You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
655 lines
17 KiB
655 lines
17 KiB
##
|
|
# nameservers. Multiple nameserver entries are allowed.
|
|
##
|
|
|
|
nameserver 127.0.0.1
|
|
|
|
##
|
|
# Ports and address to use for HTTP and ICP
|
|
##
|
|
|
|
#bind ip_addr|hostname
|
|
http_port 3128
|
|
icp_port 3130
|
|
|
|
##
|
|
## Change euid to that user
|
|
##
|
|
## WARNING: if you use userid, then you will not be able to open new sockets on
|
|
## reserved (< 1024) ports and will not be able to return to original userid.
|
|
##
|
|
userid oops
|
|
|
|
##
|
|
## Change root directory. If don't know exactly what are you doing -
|
|
## leave commented.
|
|
#chroot ???
|
|
|
|
##
|
|
# Logfile - just debug output
|
|
# When used in form 'filename [{N S}] [[un]buffered]'
|
|
# will be rotated automatically (up to N files up to S bytes in size)
|
|
##
|
|
logfile /var/log/oops/oops.log
|
|
#logfile /usr/oops/logs/oops.log { 3 1m } unbuffered
|
|
|
|
##
|
|
# Accesslog - the same as for squid. Re rotating - see note for logfile
|
|
##
|
|
accesslog /var/log/oops/oops.access
|
|
#accesslog /usr/oops/logs/access.log
|
|
|
|
##
|
|
# Pidfile. for kill -1 `cat oops.pid` and for locking.
|
|
##
|
|
pidfile /var/run/oops/oops.pid
|
|
|
|
##
|
|
# Statistics file - once per minute flush some statistics to this file
|
|
##
|
|
statistics /var/log/oops/oops_statfile
|
|
|
|
##
|
|
# icons - where to find link.gif, dir.gif, binary.gif and so on (for
|
|
# ftp lists). If omitted - name of running host will be used. But
|
|
# using explicit names is better way.
|
|
##
|
|
|
|
#icons-host ss5.paco.net
|
|
#icons-port 80
|
|
#icons-path icons
|
|
|
|
##
|
|
# When total object volume in memory grow over this (this mean
|
|
# that cachable data from network came faster then we can save on disk)
|
|
# drop objects (without attempt to save on disk).
|
|
##
|
|
mem_max 64m
|
|
|
|
##
|
|
# Hint, how much cached objects keep in memory.
|
|
# When total amount become larger then this limit - start
|
|
# swaping cachable objects to disk
|
|
##
|
|
lo_mark 8m
|
|
|
|
##
|
|
# start random early drop when number of clients reach some level.
|
|
# this can protect you against attacks and against situation when
|
|
# oops cant handle too much connections. By default - 0 (or no limits).
|
|
##
|
|
#start_red 0
|
|
|
|
##
|
|
# refuse any connection when number of already connected clients reach some
|
|
# level. By default - 0 (or no limits).
|
|
##
|
|
#refuse_at 0
|
|
|
|
##
|
|
# if document contain no Expires: then expire after (in days)
|
|
# ftp-expire-value - expire time for ftp (in days)
|
|
##
|
|
default-expire-value 7
|
|
ftp-expire-value 7
|
|
|
|
##
|
|
# Maximum expite time - doc will not keep in cache more then
|
|
# this number of days (except if defaiult-expire-value used for this documeny)
|
|
##
|
|
max-expire-value 30
|
|
|
|
##
|
|
# in which proportion time passed since last document modification
|
|
# will accounted in expire time. For example, if last-modified-factor=5
|
|
# and there was passed 10 days since document modification, then expiration
|
