#### tinyproxy.conf -- tinyproxy daemon configuration file#### This exampl

1. ##
2. ## tinyproxy.conf -- tinyproxy daemon configuration file
3. ##
4. ## This example tinyproxy.conf file contains example settings
5. ## with explanations in comments. For decriptions of all
6. ## parameters, see the tinproxy.conf(5) manual page.
7. ##
8.  
9. #
10. # User/Group: This allows you to set the user and group that will be
11. # used for tinyproxy after the initial binding to the port has been done
12. # as the root user. Either the user or group name or the UID or GID
13. # number may be used.
14. #
15. User tiny [user and group might be different in your installation]
16. Group tiny [as long as it's not root it doesn't matter, but its better to have a user and group that does not have shell access]
17.  
18. #
19. # Port: Specify the port which tinyproxy will listen on. Please note
20. # that should you choose to run on a port lower than 1024 you will need
21. # to start tinyproxy using root.
22. #
23. Port 8080 [my preference, you can set it to any other port of your choice, but don't go for a port below 1024]
24.  
25. #
26. # Listen: If you have multiple interfaces this allows you to bind to
27. # only one. If this is commented out, tinyproxy will bind to all
28. # interfaces present.
29. #
30. #Listen 192.168.0.1
31.  
32. #
33. # Bind: This allows you to specify which interface will be used for
34. # outgoing connections. This is useful for multi-home'd machines where
35. # you want all traffic to appear outgoing from one particular interface.
36. #
37. #Bind 192.168.0.1
38.  
39. #
40. # BindSame: If enabled, tinyproxy will bind the outgoing connection to the
41. # ip address of the incoming connection.
42. #
43. BindSame yes [important to set to yes, easier management of multi IP proxies]
44.  
45. #
46. # Timeout: The maximum number of seconds of inactivity a connection is
47. # allowed to have before it is closed by tinyproxy.
48. #
49. Timeout 600
50.  
51. #
52. # ErrorFile: Defines the HTML file to send when a given HTTP error
53. # occurs. You will probably need to customize the location to your
54. # particular install. The usual locations to check are:
55. # /usr/local/share/tinyproxy
56. # /usr/share/tinyproxy
57. # /etc/tinyproxy
58. #
59. #ErrorFile 404 "/var/tinyproxy/share/tinyproxy/404.html"
60. #ErrorFile 400 "/var/tinyproxy/share/tinyproxy/400.html"
61. #ErrorFile 503 "/var/tinyproxy/share/tinyproxy/503.html"
62. #ErrorFile 403 "/var/tinyproxy/share/tinyproxy/403.html"
63. #ErrorFile 408 "/var/tinyproxy/share/tinyproxy/408.html"
64.  
65. #
66. # DefaultErrorFile: The HTML file that gets sent if there is no
67. # HTML file defined with an ErrorFile keyword for the HTTP error
68. # that has occured.
69. #
70. DefaultErrorFile "/var/tinyproxy/share/tinyproxy/default.html" [might vary in your case, my installation prefix was "/var/tinyproxy" and I installed from source, you can find your installation directory from the whereis tinyproxy command]
71.  
72. #
73. # StatHost: This configures the host name or IP address that is treated
74. # as the stat host: Whenever a request for this host is received,
75. # Tinyproxy will return an internal statistics page instead of
76. # forwarding the request to that host. The default value of StatHost is
77. # tinyproxy.stats.
78. #
79. #StatHost "tinyproxy.stats"
80. #
81.  
82. #
83. # StatFile: The HTML file that gets sent when a request is made
84. # for the stathost. If this file doesn't exist a basic page is
85. # hardcoded in tinyproxy.
86. #
87. StatFile "/var/tinyproxy/share/tinyproxy/stats.html" [your file path may vary, common directories are /usr/share/tinyproxy/ and /usr/local/share/tinyproxy/]
88.  
89. #
90. # LogFile: Allows you to specify the location where information should
91. # be logged to. If you would prefer to log to syslog, then disable this
92. # and enable the Syslog directive. These directives are mutually
93. # exclusive.
94. #
95. #LogFile "/var/tinyproxy/var/log/tinyproxy.log"
96.  
97. #
98. # Syslog: Tell tinyproxy to use syslog instead of a logfile. This
99. # option must not be enabled if the Logfile directive is being used.
100. # These two directives are mutually exclusive.
101. #
102. Syslog On
103.  
104. #
105. # LogLevel:
106. #
107. # Set the logging level. Allowed settings are:
108. # Critical (least verbose)
109. # Error
110. # Warning
111. # Notice
112. # Connect (to log connections without Info's noise)
113. # Info (most verbose)
114. #
115. # The LogLevel logs from the set level and above. For example, if the
116. # LogLevel was set to Warning, then all log messages from Warning to
117. # Critical would be output, but Notice and below would be suppressed.
