fix misspells and minor cleanup

docs/404.md

@@ -5,7 +5,7 @@ permalink: /404.html
 # Oops, page not found (404 error)
 
 You probably followed a broken link to, sorry.
-We can't really know what you were looking for, but you can try looking
+We cannot really know what you were looking for, but you can try looking
 for it in the [full list of the site's pages](/SitePages).
 
 You can also try a full text search on the Squid project's web sites

docs/ConfigExamples/Authenticate/Bypass.md

@@ -143,7 +143,7 @@ This can be accomplished by using 6 configuration files:
 This example configuration will allow any user access to whitelisted
 sites without asking for identification, users in group A will be able
 to access sites in list A, users in group B will be able to access sites
-from group B and noone will be able to access anything else.
+from group B and no one will be able to access anything else.
 
 ## Advanced configuration
 

docs/ConfigExamples/Authenticate/Kerberos.md

@@ -208,7 +208,7 @@ If squid_kerb_ldap is used the following steps are happening
 1. Squid "login" to Windows Active Directory or Unix kdc as user
     \<HTTP/\<fqdn-squid\>@DOMAIN.COM\>. This requires Active Directory
     to have an attribute userPrincipalname set to
-    \<HTTP/\<fqdn-squid\>@DOMAIN.COM\> for the associated acount. This
+    \<HTTP/\<fqdn-squid\>@DOMAIN.COM\> for the associated account. This
     is usaully done by using msktutil.
 
     ![Squid-4.jpeg](/assets/images/squid-4.jpg)

docs/ConfigExamples/Authenticate/LoggingOnly.md

@@ -21,7 +21,7 @@ hack needs to be used:
 
 
 Remember that http_access order is very important. If you allow access
-without the "dummyAuth" acl, you won't get usernames logged
+without the "dummyAuth" acl, you will not get usernames logged
 
 One of the following authentication helpers is also needed to ensure
 that login details are available for use when that demand is made.

docs/ConfigExamples/Authenticate/Ntlm.md

@@ -9,7 +9,7 @@ Winbind is a Samba component providing access to Windows Active Directory
 authentication services on a Unix-like operating system
 
 ## Supported Samba Releases
-Samba 3 and later provide a squid-compatible authenitcation helper named
+Samba 3 and later provide a squid-compatible authentication helper named
 `ntlm_auth`
 
 ## Samba Configuration
@@ -93,7 +93,7 @@ gpasswd -a proxy winbindd_priv
 
 As Samba-3.x has it's own authentication helper there is no need to
 build any of the Squid authentication helpers for use with Samba-3.x
-(and the helpers provided by Squid won't work if you do). You do however
+(and the helpers provided by Squid will not work if you do). You do however
 need to enable support for the NTLM scheme if you plan on using this.
 Also you may want to use the wbinfo_group helper for group lookups
 

docs/ConfigExamples/Authenticate/NtlmCentOS5.md

@@ -81,7 +81,7 @@ configure Samba, Winbind and perform the join in one step.
     Shutting down Winbind services:                            [FAILED]
     Starting Winbind services:                                 [  OK  ]
 
-If Winbind wasn't running before this it can't shutdown, but authconfig
+If Winbind wasn't running before this it cannot shutdown, but authconfig
 will start it and enable it to start at boot.
 
 The default permissions for **/var/cache/samba/winbindd_privileged** in

docs/ConfigExamples/Authenticate/WindowsActiveDirectory.md

@@ -78,7 +78,7 @@ authentication may fail.
 
 ## NTP Configuration
 
-Time needs to be syncronised with Windows Domain Controllers for
+Time needs to be synchronised with Windows Domain Controllers for
 authentication, configure the proxy to obtain time from them and test to
 ensure they are working as expected.
 
@@ -165,7 +165,7 @@ use it to create our kerberos computer object in Active directory.
 
     kinit administrator
 
-It should return without errors. You can see if you succesfully obtained
+It should return without errors. You can see if you successfully obtained
 a ticket with:
 
     klist
@@ -227,7 +227,7 @@ users will not be able to authenticate with Squid.
 Add the following to cron so it can automatically updates the computer
 account in active directory when it expires (typically 30 days). Pipe it
 through logger so I can see any errors in syslog if necessary. As stated
-msktutil uses the default `/etc/krb5.conf` file for its paramaters so be
+msktutil uses the default `/etc/krb5.conf` file for its parameters so be
 aware of that if you decide to make any changes in it.
 
