You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

251 lines
6.6 KiB

  1. config tinyproxy
  2. #
  3. # Enable the proxy
  4. #
  5. option enabled 0
  6. #
  7. # Name of the user the tinyproxy daemon should switch to after the port
  8. # has been bound.
  9. #
  10. option User nobody
  11. option Group nogroup
  12. #
  13. # Port to listen on.
  14. #
  15. option Port 8888
  16. #
  17. # If you have multiple interfaces this allows you to bind to only one. If
  18. # this is commented out, tinyproxy will bind to all interfaces present.
  19. #
  20. #option Listen 192.168.0.1
  21. #
  22. # The Bind directive allows you to bind the outgoing connections to a
  23. # particular IP address.
  24. #
  25. #option Bind 192.168.0.1
  26. #
  27. # Timeout: The number of seconds of inactivity a connection is allowed to
  28. # have before it closed by tinyproxy.
  29. #
  30. option Timeout 600
  31. #
  32. # ErrorFile: Defines the HTML file to send when a given HTTP error
  33. # occurs. You will probably need to customize the location to your
  34. # particular install. The usual locations to check are:
  35. # /usr/local/share/tinyproxy
  36. # /usr/share/tinyproxy
  37. # /etc/tinyproxy
  38. #
  39. #option ErrorFile_404 "/usr/share/tinyproxy/404.html"
  40. #option ErrorFile_400 "/usr/share/tinyproxy/400.html"
  41. #option ErrorFile_503 "/usr/share/tinyproxy/503.html"
  42. #option ErrorFile_403 "/usr/share/tinyproxy/403.html"
  43. #option ErrorFile_408 "/usr/share/tinyproxy/408.html"
  44. #
  45. # DefaultErrorFile: The HTML file that gets sent if there is no
  46. # HTML file defined with an ErrorFile keyword for the HTTP error
  47. # that has occured.
  48. #
  49. option DefaultErrorFile "/usr/share/tinyproxy/default.html"
  50. #
  51. # StatFile: The HTML file that gets sent when a request is made
  52. # for the stathost. If this file doesn't exist a basic page is
  53. # hardcoded in tinyproxy.
  54. #
  55. option StatFile "/usr/share/tinyproxy/stats.html"
  56. #
  57. # Where to log the information. Either LogFile or Syslog should be set,
  58. # but not both.
  59. #
  60. option LogFile "/var/log/tinyproxy.log"
  61. #option Syslog 1
  62. #
  63. # Set the logging level. Allowed settings are:
  64. # Critical (least verbose)
  65. # Error
  66. # Warning
  67. # Notice
  68. # Connect (to log connections without Info's noise)
  69. # Info (most verbose)
  70. # The LogLevel logs from the set level and above. For example, if the LogLevel
  71. # was set to Warning, than all log messages from Warning to Critical would be
  72. # output, but Notice and below would be suppressed.
  73. #
  74. option LogLevel Info
  75. #
  76. # Include the X-Tinyproxy header, which has the client's IP address when
  77. # connecting to the sites listed.
  78. #
  79. # list XTinyproxy mydomain.com
  80. #
  81. # This is the absolute highest number of threads which will be created. In
  82. # other words, only MaxClients number of clients can be connected at the
  83. # same time.
  84. #
  85. option MaxClients 100
  86. #
  87. # These settings set the upper and lower limit for the number of
  88. # spare servers which should be available. If the number of spare servers
  89. # falls below MinSpareServers then new ones will be created. If the number
  90. # of servers exceeds MaxSpareServers then the extras will be killed off.
  91. #
  92. option MinSpareServers 5
  93. option MaxSpareServers 20
  94. #
  95. # Number of servers to start initially.
  96. #
  97. option StartServers 10
  98. #
  99. # MaxRequestsPerChild is the number of connections a thread will handle
  100. # before it is killed. In practise this should be set to 0, which disables
  101. # thread reaping. If you do notice problems with memory leakage, then set
  102. # this to something like 10000
  103. #
  104. option MaxRequestsPerChild 0
  105. #
  106. # The following is the authorization controls. If there are any access
  107. # control keywords then the default action is to DENY. Otherwise, the
  108. # default action is ALLOW.
