net/tinyproxy/files/tinyproxy.config

   1 config tinyproxy
   2
   3 #
   4 # Enable the proxy
   5 #
   6 option enable 0
   7
   8 #
   9 # Name of the user the tinyproxy daemon should switch to after the port
  10 # has been bound.
  11 #
  12 option User nobody
  13 option Group nogroup
  14
  15 #
  16 # Port to listen on.
  17 #
  18 option Port 8888
  19
  20 #
  21 # If you have multiple interfaces this allows you to bind to only one. If
  22 # this is commented out, tinyproxy will bind to all interfaces present.
  23 #
  24 #option Listen 192.168.0.1
  25
  26 #
  27 # The Bind directive allows you to bind the outgoing connections to a
  28 # particular IP address.
  29 #
  30 #option Bind 192.168.0.1
  31
  32 #
  33 # Timeout: The number of seconds of inactivity a connection is allowed to
  34 # have before it closed by tinyproxy.
  35 #
  36 option Timeout 600
  37
  38 #
  39 # ErrorFile: Defines the HTML file to send when a given HTTP error
  40 # occurs.  You will probably need to customize the location to your
  41 # particular install.  The usual locations to check are:
  42 #   /usr/local/share/tinyproxy
  43 #   /usr/share/tinyproxy
  44 #   /etc/tinyproxy
  45 #
  46 #option ErrorFile_404 "/usr/share/tinyproxy/404.html"
  47 #option ErrorFile_400 "/usr/share/tinyproxy/400.html"
  48 #option ErrorFile_503 "/usr/share/tinyproxy/503.html"
  49 #option ErrorFile_403 "/usr/share/tinyproxy/403.html"
  50 #option ErrorFile_408 "/usr/share/tinyproxy/408.html"
  51
  52 #
  53 # DefaultErrorFile: The HTML file that gets sent if there is no
  54 # HTML file defined with an ErrorFile keyword for the HTTP error
  55 # that has occured.
  56 #
  57 option DefaultErrorFile "/usr/share/tinyproxy/default.html"
  58
  59 #
  60 # StatFile: The HTML file that gets sent when a request is made
  61 # for the stathost.  If this file doesn't exist a basic page is
  62 # hardcoded in tinyproxy.
  63 #
  64 option StatFile "/usr/share/tinyproxy/stats.html"
  65
  66 #
  67 # Where to log the information. Either LogFile or Syslog should be set,
  68 # but not both.
  69 #
  70 option Logfile "/var/log/tinyproxy.log"
  71 #option Syslog On
  72
  73 #
  74 # Set the logging level. Allowed settings are:
  75 #       Critical        (least verbose)
  76 #       Error
  77 #       Warning
  78 #       Notice
  79 #       Connect         (to log connections without Info's noise)
  80 #       Info            (most verbose)
  81 # The LogLevel logs from the set level and above. For example, if the LogLevel
  82 # was set to Warning, than all log messages from Warning to Critical would be
  83 # output, but Notice and below would be suppressed.
  84 #
  85 option LogLevel Info
  86
  87 #
  88 # Include the X-Tinyproxy header, which has the client's IP address when
  89 # connecting to the sites listed.
  90 #
  91 # list XTinyproxy mydomain.com
  92
  93 #
  94 # This is the absolute highest number of threads which will be created. In
  95 # other words, only MaxClients number of clients can be connected at the
  96 # same time.
  97 #
  98 option MaxClients 100
  99
 100 #
 101 # These settings set the upper and lower limit for the number of
 102 # spare servers which should be available. If the number of spare servers
 103 # falls below MinSpareServers then new ones will be created. If the number
 104 # of servers exceeds MaxSpareServers then the extras will be killed off.
 105 #
 106 option MinSpareServers 5
 107 option MaxSpareServers 20
 108
 109 #
 110 # Number of servers to start initially.
 111 #
 112 option StartServers 10
 113
 114 #
 115 # MaxRequestsPerChild is the number of connections a thread will handle
 116 # before it is killed. In practise this should be set to 0, which disables
 117 # thread reaping. If you do notice problems with memory leakage, then set
 118 # this to something like 10000
 119 #
 120 option MaxRequestsPerChild 0
 121
 122 #
 123 # The following is the authorization controls. If there are any access
 124 # control keywords then the default action is to DENY. Otherwise, the
 125 # default action is ALLOW.
