diff --git a/cfg/3proxy.cfg.sample b/cfg/3proxy.cfg.sample index f077a0b..7da05c7 100644 --- a/cfg/3proxy.cfg.sample +++ b/cfg/3proxy.cfg.sample @@ -2,7 +2,7 @@ # Yes, 3proxy.cfg can be executable, in this case you should place # something like #config /usr/local/3proxy/3proxy.cfg -# to show which configuration 3proxy should re-read on realod. +# to show which configuration 3proxy should re-read on reload. #system "echo Hello world!" # you may use system to execute some external command if proxy starts @@ -14,17 +14,16 @@ nserver 10.2.2.2 nscache 65536 #nsrecord porno.security.nnov.ru 0.0.0.0 -# nobody will be able to access porno.security.nnov.ru by the name. +# nobody will be able to access porno.security.nnov.ru by name. #nsrecord wpad.security.nnov.ru www.security.nnov.ru # wpad.security.nnov.ru will resolve to www.security.nnov.ru for # clients - timeouts 1 5 30 60 180 1800 15 60 # Here we can change timeout values users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1" -# note that "" required, overvise $... is treated as include file name. +# note that "" required, otherwise $... is treated as include file name. # $1$qwer$CHFTUFGqkjue9HyhcMHEe1 is 'test' in MD5 crypt format. #users $/usr/local/etc/3proxy/passwd # this example shows you how to include passwd file. For included files @@ -60,7 +59,7 @@ log c:\3proxy\logs\3proxy.log D # #Compatible with ISA 2000/2004 firewall FWSEXTD.log (fields are TAB-delimited): # -#"- + L%C %U unnknown:0:0.0 N %Y-%m-%d %H:%M:%S fwsrv 3PROXY - %n %R %r %D %O %I %r TCP Connect - - - %E - - - - -" +#"- + L%C %U Unknown:0:0.0 N %Y-%m-%d %H:%M:%S fwsrv 3PROXY - %n %R %r %D %O %I %r TCP Connect - - - %E - - - - -" # #Compatible with HTTPD standard log (Apache and others) # @@ -71,13 +70,12 @@ log c:\3proxy\logs\3proxy.log D # in log file we want to have underscores instead of spaces logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T" - #archiver gz /bin/gzip %F #archiver zip zip -m -qq %A %F #archiver zip pkzipc -add -silent -move %A %F archiver rar rar a -df -inul %A %F -# if archiver specified log file will be compressed after closing. -# you should specify extension, path to archiver and command line, %A will be +# if archiver is specified, log file will be compressed after closing. +# you should specify the extension, path to archiver, and command line, %A will be # substituted with archive file name, %f - with original file name. # Original file will not be removed, so archiver should care about it. @@ -90,19 +88,18 @@ auth iponly # auth specifies type of user authentication. If you specify none proxy # will not do anything to check name of the user. If you specify # nbname proxy will send NetBIOS name request packet to UDP/137 of -# client and parse request for NetBIOS name of messanger service. +# client and parse request for NetBIOS name of messenger service. # Strong means that proxy will check password. For strong authentication # unknown user will not be allowed to use proxy regardless of ACL. # If you do not want username to be checked but wanna ACL to work you should # specify auth iponly. - #allow ADMINISTRATOR,root #allow * 127.0.0.1,192.168.1.1 * * #parent 1000 http 192.168.1.2 80 * * * 80 #allow * 192.168.1.0/24 * 25,53,110,20-21,1024-65535 # we will allow everything if username matches ADMINISTRATOR or root or -# client ip is 127.0.0.1 or 192.168.1.1. Overwise we will redirect any request +# client ip is 127.0.0.1 or 192.168.1.1. Otherwise we will redirect any request # to port 80 to our Web-server 192.168.0.2. # We will allow any outgoing connections from network 192.168.1.0/24 to # SMTP, POP3, FTP, DNS and unprivileged ports. @@ -119,34 +116,33 @@ external 10.1.1.1 internal 192.168.1.1 # internal is address of interface proxy will listen for incoming requests # 127.0.0.1 means only localhost will be able to use this proxy. This is -# address you should specify for clients as proxy IP. +# the address you should specify for clients as proxy IP. # You MAY use 0.0.0.0 but you shouldn't, because it's a chance for you to # have open proxy in your network in this case. auth none -# no authentication is requires +# no authentication is required dnspr # dnsproxy listens on UDP/53 to answer client's DNS requests. It requires # nserver/nscache configuration. - #external $./external.ip #internal $./internal.ip -# this is just an alternative form fo giving external and internal address -# allows you to read this addresses from files +# this is just an alternative form of giving the external and internal address +# allows you to read these addresses from files auth strong # We want to protect internal interface deny * * 127.0.0.1,192.168.1.1 -# and llow HTTP and HTTPS traffic. +# and allow HTTP and HTTPS traffic. allow * * * 80-88,8080-8088 HTTP allow * * * 443,8443 HTTPS proxy -n auth none -# pop3p will be used without any authentication. It's bad choice +# pop3p will be used without any authentication. It's a bad choice # because it's possible to use pop3p to access any port pop3p @@ -157,7 +153,7 @@ tcppm 25 mail.my.provider 25 # Now we can use our proxy as SMTP and DNS server. # -s switch for UDP means "single packet" service - instead of setting # association for period of time association will only be set for 1 packet. -# It's very userfull for services like DNS but not for some massive services +# It's very useful for services like DNS but not for some massive services # like multimedia streams or online games. auth strong @@ -169,14 +165,13 @@ socks # we flush previously configured ACL list and create new one to allow users # test and 3APA3A to connect from any location - auth strong flush internal 127.0.0.1 allow 3APA3A 127.0.0.1 maxconn 3 admin -#only allow acces to admin interface for user 3APA3A from 127.0.0.1 address +#only allow access to admin interface for user 3APA3A from 127.0.0.1 address #via 127.0.0.1 address. # map external 80 and 443 ports to internal Web server @@ -192,10 +187,7 @@ admin #tcppm 80 websrv 80 #tcppm 443 websrv 443 - #chroot /usr/local/jail #setgid 65535 #setuid 65535 # now we needn't any root rights. We can chroot and setgid/setuid. - -