1 | ##
|
---|
2 | ## tinyproxy.conf -- tinyproxy daemon configuration file
|
---|
3 | ##
|
---|
4 |
|
---|
5 | #
|
---|
6 | # Name of the user the tinyproxy daemon should switch to after the port
|
---|
7 | # has been bound.
|
---|
8 | #
|
---|
9 | User nobody
|
---|
10 | Group nogroup
|
---|
11 |
|
---|
12 | #
|
---|
13 | # Port to listen on.
|
---|
14 | #
|
---|
15 | Port 3128
|
---|
16 |
|
---|
17 | #
|
---|
18 | # If you have multiple interfaces this allows you to bind to only one. If
|
---|
19 | # this is commented out, tinyproxy will bind to all interfaces present.
|
---|
20 | #
|
---|
21 | #Listen 192.168.0.1
|
---|
22 | Listen 0.0.0.0
|
---|
23 | #
|
---|
24 | # The Bind directive allows you to bind the outgoing connections to a
|
---|
25 | # particular IP address.
|
---|
26 | #
|
---|
27 | #Bind 192.168.0.1
|
---|
28 |
|
---|
29 | #
|
---|
30 | # Timeout: The number of seconds of inactivity a connection is allowed to
|
---|
31 | # have before it closed by tinyproxy.
|
---|
32 | #
|
---|
33 | Timeout 600
|
---|
34 |
|
---|
35 | #
|
---|
36 | # ErrorFile: Defines the HTML file to send when a given HTTP error
|
---|
37 | # occurs. You will probably need to customize the location to your
|
---|
38 | # particular install. The usual locations to check are:
|
---|
39 | # /usr/local/share/tinyproxy
|
---|
40 | # /usr/local/share/tinyproxy
|
---|
41 | # /etc/tinyproxy
|
---|
42 | #
|
---|
43 | # ErrorFile 404 "/usr/local/share/tinyproxy/404.html"
|
---|
44 | # ErrorFile 400 "/usr/local/share/tinyproxy/400.html"
|
---|
45 | # ErrorFile 503 "/usr/local/share/tinyproxy/503.html"
|
---|
46 | # ErrorFile 403 "/usr/local/share/tinyproxy/403.html"
|
---|
47 | # ErrorFile 408 "/usr/local/share/tinyproxy/408.html"
|
---|
48 |
|
---|
49 | #
|
---|
50 | # DefaultErrorFile: The HTML file that gets sent if there is no
|
---|
51 | # HTML file defined with an ErrorFile keyword for the HTTP error
|
---|
52 | # that has occured.
|
---|
53 | #
|
---|
54 | DefaultErrorFile "/usr/local/share/tinyproxy/default.html"
|
---|
55 |
|
---|
56 | #
|
---|
57 | # StatFile: The HTML file that gets sent when a request is made
|
---|
58 | # for the stathost. If this file doesn't exist a basic page is
|
---|
59 | # hardcoded in tinyproxy.
|
---|
60 | #
|
---|
61 | StatFile "/usr/local/share/tinyproxy/stats.html"
|
---|
62 |
|
---|
63 | #
|
---|
64 | # Where to log the information. Either LogFile or Syslog should be set,
|
---|
65 | # but not both.
|
---|
66 | #
|
---|
67 | #Logfile "/var/log/tinyproxy.log"
|
---|
68 | Syslog On
|
---|
69 |
|
---|
70 | #
|
---|
71 | # Set the logging level. Allowed settings are:
|
---|
72 | # Critical (least verbose)
|
---|
73 | # Error
|
---|
74 | # Warning
|
---|
75 | # Notice
|
---|
76 | # Connect (to log connections without Info's noise)
|
---|
77 | # Info (most verbose)
|
---|
78 | # The LogLevel logs from the set level and above. For example, if the LogLevel
|
---|
79 | # was set to Warning, than all log messages from Warning to Critical would be
|
---|
80 | # output, but Notice and below would be suppressed.
|
---|
81 | #
|
---|
82 | LogLevel Connect
|
---|
83 |
|
---|
84 | #
|
---|
85 | # PidFile: Write the PID of the main tinyproxy thread to this file so it
|
---|
86 | # can be used for signalling purposes.
|
---|
87 | #
|
---|
88 | PidFile "/var/run/tinyproxy.pid"
|
---|
89 |
|
---|
90 | #
|
---|
91 | # Include the X-Tinyproxy header, which has the client's IP address when
|
---|
92 | # connecting to the sites listed.
|
---|
93 | #
|
---|
94 | #XTinyproxy mydomain.com
|
---|
95 |
|
---|
96 | #
|
---|
97 | # Turns on upstream proxy support.
|
---|
98 | #
|
---|
99 | # The upstream rules allow you to selectively route upstream connections
|
---|
100 | # based on the host/domain of the site being accessed.
|
---|
101 | #
|
---|
102 | # For example:
|
---|
103 | # # connection to test domain goes through testproxy
|
---|
104 | # upstream testproxy:8008 ".test.domain.invalid"
|
---|
105 | # upstream testproxy:8008 ".our_testbed.example.com"
|
---|
106 | # upstream testproxy:8008 "192.168.128.0/255.255.254.0"
|
---|
107 | #
|
---|
108 | # # no upstream proxy for internal websites and unqualified hosts
|
---|
109 | # no upstream ".internal.example.com"
|
---|
110 | # no upstream "www.example.com"
|
---|
111 | # no upstream "10.0.0.0/8"
|
---|
112 | # no upstream "192.168.0.0/255.255.254.0"
|
---|
113 | # no upstream "."