     00 4  *   *   *     msktutil --auto-update --verbose --computer-name squidproxy-k | logger -t msktutil
@@ -263,7 +263,7 @@ Now join the proxy to the domain.
 ```
 net ads join -U Administrator
 ```
-Start samba and winbind and test acces to the domain.
+Start samba and winbind and test access to the domain.
 ```
 wbinfo -t
 ```
@@ -324,7 +324,7 @@ chgrp proxy /etc/squid3/ldappass.txt
 ## Install negotiate_wrapper
 
 Firstly we need to install negotiate_wrapper. Install the necessary
-build tools on Debian intall `build-essential linux-headers-$(uname -r)`
+build tools on Debian install `build-essential linux-headers-$(uname -r)`
 Then compile and install.
 
 ```bash

docs/ConfigExamples/Caching/WindowsUpdates.md

@@ -43,7 +43,7 @@ requests. Particularly when large objects are involved.
     Default value is a bit small. It needs to be somewhere 100MB or
 higher to cope with the IE updates.
 - **[range_offset_limit](http://www.squid-cache.org/Doc/config/range_offset_limit)**.
-    Does the main work of converting range requests into cacheable
+    Does the main work of converting range requests into cachable
     requests. Use the same size limit as
     [maximum_object_size](http://www.squid-cache.org/Doc/config/maximum_object_size)
     to prevent conversion of requests for objects which will not cache
@@ -131,7 +131,7 @@ stored in the squid cache.
 I also recommend a 30 to 60GB
 [cache_dir](http://www.squid-cache.org/Doc/config/cache_dir) size
 allocation, which will let you download tonnes of windows updates and
-other stuff and then you won't really have any major issues with cache
+other stuff and then you will not really have any major issues with cache
 storage or cache allocation or any other issues to do with the cache.
 
 ## Why does it go so slowly through Squid?

docs/ConfigExamples/Chat/Signal.md

@@ -40,7 +40,7 @@ connections.
 
 > :x:
     Note that port 80 is still too unsafe to allow generic CONNECT to
-    happen on it. However, Signal client often can't do initial connect
+    happen on it. However, Signal client often cannot do initial connect
     without permission CONNECT to port 80 at
     textsecure-service-ca.whispersystems.org. You are warned.
 

docs/ConfigExamples/Chat/Skype.md

@@ -15,7 +15,7 @@ then the mentioned in the article to make it so skype clients will be
 able to run smooth with squid in the picture. Else then that skype in
 many cases will require direct access to the Internet and will not work
 in a very restricted networks with allow access only using a proxy. I
-belive that NTOP have some more details on how to somehow make skype
+believe that NTOP have some more details on how to somehow make skype
 work or be blocked in some cases. I recommend peeking at theri at:
 <https://github.com/ntop/nDPI/search?utf8=✓&q=skype>
 

docs/ConfigExamples/ClusteringTproxySquid.md

@@ -14,7 +14,7 @@ What is good about WCCP? WCCP allows web cache clustering with built in
 fail-over mechanism and semi auto configuration management.
 
 It gives the Network administrator quiet in mind that if something in
-the cache cluster is not functioning the clients wont suffer from it.
+the cache cluster is not functioning the clients will not suffer from it.
 
 WCCP can be implemented for http and other protocols. many Network
 administrator will implement the Web cache infrastructure close to the

docs/ConfigExamples/ContentAdaptation/C-ICAP.md

@@ -163,7 +163,7 @@ Then adjust squidclamav.conf as follows:
     logredir 1
 
     # Enable / disable DNS lookup of client ip address. Default is enabled '1' to
-    # preserve backward compatibility but you must desactivate this feature if you
+    # preserve backward compatibility but you must deactivate this feature if you
     # don't use trustclient with hostname in the regexp or if you don't have a DNS
     # on your network. Disabling it will also speed up squidclamav.
     dnslookup 0
@@ -175,7 +175,7 @@ Then adjust squidclamav.conf as follows:
     safebrowsing 0
 
     #
-    # Here is some defaut regex pattern to have a high speed proxy on system
+    # Here is some default regex pattern to have a high speed proxy on system
     # with low resources.
     #
     # Abort AV scan, but not chained program
@@ -468,7 +468,7 @@ Adjust srv_url_check.conf as follows:
 
 > :information_source:
     Note: Using whitelist is good idea for performance reasons. It is
-    plain text file with 2nd level domain names. All hostnames beyong
+    plain text file with 2nd level domain names. All hostnames beyond
     this domains will be pass. Also setup DNS cache is also great idea
     to improve performance.
 
@@ -671,7 +671,7 @@ Here is also Munin plugins for C-ICAP monitoring (performance-related
 
 > :information_source:
     When upgrading c-icap server, you also need (in most cases) to
-    rebuild squidclamav to aviod possible API incompatibility.
