#### tinyproxy.conf -- tinyproxy daemon configuration file#### This exampl

1. ##
2. ## tinyproxy.conf -- tinyproxy daemon configuration file
3. ##
4. ## This example tinyproxy.conf file contains example settings
5. ## with explanations in comments. For decriptions of all
6. ## parameters, see the tinproxy.conf(5) manual page.
7. ##
8.  
9. #
10. # User/Group: This allows you to set the user and group that will be
11. # used for tinyproxy after the initial binding to the port has been done
12. # as the root user. Either the user or group name or the UID or GID
13. # number may be used.
14. #
15. User nobody
16. Group nogroup
17.  
18. #
19. # Port: Specify the port which tinyproxy will listen on.  Please note
20. # that should you choose to run on a port lower than 1024 you will need
21. # to start tinyproxy using root.
22. #
23. #Port 8888
24. Port 3128
25.  
26. #
27. # Listen: If you have multiple interfaces this allows you to bind to
28. # only one. If this is commented out, tinyproxy will bind to all
29. # interfaces present.
30. #
31. #Listen 192.168.0.1
32. Listen 127.0.0.1
33.  
34. #
35. # Bind: This allows you to specify which interface will be used for
36. # outgoing connections.  This is useful for multi-home'd machines where
37. # you want all traffic to appear outgoing from one particular interface.
38. #
39. #Bind 192.168.0.1
40.  
41. #
42. # BindSame: If enabled, tinyproxy will bind the outgoing connection to the
43. # ip address of the incoming connection.
44. #
45. #BindSame yes
46.  
47. #
48. # Timeout: The maximum number of seconds of inactivity a connection is
49. # allowed to have before it is closed by tinyproxy.
50. #
51. Timeout 600
52.  
53. #
54. # ErrorFile: Defines the HTML file to send when a given HTTP error
55. # occurs.  You will probably need to customize the location to your
56. # particular install.  The usual locations to check are:
57. #   /usr/local/share/tinyproxy
58. #   /usr/share/tinyproxy
59. #   /etc/tinyproxy
60. #
61. #ErrorFile 404 "/usr/share/tinyproxy/404.html"
62. #ErrorFile 400 "/usr/share/tinyproxy/400.html"
63. #ErrorFile 503 "/usr/share/tinyproxy/503.html"
64. #ErrorFile 403 "/usr/share/tinyproxy/403.html"
65. #ErrorFile 408 "/usr/share/tinyproxy/408.html"
66.  
67. #
68. # DefaultErrorFile: The HTML file that gets sent if there is no
69. # HTML file defined with an ErrorFile keyword for the HTTP error
70. # that has occured.
71. #
72. DefaultErrorFile "/usr/share/tinyproxy/default.html"
73.  
74. #
75. # StatHost: This configures the host name or IP address that is treated
76. # as the stat host: Whenever a request for this host is received,
77. # Tinyproxy will return an internal statistics page instead of
78. # forwarding the request to that host.  The default value of StatHost is
79. # tinyproxy.stats.
80. #
81. #StatHost "tinyproxy.stats"
82. #
83.  
84. #
85. # StatFile: The HTML file that gets sent when a request is made
86. # for the stathost.  If this file doesn't exist a basic page is
87. # hardcoded in tinyproxy.
88. #
89. StatFile "/usr/share/tinyproxy/stats.html"
90.  
91. #
92. # Logfile: Allows you to specify the location where information should
93. # be logged to.  If you would prefer to log to syslog, then disable this
94. # and enable the Syslog directive.  These directives are mutually
95. # exclusive.
96. #
97. Logfile "/var/log/tinyproxy/tinyproxy.log"
98.  
99. #
100. # Syslog: Tell tinyproxy to use syslog instead of a logfile.  This
101. # option must not be enabled if the Logfile directive is being used.
102. # These two directives are mutually exclusive.
103. #
104. #Syslog On
105.  
