Gitiles
Code Review Sign In
192.168.1.100 / T108 / e958203796650e3959a43708d67534bf36f4c83b / . / external / subpack / net / tinyproxy / files / tinyproxy.config
blob: ac7b46ff0cc42e8d98549c9e55334a03ba843dfb [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame^]1config tinyproxy
2
3#
4# Enable the proxy
5#
6option enabled 0
7
8#
9# Name of the user the tinyproxy daemon should switch to after the port
10# has been bound.
11#
12option User nobody
13option Group nogroup
14
15#
16# Port to listen on.
17#
18option Port 8888
19
20#
21# If you have multiple interfaces this allows you to bind to only one. If
22# this is commented out, tinyproxy will bind to all interfaces present.
23#
24#option Listen 192.168.0.1
25
26#
27# The Bind directive allows you to bind the outgoing connections to a
28# particular IP address.
29#
30#option Bind 192.168.0.1
31
32#
33# Timeout: The number of seconds of inactivity a connection is allowed to
34# have before it closed by tinyproxy.
35#
36option Timeout 600
37
38#
39# ErrorFile: Defines the HTML file to send when a given HTTP error
40# occurs. You will probably need to customize the location to your
41# particular install. The usual locations to check are:
42# /usr/local/share/tinyproxy
43# /usr/share/tinyproxy
44# /etc/tinyproxy
45#
46#option ErrorFile_404 "/usr/share/tinyproxy/404.html"
47#option ErrorFile_400 "/usr/share/tinyproxy/400.html"
48#option ErrorFile_503 "/usr/share/tinyproxy/503.html"
49#option ErrorFile_403 "/usr/share/tinyproxy/403.html"
50#option ErrorFile_408 "/usr/share/tinyproxy/408.html"
51
52#
53# DefaultErrorFile: The HTML file that gets sent if there is no
54# HTML file defined with an ErrorFile keyword for the HTTP error
55# that has occurred.
56#
57option DefaultErrorFile "/usr/share/tinyproxy/default.html"
58
59#
60# StatFile: The HTML file that gets sent when a request is made
61# for the stathost. If this file doesn't exist a basic page is
62# hardcoded in tinyproxy.
63#
64option StatFile "/usr/share/tinyproxy/stats.html"
65
66#
67# Where to log the information. Either LogFile or Syslog should be set,
68# but not both.
69#
70option LogFile "/var/log/tinyproxy.log"
71#option Syslog 1
72
73#
74# Set the logging level. Allowed settings are:
75# Critical (least verbose)
76# Error
77# Warning
78# Notice
79# Connect (to log connections without Info's noise)
80# Info (most verbose)
81# The LogLevel logs from the set level and above. For example, if the LogLevel
82# was set to Warning, than all log messages from Warning to Critical would be
83# output, but Notice and below would be suppressed.
84#
85option LogLevel Info
86
87#
88# Include the X-Tinyproxy header, which has the client's IP address when
89# connecting to the sites listed.
90#
91# list XTinyproxy mydomain.com
92
93#
94# This is the absolute highest number of threads which will be created. In
95# other words, only MaxClients number of clients can be connected at the
96# same time.
97#
98option MaxClients 100
99
100#
101# These settings set the upper and lower limit for the number of
102# spare servers which should be available. If the number of spare servers
103# falls below MinSpareServers then new ones will be created. If the number
104# of servers exceeds MaxSpareServers then the extras will be killed off.
105#
106option MinSpareServers 5
107option MaxSpareServers 20
108
109#
110# Number of servers to start initially.
111#
112option StartServers 10
113
114#
115# MaxRequestsPerChild is the number of connections a thread will handle
116# before it is killed. In practise this should be set to 0, which disables
117# thread reaping. If you do notice problems with memory leakage, then set
118# this to something like 10000
119#
120option MaxRequestsPerChild 0
121
122#
123# The following is the authorization controls. If there are any access
124# control keywords then the default action is to DENY. Otherwise, the
125# default action is ALLOW.
126#
127# Also the order of the controls are important. The incoming connections
128# are tested against the controls based on order.
129#
130list Allow 127.0.0.1
131#list Allow 192.168.0.0/16
132#list Allow 172.16.0.0/12
133#list Allow 10.0.0.0/8
134
135#
136# The "Via" header is required by the HTTP RFC, but using the real host name
137# is a security concern. If the following directive is enabled, the string
138# supplied will be used as the host name in the Via header; otherwise, the
139# server's host name will be used.
140#
141option ViaProxyName "tinyproxy"
142
143#
144# The location of the filter file.
145#
146#option Filter "/etc/tinyproxy/filter"
147
148#
149# Filter based on URLs rather than domains.
150#
151#option FilterURLs 1
152
153#
154# Use POSIX Extended regular expressions rather than basic.
155#
156#option FilterExtended 1
157
158#
159# Use case sensitive regular expressions.
160#
161#option FilterCaseSensitive 1
162
163#
164# Change the default policy of the filtering system. If this directive is
165# commented out, or is set to "0" then the default policy is to allow
166# everything which is not specifically denied by the filter file.
167#
168# However, by setting this directive to "1" the default policy becomes to
169# deny everything which is _not_ specifically allowed by the filter file.
170#
171#option FilterDefaultDeny 1
172
173#
174# If an Anonymous keyword is present, then anonymous proxying is enabled.
175# The headers listed are allowed through, while all others are denied. If
176# no Anonymous keyword is present, then all header are allowed through.
177# You must include quotes around the headers.
178#
179#list Anonymous "Host"
180#list Anonymous "Authorization"
181
182#
183# This is a list of ports allowed by tinyproxy when the CONNECT method
184# is used. To disable the CONNECT method altogether, set the value to 0.
185# If no ConnectPort line is found, all ports are allowed (which is not
186# very secure.)
187#
188# The following two ports are used by SSL.
189#
190list ConnectPort 443
191list ConnectPort 563
192
193#
194# Turns on upstream proxy support.
195#
196# The upstream rules allow you to selectively route upstream connections
197# based on the host/domain of the site being accessed.
198#
199# For example:
200# # connection to test domain goes through testproxy
201#
202#config upstream
203# option type proxy
204# option via testproxy:8008
205# option target ".test.domain.invalid"
206#
207#config upstream
208# option type proxy
209# option via testproxy:8008
210# option target ".our_testbed.example.com"
211#
212#config upstream
213# option type proxy
214# option via testproxy:8008
215# option target "192.168.128.0/255.255.254.0"
216#
217# # no upstream proxy for internal websites and unqualified hosts
218#
219#config upstream
220# option type reject
221# option target ".internal.example.com"
222#
223#config upstream
224# option type reject
225# option target "www.example.com"
226#
227#config upstream
228# option type reject
229# option target "10.0.0.0/8"
230#
231#config upstream
232# option type reject
233# option target "192.168.0.0/255.255.254.0"
234#
235#config upstream
236# option type reject
237# option target "."
238#
239# # default upstream is internet firewall
240#
241#config upstream
242# option type proxy
243# option via firewall.internal.example.com:80
244#
245# The LAST matching rule wins the route decision. As you can see, you
246# can use a host, or a domain:
247# name matches host exactly
248# .name matches any host in domain "name"
249# . matches any host with no domain (in 'empty' domain)
250# IP/bits matches network/mask
251# IP/mask matches network/mask