+    rebuild squidclamav to avoid possible API incompatibility.
 
 > :information_source:
     In case of c-icap permanently restarts, increase DebugLevel in

docs/ConfigExamples/ContentAdaptation/EcapForExifStripping.md

@@ -104,7 +104,7 @@ First, build and install dependencies:
     make -j8
     make install
 
-Make shure all shared libraries are installed.
+Make sure all shared libraries are installed.
 
 > :information_source:
     Note: Use correct compiler full path, depending your setup. Commands
@@ -145,7 +145,7 @@ Supported configuration parameters:
         Files with size greater than limit will be stored in temporary
         disk storage, otherwise processing will be done in RAM.
     exclude_types
-        List of semicolon seprated MIME types which shouldn't be
+        List of semicolon separated MIME types which shouldn't be
         handled by adapter.
 
 ## Squid Configuration File

docs/ConfigExamples/DynamicContent/Coordinator.md

@@ -43,15 +43,15 @@ some of the reasons for that:
 - The result of a live content feed based or not on argument supplied
     by end user.
 - a CMS(Content Management System) scripts design.
-- bad programing.
+- bad programming.
 - Privacy policies.
 
 ## File De-Duplication/Duplication
 
 - two urls that result the same identical resource ( many to one ).
     Some of the reasons for that:
     - a temporary URL for content access based on credentials
-    - bad programing or fear from caching
+    - bad programming or fear from caching
     - Privacy policies
 
 There is also the problem of content copying around the web. For
@@ -89,7 +89,7 @@ just a longer url. many CMS like Wordpress use question mark to identify
 a specific page/article stored in the system. ("/wordpress/?p=941")
 
 
-but insted exploting this convention the script authur can just add
+but instead exploting this convention the script authur can just add
 Cache specific headers to allow or disallow caching the resource.
 
 ## HTTP and caching

docs/ConfigExamples/DynamicContent/YouTube.md

@@ -181,7 +181,7 @@ per.php:
             //file not in cache? Get it, send it & save it
             logdata("MISS",$url,$fname);
             $fileptr=fopen($fname,"w");
-            //no validity check, simply don't write the file if we can't open it. prevents noticeable failure/
+            //no validity check, simply don't write the file if we cannot open it. prevents noticeable failure/
 
             while(!feof($urlptr)){
                     $line=fread($urlptr,$blocksize);

docs/ConfigExamples/FullyTransparentWithTPROXY.md

@@ -31,7 +31,7 @@ the tproxy include file needs to be placed in
 /usr/include/linux/netfilter_ipv4/ip_tproxy.h or
 include/netfilter_ipv4/ip_tproxy.h in the squid src tree).
 
-TThe iptables rule needs to use the TPROXY target (instead of the
+The iptables rule needs to use the TPROXY target (instead of the
 REDIRECT target) to redirect the port 80 traffic to the proxy. Ie:
 
     iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j TPROXY --on-port 80
@@ -175,7 +175,7 @@ balabit for kernel & iptables tproxy
 * check-up access.log --\> yes it is increments log check-up my pc by
 * opening whatismyipaddress.com --\> yes it is my pc's ip
 
-Now, I will try tuning-up my box & squid.conf tommorow
+Now, I will try tuning-up my box & squid.conf tomorrow
 
 ## Another Example
 

docs/ConfigExamples/Intercept.md

@@ -8,7 +8,7 @@ using any two devices the configurations have been separated into
 endpoint configurations.
 
 L2 forwarding is best suited for when the proxy is directly connected to
-the router, i.e. presists in the same L2-segment of LAN. Since Layer-2
+the router, i.e. exists in the same L2-segment of LAN. Since Layer-2
 is a level below TCP/IP it can be treated as equivalent to *Policy
 Routing* at the IP layer (the difference is PBR is executes on CPU,
 against true L2 WCCP forwarding, which often executes on control plane

docs/ConfigExamples/Intercept/CiscoIOSv15Wccp2.md

@@ -26,13 +26,13 @@ Router has both router/switch functionality, so we can use both GRE/L2
 redirection methods.
 
 > :information_source:
-    Note: Beware - you must have NAT configuted on your squid's box, and
+    Note: Beware - you must have NAT configured on your squid's box, and
     you must have squid built with OS-specific NAT support.
 
 > :information_source:
     Note: When using managed switch in DMZ, be sure proxy box port in
     the same VLAN/has the same encapsulation as router port with WCCP
-    activated. Otherwise router can't do WCCP handshake with proxy.
+    activated. Otherwise router cannot do WCCP handshake with proxy.
 
 ### Cisco IOS 15.5(3)M2 router
 
@@ -109,7 +109,7 @@ and passthrough default route to next hop (or last resort gateway).
 
 #### Security
 
-To avoid denial-of-service attacks, you can enforce authentification
