server, or a remote internet connected server. This option corresponds to the dns_nameservers directive.
Cache clearing program sets the name of the helper program that deletes, or unlinks, old files in the cache to make room for newer objects. In all current versions of Squid, this helper is known as unlinkd and should probably not be changed from this unless you know what you're doing. This option configures the unlinkd_program directive.
| There are new, experimental versions of Squid that feature different mechanisms for removing old objects. Eventually, it is likely that unlinkd will become a deprecated option and be removed. |
Squid ping program is an external program that provides Squid with icmp RTT information so that it can more effectively choose between multiple remote parent caches for request fulfillment. There are special cases when this option is required, and your Squid must have been compiled with the --enable-icmp configure option in order for it to work. This option should only be used on caches that have multiple parent caches on different networks that it must choose between. The default program to use for this task is called pinger. This option configures the pinger_program directive.
Custom redirect program and Number of redirect programs provides access to the redirector interface in Squid, so a redirector can be selected and the number of redirector processes needed configured. A redirector is, in short, just what it sounds like: a program that, when given a URL that matches some circumstances, redirects Squid to another URL. To be a little less brief and perhaps more complete, a redirector provides a method to export a request to an external program, and then to import that programs response and act as though the client sent the resulting request. This allows for interesting functionality with Squid and an external redirector. To configure a redirector, enter the path to the redirector and the redirector filename as shown. You should also enter any options to be passed to the redirector in the same field, as in the example shown. Though the whole command line isn't visible, in this case, the line uses the -c of SquidGuard to indicate the location of its configuration file.
One common usage is to block objectionable content using a tool like SquidGuard. Another popular use is to block advertising banners using the simple, but effective Ad Zapper. The Ad Zapper not only allows one to block ads, it can also remove those pesky flashing "New" images and moving line images used in place of standard horizontal rules. Several other general purpose redirectors exist that provide URL remapping for many different purposes. Two popular and well supported general redirectors are Squirm and JesRed. Finally, it is possible to write a custom redirector to provide any kind of functionality needed from your Squid. While it is not possible to use the redirector interface to alter a web page's content it is possible to perform inline editing of some or all URLs to force many different types of results. The two redirect options configure the redirect_program and redirect_children directives.
| Redirector's usually require additional configuration of their own, and often have their own configuration file. Currently no director is configurable within Webmin, though work is underway on a SquidGuard module. It will be documented here when it is completed. |
Custom Authentication program and Number of authentication programs provides an interface to the external authentication interface within Squid. There are a large number of authentication modules for use with Squid, allowing users to be authenticated in a number of ways. The simplest authentication type is known as ncsa_auth, which uses a standard htpasswd style password file to check for login name and password. More advanced options include a new NTLM module that allows authentication against a Windows NT domain controller, and LDAP authentication that allows use of Lightweight Directory Access Protocol servers. Most authentication modules work the same way, and quite similarly to a redirector as discussed above. In the figure below, I've chosen the standard ncsa_auth authenticator, and provided the location of the passwd file it should use for authenticating users. I've also increased the number of authenticator child processes from the default of 5 to 10, in order to handle quite heavy loads. These options edit the authenticate_program and authenticate_children directives, respectively.
