Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-proxy/oops/files/oops.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'net-proxy/oops/files/oops.cfg')
-rw-r--r--net-proxy/oops/files/oops.cfg654
1 files changed, 654 insertions, 0 deletions
diff --git a/net-proxy/oops/files/oops.cfg b/net-proxy/oops/files/oops.cfg
new file mode 100644
index 000000000000..3dc96fad2331
--- /dev/null
+++ b/net-proxy/oops/files/oops.cfg
@@ -0,0 +1,654 @@
+##
+# nameservers. Multiple nameserver entries are allowed.
+##
+
+nameserver 127.0.0.1
+
+##
+# Ports and address to use for HTTP and ICP
+##
+
+#bind ip_addr|hostname
+http_port 3128
+icp_port 3130
+
+##
+## Change euid to that user
+##
+## WARNING: if you use userid, then you will not be able to open new sockets on
+## reserved (< 1024) ports and will not be able to return to original userid.
+##
+userid oops
+
+##
+## Change root directory. If don't know exactly what are you doing -
+## leave commented.
+#chroot ???
+
+##
+# Logfile - just debug output
+# When used in form 'filename [{N S}] [[un]buffered]'
+# will be rotated automatically (up to N files up to S bytes in size)
+##
+logfile /var/log/oops/oops.log
+#logfile /usr/oops/logs/oops.log { 3 1m } unbuffered
+
+##
+# Accesslog - the same as for squid. Re rotating - see note for logfile
+##
+accesslog /var/log/oops/oops.access
+#accesslog /usr/oops/logs/access.log
+
+##
+# Pidfile. for kill -1 `cat oops.pid` and for locking.
+##
+pidfile /var/run/oops/oops.pid
+
+##
+# Statistics file - once per minute flush some statistics to this file
+##
+statistics /var/log/oops/oops_statfile
+
+##
+# icons - where to find link.gif, dir.gif, binary.gif and so on (for
+# ftp lists). If omitted - name of running host will be used. But
+# using explicit names is better way.
+##
+
+#icons-host ss5.paco.net
+#icons-port 80
+#icons-path icons
+
+##
+# When total object volume in memory grow over this (this mean
+# that cachable data from network came faster then we can save on disk)
+# drop objects (without attempt to save on disk).
+##
+mem_max 64m
+
+##
+# Hint, how much cached objects keep in memory.
+# When total amount become larger then this limit - start
+# swaping cachable objects to disk
+##
+lo_mark 8m
+
+##
+# start random early drop when number of clients reach some level.
+# this can protect you against attacks and against situation when
+# oops cant handle too much connections. By default - 0 (or no limits).
+##
+#start_red 0
+
+##
+# refuse any connection when number of already connected clients reach some
+# level. By default - 0 (or no limits).
+##
+#refuse_at 0
+
+##
+# if document contain no Expires: then expire after (in days)
+# ftp-expire-value - expire time for ftp (in days)
+##
+default-expire-value 7
+ftp-expire-value 7
+
+##
+# Maximum expite time - doc will not keep in cache more then
+# this number of days (except if defaiult-expire-value used for this documeny)
+##
+max-expire-value 30
+
+##
+# in which proportion time passed since last document modification
+# will accounted in expire time. For example, if last-modified-factor=5
+# and there was passed 10 days since document modification, then expiration
+# will be setted to 2 days in future (but no nore then max-expire-value)
+##
+last-modified-factor 5
+
+##
+# If you want not cache replies without Last-Modified:
+# uncomment next line.
+##
+#dont_cache_without_last_modified
+
+# run expire every ( in hours )
+##
+default-expire-interval 1
+
+##
+# icp_timeout - how long to wait icp reply from peer (in ms, e.g 1000 = 1sec)
+##
+icp_timeout 1000
+
+##
+# start disk cache cleanup when free space will be (in %%)
+# As on the very large storages 1% is large space (1% from 9G is
+# 90M), then on such storages you can set both disk-low-free and
+# disk-ok-free to 0. Oops will start cleanup if it have less then 256
+# free blocks(1M), and stop when it reach 512 bree blocks(2M).
