Update workflows and makefiles

- Update GitHub Actions workflows (checkout v5, build fixes) - Fix MSVC and Watcom makefiles - Update documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix warnings
2026-04-12 16:00:11 +08:00 · 2026-04-08 17:20:09 +03:00 · 2026-04-07 14:34:34 +03:00 · 2026-04-07 14:12:04 +03:00 · 2026-04-07 14:04:54 +03:00 · 2026-04-07 13:54:07 +03:00
180 changed files with 8634 additions and 41373 deletions
--- a/.github/workflows/build-rpm-arm64.yml
+++ b/.github/workflows/build-rpm-arm64.yml
@ -0,0 +1,51 @@
 name: RPM build arm64
 on:
  push:
    branches: [ "master" ]
    paths: [ 'RELEASE', '.github/workflows/build-rpm-arm64.yml' ]
 jobs:
  ci:
    name: "${{ matrix.target }}"
    strategy:
      matrix:
        target:
          - ubuntu-24.04-arm
    runs-on: ${{ matrix.target }}
    steps:
    - uses: actions/checkout@v5
    - name: env
      run: |
       pwd
       echo "RELEASE=$(cat RELEASE)" >> $GITHUB_ENV
       echo "VERSION=$(date +%y%m%d%H%M%S)" >> $GITHUB_ENV
       echo "MAJOR=$(cat RELEASE | cut -d "-" -f 1)" >> $GITHUB_ENV
       echo "SUBMAJOR=$(cat RELEASE | cut -d "-" -f 2)" >> $GITHUB_ENV
       echo "MINOR=$(cat RELEASE | cut -d "-" -f 3)" >> $GITHUB_ENV
    - name: echo env
      run: echo "release $RELEASE version $VERSION major $MAJOR submajor $SUBMAJOR minor $MINOR"
    - name: Linux libraries
      run: |
       sudo apt update
       sudo apt install libssl-dev libpam-dev libpcre2-dev rpm
    - name: make rpmbuild dir
      run: mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
    - name: configure rpm env
      run: |
       tar -czf ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz --transform "s,^,3proxy-$RELEASE/," .
       ln -s ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz ~/rpmbuild/SOURCES/$RELEASE.tar.gz
       cp scripts/rh/3proxy.spec ~/rpmbuild/SPECS/3proxy-$RELEASE.spec
    - name: rpmbuild
      run: |
       ret=`pwd`
       cd ~/rpmbuild/SPECS
       rpmbuild -ba 3proxy-$RELEASE.spec
       cd $ret
       mv ~/rpmbuild/RPMS/aarch64/3proxy-$RELEASE-1.aarch64.rpm 3proxy-$RELEASE.arm64.rpm
    - name: Get artifact
      uses: actions/upload-artifact@v4
      with:
       name: "3proxy-${{ env.RELEASE }}-arm64.rpm"
       path: "*.rpm"
--- a/.github/workflows/build-rpm-armhf.yml
+++ b/.github/workflows/build-rpm-armhf.yml
@ -0,0 +1,72 @@
 name: RPM build arm
 on:
  push:
    branches: [ "master" ]
    paths: [ 'RELEASE', '.github/workflows/build-rpm-armhf.yml' ]
 jobs:
  ci:
    name: "${{ matrix.target }}"
    strategy:
      matrix:
        target:
          - ubuntu-latest
    runs-on: ${{ matrix.target }}
    steps:
    - uses: actions/checkout@v5
    - name: env
      run: |
       pwd
       echo "RELEASE=$(cat RELEASE)" >> $GITHUB_ENV
       echo "VERSION=$(date +%y%m%d%H%M%S)" >> $GITHUB_ENV
       echo "MAJOR=$(cat RELEASE | cut -d "-" -f 1)" >> $GITHUB_ENV
       echo "SUBMAJOR=$(cat RELEASE | cut -d "-" -f 2)" >> $GITHUB_ENV
       echo "MINOR=$(cat RELEASE | cut -d "-" -f 3)" >> $GITHUB_ENV
    - name: Linux libraries
      run: |
       sudo apt update
       sudo dpkg --add-architecture armhf
       echo "Types: deb" > ~/ubuntu.sources
       echo "URIs: http://archive.ubuntu.com/ubuntu/" >> ~/ubuntu.sources 
       echo "Suites: noble noble-updates noble-backports" >> ~/ubuntu.sources 
       echo "Components: main restricted universe multiverse" >> ~/ubuntu.sources 
       echo "Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg" >> ~/ubuntu.sources 
       echo "Architectures: amd64" >> ~/ubuntu.sources 
       echo "" >> ~/ubuntu.sources 
       echo "Types: deb" >> ~/ubuntu.sources 
       echo "URIs: http://security.ubuntu.com/ubuntu/" >> ~/ubuntu.sources 
       echo "Suites: noble-security" >> ~/ubuntu.sources 
       echo "Components: main restricted universe multiverse" >> ~/ubuntu.sources 
       echo "Architectures: amd64" >> ~/ubuntu.sources 
       echo "Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg" >> ~/ubuntu.sources 
       echo "" >> ~/ubuntu.sources 
       echo "Types: deb" >>~/ubuntu.sources 
       echo "URIs: http://ports.ubuntu.com/ubuntu-ports/" >>~/ubuntu.sources
       echo "Suites: noble noble-updates" >>~/ubuntu.sources
       echo "Components: main restricted universe multiverse" >>~/ubuntu.sources
       echo "Architectures: armhf" >>~/ubuntu.sources
       echo "Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg" >>~/ubuntu.sources
       sudo cp ~/ubuntu.sources /etc/apt/sources.list.d/ubuntu.sources
       sudo apt update
       sudo apt install libssl-dev:armhf libpam0g:armhf libpam0g-dev:armhf libpcre2-dev:armhf rpm crossbuild-essential-armhf
    - name: make rpmbuild dir
      run: mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
    - name: configure rpm env
      run: |
       tar -czf ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz --transform "s,^,3proxy-$RELEASE/," .