|
# will be setted to 2 days in future (but no nore then max-expire-value)
|
|
##
|
|
last-modified-factor 5
|
|
|
|
##
|
|
# If you want not cache replies without Last-Modified:
|
|
# uncomment next line.
|
|
##
|
|
#dont_cache_without_last_modified
|
|
|
|
# run expire every ( in hours )
|
|
##
|
|
default-expire-interval 1
|
|
|
|
##
|
|
# icp_timeout - how long to wait icp reply from peer (in ms, e.g 1000 = 1sec)
|
|
##
|
|
icp_timeout 1000
|
|
|
|
##
|
|
# start disk cache cleanup when free space will be (in %%)
|
|
# As on the very large storages 1% is large space (1% from 9G is
|
|
# 90M), then on such storages you can set both disk-low-free and
|
|
# disk-ok-free to 0. Oops will start cleanup if it have less then 256
|
|
# free blocks(1M), and stop when it reach 512 bree blocks(2M).
|
|
##
|
|
disk-low-free 3
|
|
|
|
##
|
|
# stop disk cache cleanup when free space will be (in %%)
|
|
##
|
|
disk-ok-free 5
|
|
|
|
##
|
|
# Force_http11 - turn on http/1.1 for each request to document server
|
|
# This option required if module 'vary' used.
|
|
##
|
|
force_http11
|
|
|
|
##
|
|
# Always check document freshness, even it is not stale or expired
|
|
# This force Oops behave like squid - first check cached doc, then send
|
|
##
|
|
#always_check_freshness
|
|
|
|
##
|
|
# If user-requestor aborted connection to proxy, but there was received more
|
|
# then some percent ot the document - then continue.
|
|
# default value - 75%
|
|
##
|
|
force_completion 75
|
|
|
|
##
|
|
# maximum size of the object we will cache
|
|
##
|
|
maxresident 1m
|
|
|
|
insert_x_forwarded_for yes
|
|
insert_via yes
|
|
|
|
##
|
|
# If host have several interfaces or aliases, use exactly
|
|
# this name when connecting to server:
|
|
##
|
|
#connect-from proxy.paco.net
|
|
|
|
##
|
|
# ACLs - currently: urlregex, urlpath, usercharset
|
|
# port, dstdom, dstdom_regex, src_ip, time
|
|
# each acl can be loaded from file.
|
|
##
|
|
#acl CACHEABLECGI urlregex http://www\.topping\.com\.ua/cgi-bin/pingstat\.cgi\?072199131826
|
|
#acl WWWPACO urlregex www\.paco\.net
|
|
#acl NO_RLH urlregex zipper
|
|
#acl REWRITEPORTS urlregex (www.job.ru|www.sale.ru)
|
|
#acl REWRITEHOSTS urlregex (www.asm.ru|zipper\.paco)
|
|
#acl WINUSER usercharset windows-1251
|
|
#acl DOSUSER usercharset ibm866
|
|
#acl UNIXUSER usercharset koi8-r
|
|
#acl RUS dstdom ru su
|
|
#acl UKR dstdom ua
|
|
#acl BADPORTS port [0:79],110,138,139,513,[6000:6010]
|
|
#acl BADDOMAIN dstdom baddomain1.com baddomain2.com
|
|
#acl BADDOMREGEX dstdom_regex baddomain\.((com)|(org))
|
|
#acl LOCAL_NETWORKS src_ip include:/etc/oops/acl_local_networks
|
|
#acl BADNETWORKS src_ip 192.168.10/24
|
|
#acl WORKTIME time Mon,Tue:Fri 0900:1800
|
|
#acl HTMLS content_type text/html
|
|
#acl USERS username joe
|
|
acl ADMINS src_ip 127.0.0.1
|
|
acl PURGE method PURGE
|
|
|
|
##
|
|
# acl_deny [!]ACL [!]ACL ...
|
|
# deny access for combined acl
|
|
##
|
|
acl_deny PURGE !ADMINS
|
|
|
|
##
|
|
# Never cache objects with URL, containing...
|
|
##
|
|
stop_cache ?