+##
+disk-low-free 3
+
+##
+# stop disk cache cleanup when free space will be (in %%)
+##
+disk-ok-free 5
+
+##
+# Force_http11 - turn on http/1.1 for each request to document server
+# This option required if module 'vary' used.
+##
+force_http11
+
+##
+# Always check document freshness, even it is not stale or expired
+# This force Oops behave like squid - first check cached doc, then send
+##
+#always_check_freshness
+
+##
+# If user-requestor aborted connection to proxy, but there was received more
+# then some percent ot the document - then continue.
+# default value - 75%
+##
+force_completion 75
+
+##
+# maximum size of the object we will cache
+##
+maxresident 1m
+
+insert_x_forwarded_for yes
+insert_via yes
+
+##
+# If host have several interfaces or aliases, use exactly
+# this name when connecting to server:
+##
+#connect-from proxy.paco.net
+
+##
+# ACLs - currently: urlregex, urlpath, usercharset
+# port, dstdom, dstdom_regex, src_ip, time
+# each acl can be loaded from file.
+##
+#acl CACHEABLECGI urlregex http://www\.topping\.com\.ua/cgi-bin/pingstat\.cgi\?072199131826
+#acl WWWPACO urlregex www\.paco\.net
+#acl NO_RLH urlregex zipper
+#acl REWRITEPORTS urlregex (www.job.ru|www.sale.ru)
+#acl REWRITEHOSTS urlregex (www.asm.ru|zipper\.paco)
+#acl WINUSER usercharset windows-1251
+#acl DOSUSER usercharset ibm866
+#acl UNIXUSER usercharset koi8-r
+#acl RUS dstdom ru su
+#acl UKR dstdom ua
+#acl BADPORTS port [0:79],110,138,139,513,[6000:6010]
+#acl BADDOMAIN dstdom baddomain1.com baddomain2.com
+#acl BADDOMREGEX dstdom_regex baddomain\.((com)|(org))
+#acl LOCAL_NETWORKS src_ip include:/etc/oops/acl_local_networks
+#acl BADNETWORKS src_ip 192.168.10/24
+#acl WORKTIME time Mon,Tue:Fri 0900:1800
+#acl HTMLS content_type text/html
+#acl USERS username joe
+acl ADMINS src_ip 127.0.0.1
+acl PURGE method PURGE
+
+##
+# acl_deny [!]ACL [!]ACL ...
+# deny access for combined acl
+##
+acl_deny PURGE !ADMINS
+
+##
+# Never cache objects with URL, containing...
+##
+stop_cache ?
+stop_cache cgi-bin
+
+##
+# stop_cache_acl [!]ACL [!]ACL ...
+# Stop cache using ACL
+##
+#stop_cache_acl WWWPACO
+
+##
+# refresh_pattern ACLNAME min percent max
+# 'min' and 'max' are limits between Expite time will be assigned
+# Iff document have no expire: header and have Last-Modified: header
+# we will use 'percent' to estimate how far in the future document will
+# be expired.
+##
+#refresh_pattern CACHEABLECGI 20 50% 200
+#refresh_pattern WWWPACO 0 0% 0
+
+##
+# bind_acl {hostname|ip} [!]ACL [!]ACL ...
+# bind to given address when connecting to server
+# if request match ACLNAME
+##
+#bind_acl outname1 RUS
+#bind_acl outname2 UKR
+
+##
+# Always check document freshness, but now on acl basis.
+# You can have several such lines.
+## This example will force to check freshness only for html documents.
+#always_check_freshness_acl HTMLS
+
+##
+# line 'parent ....' will force all connections (except to destinations
+# in local-domain or local-networks) go through parent host
+##
+#parent proxy.paco.net 3128
+
+##
+# parent_auth login:password
+# if your parent require login/password from your proxy
+##
+#parent_auth login:password
+
+# ICP peer's
+#peer proxy.paco.net 3128 3130 {
+## ^^^ peer name ^http port ^icp port
+## icp port can be 0, in which case we assume this is non-icp
+## proxy. We assume that non-icp peer act like parent which
+## answer MISS all th etime. If this peer refused connection
+## then it goes down for 60 seconds - it doesn't take part in
+## any peer-related decisions.