       ln -s ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz ~/rpmbuild/SOURCES/$RELEASE.tar.gz
       cp scripts/rh/3proxy.spec ~/rpmbuild/SPECS/3proxy-$RELEASE.spec
    - name: rpmbuild
      run: |
       ret=`pwd`
       cd ~/rpmbuild/SPECS
       rpmbuild -ba --define "PAMLIB pam0g" --define "_arch arm" --define "cross yes" --target=arm-linux-gnueabi 3proxy-$RELEASE.spec
       cd $ret
       mv ~/rpmbuild/RPMS/arm/3proxy-$RELEASE-1.arm.rpm 3proxy-$RELEASE.arm.rpm
    - name: Get artifact
      uses: actions/upload-artifact@v4
      with:
       name: "3proxy-${{ env.RELEASE }}-arm.rpm"
       path: "*.rpm"
--- a/.github/workflows/build-rpm-x86-64.yml
+++ b/.github/workflows/build-rpm-x86-64.yml
@ -0,0 +1,51 @@
 name: RPM build x86-64
 on:
  push:
    branches: [ "master" ]
    paths: [ 'RELEASE', '.github/workflows/build-rpm-x86-64.yml' ]
 jobs:
  ci:
    name: "${{ matrix.target }}"
    strategy:
      matrix:
        target:
          - ubuntu-latest
    runs-on: ${{ matrix.target }}
    steps:
    - uses: actions/checkout@v5
    - name: env
      run: |
       pwd
       echo "RELEASE=$(cat RELEASE)" >> $GITHUB_ENV
       echo "VERSION=$(date +%y%m%d%H%M%S)" >> $GITHUB_ENV
       echo "MAJOR=$(cat RELEASE | cut -d "-" -f 1)" >> $GITHUB_ENV
       echo "SUBMAJOR=$(cat RELEASE | cut -d "-" -f 2)" >> $GITHUB_ENV
       echo "MINOR=$(cat RELEASE | cut -d "-" -f 3)" >> $GITHUB_ENV
    - name: echo env
      run: echo "release $RELEASE version $VERSION major $MAJOR submajor $SUBMAJOR minor $MINOR"
    - name: Linux libraries
      run: |
       sudo apt update
       sudo apt install libssl-dev libpam-dev libpcre2-dev rpm
    - name: make rpmbuild dir
      run: mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
    - name: configure rpm env
      run: |
       tar -czf ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz --transform "s,^,3proxy-$RELEASE/," .
       ln -s ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz ~/rpmbuild/SOURCES/$RELEASE.tar.gz
       cp scripts/rh/3proxy.spec ~/rpmbuild/SPECS/3proxy-$RELEASE.spec
    - name: rpmbuild
      run: |
       ret=`pwd`
       cd ~/rpmbuild/SPECS
       rpmbuild -ba 3proxy-$RELEASE.spec
       cd $ret
       mv ~/rpmbuild/RPMS/x86_64/3proxy-$RELEASE-1.x86_64.rpm 3proxy-$RELEASE.x86_64.rpm
    - name: Get artifact
      uses: actions/upload-artifact@v4
      with:
       name: "3proxy-${{ env.RELEASE }}-x86_64.rpm"
       path: "*.rpm"
--- a/.github/workflows/build-watcom.yml
+++ b/.github/workflows/build-watcom.yml
@ -0,0 +1,70 @@
 name: Build Win32 3proxy-lite with Watcom
 on:
  push:
    branches: [ "master" ]
    paths: [ 'RELEASE', '.github/workflows/build-watcom.yml' ]
 jobs:
  ci:
    name: "${{ matrix.target }}"
    strategy:
      matrix:
        target:
          - windows-2022
    runs-on: ${{ matrix.target }}
    steps:
    - uses: actions/checkout@v5
 #    - name: configure
 #      run: ./configure
    - name: Setup Open Watcom
      uses: open-watcom/setup-watcom@v0
    - name: set date
      run: |
       $NOW = Get-Date -Format "yyMMddHHmmss"
       echo "now: $NOW"
       $RELEASE = Get-Content -Path "RELEASE" -Raw
       echo "release: $RELEASE"
       echo "RELEASE=$RELEASE" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
       echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
       echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
    - name: make Watcom
      shell: cmd
      run: |
       echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
       nmake /F Makefile.watcom
    - name: make dist dir
      shell: cmd
      run: |
       mkdir dist
       mkdir dist\3proxy
       mkdir dist\3proxy\bin
       mkdir dist\3proxy\cfg
       mkdir dist\3proxy\cfg\sql
       mkdir dist\3proxy\doc
       mkdir dist\3proxy\doc\ru
       mkdir dist\3proxy\doc\html
       mkdir dist\3proxy\doc\html\plugins
       mkdir dist\3proxy\doc\html\man3
       mkdir dist\3proxy\doc\html\man8
       mkdir dist\3proxy\doc\devel
       copy bin\3proxy.exe dist\3proxy\bin\
       copy bin\*.dll dist\3proxy\bin\
       copy bin\mycrypt.exe  dist\3proxy\bin\
       copy cfg\*.* dist\3proxy\cfg\
       copy cfg\sql\*.*  dist\3proxy\cfg\sql\
       copy doc\ru\*.*  dist\3proxy\doc\ru\
       copy doc\html\*.* dist\3proxy\doc\html\
       copy doc\html\plugins\*.* dist\3proxy\doc\html\plugins\
       copy doc\html\man8\*.* dist\3proxy\doc\html\man8\
       copy doc\html\man3\*.* dist\3proxy\doc\html\man3\
       copy doc\devel\*.rtf dist\3proxy\doc\devel\
       copy copying dist\3proxy\
       copy authors dist\3proxy\
       copy README dist\3proxy\
       copy rus.3ps dist\3proxy\
    - name: Get artifact
      uses: actions/upload-artifact@v4
      with:
       name: "3proxy-${{ env.RELEASE }}-lite"
       path: dist/
--- a/.github/workflows/build-win32.yml
+++ b/.github/workflows/build-win32.yml
@ -0,0 +1,76 @@
 name: Build Win32 3proxy with MSVC
 on:
  push:
    branches: [ "master" ]
    paths: [ 'RELEASE', '.github/workflows/build-win32.yml' ]
 jobs:
  ci:
    name: "${{ matrix.target }}"
    strategy:
      matrix:
        target:
          - windows-2022
    runs-on: ${{ matrix.target }}
    steps:
    - uses: actions/checkout@v5
