| 1 | ##
|
|---|
| 2 | ## tinyproxy.conf -- tinyproxy daemon configuration file
|
|---|
| 3 | ##
|
|---|
| 4 |
|
|---|
| 5 | #
|
|---|
| 6 | # Name of the user the tinyproxy daemon should switch to after the port
|
|---|
| 7 | # has been bound.
|
|---|
| 8 | #
|
|---|
| 9 | User nobody
|
|---|
| 10 | Group nogroup
|
|---|
| 11 |
|
|---|
| 12 | #
|
|---|
| 13 | # Port to listen on.
|
|---|
| 14 | #
|
|---|
| 15 | Port 3128
|
|---|
| 16 |
|
|---|
| 17 | #
|
|---|
| 18 | # If you have multiple interfaces this allows you to bind to only one. If
|
|---|
| 19 | # this is commented out, tinyproxy will bind to all interfaces present.
|
|---|
| 20 | #
|
|---|
| 21 | #Listen 192.168.0.1
|
|---|
| 22 | Listen 0.0.0.0
|
|---|
| 23 | #
|
|---|
| 24 | # The Bind directive allows you to bind the outgoing connections to a
|
|---|
| 25 | # particular IP address.
|
|---|
| 26 | #
|
|---|
| 27 | #Bind 192.168.0.1
|
|---|
| 28 |
|
|---|
| 29 | #
|
|---|
| 30 | # Timeout: The number of seconds of inactivity a connection is allowed to
|
|---|
| 31 | # have before it closed by tinyproxy.
|
|---|
| 32 | #
|
|---|
| 33 | Timeout 600
|
|---|
| 34 |
|
|---|
| 35 | #
|
|---|
| 36 | # ErrorFile: Defines the HTML file to send when a given HTTP error
|
|---|
| 37 | # occurs. You will probably need to customize the location to your
|
|---|
| 38 | # particular install. The usual locations to check are:
|
|---|
| 39 | # /usr/local/share/tinyproxy
|
|---|
| 40 | # /usr/local/share/tinyproxy
|
|---|
| 41 | # /etc/tinyproxy
|
|---|
| 42 | #
|
|---|
| 43 | # ErrorFile 404 "/usr/local/share/tinyproxy/404.html"
|
|---|
| 44 | # ErrorFile 400 "/usr/local/share/tinyproxy/400.html"
|
|---|
| 45 | # ErrorFile 503 "/usr/local/share/tinyproxy/503.html"
|
|---|
| 46 | # ErrorFile 403 "/usr/local/share/tinyproxy/403.html"
|
|---|
| 47 | # ErrorFile 408 "/usr/local/share/tinyproxy/408.html"
|
|---|
| 48 |
|
|---|
| 49 | #
|
|---|
| 50 | # DefaultErrorFile: The HTML file that gets sent if there is no
|
|---|
| 51 | # HTML file defined with an ErrorFile keyword for the HTTP error
|
|---|
| 52 | # that has occured.
|
|---|
| 53 | #
|
|---|
| 54 | DefaultErrorFile "/usr/local/share/tinyproxy/default.html"
|
|---|
| 55 |
|
|---|
| 56 | #
|
|---|
| 57 | # StatFile: The HTML file that gets sent when a request is made
|
|---|
| 58 | # for the stathost. If this file doesn't exist a basic page is
|
|---|
| 59 | # hardcoded in tinyproxy.
|
|---|
| 60 | #
|
|---|
| 61 | StatFile "/usr/local/share/tinyproxy/stats.html"
|
|---|
| 62 |
|
|---|
| 63 | #
|
|---|
| 64 | # Where to log the information. Either LogFile or Syslog should be set,
|
|---|
| 65 | # but not both.
|
|---|
| 66 | #
|
|---|
| 67 | #Logfile "/var/log/tinyproxy.log"
|
|---|
| 68 | Syslog On
|
|---|
| 69 |
|
|---|
| 70 | #
|
|---|
| 71 | # Set the logging level. Allowed settings are:
|
|---|
| 72 | # Critical (least verbose)
|
|---|
| 73 | # Error
|
|---|
| 74 | # Warning
|
|---|
| 75 | # Notice
|
|---|
| 76 | # Connect (to log connections without Info's noise)
|
|---|
| 77 | # Info (most verbose)
|
|---|
| 78 | # The LogLevel logs from the set level and above. For example, if the LogLevel
|
|---|
| 79 | # was set to Warning, than all log messages from Warning to Critical would be
|
|---|
| 80 | # output, but Notice and below would be suppressed.