+# sibling ;
+## if this peer require login/password from your proxy
+# my_auth my_login:my_password;
+## we will send requests for these domains
+# allow dstdomain * ;
+## we will NOT send requests for these domains
+# deny dstdomain * ;
+## we will send only requests matched to this acl
+# peer_access [!]ACL1 [!]ACL2
+## if (and only if) peer is not icp-capable, then , in case of fail we
+## leave failed peer alone for the down_timeout interval (in seconds).
+## Then we will try again
+# down_timeout 60 ;
+#}
+
+#peer proxy.gu.net 80 3130 {
+# parent ;
+# allow dstdomain * ;
+# deny dstdomain paco.net odessa.ua ;
+#}
+
+##
+# Never use "parent" when connecting to server in these domains
+##
+local-domain odessa.ua od.ua
+local-domain odessa.net paco.net netsy.net netsy.com te.net.ua
+
+local-networks 195.114.128/19 10/8 192.168/16
+
+#
+# Groups
+#
+
+group main {
+##
+# You can describe group ip adresses here, or using src_ip acl's
+# with networks_acl directive.
+# networks_acl always have higher preference (checked first) and
+# are checked in the order of appearance.
+# If host wil not fall in any networks_acl - we check in networks.
+# networks are ordered by masklen - longest masks(most specific networks)
+# are checked first.
+##
+
+#Next line enables redirection features and transparent proxying
+ redir_mods fastredir transparent;
+#Change this next line to list the IP's of everyone in this group
+ networks 195.114.128/19 127/8 195.5.40.93/32 ;
+
+# networks_acl LOCAL_NETWORKS !BAD_NETWORKS ;
+ badports [0:79],110,138,139,513,[6000:6010] ;
+ miss allow;
+##
+# denytime - when deny access to proxy server for this group
+##
+# denytime Sat,Sun 0642:1000
+# denytime Mon,Thu:Fri,Sun 0900:2100
+##
+# Authentication modules for this group (seprated by space)
+##
+# auth_mods passwd_file;
+
+##
+# URL-Redirector (porno, ad. filtering) modules for this group (separate by
+# space)
+##
+# redir_mods redir;
+
+
+##
+# limit whole group to 8Kbytes per sec
+##
+# bandwidth 8k;
+
+##
+# limit each host 8Kbytes per sec
+##
+# per_ip_bw 8k;
+
+##
+# limit connections number from each host
+#
+# per_ip_conn 8;
+
+##
+# limit request rate from this group (requests per second). This is crude,
+# and must be used as last resort
+##
+# maxreqrate 100;
+
+##
+# icp acl ...
+##
+# icp {
+# allow dstdomain * ;
+# }
+
+##
+# http acl
+##
+ http {
+##
+# http acls can be in form 'allow dstdomain domainname domainname ... domainname ;
+# or in form 'allow dstdomain include:filename ;
+# where filename - name of the file, which contain
+# domainnames (one per line, # - comment line);
+# the same rules for 'deny'
+##
+ allow dstdomain * ;
+ }
+}
+
+group world {
+ networks 0/0;
+ badports [0:79],110,138,139,513,[6000:6010];
+ http {
+ deny dstdomain * ;
+ }
+ icp {
+ deny dstdomain * ;
+ }
+}
+
+##
+# Storage section
+# Change this for your own situation. Oops can work without
+# storages (using only in-memory cache).
+##
+
+##
+# Storage description (can be several)
+# path - filename of storage. can be raw device (be carefull!)
+# size - size (of storage file). Can be smthng like 100k or 200m or 4g
+# Size used only durig format process (oops -z).
+##
+
+storage {
+ path /var/lib/oops/storage/oops_storage ;
+# Size of the storage. Can be in bytes or 'auto'. Auto is
+# usefull for pre-created storages or disk slices.