 #    - name: configure
 #      run: ./configure
    - name: set date
      run: |
       $NOW = Get-Date -Format "yyMMddHHmmss"
       $RELEASE = Get-Content -Path "RELEASE" -Raw
       echo "RELEASE=$RELEASE" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
       echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
       echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
    - name: install packages
      run: vcpkg install pcre2:x86-windows-static openssl:x86-windows-static
    - name: Add msbuild to PATH
      uses: microsoft/setup-msbuild@v3
    - name: make Windows MSVC
      if: ${{ startsWith(matrix.target, 'windows') }}
      shell: cmd
      run: |
       call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars32.bat"
       D:
       cd "D:/a/3proxy/3proxy"
       set "LIB=%LIB%;c:/vcpkg/installed/x86-windows-static/lib"
       set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x86-windows-static/include"
       echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
       nmake /F Makefile.msvc
    - name: make dist dir
      shell: cmd
      run: |
       mkdir dist
       mkdir dist\3proxy
       mkdir dist\3proxy\bin
       mkdir dist\3proxy\cfg
       mkdir dist\3proxy\cfg\sql
       mkdir dist\3proxy\doc
       mkdir dist\3proxy\doc\ru
       mkdir dist\3proxy\doc\html
       mkdir dist\3proxy\doc\html\plugins
       mkdir dist\3proxy\doc\html\man3
       mkdir dist\3proxy\doc\html\man8
       mkdir dist\3proxy\doc\devel
       copy bin\3proxy.exe dist\3proxy\bin\
       copy bin\*.dll dist\3proxy\bin\
       copy bin\mycrypt.exe  dist\3proxy\bin\
       copy cfg\*.* dist\3proxy\cfg\
       copy cfg\sql\*.*  dist\3proxy\cfg\sql\
       copy doc\ru\*.*  dist\3proxy\doc\ru\
       copy doc\html\*.* dist\3proxy\doc\html\
       copy doc\html\plugins\*.* dist\3proxy\doc\html\plugins\
       copy doc\html\man8\*.* dist\3proxy\doc\html\man8\
       copy doc\html\man3\*.* dist\3proxy\doc\html\man3\
       copy doc\devel\*.rtf dist\3proxy\doc\devel\
       copy copying dist\3proxy\
       copy authors dist\3proxy\
       copy README dist\3proxy\
       copy rus.3ps dist\3proxy\
    - name: Get artifact
      uses: actions/upload-artifact@v4
      with:
       name: "3proxy-${{ env.RELEASE }}"
       path: dist/
--- a/.github/workflows/build-win64.yml
+++ b/.github/workflows/build-win64.yml
@ -0,0 +1,78 @@
 name: Build Win64 3proxy with MSVC
 on:
  push:
    branches: [ "master" ]
    paths: [ 'RELEASE', '.github/workflows/build-win64.yml' ]
 jobs:
  ci:
    name: "${{ matrix.target }}"
    strategy:
      matrix:
        target:
          - windows-2022
    runs-on: ${{ matrix.target }}
    steps:
    - uses: actions/checkout@v5
 #    - name: configure
 #      run: ./configure
    - name: set date
      run: |
       $NOW = Get-Date -Format "yyMMddHHmmss"
       $RELEASE = Get-Content -Path "RELEASE" -Raw
       echo "NOW=$NOW" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
       echo "RELEASE=$RELEASE" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
       echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
       echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
    - name: install packages
      run: vcpkg install pcre2:x64-windows-static openssl:x64-windows-static
    - name: Add msbuild to PATH
      uses: microsoft/setup-msbuild@v3
    - name: make Windows MSVC
      if: ${{ startsWith(matrix.target, 'windows') }}
      shell: cmd
      run: |
       call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
       D:
       cd "D:/a/3proxy/3proxy"
       set "LIB=%LIB%;c:/vcpkg/installed/x64-windows-static/lib"
       set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x64-windows-static/include"
       echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
       echo %NOW% / %RELEASE% / %BUILDDATE% / %VERSION%
       nmake /F Makefile.msvc
    - name: make dist dir
      shell: cmd
      run: |
       mkdir dist
       mkdir dist\3proxy
       mkdir dist\3proxy\bin64
       mkdir dist\3proxy\cfg
       mkdir dist\3proxy\cfg\sql
       mkdir dist\3proxy\doc
       mkdir dist\3proxy\doc\ru
       mkdir dist\3proxy\doc\html
       mkdir dist\3proxy\doc\html\plugins
       mkdir dist\3proxy\doc\html\man3
       mkdir dist\3proxy\doc\html\man8
       mkdir dist\3proxy\doc\devel
       copy bin\3proxy.exe dist\3proxy\bin64\
       copy bin\*.dll dist\3proxy\bin64\
       copy bin\mycrypt.exe  dist\3proxy\bin64\
       copy cfg\*.* dist\3proxy\cfg\
       copy cfg\sql\*.*  dist\3proxy\cfg\sql\
       copy doc\ru\*.*  dist\3proxy\doc\ru\
       copy doc\html\*.* dist\3proxy\doc\html\
       copy doc\html\plugins\*.* dist\3proxy\doc\html\plugins\
       copy doc\html\man8\*.* dist\3proxy\doc\html\man8\
       copy doc\html\man3\*.* dist\3proxy\doc\html\man3\
       copy doc\devel\*.rtf dist\3proxy\doc\devel\
       copy copying dist\3proxy\
       copy authors dist\3proxy\
       copy README dist\3proxy\
       copy rus.3ps dist\3proxy\
    - name: Get artifact
      uses: actions/upload-artifact@v4
      with:
       name: "3proxy-${{ env.RELEASE }}-x64"
       path: dist/
--- a/.github/workflows/build-winarm64.yml
+++ b/.github/workflows/build-winarm64.yml
@ -0,0 +1,76 @@
 name: Build Win-arm64 3proxy with MSVC
