rpms / 3proxy

Clone
Source Code
GIT

Blame 3proxy.cfg

el5 el6 epel7 epel8 epel8-playground f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 main rawhide
  1.   a26c67ea442a6078341319e8a2f4a66015966fa7
  2.   3proxy.cfg
Blob History Raw
5de2e38 
# Yes, 3proxy.cfg can be executable, in this case you should place
5de2e38 
# something like
5de2e38 
#config /usr/local/3proxy/3proxy.cfg
5de2e38 
# to show which configuration 3proxy should re-read on realod.
5de2e38
5de2e38 
#system "echo Hello world!"
5de2e38 
# you may use system to execute some external command if proxy starts
5de2e38
5de2e38 
# We can configure nservers to avoid unsafe gethostbyname() usage
5de2e38 
#nserver 10.1.2.1
5de2e38 
#nserver 10.2.2.2
5de2e38 
# nscache is good to save speed, traffic and bandwidth
5de2e38 
nscache 65536
5de2e38
5de2e38 
#nsrecord porno.security.nnov.ru 0.0.0.0
5de2e38 
# nobody will be able to access porno.security.nnov.ru by the name.
5de2e38 
#nsrecord wpad.security.nnov.ru www.security.nnov.ru
5de2e38 
# wpad.security.nnov.ru will resolve to www.security.nnov.ru for
5de2e38 
# clients
5de2e38
5de2e38
5de2e38 
timeouts 1 5 30 60 180 1800 15 60
5de2e38 
# Here we can change timeout values
5de2e38
5de2e38 
users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"
5de2e38 
# note that "" required, overvise $... is treated as include file name.
5de2e38 
# $1$qwer$CHFTUFGqkjue9HyhcMHEe1 is 'test' in MD5 crypt format.
5de2e38 
#users $/usr/local/etc/3proxy/passwd
5de2e38 
# this example shows you how to include passwd file. For included files
5de2e38 
# <CR> and <LF> are treated as field separators.
5de2e38
5de2e38 
daemon
5de2e38 
# now we will not depend on any console (daemonize). daemon must be given
5de2e38 
# before any significant command on *nix.
5de2e38
5de2e38 
#service
5de2e38 
# service is required under NT if you want 3proxy to start as service
5de2e38
5de2e38 
#log /usr/local/etc/3proxy/logs/3proxy.log D
5de2e38 
log /var/log/3proxy/3proxy.log
5de2e38 
# log allows to specify log file location and rotation, D means logfile
5de2e38 
# is created daily
5de2e38
5de2e38 
# in log file we want to have underscores instead of spaces
5de2e38 
logformat "- +_L%t.%.  %N.%p %E %U %C:%c %R:%r %O %I %h %T"
5de2e38 
#logformat "L%d-%m-%Y %H:%M:%S %z %N.%p %E %U %C:%c %R:%r %O %I %h %T"
5de2e38 
#logformat "Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values ('%d-%m-%Y %H:%M:%S', '%U', '%N', %I, %O, '%T')"
5de2e38
5de2e38 
archiver gz /bin/gzip %F
5de2e38 
#archiver zip zip -m -qq %A %F
5de2e38 
#archiver zip pkzipc -add -silent -move %A %F
5de2e38 
#archiver rar rar a -df -inul %A %F
5de2e38 
# if archiver specified log file will be compressed after closing.
5de2e38 
# you should specify extension, path to archiver and command line, %A will be
5de2e38 
# substituted with archive file name, %f - with original file name.
5de2e38 
# Original file will not be removed, so archiver should care about it.
5de2e38
5de2e38 
rotate 30
5de2e38 
# We will keep last 30 log files
5de2e38
5de2e38 
auth iponly
5de2e38 
#auth nbname
5de2e38 
#auth strong
5de2e38 
# auth specifies type of user authentication. If you specify none proxy
5de2e38 
# will not do anything to check name of the user. If you specify
5de2e38 
# nbname proxy will send NetBIOS name request packet to UDP/137 of
5de2e38 
# client and parse request for NetBIOS name of messanger service.
5de2e38 
# Strong means that proxy will check password. For strong authentication
5de2e38 
# unknown user will not be allowed to use proxy regardless of ACL.
5de2e38 
# If you do not want username to be checked but wanna ACL to work you should
5de2e38 
# specify auth iponly.
5de2e38
5de2e38
5de2e38 
#allow ADMINISTRATOR,root
5de2e38 
#allow * 127.0.0.1,192.168.1.1 * *
5de2e38 
#redirect 192.168.1.2 80 * * * 80
5de2e38 
#allow * 192.168.1.0/24 * 25,53,110,20-21,1024-65535
5de2e38 
# we will allow everything if username matches ADMINISTRATOR or root or
5de2e38 