+# NOTE: 'size auto' won't work for Linux on disk slices.
+# To use large ( > 2G ) files run configure with --enable-large-files
+
+ size 100m ;
+
+# You have to use 'offset' in the case your raw device (or slice)
+# require that. For example if you use entire disk as storage
+# under AIX and Soalris/Sparc - you have to skip first block
+# which contain disk label (that is storage will start from
+# next 512 sector.
+# offset 512;
+}
+
+#storage {
+# path /usr/oops/storages/oops_storage1 ;
+# size 600m ;
+#}
+
+module lang {
+
+ default_charset eng
+
+ # Recode tables and other charset stuff
+ CharsetRecodeTable windows-1251 /etc/oops/tables/koi-win.tab
+ CharsetRecodeTable ISO-8859-5 /etc/oops/tables/koi-iso.tab
+ CharsetRecodeTable ibm866 /etc/oops/tables/koi-alt.tab
+ CharsetAgent windows-1251 AIR_Mosaic IWENG/1 MSIE WinMosaic (Windows (WinNT;
+ CharsetAgent windows-1251 (Win16; (Win95; (Win98; (16-bit) Opera/3.0
+ CharsetAgent ibm866 DosLynx Lynx2/OS/2
+}
+
+module err {
+ # error reporting module
+
+ # template
+ template /etc/oops/err_template.html
+
+ # Language to use when generate Error messages
+ lang eng
+}
+
+module passwd_file {
+ # password proxy-authentication module
+ #
+ # default realm, scheme and passwd file
+ # the only thing you really want to change is 'file' and 'template'
+ # you don't have to reconfigure oops if you only
+ # change content passwd file or template: oops authomatically
+ # reload file
+
+ realm oops
+ scheme Basic
+ file /etc/oops/passwd
+ template /etc/oops/auth_template.html
+}
+
+module passwd_pgsql {
+ # proxy authentication using postgresql
+ # "Ivan B. Yelnikov" <bahek@khspu.ru>
+ #
+ # host - host where database live,
+ # user,password - login and password for database access
+ # database - database name
+ # select - file with request body
+ # template - file with html doc which user will receive
+ # during authentication
+ scheme Basic
+ realm oops
+ host <host address/name>
+ user <database_user>
+ password <user_password>
+ database <database_name>
+ select /etc/oops/select.sql
+ template /etc/oops/auth_template.html
+}
+
+module passwd_mysql {
+ # proxy authentication usin mysql
+ # "Ivan B. Yelnikov" <bahek@khspu.ru>
+ #
+ # look passwd_pgsql description
+ #
+ scheme Basic
+ realm oops
+ host <host address/name>
+ user <database_user>
+ password <user_password>
+ database <database_name>
+ select /etc/oops/select.sql
+ template /etc/oops/auth_template.html
+}
+
+module redir {
+ # file - regex rules.
+ # each line consist of one or two fields (separated with white space)
+ # 1. regular expression
+ # 2. redirect-location
+ # if requested (by client) url match regex then
+ # if we have redirect-url then we send '302 Moved Temporary' to
+ # redirect-location
+ # if we have no redirect-location (i.e. we have no 2-nd field)
+ # then we send template.html (%R will be substituted by rule)
+ # or some default message if we have no template.
+ # you don't have to reconfigure oops each time
+ # you edit rules or template, they will be reloaded authomatically
+
+ file /etc/oops/redir_rules
+ template /etc/oops/redir_template.html
+## mode control will redir rewrite url or send Location: header
+## with new location. Values are 'rewrite' or 'bounce'
+# mode rewrite
+
+ # This module can process requests which come on http_port
+ # and/or on different port. For example, you wish oops
+ # bind on two ports - 3128 and 3129, and all requests which come on
+ # port 3129 must pass through filters, and requests which come on port
+ # 3128 (common http_port) - not. Then you have to uncomment next line
+ # myport 3129
+ # which means exactly: bind oops to additional port 3129 and process
+ # requests which come on this port.