 on:
  push:
    branches: [ "master" ]
    paths: [ 'RELEASE', '.github/workflows/build-winarm64.yml' ]
 jobs:
  ci:
    name: "${{ matrix.target }}"
    strategy:
      matrix:
        target:
          - windows-2022
    runs-on: ${{ matrix.target }}
    steps:
    - uses: actions/checkout@v5
 #    - name: configure
 #      run: ./configure
    - name: set date
      run: |
       $NOW = Get-Date -Format "yyMMddHHmmss"
       $RELEASE = Get-Content -Path "RELEASE" -Raw
       echo "RELEASE=$RELEASE" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
       echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
       echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
    - name: install packages
      run: vcpkg install pcre2:arm64-windows-static openssl:arm64-windows-static
    - name: Add msbuild to PATH
      uses: microsoft/setup-msbuild@v3
    - name: make Windows MSVC
      if: ${{ startsWith(matrix.target, 'windows') }}
      shell: cmd
      run: |
       call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvarsx86_arm64.bat"
       D:
       cd "D:/a/3proxy/3proxy"
       set "LIB=%LIB%;c:/vcpkg/installed/arm64-windows-static/lib"
       set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/arm64-windows-static/include"
       echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
       nmake /F Makefile.msvc
    - name: make dist dir
      shell: cmd
      run: |
       mkdir dist
       mkdir dist\3proxy
       mkdir dist\3proxy\bin64
       mkdir dist\3proxy\cfg
       mkdir dist\3proxy\cfg\sql
       mkdir dist\3proxy\doc
       mkdir dist\3proxy\doc\ru
       mkdir dist\3proxy\doc\html
       mkdir dist\3proxy\doc\html\plugins
       mkdir dist\3proxy\doc\html\man3
       mkdir dist\3proxy\doc\html\man8
       mkdir dist\3proxy\doc\devel
       copy bin\3proxy.exe dist\3proxy\bin64\
       copy bin\*.dll dist\3proxy\bin64\
       copy bin\mycrypt.exe  dist\3proxy\bin64\
       copy cfg\*.* dist\3proxy\cfg\
       copy cfg\sql\*.*  dist\3proxy\cfg\sql\
       copy doc\ru\*.*  dist\3proxy\doc\ru\
       copy doc\html\*.* dist\3proxy\doc\html\
       copy doc\html\plugins\*.* dist\3proxy\doc\html\plugins\
       copy doc\html\man8\*.* dist\3proxy\doc\html\man8\
       copy doc\html\man3\*.* dist\3proxy\doc\html\man3\
       copy doc\devel\*.rtf dist\3proxy\doc\devel\
       copy copying dist\3proxy\
       copy authors dist\3proxy\
       copy README dist\3proxy\
       copy rus.3ps dist\3proxy\
    - name: Get artifact
      uses: actions/upload-artifact@v4
      with:
       name: "3proxy-${{ env.RELEASE }}-arm64"
       path: dist/
--- a/.github/workflows/c-cpp-Linux.yml
+++ b/.github/workflows/c-cpp-Linux.yml
@ -0,0 +1,34 @@
 name: C/C++ CI Linux
 on:
  push:
    branches: [ "master" ]
    paths: [ '**.c', '**.h', 'Makefile.Linux', '.github/configs', '.github/workflows/c-cpp-Linux.yml' ]
  pull_request:
    branches: [ "master" ]
    paths: [ '**.c', '**.h', 'Makefile.Linux', '.github/configs', '.github/workflows/c-cpp-Linux.yml' ]
 jobs:
  ci:
    name: "${{ matrix.target }}"
    strategy:
      matrix:
        target:
          - ubuntu-latest
          - ubuntu-24.04-arm
    runs-on: ${{ matrix.target }}
    steps:
    - uses: actions/checkout@v5
 #    - name: configure
 #      run: ./configure
    - name: Linux libraries
      if: ${{ startsWith(matrix.target, 'ubuntu') }}
      run: sudo apt install libssl-dev libpam-dev libpcre2-dev
    - name: make
      run: make -f Makefile.Linux
    - name: mkdir
      run: mkdir ~/3proxy
    - name: make install
      run: make -f Makefile.Linux DESTDIR=~/3proxy install
    - name: make clean Linux
      run: make -f Makefile.Linux clean
--- a/.github/workflows/c-cpp-MacOS.yml
+++ b/.github/workflows/c-cpp-MacOS.yml
@ -0,0 +1,31 @@
 name: C/C++ CI MacOS
 on:
  push:
    branches: [ "master" ]
    paths: [ '**.c', '**.h', 'Makefile.FreeBSD', '.github/configs', '.github/workflows/c-cpp-MacOS.yml' ]
  pull_request:
    branches: [ "master" ]
    paths: [ '**.c', '**.h', 'Makefile.FreeBSD', '.github/configs', '.github/workflows/c-cpp-MacOS.yml' ]
 jobs:
  ci:
    name: "${{ matrix.target }}"
    strategy:
      matrix:
        target:
          - macos-15
    runs-on: ${{ matrix.target }}
    steps:
    - uses: actions/checkout@v5
 #    - name: configure
 #      run: ./configure
    - name: Mac libraries
      run: brew install pcre2
    - name: make MacOS
      run: make -f Makefile.FreeBSD
      env:
       LDFLAGS: "-L/usr/local/lib -L/opt/homebrew/lib -L/opt/homebrew/opt/openssl/lib"
       CFLAGS: "-I/usr/local/include -I/opt/homebrew/include -I/usr/local/opt/openssl/include -I/opt/homebrew/opt/openssl/include"
    - name: make clean MacOS
      run: make -f Makefile.FreeBSD clean
--- a/.github/workflows/c-cpp-Windows.yml
+++ b/.github/workflows/c-cpp-Windows.yml
@ -0,0 +1,41 @@
 name: C/C++ CI Windows
 on:
  push:
    branches: [ "master" ]
    paths: [ '**.c', '**.h', 'Makefile.msvc', '.github/configs', '.github/workflows/c-cpp-Windows.yml' ]
  pull_request:
    branches: [ "master" ]
    paths: [ '**.c', '**.h', 'Makefile.msvc', '.github/configs', '.github/workflows/c-cpp-Windows.yml' ]
 jobs:
  ci:
    name: "${{ matrix.target }}"
    strategy:
      matrix:
        target:
          - windows-2022
    runs-on: ${{ matrix.target }}
    steps:
    - uses: actions/checkout@v5
    - name: install Windows libraries
      run: vcpkg install pcre2:x64-windows && c:\msys64\usr\bin\pacman.exe -S --noconfirm mingw-w64-x86_64-pcre2 mingw-w64-x86_64-openssl
    - name: make Windows
      run: make -f Makefile.win
      env:
       LDFLAGS: '-L "c:/msys64/mingw64/lib"'
       CFLAGS: '-I "c:/msys64/mingw64/include"'
    - name: make clean Windows
      run: make -f Makefile.win clean
    - name: Add msbuild to PATH
      uses: microsoft/setup-msbuild@v3
    - name: make Windows MSVC
      shell: cmd
      run: |
       call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
       D:
       cd "D:/a/3proxy/3proxy"
       set "LIB=%LIB%;c:/program files/openssl/lib/VC/x64/MT;c:/vcpkg/installed/x64-windows/lib"
       set "INCLUDE=%INCLUDE%;c:/program files/openssl/include;c:/vcpkg/installed/x64-windows/include"
       nmake /F Makefile.msvc
       nmake /F Makefile.msvc clean
--- a/.github/workflows/c-cpp-cmake.yml
+++ b/.github/workflows/c-cpp-cmake.yml
@ -0,0 +1,57 @@
 name: C/C++ CI cmake
 on:
  push:
    branches: [ "master" ]
    paths: [ '**.c', '**.h', '**.cmake', 'CMakeLists.txt', '.github/configs', '.github/workflows/c-cpp-cmake.yml' ]
  pull_request:
    branches: [ "master" ]
    paths: [ '**.c', '**.h', '**.cmake', 'CMakeLists.txt', '.github/configs', '.github/workflows/c-cpp-cmake.yml' ]
 jobs:
  ci:
    name: "${{ matrix.target }}"
    strategy:
      matrix:
        target:
          - ubuntu-latest
          - ubuntu-24.04-arm
          - macos-15
          - windows-2022
    runs-on: ${{ matrix.target }}
    steps:
    - uses: actions/checkout@v5
 #    - name: configure
 #      run: ./configure
    - name: Linux libraries
      if: ${{ startsWith(matrix.target, 'ubuntu') }}
      run: sudo apt install libssl-dev libpam-dev libpcre2-dev
    - name: Mac libraries
      if: ${{ startsWith(matrix.target, 'macos') }}
      run: brew install pcre2
    - name: install Windows libraries
      if: ${{ startsWith(matrix.target, 'windows') }}
      run: vcpkg install pcre2:x64-windows 
    - name: make with CMake POSIX
      if: ${{ ! startsWith(matrix.target, 'windows') }}
      run: |
       mkdir build
       cd build
       cmake ..
       cmake --build .
       mkdir ~/3proxy
       DESTDIR=~/3proxy cmake --install .
       cd .. && rm -rf build/
    - name: make with CMake Win
      if: ${{ startsWith(matrix.target, 'windows') }}
      shell: cmd
      run: |
       mkdir build
       cd build
       set "LIB=%LIB%;c:/program files/openssl/lib/VC/x64/MT;c:/vcpkg/installed/x64-windows/lib"
       set "INCLUDE=%INCLUDE%;c:/program files/openssl/include;c:/vcpkg/installed/x64-windows/include"
       cmake ..
       dir
       cmake --build .
       cd ..
       rmdir /s /q build
--- a/.gitignore
+++ b/.gitignore
@ -52,8 +52,6 @@ src/mycrypt
 src/dighosts
 *.ld.so
 *.dSYM
 doc/html/man3/
 doc/html/man8/
 *.var
 verfile.sh
 /Makefile
@ -259,3 +257,4 @@ pip-log.txt
 #Mr Developer
 .mr.developer.cfg
 CLAUDE.md
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -0,0 +1,660 @@
 #
 # 3proxy CMake build system
 #
 cmake_minimum_required(VERSION 3.16)
 # Read version from RELEASE file
 file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/RELEASE" PROJECT_VERSION LIMIT_COUNT 1)
 project(3proxy
    VERSION ${PROJECT_VERSION}
    LANGUAGES C
    DESCRIPTION "3proxy - tiny free proxy server"
 )
 # Include GNUInstallDirs for standard installation directories
 include(GNUInstallDirs)
 # Add cmake module path
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
 # Detect compiler
 if(CMAKE_C_COMPILER_ID STREQUAL "Clang" OR CMAKE_C_COMPILER_ID STREQUAL "AppleClang")
    set(COMPILER_IS_CLANG TRUE)
    if(WIN32 AND CMAKE_C_COMPILER_FRONTEND_VARIANT STREQUAL "MSVC")
        set(COMPILER_IS_CLANG_CL TRUE)
    else()
        set(COMPILER_IS_CLANG_CL FALSE)
    endif()
 else()
    set(COMPILER_IS_CLANG FALSE)
    set(COMPILER_IS_CLANG_CL FALSE)
 endif()
 if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
    set(COMPILER_IS_GCC TRUE)
 else()
    set(COMPILER_IS_GCC FALSE)
 endif()
 if(MSVC AND NOT COMPILER_IS_CLANG_CL)
    set(COMPILER_IS_MSVC TRUE)
 else()
    set(COMPILER_IS_MSVC FALSE)
 endif()
 # Options
 option(3PROXY_BUILD_SHARED "Build shared libraries for plugins" ON)
 option(3PROXY_USE_OPENSSL "Enable OpenSSL/SSLPlugin" ON)
 option(3PROXY_USE_PCRE2 "Enable PCRE2/PCREPlugin" ON)
 option(3PROXY_USE_PAM "Enable PAM/PamAuth" ON)
 option(3PROXY_USE_ODBC "Enable ODBC support (Unix only, always ON on Windows)" OFF)
 option(3PROXY_USE_SPLICE "Use Linux splice() for zero-copy (Linux only)" ON)
 option(3PROXY_USE_POLL "Use poll() instead of select() (Unix only)" ON)
 option(3PROXY_USE_WSAPOLL "Use WSAPoll instead of select() (Windows only)" ON)
 option(3PROXY_USE_NETFILTER "Enable Linux netfilter support (Linux only)" ON)
 # Output directory
 set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
 # Find threads library (cross-platform pthread equivalent)
 find_package(Threads REQUIRED)
 # Set default build type if not specified
 if(NOT CMAKE_BUILD_TYPE)
    set(CMAKE_BUILD_TYPE Release CACHE STRING "Build type" FORCE)