118. #
119. LogLevel Warning [might want to set this to info at the beginning to see all the connections, but remember to change back to warning level, otherwise your log files will be cluttered up]
120.  
121. #
122. # PidFile: Write the PID of the main tinyproxy thread to this file so it
123. # can be used for signalling purposes.
124. #
125. PidFile "/var/tinyproxy/var/run/tinyproxy.pid" [again, find your directory, most probably would be under /var/run/; you will know the pid file location by opening up the startup script in nano, it is at /etc/init.d/tinyproxy]
126.  
127. #
128. # XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
129. # contains the client's IP address.
130. #
131. XTinyproxy No
132.  
133. #
134. # Upstream:
135. #
136. # Turns on upstream proxy support.
137. #
138. # The upstream rules allow you to selectively route upstream connections
139. # based on the host/domain of the site being accessed.
140. #
141. # For example:
142. # # connection to test domain goes through testproxy
143. # upstream testproxy:8008 ".test.domain.invalid"
144. # upstream testproxy:8008 ".our_testbed.example.com"
145. # upstream testproxy:8008 "192.168.128.0/255.255.254.0"
146. #
147. # # no upstream proxy for internal websites and unqualified hosts
148. # no upstream ".internal.example.com"
149. # no upstream "www.example.com"
150. # no upstream "10.0.0.0/8"
151. # no upstream "192.168.0.0/255.255.254.0"
152. # no upstream "."
153. #
154. # # connection to these boxes go through their DMZ firewalls
155. # upstream cust1_firewall:8008 "testbed_for_cust1"
156. # upstream cust2_firewall:8008 "testbed_for_cust2"
157. #
158. # # default upstream is internet firewall
159.  
160. # # default upstream is internet firewall
161. # upstream firewall.internal.example.com:80
162. #
163. # The LAST matching rule wins the route decision. As you can see, you
164. # can use a host, or a domain:
165. # name matches host exactly
166. # .name matches any host in domain "name"
167. # . matches any host with no domain (in 'empty' domain)
168. # IP/bits matches network/mask
169. # IP/mask matches network/mask
170. #
171. #Upstream some.remote.proxy:port
172.  
173. #
174. # MaxClients: This is the absolute highest number of threads which will
175. # be created. In other words, only MaxClients number of clients can be
176. # connected at the same time.
177. #
178. MaxClients 9 [if you will be running more than 9 concurrent threads using your proxy server set this higher]
179.  
180. #
181. # MinSpareServers/MaxSpareServers: These settings set the upper and
182. # lower limit for the number of spare servers which should be available.
183. #
184. # If the number of spare servers falls below MinSpareServers then new
185. # server processes will be spawned. If the number of servers exceeds
186. # MaxSpareServers then the extras will be killed off.
187. #
188. MinSpareServers 1
189. MaxSpareServers 1
190.  
191. #
192. # StartServers: The number of servers to start initially.
193. #
194. StartServers 1
195.  
196. #
197. # MaxRequestsPerChild: The number of connections a thread will handle
198. # before it is killed. In practise this should be set to 0, which
199. # disables thread reaping. If you do notice problems with memory
200. # before it is killed. In practise this should be set to 0, which
201. # disables thread reaping. If you do notice problems with memory
202. # leakage, then set this to something like 10000.
203. #
204. MaxRequestsPerChild 0
205.  
206. #
207. # Allow: Customization of authorization controls. If there are any
208. # access control keywords then the default action is to DENY. Otherwise,
209. # the default action is ALLOW.
210. #
211. # The order of the controls are important. All incoming connections are
212. # tested against the controls based on order.
213. #
214. Allow XXX.XXX.XXX.XXX [Important: set this to your home IP address, this will complement our firewall security measure. If your firewall does not block access to your proxy port AND you don't specify any IP address here this will be an open proxy i.e. anyone can get access to your not-so-private proxy]
215.  
216. #
217. # AddHeader: Adds the specified headers to outgoing HTTP requests that
218. # Tinyproxy makes. Note that this option will not work for HTTPS
219. # traffic, as Tinyproxy has no control over what headers are exchanged.
220. #
221. #AddHeader "X-My-Header" "Powered by Tinyproxy"
222.  
223. #
224. # ViaProxyName: The "Via" header is required by the HTTP RFC, but using
225. # the real host name is a security concern. If the following directive
226. # is enabled, the string supplied will be used as the host name in the
227. # Via header; otherwise, the server's host name will be used.
228. #
229. ViaProxyName "tinyproxy"
230.  
