'auth cacheacl ...' is identical to 'auth cache ...' except ACL is not checked for cached authentication. dstaddr, dstport, dsthost and dstoper (operation) are intended to be used with cacheacl. For example
authcache user,ip,password,dstaddr 600
auth cacheacl iponly strong
allows user to access destination ip without ACL/password revalidation if he has cached attempt to the same ip from the same ip with the same username and password.
srvaddr, srvport are useful to only match with cached attempts to the same `internal` address / service port.
- authcache switched to use hashtables, size parameter added
- overflow fixed on hashinit
- hashtable prefers new values on insert if table is full
- hashtable is able to compact/grow
example:
plugin SSLPlugin.ld.so ssl_plugin
allow user1
parent 1000 http 1.1.1.1 1111
allow user2
parent 1000 https 2.2.2.2 2222
ssl_client_mode 3
ssl_client
proxy
With ssl_client_mode 3 TLS is only handshaked for https parent type and is not handshaked for http parent.
Use unix:/path/to/socket, e.g.
tcppm 1234 unix:/path/to/socket 1234
Under linux abstract sockets are supported with '@' prefix, e.g.
parent 1000 http unix:@virtual.3proxy.socket 1111
Destination port numbers are not used in tcppm/parent, but you must specify any positive value to match the syntaxis.
ssl_client_mode
0 (default) - handshake immediately after connect() (with first parent or with destination if there is no parent)
1 - handshake with destination server (handshake after connection via parents is established)
2 - handshake after data channel is established (e.g. after CONNECT)
Added:
-H option - expect HAProxy proxy v1 header, e.g. `proxy -H`
parent ha type - send HAProxy proxy v1 header (must be last in redirection), e.g.
allow *
parent 1000 ha
parent 1000 proxy 1.2.3.4 3128
socks
`proxy -g8000,3,10`
First parameter is average read size we want to keep, second parameter is
minimal number of packets in the same direction to apply algorythm,
last value is delay added after polling and prior to reading data.
An example above adds 10 millisecond delay before reading data if average
polling size is below 8000 bytes and 3 read operations are made in the same
direction. It's specially usefule with splice. `logdump 1 1` is useful
to see how grace delays work, choose delay value to avoid filling the read
pipe/buffer (typically 64K) but keep the request sizes close to chosen average
on large file upload/download.
- sockmapping rewritten from stratch to minimilse polling. poll() is now
only called if blocking is actually expected, splice pipes are now
polled if splice fails, buffers flushing is much more accurate.
- logging code moved to separate files
- signal masks added to client threads to prevent unneeded interruptions
- bandwidth limitation will not delay the thread after client or server
shutdown