 endif()
 # Platform-independent position independent code for shared libraries
 set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 # Platform detection and configuration
 if(WIN32)
    # Windows-specific configuration
    add_compile_definitions(
        WIN32
        _WIN32
        _MBCS
        _CONSOLE
    )
    if(COMPILER_IS_MSVC)
        # MSVC-specific settings
        add_compile_definitions(
            MSVC
            WITH_SSL
        )
        # Use static runtime library
        set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
        # MSVC compiler options
        add_compile_options(
            /W3           # Warning level 3
            /GS           # Buffer security check
            /GA           # Optimize for Windows applications
            /GF           # Enable string pooling
        )
        # Optimization flags per build type
        set(CMAKE_C_FLAGS_RELEASE "/O2")
    elseif(COMPILER_IS_CLANG_CL)
        # clang-cl (Clang with MSVC frontend)
        add_compile_definitions(
            MSVC
            WITH_SSL
        )
        set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
        add_compile_options(
            -W3
            -fno-strict-aliasing
        )
    elseif(COMPILER_IS_CLANG OR COMPILER_IS_GCC)
        # Clang or GCC on Windows (MinGW-like)
        add_compile_definitions(WITH_STD_MALLOC)
        add_compile_options(-fno-strict-aliasing)
    elseif(WATCOM)
        # OpenWatcom-specific flags
        add_compile_definitions(
            WATCOM
            MSVC
            NOIPV6
            NODEBUG
            NORADIUS
        )
    endif()
    # Windows libraries
    set(WINDOWS_LIBS ws2_32 advapi32 user32 kernel32 gdi32 crypt32)
    # Windows plugins (always built)
    set(DEFAULT_PLUGINS
        utf8tocp1251
        WindowsAuthentication
        TrafficPlugin
        StringsPlugin
        FilePlugin
    )
 elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
    # Linux-specific configuration
    add_compile_definitions(
        _GNU_SOURCE
        GETHOSTBYNAME_R
        _THREAD_SAFE
        _REENTRANT
    )
    if(COMPILER_IS_CLANG OR COMPILER_IS_GCC)
        # Clang/GCC on Linux
        add_compile_options(-fno-strict-aliasing)
    endif()
    if(3PROXY_USE_SPLICE)
        add_compile_definitions(WITHSPLICE)
    endif()
    if(3PROXY_USE_NETFILTER)
        add_compile_definitions(WITH_NETFILTER)
    endif()
    set(DEFAULT_PLUGINS
        StringsPlugin
        TrafficPlugin
        TransparentPlugin
    )
 elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD|Darwin|OpenBSD|NetBSD")
    # BSD/macOS-specific configuration
    if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
        # macOS-specific
        add_compile_definitions(_DARWIN_UNLIMITED_SELECT)
    endif()
    if(COMPILER_IS_CLANG OR COMPILER_IS_GCC)
        add_compile_options(-fno-strict-aliasing)
    endif()
    set(DEFAULT_PLUGINS
        StringsPlugin
        TrafficPlugin
        TransparentPlugin
    )
 else()
    # Generic Unix configuration
    if(COMPILER_IS_CLANG OR COMPILER_IS_GCC)
        add_compile_options(-fno-strict-aliasing)
    endif()
    set(DEFAULT_PLUGINS
        StringsPlugin
        TrafficPlugin
        TransparentPlugin
    )
 endif()
 # Common definitions
 if(WIN32)
    # Windows: use WSAPOLL
    if(3PROXY_USE_WSAPOLL)
        add_compile_definitions(WITH_WSAPOLL)
    else()
        add_compile_definitions(FD_SETSIZE=4096)
    endif()
 else()
    # Unix: use poll
    if(3PROXY_USE_POLL)
        add_compile_definitions(WITH_POLL)
    else()
        add_compile_definitions(FD_SETSIZE=4096)
    endif()
 endif()
 # Find dependencies
 # OpenSSL
 set(OPENSSL_FOUND FALSE)
 if(3PROXY_USE_OPENSSL)
    find_package(OpenSSL QUIET)
    if(OpenSSL_FOUND)
        set(OPENSSL_FOUND TRUE)
        add_compile_definitions(WITH_SSL)
        message(STATUS "OpenSSL found: ${OPENSSL_VERSION}")
    else()
        message(STATUS "OpenSSL not found, SSLPlugin will not be built")
    endif()
 endif()
 # PCRE2
 set(PCRE2_FOUND FALSE)
 if(3PROXY_USE_PCRE2)
    find_package(PCRE2 QUIET)
    if(PCRE2_FOUND)
        message(STATUS "PCRE2 found: ${PCRE2_VERSION}")
    else()
        message(STATUS "PCRE2 not found, PCREPlugin will not be built")
    endif()
 endif()
 # PAM (Unix only)
 set(PAM_FOUND FALSE)
 if(3PROXY_USE_PAM AND NOT WIN32)
    find_package(PAM QUIET)
    if(PAM_FOUND)
        message(STATUS "PAM found")
    else()
        message(STATUS "PAM not found, PamAuth will not be built")
    endif()
 endif()
 # ODBC (always enabled on Windows)
 set(ODBC_FOUND FALSE)
 if(WIN32 OR 3PROXY_USE_ODBC)
    find_package(ODBC QUIET)
    if(ODBC_FOUND)
        message(STATUS "ODBC found")
    else()
        message(STATUS "ODBC not found, building without ODBC support")
    endif()
 endif()
 # Set NOODBC if ODBC is not found
 if(NOT ODBC_FOUND)
    add_compile_definitions(NOODBC)
 endif()
 # Source files for 3proxy core
 set(3PROXY_CORE_SOURCES
    src/3proxy.c
    src/auth.c
    src/authradius.c
    src/conf.c
    src/datatypes.c
    src/plugins.c
    src/stringtable.c
 )
 # MD4/MD5 sources for mycrypt
 set(MD_SOURCES
    src/libs/md4.c
    src/libs/md5.c
 )