|
|
stop_cache cgi-bin
|
|
|
|
##
|
|
# stop_cache_acl [!]ACL [!]ACL ...
|
|
# Stop cache using ACL
|
|
##
|
|
#stop_cache_acl WWWPACO
|
|
|
|
##
|
|
# refresh_pattern ACLNAME min percent max
|
|
# 'min' and 'max' are limits between Expite time will be assigned
|
|
# Iff document have no expire: header and have Last-Modified: header
|
|
# we will use 'percent' to estimate how far in the future document will
|
|
# be expired.
|
|
##
|
|
#refresh_pattern CACHEABLECGI 20 50% 200
|
|
#refresh_pattern WWWPACO 0 0% 0
|
|
|
|
##
|
|
# bind_acl {hostname|ip} [!]ACL [!]ACL ...
|
|
# bind to given address when connecting to server
|
|
# if request match ACLNAME
|
|
##
|
|
#bind_acl outname1 RUS
|
|
#bind_acl outname2 UKR
|
|
|
|
##
|
|
# Always check document freshness, but now on acl basis.
|
|
# You can have several such lines.
|
|
## This example will force to check freshness only for html documents.
|
|
#always_check_freshness_acl HTMLS
|
|
|
|
##
|
|
# line 'parent ....' will force all connections (except to destinations
|
|
# in local-domain or local-networks) go through parent host
|
|
##
|
|
#parent proxy.paco.net 3128
|
|
|
|
##
|
|
# parent_auth login:password
|
|
# if your parent require login/password from your proxy
|
|
##
|
|
#parent_auth login:password
|
|
|
|
# ICP peer's
|
|
#peer proxy.paco.net 3128 3130 {
|
|
## ^^^ peer name ^http port ^icp port
|
|
## icp port can be 0, in which case we assume this is non-icp
|
|
## proxy. We assume that non-icp peer act like parent which
|
|
## answer MISS all th etime. If this peer refused connection
|
|
## then it goes down for 60 seconds - it doesn't take part in
|
|
## any peer-related decisions.
|
|
# sibling ;
|
|
## if this peer require login/password from your proxy
|
|
# my_auth my_login:my_password;
|
|
## we will send requests for these domains
|
|
# allow dstdomain * ;
|
|
## we will NOT send requests for these domains
|
|
# deny dstdomain * ;
|
|
## we will send only requests matched to this acl
|
|
# peer_access [!]ACL1 [!]ACL2
|
|
## if (and only if) peer is not icp-capable, then , in case of fail we
|
|
## leave failed peer alone for the down_timeout interval (in seconds).
|
|
## Then we will try again
|
|
# down_timeout 60 ;
|
|
#}
|
|
|
|
#peer proxy.gu.net 80 3130 {
|
|
# parent ;
|
|
# allow dstdomain * ;
|
|
# deny dstdomain paco.net odessa.ua ;
|
|
#}
|
|
|
|
##
|
|
# Never use "parent" when connecting to server in these domains
|
|
##
|
|
local-domain odessa.ua od.ua
|
|
local-domain odessa.net paco.net netsy.net netsy.com te.net.ua
|
|
|
|
local-networks 195.114.128/19 10/8 192.168/16
|
|
|
|
#
|
|
# Groups
|
|
#
|
|
|
|
group main {
|
|
##
|
|
# You can describe group ip adresses here, or using src_ip acl's
|
|
# with networks_acl directive.
|
|