|
|---|
| 81 | #
|
|---|
| 82 | LogLevel Connect
|
|---|
| 83 |
|
|---|
| 84 | #
|
|---|
| 85 | # PidFile: Write the PID of the main tinyproxy thread to this file so it
|
|---|
| 86 | # can be used for signalling purposes.
|
|---|
| 87 | #
|
|---|
| 88 | PidFile "/var/run/tinyproxy.pid"
|
|---|
| 89 |
|
|---|
| 90 | #
|
|---|
| 91 | # Include the X-Tinyproxy header, which has the client's IP address when
|
|---|
| 92 | # connecting to the sites listed.
|
|---|
| 93 | #
|
|---|
| 94 | #XTinyproxy mydomain.com
|
|---|
| 95 |
|
|---|
| 96 | #
|
|---|
| 97 | # Turns on upstream proxy support.
|
|---|
| 98 | #
|
|---|
| 99 | # The upstream rules allow you to selectively route upstream connections
|
|---|
| 100 | # based on the host/domain of the site being accessed.
|
|---|
| 101 | #
|
|---|
| 102 | # For example:
|
|---|
| 103 | # # connection to test domain goes through testproxy
|
|---|
| 104 | # upstream testproxy:8008 ".test.domain.invalid"
|
|---|
| 105 | # upstream testproxy:8008 ".our_testbed.example.com"
|
|---|
| 106 | # upstream testproxy:8008 "192.168.128.0/255.255.254.0"
|
|---|
| 107 | #
|
|---|
| 108 | # # no upstream proxy for internal websites and unqualified hosts
|
|---|
| 109 | # no upstream ".internal.example.com"
|
|---|
| 110 | # no upstream "www.example.com"
|
|---|
| 111 | # no upstream "10.0.0.0/8"
|
|---|
| 112 | # no upstream "192.168.0.0/255.255.254.0"
|
|---|
| 113 | # no upstream "."
|
|---|
| 114 | #
|
|---|
| 115 | # # connection to these boxes go through their DMZ firewalls
|
|---|
| 116 | # upstream cust1_firewall:8008 "testbed_for_cust1"
|
|---|
| 117 | # upstream cust2_firewall:8008 "testbed_for_cust2"
|
|---|
| 118 | #
|
|---|
| 119 | # # default upstream is internet firewall
|
|---|
| 120 | # upstream firewall.internal.example.com:80
|
|---|
| 121 | #
|
|---|
| 122 | # The LAST matching rule wins the route decision. As you can see, you
|
|---|
| 123 | # can use a host, or a domain:
|
|---|
| 124 | # name matches host exactly
|
|---|
| 125 | # .name matches any host in domain "name"
|
|---|
| 126 | # . matches any host with no domain (in 'empty' domain)
|
|---|
| 127 | # IP/bits matches network/mask
|
|---|
| 128 | # IP/mask matches network/mask
|
|---|
| 129 | #
|
|---|
| 130 | #Upstream some.remote.proxy:port
|
|---|
| 131 |
|
|---|
| 132 | #
|
|---|
| 133 | # This is the absolute highest number of threads which will be created. In
|
|---|
| 134 | # other words, only MaxClients number of clients can be connected at the
|
|---|
| 135 | # same time.
|
|---|
| 136 | #
|
|---|
| 137 | MaxClients 100
|
|---|
| 138 |
|
|---|
| 139 | #
|
|---|
| 140 | # These settings set the upper and lower limit for the number of
|
|---|
| 141 | # spare servers which should be available. If the number of spare servers
|
|---|
| 142 | # falls below MinSpareServers then new ones will be created. If the number
|
|---|
| 143 | # of servers exceeds MaxSpareServers then the extras will be killed off.
|
|---|
| 144 | #
|
|---|
| 145 | MinSpareServers 5
|
|---|
| 146 | MaxSpareServers 20
|
|---|
| 147 |
|
|---|
| 148 | #
|
|---|
| 149 | # Number of servers to start initially.
