mirror of
https://github.com/3proxy/3proxy.git
synced 2026-03-04 16:50:13 +08:00
Merge b7f2254ee6 into 12c9039ea4
This commit is contained in:
ilya
GitHub
commit
db204bbba2
@ -2,7 +2,7 @@
|
||||
# Yes, 3proxy.cfg can be executable, in this case you should place
|
||||
# something like
|
||||
#config /usr/local/3proxy/3proxy.cfg
|
||||
# to show which configuration 3proxy should re-read on realod.
|
||||
# to show which configuration 3proxy should re-read on reload.
|
||||
|
||||
#system "echo Hello world!"
|
||||
# you may use system to execute some external command if proxy starts
|
||||
@ -14,17 +14,16 @@ nserver 10.2.2.2
|
||||
nscache 65536
|
||||
|
||||
#nsrecord porno.security.nnov.ru 0.0.0.0
|
||||
# nobody will be able to access porno.security.nnov.ru by the name.
|
||||
# nobody will be able to access porno.security.nnov.ru by name.
|
||||
#nsrecord wpad.security.nnov.ru www.security.nnov.ru
|
||||
# wpad.security.nnov.ru will resolve to www.security.nnov.ru for
|
||||
# clients
|
||||
|
||||
|
||||
timeouts 1 5 30 60 180 1800 15 60
|
||||
# Here we can change timeout values
|
||||
|
||||
users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"
|
||||
# note that "" required, overvise $... is treated as include file name.
|
||||
# note that "" required, otherwise $... is treated as include file name.
|
||||
# $1$qwer$CHFTUFGqkjue9HyhcMHEe1 is 'test' in MD5 crypt format.
|
||||
#users $/usr/local/etc/3proxy/passwd
|
||||
# this example shows you how to include passwd file. For included files
|
||||
@ -60,7 +59,7 @@ log c:\3proxy\logs\3proxy.log D
|
||||
#
|
||||
#Compatible with ISA 2000/2004 firewall FWSEXTD.log (fields are TAB-delimited):
|
||||
#
|
||||
#"- + L%C %U unnknown:0:0.0 N %Y-%m-%d %H:%M:%S fwsrv 3PROXY - %n %R %r %D %O %I %r TCP Connect - - - %E - - - - -"
|
||||
#"- + L%C %U Unknown:0:0.0 N %Y-%m-%d %H:%M:%S fwsrv 3PROXY - %n %R %r %D %O %I %r TCP Connect - - - %E - - - - -"
|
||||
#
|
||||
#Compatible with HTTPD standard log (Apache and others)