# networks_acl always have higher preference (checked first) and
|
|
# are checked in the order of appearance.
|
|
# If host wil not fall in any networks_acl - we check in networks.
|
|
# networks are ordered by masklen - longest masks(most specific networks)
|
|
# are checked first.
|
|
##
|
|
|
|
#Next line enables redirection features and transparent proxying
|
|
redir_mods fastredir transparent;
|
|
#Change this next line to list the IP's of everyone in this group
|
|
networks 195.114.128/19 127/8 195.5.40.93/32 ;
|
|
|
|
# networks_acl LOCAL_NETWORKS !BAD_NETWORKS ;
|
|
badports [0:79],110,138,139,513,[6000:6010] ;
|
|
miss allow;
|
|
##
|
|
# denytime - when deny access to proxy server for this group
|
|
##
|
|
# denytime Sat,Sun 0642:1000
|
|
# denytime Mon,Thu:Fri,Sun 0900:2100
|
|
##
|
|
# Authentication modules for this group (seprated by space)
|
|
##
|
|
# auth_mods passwd_file;
|
|
|
|
##
|
|
# URL-Redirector (porno, ad. filtering) modules for this group (separate by
|
|
# space)
|
|
##
|
|
# redir_mods redir;
|
|
|
|
|
|
##
|
|
# limit whole group to 8Kbytes per sec
|
|
##
|
|
# bandwidth 8k;
|
|
|
|
##
|
|
# limit each host 8Kbytes per sec
|
|
##
|
|
# per_ip_bw 8k;
|
|
|
|
##
|
|
# limit connections number from each host
|
|
#
|
|
# per_ip_conn 8;
|
|
|
|
##
|
|
# limit request rate from this group (requests per second). This is crude,
|
|
# and must be used as last resort
|
|
##
|
|
# maxreqrate 100;
|
|
|
|
##
|
|
# icp acl ...
|
|
##
|
|
# icp {
|
|
# allow dstdomain * ;
|
|
# }
|
|
|
|
##
|
|
# http acl
|
|
##
|
|
http {
|
|
##
|
|
# http acls can be in form 'allow dstdomain domainname domainname ... domainname ;
|
|
# or in form 'allow dstdomain include:filename ;
|
|
# where filename - name of the file, which contain
|
|
# domainnames (one per line, # - comment line);
|
|
# the same rules for 'deny'
|
|
##
|
|
allow dstdomain * ;
|
|
}
|
|
}
|
|
|
|
group world {
|
|
networks 0/0;
|
|
badports [0:79],110,138,139,513,[6000:6010];
|
|
http {
|
|
deny dstdomain * ;
|
|
}
|
|
icp {
|
|
deny dstdomain * ;
|
|
}
|
|
}
|
|
|
|
##
|
|
# Storage section
|
|
# Change this for your own situation. Oops can work without
|
|
# storages (using only in-memory cache).
|
|
##
|
|
|
|
##
|
|
# Storage description (can be several)
|
|
# path - filename of storage. can be raw device (be carefull!)
|
|
# size - size (of storage file). Can be smthng like 100k or 200m or 4g
|
|
# Size used only durig format process (oops -z).
|
|
##
|
|
|
|
storage {
|
|
path /var/lib/oops/storage/oops_storage ;
|
|
# Size of the storage. Can be in bytes or 'auto'. Auto is
|
|
# usefull for pre-created storages or disk slices.
|
|
# NOTE: 'size auto' won't work for Linux on disk slices.
|
|
# To use large ( > 2G ) files run configure with --enable-large-files
|
|
|
|
size 100m ;