# client ip is 127.0.0.1 or 192.168.1.1. Overwise we will redirect any request
5de2e38 
# to port 80 to our Web-server 192.168.0.2.
5de2e38 
# We will allow any outgoing connections from network 192.168.1.0/24 to
5de2e38 
# SMTP, POP3, FTP, DNS and unprivileged ports.
5de2e38 
# Note, that redirect may also be used with proxy or portmapper. It will
5de2e38 
# allow you to redirect requests to different ports or different server
5de2e38 
# for different clients.
5de2e38
5de2e38 
#  sharing access to internet
5de2e38
5de2e38 
#external 10.1.1.1
5de2e38 
external 0.0.0.0
5de2e38 
# external is address 3proxy uses for outgoing connections. 0.0.0.0 means any
5de2e38 
# interface. Using 0.0.0.0 is not good because it allows to connect to 127.0.0.1
5de2e38
5de2e38 
#internal 192.168.1.1
5de2e38 
internal 127.0.0.1
5de2e38 
# internal is address of interface proxy will listen for incoming requests
5de2e38 
# 127.0.0.1 means only localhost will be able to use this proxy. This is
5de2e38 
# address you should specify for clients as proxy IP.
5de2e38 
# You MAY use 0.0.0.0 but you shouldn't, because it's a chance for you to
5de2e38 
# have open proxy in your network in this case.
5de2e38
5de2e38 
auth none
5de2e38 
# no authentication is requires
5de2e38
5de2e38 
dnspr
5de2e38
5de2e38 
# dnsproxy listens on UDP/53 to answer client's DNS requests. It requires
5de2e38 
# nserver/nscache configuration.
5de2e38
5de2e38
5de2e38 
#external $./external.ip
5de2e38 
#internal $./internal.ip
5de2e38 
# this is just an alternative form fo giving external and internal address
5de2e38 
# allows you to read this addresses from files
5de2e38
5de2e38 
auth strong
5de2e38 
# We want to protect internal interface
5de2e38 
deny * * 127.0.0.1,192.168.1.1
5de2e38 
# and llow HTTP and HTTPS traffic.
5de2e38 
allow * * * 80-88,8080-8088 HTTP
5de2e38 
allow * * * 443,8443 HTTPS
5de2e38 
proxy -n
5de2e38
5de2e38 
auth none
5de2e38 
# pop3p will be used without any authentication. It's bad choice
5de2e38 
# because it's possible to use pop3p to access any port
5de2e38 
pop3p
5de2e38
5de2e38 
tcppm 25 mail.my.provider 25
5de2e38 
#udppm -s 53 ns.my.provider 53
5de2e38 
# we can portmap port TCP/25 to provider's SMTP server and UDP/53
5de2e38 
# to provider's DNS.
5de2e38 
# Now we can use our proxy as SMTP and DNS server.
5de2e38 
# -s switch for UDP means "single packet" service - instead of setting
5de2e38 
# association for period of time association will only be set for 1 packet.
5de2e38 
# It's very userfull for services like DNS but not for some massive services
5de2e38 
# like multimedia streams or online games.
5de2e38
5de2e38 
auth strong
5de2e38 
flush
5de2e38 
allow 3APA3A,test
5de2e38 
maxconn 20
5de2e38 
socks
5de2e38 
# for socks we will use password authentication and different access control -
5de2e38 
# we flush previously configured ACL list and create new one to allow users
5de2e38 
# test and 3APA3A to connect from any location
5de2e38
5de2e38
5de2e38 
auth strong
5de2e38 
flush
5de2e38 
internal 127.0.0.1
5de2e38 
allow 3APA3A 127.0.0.1
5de2e38 
maxconn 3
5de2e38 
admin
5de2e38 
#only allow acces to admin interface for user 3APA3A from 127.0.0.1 address
5de2e38 
#via 127.0.0.1 address.
5de2e38
5de2e38 
# map external 80 and 443 ports to internal Web server
5de2e38 
# examples below show how to use 3proxy to publish Web server in internal
5de2e38 
# network to Internet. We must switch internal and external addresses and
5de2e38 
# flush any ACLs
5de2e38
5de2e38 
#auth none
5de2e38 
#flush
5de2e38 
#external $./internal.ip
5de2e38 
#internal $./external.ip
5de2e38 
#maxconn 300
5de2e38 
#tcppm 80 websrv 80
5de2e38 
#tcppm 443 websrv 443
5de2e38
5de2e38
5de2e38 
#chroot /usr/local/jail
5de2e38 
#setgid 65535
5de2e38 
#setuid 65535
5de2e38 
# now we needn't any root rights. We can chroot and setgid/setuid.
5de2e38
5de2e38
5de2e38 
###$Id: 3proxy.cfg,v 1.1 2009/08/27 20:43:43 hubbitus Exp $#######
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.