123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228 |
- ##
- ## tinyproxy.conf -- tinyproxy daemon configuration file
- ##
- #
- # Name of the user the tinyproxy daemon should switch to after the port
- # has been bound.
- #
- User tinyproxy
- Group tinyproxy
- #
- # Port to listen on.
- #
- Port 8888
- #
- # If you have multiple interfaces this allows you to bind to only one. If
- # this is commented out, tinyproxy will bind to all interfaces present.
- #
- #Listen 192.168.0.1
- #
- # The Bind directive allows you to bind the outgoing connections to a
- # particular IP address.
- #
- #Bind 192.168.0.1
- #
- # Timeout: The number of seconds of inactivity a connection is allowed to
- # have before it closed by tinyproxy.
- #
- Timeout 600
- #
- # ErrorFile: Defines the HTML file to send when a given HTTP error
- # occurs. You will probably need to customize the location to your
- # particular install. The usual locations to check are:
- # /usr/local/share/tinyproxy
- # /usr/share/tinyproxy
- # /etc/tinyproxy
- #
- # ErrorFile 404 "/usr/share/tinyproxy/404.html"
- # ErrorFile 400 "/usr/share/tinyproxy/400.html"
- # ErrorFile 503 "/usr/share/tinyproxy/503.html"
- # ErrorFile 403 "/usr/share/tinyproxy/403.html"
- # ErrorFile 408 "/usr/share/tinyproxy/408.html"
- #
- # DefaultErrorFile: The HTML file that gets sent if there is no
- # HTML file defined with an ErrorFile keyword for the HTTP error
- # that has occured.
- #
- DefaultErrorFile "/usr/share/tinyproxy/default.html"
- #
- # StatFile: The HTML file that gets sent when a request is made
- # for the stathost. If this file doesn't exist a basic page is
- # hardcoded in tinyproxy.
- #
- StatFile "/usr/share/tinyproxy/stats.html"
- #
- # Where to log the information. Either LogFile or Syslog should be set,
- # but not both.
- #
- Logfile "/var/log/tinyproxy.log"
- # Syslog On
- #
- # Set the logging level. Allowed settings are:
- # Critical (least verbose)
- # Error
- # Warning
- # Notice
- # Connect (to log connections without Info's noise)
- # Info (most verbose)
- # The LogLevel logs from the set level and above. For example, if the LogLevel
- # was set to Warning, than all log messages from Warning to Critical would be
- # output, but Notice and below would be suppressed.
- #
- LogLevel Critical
- #
- # PidFile: Write the PID of the main tinyproxy thread to this file so it
- # can be used for signalling purposes.
- #
- PidFile "/var/run/tinyproxy.pid"
- #
- # Include the X-Tinyproxy header, which has the client's IP address when
- # connecting to the sites listed.
- #
- #XTinyproxy mydomain.com
- #
- # Turns on upstream proxy support.
- #
- # The upstream rules allow you to selectively route upstream connections
- # based on the host/domain of the site being accessed.
- #
- # For example:
- # # connection to test domain goes through testproxy
- # upstream testproxy:8008 ".test.domain.invalid"
- # upstream testproxy:8008 ".our_testbed.example.com"
- # upstream testproxy:8008 "192.168.128.0/255.255.254.0"
- #
- # # no upstream proxy for internal websites and unqualified hosts
- # no upstream ".internal.example.com"
- # no upstream "www.example.com"
- # no upstream "10.0.0.0/8"
- # no upstream "192.168.0.0/255.255.254.0"
- # no upstream "."
- #
- # # connection to these boxes go through their DMZ firewalls
- # upstream cust1_firewall:8008 "testbed_for_cust1"
- # upstream cust2_firewall:8008 "testbed_for_cust2"
- #
- # # default upstream is internet firewall
- # upstream firewall.internal.example.com:80
- #
- # The LAST matching rule wins the route decision. As you can see, you
- # can use a host, or a domain:
- # name matches host exactly
- # .name matches any host in domain "name"
- # . matches any host with no domain (in 'empty' domain)
- # IP/bits matches network/mask
- # IP/mask matches network/mask
- #
- #Upstream some.remote.proxy:port
- #
- # This is the absolute highest number of threads which will be created. In
- # other words, only MaxClients number of clients can be connected at the
- # same time.
- #
- MaxClients 100
- #
- # These settings set the upper and lower limit for the number of
- # spare servers which should be available. If the number of spare servers
- # falls below MinSpareServers then new ones will be created. If the number
- # of servers exceeds MaxSpareServers then the extras will be killed off.
- #
- MinSpareServers 5
- MaxSpareServers 20
- #
- # Number of servers to start initially.
- #
- StartServers 10
- #
- # MaxRequestsPerChild is the number of connections a thread will handle
- # before it is killed. In practise this should be set to 0, which disables
- # thread reaping. If you do notice problems with memory leakage, then set
- # this to something like 10000
- #
- MaxRequestsPerChild 0
- #
- # The following is the authorization controls. If there are any access
- # control keywords then the default action is to DENY. Otherwise, the
- # default action is ALLOW.
- #
- # Also the order of the controls are important. The incoming connections
- # are tested against the controls based on order.
- #
- Allow 127.0.0.1
- Allow 192.168.1.0/25
- #
- # The "Via" header is required by the HTTP RFC, but using the real host name
- # is a security concern. If the following directive is enabled, the string
- # supplied will be used as the host name in the Via header; otherwise, the
- # server's host name will be used.
- #
- ViaProxyName "tinyproxy"
- #
- # The location of the filter file.
- #
- #Filter "/etc/tinyproxy/filter"
- #
- # Filter based on URLs rather than domains.
- #
- #FilterURLs On
- #
- # Use POSIX Extended regular expressions rather than basic.
- #
- #FilterExtended On
- #
- # Use case sensitive regular expressions.
- #
- #FilterCaseSensitive On
- #
- # Change the default policy of the filtering system. If this directive is
- # commented out, or is set to "No" then the default policy is to allow
- # everything which is not specifically denied by the filter file.
- #
- # However, by setting this directive to "Yes" the default policy becomes to
- # deny everything which is _not_ specifically allowed by the filter file.
- #
- #FilterDefaultDeny Yes
- #
- # If an Anonymous keyword is present, then anonymous proxying is enabled.
- # The headers listed are allowed through, while all others are denied. If
- # no Anonymous keyword is present, then all header are allowed through.
- # You must include quotes around the headers.
- #
- #Anonymous "Host"
- #Anonymous "Authorization"
- #
- # This is a list of ports allowed by tinyproxy when the CONNECT method
- # is used. To disable the CONNECT method altogether, set the value to 0.
- # If no ConnectPort line is found, all ports are allowed (which is not
- # very secure.)
- #
- # The following two ports are used by SSL.
- #
- ConnectPort 443
- ConnectPort 563
|