|
|
|
|
# You have to use 'offset' in the case your raw device (or slice)
|
|
# require that. For example if you use entire disk as storage
|
|
# under AIX and Soalris/Sparc - you have to skip first block
|
|
# which contain disk label (that is storage will start from
|
|
# next 512 sector.
|
|
# offset 512;
|
|
}
|
|
|
|
#storage {
|
|
# path /usr/oops/storages/oops_storage1 ;
|
|
# size 600m ;
|
|
#}
|
|
|
|
module lang {
|
|
|
|
default_charset eng
|
|
|
|
# Recode tables and other charset stuff
|
|
CharsetRecodeTable windows-1251 /etc/oops/tables/koi-win.tab
|
|
CharsetRecodeTable ISO-8859-5 /etc/oops/tables/koi-iso.tab
|
|
CharsetRecodeTable ibm866 /etc/oops/tables/koi-alt.tab
|
|
CharsetAgent windows-1251 AIR_Mosaic IWENG/1 MSIE WinMosaic (Windows (WinNT;
|
|
CharsetAgent windows-1251 (Win16; (Win95; (Win98; (16-bit) Opera/3.0
|
|
CharsetAgent ibm866 DosLynx Lynx2/OS/2
|
|
}
|
|
|
|
module err {
|
|
# error reporting module
|
|
|
|
# template
|
|
template /etc/oops/err_template.html
|
|
|
|
# Language to use when generate Error messages
|
|
lang eng
|
|
}
|
|
|
|
module passwd_file {
|
|
# password proxy-authentication module
|
|
#
|
|
# default realm, scheme and passwd file
|
|
# the only thing you really want to change is 'file' and 'template'
|
|
# you don't have to reconfigure oops if you only
|
|
# change content passwd file or template: oops authomatically
|
|
# reload file
|
|
|
|
realm oops
|
|
scheme Basic
|
|
file /etc/oops/passwd
|
|
template /etc/oops/auth_template.html
|
|
}
|
|
|
|
module passwd_pgsql {
|
|
# proxy authentication using postgresql
|
|
# "Ivan B. Yelnikov" <bahek@khspu.ru>
|
|
#
|
|
# host - host where database live,
|
|
# user,password - login and password for database access
|
|
# database - database name
|
|
# select - file with request body
|
|
# template - file with html doc which user will receive
|
|
# during authentication
|
|
scheme Basic
|
|
realm oops
|
|
host <host address/name>
|
|
user <database_user>
|
|
password <user_password>
|
|
database <database_name>
|
|
select /etc/oops/select.sql
|
|
template /etc/oops/auth_template.html
|
|
}
|
|
|
|
module passwd_mysql {
|
|
# proxy authentication usin mysql
|
|
# "Ivan B. Yelnikov" <bahek@khspu.ru>
|
|
#
|
|
# look passwd_pgsql description
|
|
#
|
|
scheme Basic
|
|
realm oops
|
|
host <host address/name>
|
|
user <database_user>
|
|
password <user_password>
|
|
database <database_name>
|
|
select /etc/oops/select.sql
|
|
template /etc/oops/auth_template.html
|
|
}
|
|
|
|
module redir {
|
|
# file - regex rules.
|
|
# each line consist of one or two fields (separated with white space)
|
|
# 1. regular expression
|
|
# 2. redirect-location
|
|
# if requested (by client) url match regex then
|
|
# if we have redirect-url then we send '302 Moved Temporary' to
|
|
# redirect-location
|
|
# if we have no redirect-location (i.e. we have no 2-nd field)
|
|
# then we send template.html (%R will be substituted by rule)
|
|
# or some default message if we have no template.
|
|
# you don't have to reconfigure oops each time
|
|
# you edit rules or template, they will be reloaded authomatically
|
|
|
|
file /etc/oops/redir_rules
|
|
template /etc/oops/redir_template.html
|
|
## mode control will redir rewrite url or send Location: header
|
|
## with new location. Values are 'rewrite' or 'bounce'
|
|
# mode rewrite
|
|
|
|
# This module can process requests which come on http_port
|
|
# and/or on different port. For example, you wish oops
|
|
# bind on two ports - 3128 and 3129, and all requests which come on
|
|
# port 3129 must pass through filters, and requests which come on port
|
|
# 3128 (common http_port) - not. Then you have to uncomment next line
|
|
# myport 3129
|
|
# which means exactly: bind oops to additional port 3129 and process
|
|
# requests which come on this port.
|
|
# myport can be in the next form:
|
|
# myport [{hostname|ip_addr}:]port
|
|
}
|
|
|
|
module oopsctl {
|
|
# path to oopsctl unix socket
|
|