+To avoid denial-of-service attacks, you can enforce authentication
 between proxy(proxies) and router. To do that you need to setup WCCP
 services on router using passwords:
 
@@ -158,7 +158,7 @@ interception.
 
 > :information_source:
     Note: **Performance** is more better against PBR (route-map), WCCP
-    uses less CPU on Cisco's devices. So, WCCP is preferrable against
+    uses less CPU on Cisco's devices. So, WCCP is preferable against
     route-map. Also note, l2 redirection has hardware support and less
     overhead, than gre, which has only software processing (on CPU).
 

docs/ConfigExamples/Intercept/DebianWithRedirectorAndReporting.md

@@ -142,7 +142,7 @@ After editing the configuration file, start squid
 
 Once the Squid has started, you should be able to browse the web from
 the LAN. Note that it is the Squid that provides HTTP connection to the
-outside. If the Squid process crashes or is stopped, LAN clients won't
+outside. If the Squid process crashes or is stopped, LAN clients will not
 be able to browse the web.
 
 To see in realtime the requests served by Squid, use the command
@@ -223,7 +223,7 @@ get only safe content.
 
 (Note that Google is [gradually switching to HTTPS for all
 searches](http://support.google.com/websearch/bin/answer.py?hl=en&answer=173733).
-As Squid only handles HTTP traffic, this won't work anymore. However,
+As Squid only handles HTTP traffic, this will not work anymore. However,
 you get the idea.)
 
 [Download the latest version of Squirm

docs/ConfigExamples/Intercept/IptablesPolicyRoute.md

@@ -14,7 +14,7 @@ traffic (web in this instance) towards a Squid proxy.
 Various networks are using embedded Linux devices (such as OpenWRT) as
 gateways and wish to implement transparent caching or proxying.
 
-There's no obvious policy routing in Linux - you use iptables to mark
+There is no obvious policy routing in Linux - you use iptables to mark
 interesting traffic, iproute2 ip rules to choose an alternate routing
 table and a default route in the alternate routing table to policy route
 to the distribution.

docs/ConfigExamples/Intercept/LinuxBridge.md

@@ -21,7 +21,7 @@ implement transparent caching or content filtering.
 ## ebtables DROP vs iptables DROP
 
 In iptables which in most cases is being used to filter network traffic
-the DROP target means "packet disapear".
+the DROP target means "packet disappear".
 
 In ebtables a "-j redirect --redirect-target DROP" means "packet be gone
 from the bridge into the upper layers of the kernel such as

docs/ConfigExamples/Intercept/SslBumpExplicit.md

@@ -110,7 +110,7 @@ For example, in FireFox:
 2. Go to the 'Advanced' section, 'Encryption' tab
 3. Press the 'View Certificates' button and go to the 'Authorities' tab
 4. Press the 'Import' button, select the .der file that was created
-    previously and pres 'OK'
+    previously and press 'OK'
 
 In theory, you must either import your root certificate into browsers or
 instruct users on how to do that. Unfortunately, it is apparently a
@@ -169,7 +169,7 @@ library default "Global Trusted CA" set. This is done by
     not included (see below). Adding extra root CA in this way is your
     responsibility. Also beware, when you use OpenSSL, you need to make
     c_rehash utility before Squid can use the added certificates.
-    Beware - you can't grab any CA's you see. Check it before use\!
+    Beware - you cannot grab any CA's you see. Check it before use\!
 
 ### Missing intermediate certificates
 

docs/ConfigExamples/MultiplePortsWithWccp2.md

@@ -8,15 +8,15 @@ categories: [ConfigExample]
 ## Outline
 
 The Squid WCCPv2 implementation can intercept more than TCP port 80. The
-currrent implementation can create multiple arbitrary TCP and UDP ports.
+current implementation can create multiple arbitrary TCP and UDP ports.
 
 There are a few caveats:
 
 - Squid will have to be configured to listen on each port - the
   [wccp2_service](http://www.squid-cache.org/Doc/config/wccp2_service)
   configuration only tells WCCPv2 what to do, not Squid;
-- WCCPv2 (as far as I know) can't be told to redirect random dynamic
-  TCP sessions, only "fixed" service ports - so it can't intercept and
+- WCCPv2 (as far as I know) cannot be told to redirect random dynamic
+  TCP sessions, only "fixed" service ports - so it cannot intercept and
   cache the FTP data streams;
 - You could use Squid to advertise services which are handled by
   "other" software running on the server (for example, if you had a

docs/ConfigExamples/Reverse/ExchangeRpc.md

@@ -8,7 +8,7 @@ categories: [ConfigExample]
 Squid can be used as an accelerator and ACL filter in front of an
 exchange server exporting mail via RPC over HTTP. The RPC_IN_DATA and
 RPC_OUT_DATA methods communicate with
-_https://URL/rpc/rpcproxy.dll_, for if there's need to limit the
+_https://URL/rpc/rpcproxy.dll_, for if there is need to limit the
 access..
 
 ## Setup