  109. #
  110. # Also the order of the controls are important. The incoming connections
  111. # are tested against the controls based on order.
  112. #
  113. list Allow 127.0.0.1
  114. #list Allow 192.168.0.0/16
  115. #list Allow 172.16.0.0/12
  116. #list Allow 10.0.0.0/8
  117. #
  118. # The "Via" header is required by the HTTP RFC, but using the real host name
  119. # is a security concern. If the following directive is enabled, the string
  120. # supplied will be used as the host name in the Via header; otherwise, the
  121. # server's host name will be used.
  122. #
  123. option ViaProxyName "tinyproxy"
  124. #
  125. # The location of the filter file.
  126. #
  127. #option Filter "/etc/tinyproxy/filter"
  128. #
  129. # Filter based on URLs rather than domains.
  130. #
  131. #option FilterURLs 1
  132. #
  133. # Use POSIX Extended regular expressions rather than basic.
  134. #
  135. #option FilterExtended 1
  136. #
  137. # Use case sensitive regular expressions.
  138. #
  139. #option FilterCaseSensitive 1
  140. #
  141. # Change the default policy of the filtering system. If this directive is
  142. # commented out, or is set to "0" then the default policy is to allow
  143. # everything which is not specifically denied by the filter file.
  144. #
  145. # However, by setting this directive to "1" the default policy becomes to
  146. # deny everything which is _not_ specifically allowed by the filter file.
  147. #
  148. #option FilterDefaultDeny 1
  149. #
  150. # If an Anonymous keyword is present, then anonymous proxying is enabled.
  151. # The headers listed are allowed through, while all others are denied. If
  152. # no Anonymous keyword is present, then all header are allowed through.
  153. # You must include quotes around the headers.
  154. #
  155. #list Anonymous "Host"
  156. #list Anonymous "Authorization"
  157. #
  158. # This is a list of ports allowed by tinyproxy when the CONNECT method
  159. # is used. To disable the CONNECT method altogether, set the value to 0.
  160. # If no ConnectPort line is found, all ports are allowed (which is not
  161. # very secure.)
  162. #
  163. # The following two ports are used by SSL.
  164. #
  165. list ConnectPort 443
  166. list ConnectPort 563
  167. #
  168. # Turns on upstream proxy support.
  169. #
  170. # The upstream rules allow you to selectively route upstream connections
  171. # based on the host/domain of the site being accessed.
  172. #
  173. # For example:
  174. # # connection to test domain goes through testproxy
  175. #
  176. #config upstream
  177. # option type proxy
  178. # option via testproxy:8008
  179. # option target ".test.domain.invalid"
  180. #
  181. #config upstream
  182. # option type proxy
  183. # option via testproxy:8008
  184. # option target ".our_testbed.example.com"
  185. #
  186. #config upstream
  187. # option type proxy
  188. # option via testproxy:8008
  189. # option target "192.168.128.0/255.255.254.0"
  190. #
  191. # # no upstream proxy for internal websites and unqualified hosts
  192. #
  193. #config upstream
  194. # option type reject
  195. # option target ".internal.example.com"
  196. #
  197. #config upstream
  198. # option type reject
  199. # option target "www.example.com"
  200. #
  201. #config upstream
  202. # option type reject
  203. # option target "10.0.0.0/8"
  204. #
  205. #config upstream
  206. # option type reject
  207. # option target "192.168.0.0/255.255.254.0"
  208. #
  209. #config upstream
  210. # option type reject
  211. # option target "."
  212. #
  213. # # default upstream is internet firewall
  214. #
  215. #config upstream
  216. # option type proxy
  217. # option via firewall.internal.example.com:80
  218. #
  219. # The LAST matching rule wins the route decision. As you can see, you
  220. # can use a host, or a domain:
  221. # name matches host exactly
  222. # .name matches any host in domain "name"
  223. # . matches any host with no domain (in 'empty' domain)
  224. # IP/bits matches network/mask
  225. # IP/mask matches network/mask