|
|---|
| 150 | #
|
|---|
| 151 | StartServers 10
|
|---|
| 152 |
|
|---|
| 153 | #
|
|---|
| 154 | # MaxRequestsPerChild is the number of connections a thread will handle
|
|---|
| 155 | # before it is killed. In practise this should be set to 0, which disables
|
|---|
| 156 | # thread reaping. If you do notice problems with memory leakage, then set
|
|---|
| 157 | # this to something like 10000
|
|---|
| 158 | #
|
|---|
| 159 | MaxRequestsPerChild 0
|
|---|
| 160 |
|
|---|
| 161 | #
|
|---|
| 162 | # The following is the authorization controls. If there are any access
|
|---|
| 163 | # control keywords then the default action is to DENY. Otherwise, the
|
|---|
| 164 | # default action is ALLOW.
|
|---|
| 165 | #
|
|---|
| 166 | # Also the order of the controls are important. The incoming connections
|
|---|
| 167 | # are tested against the controls based on order.
|
|---|
| 168 | #
|
|---|
| 169 | Allow 127.0.0.1
|
|---|
| 170 | Allow 172.16.0.0/12
|
|---|
| 171 |
|
|---|
| 172 | #
|
|---|
| 173 | # The "Via" header is required by the HTTP RFC, but using the real host name
|
|---|
| 174 | # is a security concern. If the following directive is enabled, the string
|
|---|
| 175 | # supplied will be used as the host name in the Via header; otherwise, the
|
|---|
| 176 | # server's host name will be used.
|
|---|
| 177 | #
|
|---|
| 178 | #ViaProxyName "tinyproxy"
|
|---|
| 179 |
|
|---|
| 180 | #
|
|---|
| 181 | # The location of the filter file.
|
|---|
| 182 | #
|
|---|
| 183 | Filter "/usr/local/etc/tinyproxy.filter"
|
|---|
| 184 |
|
|---|
| 185 | #
|
|---|
| 186 | # Filter based on URLs rather than domains.
|
|---|
| 187 | #
|
|---|
| 188 | #FilterURLs On
|
|---|
| 189 |
|
|---|
| 190 | #
|
|---|
| 191 | # Use POSIX Extended regular expressions rather than basic.
|
|---|
| 192 | #
|
|---|
| 193 | #FilterExtended On
|
|---|
| 194 |
|
|---|
| 195 | #
|
|---|
| 196 | # Use case sensitive regular expressions.
|
|---|
| 197 | #
|
|---|
| 198 | #FilterCaseSensitive On
|
|---|
| 199 |
|
|---|
| 200 | #
|
|---|
| 201 | # Change the default policy of the filtering system. If this directive is
|
|---|
| 202 | # commented out, or is set to "No" then the default policy is to allow
|
|---|
| 203 | # everything which is not specifically denied by the filter file.
|
|---|
| 204 | #
|
|---|
| 205 | # However, by setting this directive to "Yes" the default policy becomes to
|
|---|
| 206 | # deny everything which is _not_ specifically allowed by the filter file.
|
|---|
| 207 | #
|
|---|
| 208 | FilterDefaultDeny No
|
|---|
| 209 |
|
|---|
| 210 | #
|
|---|
| 211 | # If an Anonymous keyword is present, then anonymous proxying is enabled.
|
|---|
| 212 | # The headers listed are allowed through, while all others are denied. If
|
|---|
| 213 | # no Anonymous keyword is present, then all header are allowed through.
|
|---|
| 214 | # You must include quotes around the headers.
|
|---|
| 215 | #
|
|---|
| 216 | #Anonymous "Host"
|
|---|
| 217 | #Anonymous "Authorization"
|
|---|
| 218 |
|
|---|
| 219 | #
|
|---|
| 220 | # This is a list of ports allowed by tinyproxy when the CONNECT method
|
|---|
| 221 | # is used. To disable the CONNECT method altogether, set the value to 0.
|
|---|
| 222 | # If no ConnectPort line is found, all ports are allowed (which is not
|
|---|
| 223 | # very secure.)
|
|---|
| 224 | #
|
|---|
| 225 | # The following two ports are used by SSL.
|
|---|
| 226 | #
|
|---|
| 227 | ConnectPort 443
|
|---|
| 228 | #ConnectPort 563
|
|---|