 # ============================================================================
 # Object libraries for common sources (shared between executables)
 # ============================================================================
 # Common object library (sockmap, sockgetchar, common, log)
 add_library(common_obj OBJECT
    src/sockmap.c
    src/sockgetchar.c
    src/common.c
    src/log.c
 )
 target_include_directories(common_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
 # base64 object library
 add_library(base64_obj OBJECT src/base64.c)
 target_include_directories(base64_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
 # ============================================================================
 # Object libraries for 3proxy (compiled WITHOUT WITHMAIN)
 # These are used by the main 3proxy executable
 # ============================================================================
 # Server modules object library (without WITHMAIN)
 add_library(srv_modules OBJECT
    src/proxy.c
    src/pop3p.c
    src/smtpp.c
    src/ftppr.c
    src/tcppm.c
    src/tlspr.c
    src/auto.c
    src/socks.c
    src/webadmin.c
    src/udppm.c
    src/dnspr.c
 )
 target_include_directories(srv_modules PRIVATE
    ${CMAKE_CURRENT_SOURCE_DIR}/src
 )
 # mainfunc object (proxymain.c compiled with MODULEMAINFUNC=mainfunc for 3proxy)
 add_library(mainfunc OBJECT src/proxymain.c)
 target_include_directories(mainfunc PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
 target_compile_definitions(mainfunc PRIVATE MODULEMAINFUNC=mainfunc)
 # ftp object (used only by 3proxy and ftppr)
 add_library(ftp_obj OBJECT src/ftp.c)
 target_include_directories(ftp_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
 # mycrypt object for 3proxy (without WITHMAIN)
 add_library(mycrypt_obj OBJECT src/mycrypt.c)
 target_include_directories(mycrypt_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
 # ============================================================================
 # Main 3proxy executable
 # Uses srv_* object files (without WITHMAIN)
 # ============================================================================
 add_executable(3proxy
    ${3PROXY_CORE_SOURCES}
    ${MD_SOURCES}
    $<TARGET_OBJECTS:srv_modules>
    $<TARGET_OBJECTS:mainfunc>
    $<TARGET_OBJECTS:common_obj>
    $<TARGET_OBJECTS:base64_obj>
    $<TARGET_OBJECTS:ftp_obj>
    $<TARGET_OBJECTS:mycrypt_obj>
 )
 target_include_directories(3proxy PRIVATE
    ${CMAKE_CURRENT_SOURCE_DIR}/src
    ${CMAKE_CURRENT_SOURCE_DIR}/src/libs
 )
 target_link_libraries(3proxy PRIVATE Threads::Threads)
 if(ODBC_FOUND)
    if(TARGET ODBC::ODBC)
        target_link_libraries(3proxy PRIVATE ODBC::ODBC)
    else()
        target_link_libraries(3proxy PRIVATE ${ODBC_LIBRARIES})
    endif()
 endif()
 if(WIN32)
    target_link_libraries(3proxy PRIVATE ${WINDOWS_LIBS})
    if(OpenSSL_FOUND)
        target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
    endif()
    if(COMPILER_IS_MSVC AND EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/3proxy.rc)
        target_sources(3proxy PRIVATE 3proxy.rc)
    endif()
 elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
    target_link_libraries(3proxy PRIVATE dl)
    if(OpenSSL_FOUND)
        target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
    endif()
 endif()
 # Build mycrypt utility
 add_executable(mycrypt
    src/mycrypt.c
    ${MD_SOURCES}
    $<TARGET_OBJECTS:base64_obj>
 )
 target_compile_definitions(mycrypt PRIVATE WITHMAIN)
 target_include_directories(mycrypt PRIVATE
    ${CMAKE_CURRENT_SOURCE_DIR}/src
    ${CMAKE_CURRENT_SOURCE_DIR}/src/libs
 )
 target_link_libraries(mycrypt PRIVATE Threads::Threads)
 # Build standalone proxy executables
 foreach(PROXY_NAME proxy socks pop3p smtpp ftppr tcppm udppm tlspr)
    if(PROXY_NAME STREQUAL "ftppr" OR PROXY_NAME STREQUAL "proxy")
        # ftppr and proxy use ftp_obj
        add_executable(${PROXY_NAME}
            src/${PROXY_NAME}.c
            $<TARGET_OBJECTS:common_obj>
            $<TARGET_OBJECTS:ftp_obj>
        )
    else()
        add_executable(${PROXY_NAME}
            src/${PROXY_NAME}.c
            $<TARGET_OBJECTS:common_obj>
        )
    endif()
    target_include_directories(${PROXY_NAME} PRIVATE
        ${CMAKE_CURRENT_SOURCE_DIR}/src
    )
    target_compile_definitions(${PROXY_NAME} PRIVATE
        WITHMAIN
        NOPORTMAP
    )
    target_link_libraries(${PROXY_NAME} PRIVATE Threads::Threads)
    if(PROXY_NAME STREQUAL "proxy")
        target_compile_definitions(${PROXY_NAME} PRIVATE ANONYMOUS)
    endif()
    if(PROXY_NAME STREQUAL "tcppm" OR PROXY_NAME STREQUAL "udppm" OR PROXY_NAME STREQUAL "tlspr")
        target_compile_definitions(${PROXY_NAME} PRIVATE PORTMAP)
    endif()
    if(WIN32)
        target_link_libraries(${PROXY_NAME} PRIVATE ${WINDOWS_LIBS})
    endif()
    if(PROXY_NAME STREQUAL "proxy" OR PROXY_NAME STREQUAL "smtpp")
        target_sources(${PROXY_NAME} PRIVATE $<TARGET_OBJECTS:base64_obj>)
    endif()
 endforeach()
 # Plugin output directory
 set(PLUGIN_OUTPUT_DIR ${CMAKE_RUNTIME_OUTPUT_DIRECTORY})
 if(WIN32)
    set(PLUGIN_SUFFIX ".dll")
 else()
    set(PLUGIN_SUFFIX ".ld.so")
 endif()
 # Include plugin definitions
 include(cmake/plugins.cmake)
 # Build plugins
 foreach(PLUGIN ${DEFAULT_PLUGINS})