|
---|
114 | #
|
---|
115 | # # connection to these boxes go through their DMZ firewalls
|
---|
116 | # upstream cust1_firewall:8008 "testbed_for_cust1"
|
---|
117 | # upstream cust2_firewall:8008 "testbed_for_cust2"
|
---|
118 | #
|
---|
119 | # # default upstream is internet firewall
|
---|
120 | # upstream firewall.internal.example.com:80
|
---|
121 | #
|
---|
122 | # The LAST matching rule wins the route decision. As you can see, you
|
---|
123 | # can use a host, or a domain:
|
---|
124 | # name matches host exactly
|
---|
125 | # .name matches any host in domain "name"
|
---|
126 | # . matches any host with no domain (in 'empty' domain)
|
---|
127 | # IP/bits matches network/mask
|
---|
128 | # IP/mask matches network/mask
|
---|
129 | #
|
---|
130 | #Upstream some.remote.proxy:port
|
---|
131 |
|
---|
132 | #
|
---|
133 | # This is the absolute highest number of threads which will be created. In
|
---|
134 | # other words, only MaxClients number of clients can be connected at the
|
---|
135 | # same time.
|
---|
136 | #
|
---|
137 | MaxClients 100
|
---|
138 |
|
---|
139 | #
|
---|
140 | # These settings set the upper and lower limit for the number of
|
---|
141 | # spare servers which should be available. If the number of spare servers
|
---|
142 | # falls below MinSpareServers then new ones will be created. If the number
|
---|
143 | # of servers exceeds MaxSpareServers then the extras will be killed off.
|
---|
144 | #
|
---|
145 | MinSpareServers 0
|
---|
146 | MaxSpareServers 5
|
---|
147 |
|
---|
148 | #
|
---|
149 | # Number of servers to start initially.
|
---|
150 | #
|
---|
151 | StartServers 2
|
---|
152 |
|
---|
153 | #
|
---|
154 | # MaxRequestsPerChild is the number of connections a thread will handle
|
---|
155 | # before it is killed. In practise this should be set to 0, which disables
|
---|
156 | # thread reaping. If you do notice problems with memory leakage, then set
|
---|
157 | # this to something like 10000
|
---|
158 | #
|
---|
159 | MaxRequestsPerChild 0
|
---|
160 |
|
---|
161 | #
|
---|
162 | # The following is the authorization controls. If there are any access
|
---|
163 | # control keywords then the default action is to DENY. Otherwise, the
|
---|
164 | # default action is ALLOW.
|
---|
165 | #
|
---|
166 | # Also the order of the controls are important. The incoming connections
|
---|
167 | # are tested against the controls based on order.
|
---|
168 | #
|
---|
169 | Allow 127.0.0.1
|
---|
170 | Allow 172.16.0.0/12
|
---|
171 |
|
---|
172 | #
|
---|
173 | # The "Via" header is required by the HTTP RFC, but using the real host name
|
---|
174 | # is a security concern. If the following directive is enabled, the string
|
---|
175 | # supplied will be used as the host name in the Via header; otherwise, the
|
---|
176 | # server's host name will be used.
|
---|
177 | #
|
---|
178 | #ViaProxyName "tinyproxy"
|
---|
179 |
|
---|
180 | #
|
---|
181 | # The location of the filter file.
|
---|
182 | #
|
---|
183 | Filter "/usr/local/etc/tinyproxy.filter"
|
---|
184 |
|
---|
185 | #
|
---|
186 | # Filter based on URLs rather than domains.
|
---|
187 | #
|
---|
188 | #FilterURLs On
|
---|
189 |
|
---|
190 | #
|
---|
191 | # Use POSIX Extended regular expressions rather than basic.
|
---|
192 | #
|
---|
193 | #FilterExtended On
|
---|
194 |
|
---|
195 | #
|
---|
196 | # Use case sensitive regular expressions.
|
---|
197 | #
|
---|
198 | #FilterCaseSensitive On
|
---|
199 |
|
---|
200 | #
|
---|
201 | # Change the default policy of the filtering system. If this directive is
|
---|
202 | # commented out, or is set to "No" then the default policy is to allow
|
---|
203 | # everything which is not specifically denied by the filter file.
|
---|
204 | #
|
---|
205 | # However, by setting this directive to "Yes" the default policy becomes to
|
---|
206 | # deny everything which is _not_ specifically allowed by the filter file.
|
---|
207 | #
|
---|
208 | FilterDefaultDeny No
|
---|
209 |
|
---|
210 | #
|
---|
211 | # If an Anonymous keyword is present, then anonymous proxying is enabled.
|
---|
212 | # The headers listed are allowed through, while all others are denied. If
|
---|
213 | # no Anonymous keyword is present, then all header are allowed through.
|
---|
214 | # You must include quotes around the headers.
|
---|
215 | #
|
---|
216 | #Anonymous "Host"
|
---|
217 | #Anonymous "Authorization"
|
---|
218 |
|
---|
219 | #
|
---|
220 | # This is a list of ports allowed by tinyproxy when the CONNECT method
|
---|
221 | # is used. To disable the CONNECT method altogether, set the value to 0.
|
---|
222 | # If no ConnectPort line is found, all ports are allowed (which is not
|
---|
223 | # very secure.)
|
---|
224 | #
|
---|
225 | # The following two ports are used by SSL.
|
---|
226 | #
|
---|
227 | ConnectPort 443
|
---|
228 | #ConnectPort 563
|
---|