bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2026-03-05 01:00:12 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge b7f2254ee6 into 12c9039ea4

Browse Source
This commit is contained in:
ilya 2026-02-12 16:12:02 +03:00 committed by GitHub
commit db204bbba2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 16 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
cfg/3proxy.cfg.sample
View File

@ -2,7 +2,7 @@
# Yes, 3proxy.cfg can be executable, in this case you should place # Yes, 3proxy.cfg can be executable, in this case you should place
# something like # something like
#config /usr/local/3proxy/3proxy.cfg #config /usr/local/3proxy/3proxy.cfg
# to show which configuration 3proxy should re-read on realod. # to show which configuration 3proxy should re-read on reload.
#system "echo Hello world!" #system "echo Hello world!"
# you may use system to execute some external command if proxy starts # you may use system to execute some external command if proxy starts
@ -14,17 +14,16 @@ nserver 10.2.2.2
nscache 65536 nscache 65536
#nsrecord porno.security.nnov.ru 0.0.0.0 #nsrecord porno.security.nnov.ru 0.0.0.0
# nobody will be able to access porno.security.nnov.ru by the name. # nobody will be able to access porno.security.nnov.ru by name.
#nsrecord wpad.security.nnov.ru www.security.nnov.ru #nsrecord wpad.security.nnov.ru www.security.nnov.ru
# wpad.security.nnov.ru will resolve to www.security.nnov.ru for # wpad.security.nnov.ru will resolve to www.security.nnov.ru for
# clients # clients
timeouts 1 5 30 60 180 1800 15 60 timeouts 1 5 30 60 180 1800 15 60
# Here we can change timeout values # Here we can change timeout values
users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1" users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"
# note that "" required, overvise $... is treated as include file name. # note that "" required, otherwise $... is treated as include file name.
# $1$qwer$CHFTUFGqkjue9HyhcMHEe1 is 'test' in MD5 crypt format. # $1$qwer$CHFTUFGqkjue9HyhcMHEe1 is 'test' in MD5 crypt format.
#users $/usr/local/etc/3proxy/passwd #users $/usr/local/etc/3proxy/passwd
# this example shows you how to include passwd file. For included files # this example shows you how to include passwd file. For included files
@ -60,7 +59,7 @@ log c:\3proxy\logs\3proxy.log D
# #
#Compatible with ISA 2000/2004 firewall FWSEXTD.log (fields are TAB-delimited): #Compatible with ISA 2000/2004 firewall FWSEXTD.log (fields are TAB-delimited):
# #
#"- + L%C %U unnknown:0:0.0 N %Y-%m-%d %H:%M:%S fwsrv 3PROXY - %n %R %r %D %O %I %r TCP Connect - - - %E - - - - -" #"- + L%C %U Unknown:0:0.0 N %Y-%m-%d %H:%M:%S fwsrv 3PROXY - %n %R %r %D %O %I %r TCP Connect - - - %E - - - - -"
# #
#Compatible with HTTPD standard log (Apache and others) #Compatible with HTTPD standard log (Apache and others)
# #
@ -71,13 +70,12 @@ log c:\3proxy\logs\3proxy.log D
# in log file we want to have underscores instead of spaces # in log file we want to have underscores instead of spaces
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T" logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
#archiver gz /bin/gzip %F #archiver gz /bin/gzip %F
#archiver zip zip -m -qq %A %F #archiver zip zip -m -qq %A %F
#archiver zip pkzipc -add -silent -move %A %F #archiver zip pkzipc -add -silent -move %A %F
archiver rar rar a -df -inul %A %F archiver rar rar a -df -inul %A %F
# if archiver specified log file will be compressed after closing. # if archiver is specified, log file will be compressed after closing.
# you should specify extension, path to archiver and command line, %A will be # you should specify the extension, path to archiver, and command line, %A will be
# substituted with archive file name, %f - with original file name. # substituted with archive file name, %f - with original file name.
# Original file will not be removed, so archiver should care about it. # Original file will not be removed, so archiver should care about it.
@ -90,19 +88,18 @@ auth iponly
# auth specifies type of user authentication. If you specify none proxy # auth specifies type of user authentication. If you specify none proxy
# will not do anything to check name of the user. If you specify # will not do anything to check name of the user. If you specify
# nbname proxy will send NetBIOS name request packet to UDP/137 of # nbname proxy will send NetBIOS name request packet to UDP/137 of
# client and parse request for NetBIOS name of messanger service. # client and parse request for NetBIOS name of messenger service.
# Strong means that proxy will check password. For strong authentication # Strong means that proxy will check password. For strong authentication
# unknown user will not be allowed to use proxy regardless of ACL. # unknown user will not be allowed to use proxy regardless of ACL.