231. #
232. # DisableViaHeader: When this is set to yes, Tinyproxy does NOT add
233. # the Via header to the requests. This virtually puts Tinyproxy into
234. # stealth mode. Note that RFC 2616 requires proxies to set the Via
235. # header, so by enabling this option, you break compliance.
236. # Don't disable the Via header unless you know what you are doing...
237. #
238. DisableViaHeader Yes [this option might be missing from your copy, it's available in the recent versions though. This turns the proxy server into more anonymous mode allowing it to pass whatismyipaddress dot com proxy tests and others]
239.  
240. #
241. # Filter: This allows you to specify the location of the filter file.
242. #
243. #Filter "/var/tinyproxy/etc/filter"
244.  
245. #
246. # FilterURLs: Filter based on URLs rather than domains.
247. #
248. #FilterURLs On
249.  
250. #
251. # FilterExtended: Use POSIX Extended regular expressions rather than
252. # basic.
253. #
254. #FilterExtended On
255.  
256. #
257. # FilterCaseSensitive: Use case sensitive regular expressions.
258. #
259. #FilterCaseSensitive On
260.  
261. #
262. # FilterDefaultDeny: Change the default policy of the filtering system.
263. # If this directive is commented out, or is set to "No" then the default
264. # policy is to allow everything which is not specifically denied by the
265. # filter file.
266. #
267. # However, by setting this directive to "Yes" the default policy becomes
268. # to deny everything which is _not_ specifically allowed by the filter
269. # file.
270. #
271. #FilterDefaultDeny Yes
272.  
273. #
274. # Anonymous: If an Anonymous keyword is present, then anonymous proxying
275. # is enabled. The headers listed are allowed through, while all others
276. # are denied. If no Anonymous keyword is present, then all headers are
277. # allowed through. You must include quotes around the headers.
278. #
279. # Most sites require cookies to be enabled for them to work correctly, so
280. # you will need to allow Cookies through if you access those sites.
281. #
282. #Anonymous "Host"
283. #Anonymous "Authorization"
284. #Anonymous "Cookie"
285.  
286. Anonymous "Accept"
287. Anonymous "Accept-Charset"
288. Anonymous "Accept-Encoding"
289. Anonymous "Accept-Language"
290. Anonymous "Authorization"
291. Anonymous "Cache-Control"
292. Anonymous "Connection"
293. Anonymous "Content-Length"
294. Anonymous "Content-Type"
295. Anonymous "Cookie"
296. Anonymous "Date"
297. Anonymous "Expect"
298. Anonymous "Host"
299. Anonymous "If-Match"
300. Anonymous "If-Modified-Since"
301. Anonymous "If-None-Match"
302. Anonymous "If-Range"
303. Anonymous "If-Unmodified-Since"
304. Anonymous "Pragma"
305. Anonymous "Range"
306. Anonymous "TE"
307. Anonymous "Upgrade"
308.  
309. #
310. # ConnectPort: This is a list of ports allowed by tinyproxy when the
311. # CONNECT method is used. To disable the CONNECT method altogether, set
312. # the value to 0. If no ConnectPort line is found, all ports are
313. # allowed (which is not very secure.)
314. #
315. # The following two ports are used by SSL.
316. #
317. #ConnectPort 443
318. #ConnectPort 563
319.  
320. #
321. # Configure one or more ReversePath directives to enable reverse proxy
322. # support. With reverse proxying it's possible to make a number of
323. # sites appear as if they were part of a single site.
324. #
325. # If you uncomment the following two directives and run tinyproxy
326. # on your own computer at port 8888, you can access Google using
327. # http://localhost:8888/google/ and Wired News using
328. # http://localhost:8888/wired/news/. Neither will actually work
329. # until you uncomment ReverseMagic as they use absolute linking.
330. #
331. #ReversePath "/google/" "http://www.google.com/"
332. #ReversePath "/wired/" "http://www.wired.com/"
333.  
334. #
335. # When using tinyproxy as a reverse proxy, it is STRONGLY recommended
336. # that the normal proxy is turned off by uncommenting the next directive.
337. #
338. #ReverseOnly Yes
339.  
340. #
341. # Use a cookie to track reverse proxy mappings. If you need to reverse
342. # proxy sites which have absolute links you must uncomment this.
343. #
344. #ReverseMagic Yes
345.  
346. #
347. # The URL that's used to access this reverse proxy. The URL is used to
348. # rewrite HTTP redirects so that they won't escape the proxy. If you
349. # have a chain of reverse proxies, you'll need to put the outermost
350. # URL here (the address which the end user types into his/her browser).
351. #
352. # If not set then no rewriting occurs.
353. #
354. #ReverseBaseURL "http://localhost:8888/"