106. #
107. # LogLevel:
108. #
109. # Set the logging level. Allowed settings are:
110. #   Critical    (least verbose)
111. #   Error
112. #   Warning
113. #   Notice
114. #   Connect     (to log connections without Info's noise)
115. #   Info        (most verbose)
116. #
117. # The LogLevel logs from the set level and above. For example, if the
118. # LogLevel was set to Warning, then all log messages from Warning to
119. # Critical would be output, but Notice and below would be suppressed.
120. #
121. LogLevel Info
122.  
123. #
124. # PidFile: Write the PID of the main tinyproxy thread to this file so it
125. # can be used for signalling purposes.
126. #
127. PidFile "/var/run/tinyproxy/tinyproxy.pid"
128.  
129. #
130. # XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
131. # contains the client's IP address.
132. #
133. #XTinyproxy Yes
134.  
135. #
136. # Upstream:
137. #
138. # Turns on upstream proxy support.
139. #
140. # The upstream rules allow you to selectively route upstream connections
141. # based on the host/domain of the site being accessed.
142. #
143. # For example:
144. #  # connection to test domain goes through testproxy
145. #  upstream testproxy:8008 ".test.domain.invalid"
146. #  upstream testproxy:8008 ".our_testbed.example.com"
147. #  upstream testproxy:8008 "192.168.128.0/255.255.254.0"
148. #
149. #  # no upstream proxy for internal websites and unqualified hosts
150. #  no upstream ".internal.example.com"
151. #  no upstream "www.example.com"
152. #  no upstream "10.0.0.0/8"
153. #  no upstream "192.168.0.0/255.255.254.0"
154. #  no upstream "."
155. #
156. #  # connection to these boxes go through their DMZ firewalls
157. #  upstream cust1_firewall:8008 "testbed_for_cust1"
158. #  upstream cust2_firewall:8008 "testbed_for_cust2"
159. #
160. #  # default upstream is internet firewall
161. #  upstream firewall.internal.example.com:80
162. #
163. # The LAST matching rule wins the route decision.  As you can see, you
164. # can use a host, or a domain:
165. #  name     matches host exactly
166. #  .name    matches any host in domain "name"
167. #  .        matches any host with no domain (in 'empty' domain)
168. #  IP/bits  matches network/mask
169. #  IP/mask  matches network/mask
170. #
171. #Upstream some.remote.proxy:port
172.  
173. #
174. # MaxClients: This is the absolute highest number of threads which will
175. # be created. In other words, only MaxClients number of clients can be
176. # connected at the same time.
177. #
178. MaxClients 100
179.  
180. #
181. # MinSpareServers/MaxSpareServers: These settings set the upper and
182. # lower limit for the number of spare servers which should be available.
183. #
184. # If the number of spare servers falls below MinSpareServers then new
185. # server processes will be spawned.  If the number of servers exceeds
186. # MaxSpareServers then the extras will be killed off.
187. #
188. MinSpareServers 5
189. MaxSpareServers 20
190.  
191. #
192. # StartServers: The number of servers to start initially.
193. #
194. StartServers 10
195.  
196. #
197. # MaxRequestsPerChild: The number of connections a thread will handle
198. # before it is killed. In practise this should be set to 0, which
199. # disables thread reaping. If you do notice problems with memory
200. # leakage, then set this to something like 10000.
201. #
202. MaxRequestsPerChild 0
203.  
204. #
205. # Allow: Customization of authorization controls. If there are any
206. # access control keywords then the default action is to DENY. Otherwise,
207. # the default action is ALLOW.
208. #
209. # The order of the controls are important. All incoming connections are
210. # tested against the controls based on order.
211. #
212. Allow 127.0.0.1
213. #Allow 192.168.0.0/16
214. #Allow 172.16.0.0/12
215. #Allow 10.0.0.0/8
216.  
217. #
218. # AddHeader: Adds the specified headers to outgoing HTTP requests that
219. # Tinyproxy makes. Note that this option will not work for HTTPS
220. # traffic, as Tinyproxy has no control over what headers are exchanged.
221. #
222. #AddHeader "X-My-Header" "Powered by Tinyproxy"
223.  