 126 #
 127 # Also the order of the controls are important. The incoming connections
 128 # are tested against the controls based on order.
 129 #
 130 list Allow 127.0.0.1
 131 #list Allow 192.168.0.0/16
 132 #list Allow 172.16.0.0/12
 133 #list Allow 10.0.0.0/8
 134
 135 #
 136 # The "Via" header is required by the HTTP RFC, but using the real host name
 137 # is a security concern.  If the following directive is enabled, the string
 138 # supplied will be used as the host name in the Via header; otherwise, the
 139 # server's host name will be used.
 140 #
 141 option ViaProxyName "tinyproxy"
 142
 143 #
 144 # The location of the filter file.
 145 #
 146 #option Filter "/etc/tinyproxy/filter"
 147
 148 #
 149 # Filter based on URLs rather than domains.
 150 #
 151 #option FilterURLs On
 152
 153 #
 154 # Use POSIX Extended regular expressions rather than basic.
 155 #
 156 #option FilterExtended On
 157
 158 #
 159 # Use case sensitive regular expressions.
 160 #
 161 #option FilterCaseSensitive On
 162
 163 #
 164 # Change the default policy of the filtering system.  If this directive is
 165 # commented out, or is set to "No" then the default policy is to allow
 166 # everything which is not specifically denied by the filter file.
 167 #
 168 # However, by setting this directive to "Yes" the default policy becomes to
 169 # deny everything which is _not_ specifically allowed by the filter file.
 170 #
 171 #option FilterDefaultDeny Yes
 172
 173 #
 174 # If an Anonymous keyword is present, then anonymous proxying is enabled.
 175 # The headers listed are allowed through, while all others are denied. If
 176 # no Anonymous keyword is present, then all header are allowed through.
 177 # You must include quotes around the headers.
 178 #
 179 #list Anonymous "Host"
 180 #list Anonymous "Authorization"
 181
 182 #
 183 # This is a list of ports allowed by tinyproxy when the CONNECT method
 184 # is used.  To disable the CONNECT method altogether, set the value to 0.
 185 # If no ConnectPort line is found, all ports are allowed (which is not
 186 # very secure.)
 187 #
 188 # The following two ports are used by SSL.
 189 #
 190 list ConnectPort 443
 191 list ConnectPort 563
 192
 193 #
 194 # Turns on upstream proxy support.
 195 #
 196 # The upstream rules allow you to selectively route upstream connections
 197 # based on the host/domain of the site being accessed.
 198 #
 199 # For example:
 200 #  # connection to test domain goes through testproxy
 201 #
 202 #config upstream
 203 #       option type proxy
 204 #       option via testproxy:8008
 205 #       option target ".test.domain.invalid"
 206 #
 207 #config upstream
 208 #       option type proxy
 209 #       option via testproxy:8008
 210 #       option target ".our_testbed.example.com"
 211 #
 212 #config upstream
 213 #       option type proxy
 214 #       option via testproxy:8008
 215 #       option target "192.168.128.0/255.255.254.0"
 216 #
 217 #  # no upstream proxy for internal websites and unqualified hosts
 218 #
 219 #config upstream
 220 #       option type reject
 221 #       option target ".internal.example.com"
 222 #
 223 #config upstream
 224 #       option type reject
 225 #       option target "www.example.com"
 226 #
 227 #config upstream
 228 #       option type reject
 229 #       option target "10.0.0.0/8"
 230 #
 231 #config upstream
 232 #       option type reject
 233 #       option target "192.168.0.0/255.255.254.0"
 234 #
 235 #config upstream
 236 #       option type reject
 237 #       option target "."
 238 #
 239 #  # default upstream is internet firewall
 240 #
 241 #config upstream
 242 #       option type proxy
 243 #       option via firewall.internal.example.com:80
 244 #
 245 # The LAST matching rule wins the route decision.  As you can see, you
 246 # can use a host, or a domain:
 247 #  name     matches host exactly
 248 #  .name    matches any host in domain "name"
 249 #  .        matches any host with no domain (in 'empty' domain)
 250 #  IP/bits  matches network/mask
 251 #  IP/mask  matches network/mask