# If you do not want username to be checked but wanna ACL to work you should # If you do not want username to be checked but wanna ACL to work you should
# specify auth iponly. # specify auth iponly.
#allow ADMINISTRATOR,root #allow ADMINISTRATOR,root
#allow * 127.0.0.1,192.168.1.1 * * #allow * 127.0.0.1,192.168.1.1 * *
#parent 1000 http 192.168.1.2 80 * * * 80 #parent 1000 http 192.168.1.2 80 * * * 80
#allow * 192.168.1.0/24 * 25,53,110,20-21,1024-65535 #allow * 192.168.1.0/24 * 25,53,110,20-21,1024-65535
# we will allow everything if username matches ADMINISTRATOR or root or # we will allow everything if username matches ADMINISTRATOR or root or
# client ip is 127.0.0.1 or 192.168.1.1. Overwise we will redirect any request # client ip is 127.0.0.1 or 192.168.1.1. Otherwise we will redirect any request
# to port 80 to our Web-server 192.168.0.2. # to port 80 to our Web-server 192.168.0.2.
# We will allow any outgoing connections from network 192.168.1.0/24 to # We will allow any outgoing connections from network 192.168.1.0/24 to
# SMTP, POP3, FTP, DNS and unprivileged ports. # SMTP, POP3, FTP, DNS and unprivileged ports.
@ -119,34 +116,33 @@ external 10.1.1.1
internal 192.168.1.1 internal 192.168.1.1
# internal is address of interface proxy will listen for incoming requests # internal is address of interface proxy will listen for incoming requests
# 127.0.0.1 means only localhost will be able to use this proxy. This is # 127.0.0.1 means only localhost will be able to use this proxy. This is
# address you should specify for clients as proxy IP. # the address you should specify for clients as proxy IP.
# You MAY use 0.0.0.0 but you shouldn't, because it's a chance for you to # You MAY use 0.0.0.0 but you shouldn't, because it's a chance for you to
# have open proxy in your network in this case. # have open proxy in your network in this case.
auth none auth none
# no authentication is requires # no authentication is required
dnspr dnspr
# dnsproxy listens on UDP/53 to answer client's DNS requests. It requires # dnsproxy listens on UDP/53 to answer client's DNS requests. It requires
# nserver/nscache configuration. # nserver/nscache configuration.
#external $./external.ip #external $./external.ip
#internal $./internal.ip #internal $./internal.ip
# this is just an alternative form fo giving external and internal address # this is just an alternative form of giving the external and internal address
# allows you to read this addresses from files # allows you to read these addresses from files
auth strong auth strong
# We want to protect internal interface # We want to protect internal interface
deny * * 127.0.0.1,192.168.1.1 deny * * 127.0.0.1,192.168.1.1
# and llow HTTP and HTTPS traffic. # and allow HTTP and HTTPS traffic.
allow * * * 80-88,8080-8088 HTTP allow * * * 80-88,8080-8088 HTTP
allow * * * 443,8443 HTTPS allow * * * 443,8443 HTTPS
proxy -n proxy -n
auth none auth none
# pop3p will be used without any authentication. It's bad choice # pop3p will be used without any authentication. It's a bad choice
# because it's possible to use pop3p to access any port # because it's possible to use pop3p to access any port
pop3p pop3p
@ -157,7 +153,7 @@ tcppm 25 mail.my.provider 25
# Now we can use our proxy as SMTP and DNS server. # Now we can use our proxy as SMTP and DNS server.
# -s switch for UDP means "single packet" service - instead of setting # -s switch for UDP means "single packet" service - instead of setting
# association for period of time association will only be set for 1 packet. # association for period of time association will only be set for 1 packet.
# It's very userfull for services like DNS but not for some massive services # It's very useful for services like DNS but not for some massive services
# like multimedia streams or online games. # like multimedia streams or online games.
auth strong auth strong
@ -169,14 +165,13 @@ socks
# we flush previously configured ACL list and create new one to allow users # we flush previously configured ACL list and create new one to allow users
# test and 3APA3A to connect from any location # test and 3APA3A to connect from any location
auth strong auth strong
flush flush
internal 127.0.0.1 internal 127.0.0.1
allow 3APA3A 127.0.0.1 allow 3APA3A 127.0.0.1
maxconn 3 maxconn 3
admin admin
#only allow acces to admin interface for user 3APA3A from 127.0.0.1 address #only allow access to admin interface for user 3APA3A from 127.0.0.1 address
#via 127.0.0.1 address. #via 127.0.0.1 address.
# map external 80 and 443 ports to internal Web server # map external 80 and 443 ports to internal Web server
@ -192,10 +187,7 @@ admin
#tcppm 80 websrv 80 #tcppm 80 websrv 80
#tcppm 443 websrv 443 #tcppm 443 websrv 443
#chroot /usr/local/jail #chroot /usr/local/jail
#setgid 65535 #setgid 65535
#setuid 65535 #setuid 65535
# now we needn't any root rights. We can chroot and setgid/setuid. # now we needn't any root rights. We can chroot and setgid/setuid.