+ # myport can be in the next form:
+ # myport [{hostname|ip_addr}:]port
+}
+
+module oopsctl {
+ # path to oopsctl unix socket
+ socket_path /var/run/oops/oopsctl
+ # time to auto-refresh page (seconds)
+ html_refresh 300
+}
+
+##
+## This module hadnle 'Vary' header - it was written to better support
+## Russian Apache
+##
+module vary {
+ user-agent by_charset
+ accept-charset ignore
+}
+
+##
+## WWW -accelerator. To use - add word accel to
+## redir_mods line for
+## the group 'world' description
+## You will find more description of this module in supplied accel_maps file
+##
+#module accel {
+# myport can have next form:
+# myport [{hostname|ip_addr}:]port ...
+# myport 80
+##
+# allow access to proxy through accel module.
+# Deny will stop proxy through accel completely, regardless
+# of any other access rules
+##
+# proxy_requests deny
+#
+##
+# File with maps and other config directives
+# Checked once per minute. No need to restart oops if maps changed
+##
+# file /etc/oops/accel_maps
+#}
+
+##
+## Transparent proxy. To use - add word 'transparent' into
+## redir_mods line for your group.
+## in the your local (or any other) group description
+##
+#module transparent {
+# myport can have next form:
+# myport [{hostname|ip_addr}:]port ...
+# myport 3128
+#}
+
+##
+## %h - remote ip address
+## %A - local ip address
+## %d - ip address of source (peer or document server)
+## %l - remote logname from identd (not suported now)
+## %U - remote user (from 'Authorization' header)
+## %u - remote user (from proxy-auth)
+## %{format}t - time with optional {format} (for strftime)
+## %t - time with standard format %d/%b/%Y:%T %Z
+## %r - request line
+## %s - status code
+## %b - bytes received
+## %{header}i - value of header in request
+## %m - HIT/MISS
+## %k - hierarchy (DIRECT/NONE/...)
+##
+## directive buffered can be followed by size of the buffer,
+## like 'buffered 32000'
+##
+#module customlog {
+# path /usr/local/oops/logs/access_custom1
+# format "%h %l %u %t \"%r\" %>s %b"
+# squid httpd mode log emulation
+# format "%h %u %l %t \"%r\" %s %b %m:%k"
+# buffered
+# path /usr/local/oops/logs/access_custom2
+# format "%h->%A %l %u [%t] \"%r\" %s %b \"%{User-Agent}i\""
+#}
+
+module berkeley_db {
+ ##
+ # dbhome - directory where all DB indexes reside. Use full path
+ # this directory must exist.
+ # dbname - filename for index file. Use just filename (no full path)
+ ##
+
+ dbhome /var/lib/oops/db
+ dbname dburl
+
+ ##
+ # This parameter specifies internal cache size of BerkeleyDB.
+ # Increase this parameter for best performance (if you have a lot of memory).
+ # For example: db_cache_mem 64m
+ # Default and minimum value: 4m
+ #
+ # This memory pool is not part of memory pool, specified by mem_max parameter.
+ # WARNING: the amount of RAM used by oops will be increased by the value of
+ # this parameter.
+ ##
+ #db_cache_mem 4m
+
+}
+
+#module gigabase_db {
+# This module enable GigaBASE as database engine.
+# You can use berkeley_db or gigabase_db, not both.
+# Also, important notice - indexes created with different modules
+# are not compatible.
+# ##
+# # dbhome - directory where all DB indexes reside. Use full path
+# # this directory must exist.
+# # dbname - filename for index file. Use just filename (no full path)
+# ##
+#
+# dbhome /var/lib/oops/db
+# dbname gdburl
+#
+# ##
+# # This parameter specifies internal cache size of BerkeleyDB.
+# # Increase this parameter for best performance (if you have a lot of memory).
+# # For example: db_cache_mem 64m
+# # Default and minimum value: 4m
+# #
+# # This memory pool is not part of memory pool, specified by mem_max parameter.
+# # WARNING: the amount of RAM used by oops will be increased by the value of
+# # this parameter.
+# ##
+# #db_cache_mem 4m
+#
+#}