|
||||
#
|
||||
@ -71,13 +70,12 @@ log c:\3proxy\logs\3proxy.log D
|
||||
# in log file we want to have underscores instead of spaces
|
||||
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
|
||||
|
||||
|
||||
#archiver gz /bin/gzip %F
|
||||
#archiver zip zip -m -qq %A %F
|
||||
#archiver zip pkzipc -add -silent -move %A %F
|
||||
archiver rar rar a -df -inul %A %F
|
||||
# if archiver specified log file will be compressed after closing.
|
||||
# you should specify extension, path to archiver and command line, %A will be
|
||||
# if archiver is specified, log file will be compressed after closing.
|
||||
# you should specify the extension, path to archiver, and command line, %A will be
|
||||
# substituted with archive file name, %f - with original file name.
|
||||
# Original file will not be removed, so archiver should care about it.
|
||||
|
||||
@ -90,19 +88,18 @@ auth iponly
|
||||
# auth specifies type of user authentication. If you specify none proxy
|
||||
# will not do anything to check name of the user. If you specify
|
||||
# nbname proxy will send NetBIOS name request packet to UDP/137 of
|
||||
# client and parse request for NetBIOS name of messanger service.
|
||||
# client and parse request for NetBIOS name of messenger service.
|
||||
# Strong means that proxy will check password. For strong authentication
|
||||
# unknown user will not be allowed to use proxy regardless of ACL.
|
||||
# If you do not want username to be checked but wanna ACL to work you should
|
||||
# specify auth iponly.
|
||||
|
||||
|
||||
#allow ADMINISTRATOR,root
|
||||
#allow * 127.0.0.1,192.168.1.1 * *
|
||||
#parent 1000 http 192.168.1.2 80 * * * 80
|
||||
#allow * 192.168.1.0/24 * 25,53,110,20-21,1024-65535
|
||||
# we will allow everything if username matches ADMINISTRATOR or root or
|
||||
# client ip is 127.0.0.1 or 192.168.1.1. Overwise we will redirect any request
|
||||
# client ip is 127.0.0.1 or 192.168.1.1. Otherwise we will redirect any request
|
||||
# to port 80 to our Web-server 192.168.0.2.
|
||||
# We will allow any outgoing connections from network 192.168.1.0/24 to
|
||||
# SMTP, POP3, FTP, DNS and unprivileged ports.
|
||||
@ -119,34 +116,33 @@ external 10.1.1.1
|
||||
internal 192.168.1.1
|
||||
# internal is address of interface proxy will listen for incoming requests
|
||||
# 127.0.0.1 means only localhost will be able to use this proxy. This is
|
||||
# address you should specify for clients as proxy IP.
|
||||
# the address you should specify for clients as proxy IP.
|
||||
# You MAY use 0.0.0.0 but you shouldn't, because it's a chance for you to
|
||||
# have open proxy in your network in this case.
|
||||
|
||||
auth none
|
||||
# no authentication is requires
|
||||
# no authentication is required
|
||||
|
||||
dnspr
|
||||
|
||||
# dnsproxy listens on UDP/53 to answer client's DNS requests. It requires
|
||||
# nserver/nscache configuration.
|
||||
|
||||
|
||||
#external $./external.ip
|
||||
#internal $./internal.ip
|
||||
# this is just an alternative form fo giving external and internal address
|
||||
# allows you to read this addresses from files
|
||||
# this is just an alternative form of giving the external and internal address
|
||||
# allows you to read these addresses from files
|
||||
|
||||
auth strong
|
||||
# We want to protect internal interface
|
||||
deny * * 127.0.0.1,192.168.1.1
|
||||
# and llow HTTP and HTTPS traffic.
|
||||
# and allow HTTP and HTTPS traffic.
|
||||
allow * * * 80-88,8080-8088 HTTP
|
||||
allow * * * 443,8443 HTTPS
|
||||
proxy -n
|
||||
|
||||
auth none
|
||||
# pop3p will be used without any authentication. It's bad choice
|
||||
# pop3p will be used without any authentication. It's a bad choice
|
||||
# because it's possible to use pop3p to access any port
|
||||
pop3p
|
||||
|
||||
@ -157,7 +153,7 @@ tcppm 25 mail.my.provider 25
|
||||
# Now we can use our proxy as SMTP and DNS server.
|
||||
# -s switch for UDP means "single packet" service - instead of setting
|
||||
# association for period of time association will only be set for 1 packet.
|
||||
# It's very userfull for services like DNS but not for some massive services
|
||||
# It's very useful for services like DNS but not for some massive services
|
||||
# like multimedia streams or online games.
|
||||
|
||||
auth strong
|
||||
@ -169,14 +165,13 @@ socks
|
||||
# we flush previously configured ACL list and create new one to allow users
|
||||
# test and 3APA3A to connect from any location
|
||||
|
||||
|
||||
auth strong
|
||||
flush
|
||||
internal 127.0.0.1
|
||||
allow 3APA3A 127.0.0.1
|
||||
maxconn 3
|
||||
admin
|
||||
#only allow acces to admin interface for user 3APA3A from 127.0.0.1 address
|
||||
#only allow access to admin interface for user 3APA3A from 127.0.0.1 address
|
||||
#via 127.0.0.1 address.
|
||||
|
||||
# map external 80 and 443 ports to internal Web server
|
||||
@ -192,10 +187,7 @@ admin
|
||||
#tcppm 80 websrv 80
|
||||
#tcppm 443 websrv 443
|
||||
|
||||
|
||||
#chroot /usr/local/jail
|
||||
#setgid 65535
|
||||
#setuid 65535
|
||||
# now we needn't any root rights. We can chroot and setgid/setuid.
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user