224. #
225. # ViaProxyName: The "Via" header is required by the HTTP RFC, but using
226. # the real host name is a security concern.  If the following directive
227. # is enabled, the string supplied will be used as the host name in the
228. # Via header; otherwise, the server's host name will be used.
229. #
230. ViaProxyName "tinyproxy"
231.  
232. #
233. # DisableViaHeader: When this is set to yes, Tinyproxy does NOT add
234. # the Via header to the requests. This virtually puts Tinyproxy into
235. # stealth mode. Note that RFC 2616 requires proxies to set the Via
236. # header, so by enabling this option, you break compliance.
237. # Don't disable the Via header unless you know what you are doing...
238. #
239. #DisableViaHeader Yes
240.  
241. #
242. # Filter: This allows you to specify the location of the filter file.
243. #
244. #Filter "/etc/filter"
245.  
246. #
247. # FilterURLs: Filter based on URLs rather than domains.
248. #
249. #FilterURLs On
250.  
251. #
252. # FilterExtended: Use POSIX Extended regular expressions rather than
253. # basic.
254. #
255. #FilterExtended On
256.  
257. #
258. # FilterCaseSensitive: Use case sensitive regular expressions.
259. #
260. #FilterCaseSensitive On
261.  
262. #
263. # FilterDefaultDeny: Change the default policy of the filtering system.
264. # If this directive is commented out, or is set to "No" then the default
265. # policy is to allow everything which is not specifically denied by the
266. # filter file.
267. #
268. # However, by setting this directive to "Yes" the default policy becomes
269. # to deny everything which is _not_ specifically allowed by the filter
270. # file.
271. #
272. #FilterDefaultDeny Yes
273.  
274. #
275. # Anonymous: If an Anonymous keyword is present, then anonymous proxying
276. # is enabled.  The headers listed are allowed through, while all others
277. # are denied. If no Anonymous keyword is present, then all headers are
278. # allowed through.  You must include quotes around the headers.
279. #
280. # Most sites require cookies to be enabled for them to work correctly, so
281. # you will need to allow Cookies through if you access those sites.
282. #
283. #Anonymous "Host"
284. #Anonymous "Authorization"
285. #Anonymous "Cookie"
286.  
287. #
288. # ConnectPort: This is a list of ports allowed by tinyproxy when the
289. # CONNECT method is used.  To disable the CONNECT method altogether, set
290. # the value to 0.  If no ConnectPort line is found, all ports are
291. # allowed (which is not very secure.)
292. #
293. # The following two ports are used by SSL.
294. #
295. ConnectPort 443
296. ConnectPort 563
297.  
298. #
299. # Configure one or more ReversePath directives to enable reverse proxy
300. # support. With reverse proxying it's possible to make a number of
301. # sites appear as if they were part of a single site.
302. #
303. # If you uncomment the following two directives and run tinyproxy
304. # on your own computer at port 8888, you can access Google using
305. # http://localhost:8888/google/ and Wired News using
306. # http://localhost:8888/wired/news/. Neither will actually work
307. # until you uncomment ReverseMagic as they use absolute linking.
308. #
309. #ReversePath "/google/" "http://www.google.com/"
310. #ReversePath "/wired/"  "http://www.wired.com/"
311.  
312. #
313. # When using tinyproxy as a reverse proxy, it is STRONGLY recommended
314. # that the normal proxy is turned off by uncommenting the next directive.
315. #
316. #ReverseOnly Yes
317.  
318. #
319. # Use a cookie to track reverse proxy mappings. If you need to reverse
320. # proxy sites which have absolute links you must uncomment this.
321. #
322. #ReverseMagic Yes
323.  
324. #
325. # The URL that's used to access this reverse proxy. The URL is used to
326. # rewrite HTTP redirects so that they won't escape the proxy. If you
327. # have a chain of reverse proxies, you'll need to put the outermost
328. # URL here (the address which the end user types into his/her browser).
329. #
330. # If not set then no rewriting occurs.
331. #
332. #ReverseBaseURL "http://localhost:8888/"