source: hybrid/branches/releng-10/nanobsd/files/usr/local/etc/tinyproxy.conf@ 12929

Last change on this file since 12929 was 10573, checked in by rick, 13 years ago

Typo change to listen to all.

Fixes nodefactory#127

Reported-By: huub

File size: 6.4 KB
Line 
1##
2## tinyproxy.conf -- tinyproxy daemon configuration file
3##
4
5#
6# Name of the user the tinyproxy daemon should switch to after the port
7# has been bound.
8#
9User nobody
10Group nogroup
11
12#
13# Port to listen on.
14#
15Port 3128
16
17#
18# If you have multiple interfaces this allows you to bind to only one. If
19# this is commented out, tinyproxy will bind to all interfaces present.
20#
21#Listen 192.168.0.1
22Listen 0.0.0.0
23#
24# The Bind directive allows you to bind the outgoing connections to a
25# particular IP address.
26#
27#Bind 192.168.0.1
28
29#
30# Timeout: The number of seconds of inactivity a connection is allowed to
31# have before it closed by tinyproxy.
32#
33Timeout 600
34
35#
36# ErrorFile: Defines the HTML file to send when a given HTTP error
37# occurs. You will probably need to customize the location to your
38# particular install. The usual locations to check are:
39# /usr/local/share/tinyproxy
40# /usr/local/share/tinyproxy
41# /etc/tinyproxy
42#
43# ErrorFile 404 "/usr/local/share/tinyproxy/404.html"
44# ErrorFile 400 "/usr/local/share/tinyproxy/400.html"
45# ErrorFile 503 "/usr/local/share/tinyproxy/503.html"
46# ErrorFile 403 "/usr/local/share/tinyproxy/403.html"
47# ErrorFile 408 "/usr/local/share/tinyproxy/408.html"
48
49#
50# DefaultErrorFile: The HTML file that gets sent if there is no
51# HTML file defined with an ErrorFile keyword for the HTTP error
52# that has occured.
53#
54DefaultErrorFile "/usr/local/share/tinyproxy/default.html"
55
56#
57# StatFile: The HTML file that gets sent when a request is made
58# for the stathost. If this file doesn't exist a basic page is
59# hardcoded in tinyproxy.
60#
61StatFile "/usr/local/share/tinyproxy/stats.html"
62
63#
64# Where to log the information. Either LogFile or Syslog should be set,
65# but not both.
66#
67#Logfile "/var/log/tinyproxy.log"
68Syslog On
69
70#
71# Set the logging level. Allowed settings are:
72# Critical (least verbose)
73# Error
74# Warning
75# Notice
76# Connect (to log connections without Info's noise)
77# Info (most verbose)
78# The LogLevel logs from the set level and above. For example, if the LogLevel
79# was set to Warning, than all log messages from Warning to Critical would be
80# output, but Notice and below would be suppressed.
81#
82LogLevel Connect
83
84#
85# PidFile: Write the PID of the main tinyproxy thread to this file so it
86# can be used for signalling purposes.
87#
88PidFile "/var/run/tinyproxy.pid"
89
90#
91# Include the X-Tinyproxy header, which has the client's IP address when
92# connecting to the sites listed.
93#
94#XTinyproxy mydomain.com
95
96#
97# Turns on upstream proxy support.
98#
99# The upstream rules allow you to selectively route upstream connections
100# based on the host/domain of the site being accessed.
101#
102# For example:
103# # connection to test domain goes through testproxy
104# upstream testproxy:8008 ".test.domain.invalid"
105# upstream testproxy:8008 ".our_testbed.example.com"
106# upstream testproxy:8008 "192.168.128.0/255.255.254.0"
107#
108# # no upstream proxy for internal websites and unqualified hosts
109# no upstream ".internal.example.com"
110# no upstream "www.example.com"
111# no upstream "10.0.0.0/8"
112# no upstream "192.168.0.0/255.255.254.0"
113# no upstream "."
114#
115# # connection to these boxes go through their DMZ firewalls
116# upstream cust1_firewall:8008 "testbed_for_cust1"
117# upstream cust2_firewall:8008 "testbed_for_cust2"
118#
119# # default upstream is internet firewall
120# upstream firewall.internal.example.com:80
121#
122# The LAST matching rule wins the route decision. As you can see, you
123# can use a host, or a domain:
124# name matches host exactly
125# .name matches any host in domain "name"
126# . matches any host with no domain (in 'empty' domain)
127# IP/bits matches network/mask
128# IP/mask matches network/mask
129#
130#Upstream some.remote.proxy:port
131
132#
133# This is the absolute highest number of threads which will be created. In
134# other words, only MaxClients number of clients can be connected at the
135# same time.
136#
137MaxClients 100
138
139#
140# These settings set the upper and lower limit for the number of
141# spare servers which should be available. If the number of spare servers
142# falls below MinSpareServers then new ones will be created. If the number
143# of servers exceeds MaxSpareServers then the extras will be killed off.
144#
145MinSpareServers 5
146MaxSpareServers 20
147
148#
149# Number of servers to start initially.
150#
151StartServers 10
152
153#
154# MaxRequestsPerChild is the number of connections a thread will handle
155# before it is killed. In practise this should be set to 0, which disables
156# thread reaping. If you do notice problems with memory leakage, then set
157# this to something like 10000
158#
159MaxRequestsPerChild 0
160
161#
162# The following is the authorization controls. If there are any access
163# control keywords then the default action is to DENY. Otherwise, the
164# default action is ALLOW.
165#
166# Also the order of the controls are important. The incoming connections
167# are tested against the controls based on order.
168#
169Allow 127.0.0.1
170Allow 172.16.0.0/12
171
172#
173# The "Via" header is required by the HTTP RFC, but using the real host name
174# is a security concern. If the following directive is enabled, the string
175# supplied will be used as the host name in the Via header; otherwise, the
176# server's host name will be used.
177#
178#ViaProxyName "tinyproxy"
179
180#
181# The location of the filter file.
182#
183Filter "/usr/local/etc/tinyproxy.filter"
184
185#
186# Filter based on URLs rather than domains.
187#
188#FilterURLs On
189
190#
191# Use POSIX Extended regular expressions rather than basic.
192#
193#FilterExtended On
194
195#
196# Use case sensitive regular expressions.
197#
198#FilterCaseSensitive On
199
200#
201# Change the default policy of the filtering system. If this directive is
202# commented out, or is set to "No" then the default policy is to allow
203# everything which is not specifically denied by the filter file.
204#
205# However, by setting this directive to "Yes" the default policy becomes to
206# deny everything which is _not_ specifically allowed by the filter file.
207#
208FilterDefaultDeny No
209
210#
211# If an Anonymous keyword is present, then anonymous proxying is enabled.
212# The headers listed are allowed through, while all others are denied. If
213# no Anonymous keyword is present, then all header are allowed through.
214# You must include quotes around the headers.
215#
216#Anonymous "Host"
217#Anonymous "Authorization"
218
219#
220# This is a list of ports allowed by tinyproxy when the CONNECT method
221# is used. To disable the CONNECT method altogether, set the value to 0.
222# If no ConnectPort line is found, all ports are allowed (which is not
223# very secure.)
224#
225# The following two ports are used by SSL.
226#
227ConnectPort 443
228#ConnectPort 563
Note: See TracBrowser for help on using the repository browser.