socket_path /var/run/oops/oopsctl
|
|
# time to auto-refresh page (seconds)
|
|
html_refresh 300
|
|
}
|
|
|
|
##
|
|
## This module hadnle 'Vary' header - it was written to better support
|
|
## Russian Apache
|
|
##
|
|
module vary {
|
|
user-agent by_charset
|
|
accept-charset ignore
|
|
}
|
|
|
|
##
|
|
## WWW -accelerator. To use - add word accel to
|
|
## redir_mods line for
|
|
## the group 'world' description
|
|
## You will find more description of this module in supplied accel_maps file
|
|
##
|
|
#module accel {
|
|
# myport can have next form:
|
|
# myport [{hostname|ip_addr}:]port ...
|
|
# myport 80
|
|
##
|
|
# allow access to proxy through accel module.
|
|
# Deny will stop proxy through accel completely, regardless
|
|
# of any other access rules
|
|
##
|
|
# proxy_requests deny
|
|
#
|
|
##
|
|
# File with maps and other config directives
|
|
# Checked once per minute. No need to restart oops if maps changed
|
|
##
|
|
# file /etc/oops/accel_maps
|
|
#}
|
|
|
|
##
|
|
## Transparent proxy. To use - add word 'transparent' into
|
|
## redir_mods line for your group.
|
|
## in the your local (or any other) group description
|
|
##
|
|
#module transparent {
|
|
# myport can have next form:
|
|
# myport [{hostname|ip_addr}:]port ...
|
|
# myport 3128
|
|
#}
|
|
|
|
##
|
|
## %h - remote ip address
|
|
## %A - local ip address
|
|
## %d - ip address of source (peer or document server)
|
|
## %l - remote logname from identd (not suported now)
|
|
## %U - remote user (from 'Authorization' header)
|
|
## %u - remote user (from proxy-auth)
|
|
## %{format}t - time with optional {format} (for strftime)
|
|
## %t - time with standard format %d/%b/%Y:%T %Z
|
|
## %r - request line
|
|
## %s - status code
|
|
## %b - bytes received
|
|
## %{header}i - value of header in request
|
|
## %m - HIT/MISS
|
|
## %k - hierarchy (DIRECT/NONE/...)
|
|
##
|
|
## directive buffered can be followed by size of the buffer,
|
|
## like 'buffered 32000'
|
|
##
|
|
#module customlog {
|
|
# path /usr/local/oops/logs/access_custom1
|
|
# format "%h %l %u %t \"%r\" %>s %b"
|
|
# squid httpd mode log emulation
|
|
# format "%h %u %l %t \"%r\" %s %b %m:%k"
|
|
# buffered
|
|
# path /usr/local/oops/logs/access_custom2
|
|
# format "%h->%A %l %u [%t] \"%r\" %s %b \"%{User-Agent}i\""
|
|
#}
|
|
|
|
module berkeley_db {
|
|
##
|
|
# dbhome - directory where all DB indexes reside. Use full path
|
|
# this directory must exist.
|
|
# dbname - filename for index file. Use just filename (no full path)
|
|
##
|
|
|
|
dbhome /var/lib/oops/db
|
|
dbname dburl
|
|
|
|
##
|
|
# This parameter specifies internal cache size of BerkeleyDB.
|
|
# Increase this parameter for best performance (if you have a lot of memory).
|
|
# For example: db_cache_mem 64m
|
|
# Default and minimum value: 4m
|
|
#
|
|
# This memory pool is not part of memory pool, specified by mem_max parameter.
|
|
# WARNING: the amount of RAM used by oops will be increased by the value of
|
|
# this parameter.
|
|
##
|
|
#db_cache_mem 4m
|
|
|
|
}
|
|
|
|
#module gigabase_db {
|
|
# This module enable GigaBASE as database engine.
|
|
# You can use berkeley_db or gigabase_db, not both.
|
|
# Also, important notice - indexes created with different modules
|
|
# are not compatible.
|
|
# ##
|
|
# # dbhome - directory where all DB indexes reside. Use full path
|
|
# # this directory must exist.
|
|
# # dbname - filename for index file. Use just filename (no full path)
|
|
# ##
|
|
#
|
|
# dbhome /var/lib/oops/db
|
|
# dbname gdburl
|
|
#
|
|
# ##
|
|
# # This parameter specifies internal cache size of BerkeleyDB.
|
|
# # Increase this parameter for best performance (if you have a lot of memory).
|
|
# # For example: db_cache_mem 64m
|
|
# # Default and minimum value: 4m
|
|
# #
|
|
# # This memory pool is not part of memory pool, specified by mem_max parameter.
|
|
# # WARNING: the amount of RAM used by oops will be increased by the value of
|
|
# # this parameter.
|
|
# ##
|
|
# #db_cache_mem 4m
|
|
#
|
|
#}
|