    add_subdirectory(src/plugins/${PLUGIN})
 endforeach()
 if(OPENSSL_FOUND)
    add_subdirectory(src/plugins/SSLPlugin)
 endif()
 if(PCRE2_FOUND)
    add_subdirectory(src/plugins/PCREPlugin)
 endif()
 if(PAM_FOUND)
    add_subdirectory(src/plugins/PamAuth)
 endif()
 # Build full list of plugins to be built
 set(ALL_PLUGINS ${DEFAULT_PLUGINS})
 if(OPENSSL_FOUND)
    list(APPEND ALL_PLUGINS SSLPlugin)
 endif()
 if(PCRE2_FOUND)
    list(APPEND ALL_PLUGINS PCREPlugin)
 endif()
 if(PAM_FOUND)
    list(APPEND ALL_PLUGINS PamAuth)
 endif()
 # Installation rules
 install(TARGETS 3proxy mycrypt proxy socks pop3p smtpp ftppr tcppm udppm tlspr
    RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
 )
 # Install plugins
 if(WIN32)
    install(FILES
        ${PLUGIN_OUTPUT_DIR}/utf8tocp1251${PLUGIN_SUFFIX}
        ${PLUGIN_OUTPUT_DIR}/WindowsAuthentication${PLUGIN_SUFFIX}
        ${PLUGIN_OUTPUT_DIR}/TrafficPlugin${PLUGIN_SUFFIX}
        ${PLUGIN_OUTPUT_DIR}/StringsPlugin${PLUGIN_SUFFIX}
        DESTINATION ${CMAKE_INSTALL_BINDIR}
    )
 else()
    install(FILES
        ${PLUGIN_OUTPUT_DIR}/StringsPlugin${PLUGIN_SUFFIX}
        ${PLUGIN_OUTPUT_DIR}/TrafficPlugin${PLUGIN_SUFFIX}
        ${PLUGIN_OUTPUT_DIR}/TransparentPlugin${PLUGIN_SUFFIX}
        DESTINATION ${CMAKE_INSTALL_LIBDIR}/3proxy
    )
 endif()
 # Install configuration files
 if(NOT WIN32)
    install(FILES scripts/3proxy.cfg DESTINATION /etc/3proxy)
    install(FILES scripts/add3proxyuser.sh DESTINATION ${CMAKE_INSTALL_BINDIR})
 endif()
 # Install service files (systemd, launchd, init.d, or rc.d)
 if(NOT WIN32)
    if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
        # macOS - install launchd plist
        configure_file(
            ${CMAKE_CURRENT_SOURCE_DIR}/scripts/org.3proxy.3proxy.plist.in
            ${CMAKE_CURRENT_BINARY_DIR}/org.3proxy.3proxy.plist
            @ONLY
        )
        install(FILES ${CMAKE_CURRENT_BINARY_DIR}/org.3proxy.3proxy.plist
            DESTINATION /Library/LaunchDaemons
        )
        message(STATUS "  launchd: YES (/Library/LaunchDaemons)")
    elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD|OpenBSD|NetBSD")
        # BSD - install rc.d script
        set(RCD_DIR "/usr/local/etc/rc.d")
        configure_file(
            ${CMAKE_CURRENT_SOURCE_DIR}/scripts/rc.d/3proxy.in
            ${CMAKE_CURRENT_BINARY_DIR}/3proxy.rc
            @ONLY
        )
        install(FILES ${CMAKE_CURRENT_BINARY_DIR}/3proxy.rc
            DESTINATION ${RCD_DIR}
            RENAME 3proxy
            PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
        )
        message(STATUS "  rc.d: YES (${RCD_DIR})")
    elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
        # Linux - check for systemd
        find_package(PkgConfig QUIET)
        if(PkgConfig_FOUND)
            pkg_check_modules(SYSTEMD QUIET systemd)
        endif()
        if(SYSTEMD_FOUND)
            # systemd is available - install systemd service
            # Get systemd unit directory
            pkg_get_variable(SYSTEMD_UNIT_DIR systemd systemdsystemunitdir)
            if(NOT SYSTEMD_UNIT_DIR)
                # Fallback to common location
                set(SYSTEMD_UNIT_DIR "/lib/systemd/system")
            endif()
            # Configure and install systemd service file
            configure_file(
                ${CMAKE_CURRENT_SOURCE_DIR}/scripts/3proxy.service.in
                ${CMAKE_CURRENT_BINARY_DIR}/3proxy.service
                @ONLY
            )
            install(FILES ${CMAKE_CURRENT_BINARY_DIR}/3proxy.service
                DESTINATION ${SYSTEMD_UNIT_DIR}
            )
            # Install tmpfiles.d configuration for runtime directory
            configure_file(
                ${CMAKE_CURRENT_SOURCE_DIR}/scripts/3proxy.tmpfiles.in
                ${CMAKE_CURRENT_BINARY_DIR}/3proxy.conf
                @ONLY
            )
            install(FILES ${CMAKE_CURRENT_BINARY_DIR}/3proxy.conf
                DESTINATION /usr/lib/tmpfiles.d
            )
            message(STATUS "  systemd: YES (${SYSTEMD_UNIT_DIR})")
        else()
            # No systemd - install init.d script
            configure_file(
                ${CMAKE_CURRENT_SOURCE_DIR}/scripts/init.d/3proxy.in
                ${CMAKE_CURRENT_BINARY_DIR}/3proxy.init
                @ONLY
            )
            install(FILES ${CMAKE_CURRENT_BINARY_DIR}/3proxy.init
                DESTINATION /etc/init.d
                RENAME 3proxy
                PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
            )
            message(STATUS "  systemd: NO (using init.d)")
        endif()
    else()
        # Other Unix - install init.d script
        configure_file(
            ${CMAKE_CURRENT_SOURCE_DIR}/scripts/init.d/3proxy.in
            ${CMAKE_CURRENT_BINARY_DIR}/3proxy.init
            @ONLY
        )
        install(FILES ${CMAKE_CURRENT_BINARY_DIR}/3proxy.init
            DESTINATION /etc/init.d
            RENAME 3proxy
            PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
        )
        message(STATUS "  init.d: YES (/etc/init.d)")
    endif()
    # Create proxy user and group during installation
    install(FILES scripts/postinstall.sh
        DESTINATION ${CMAKE_INSTALL_BINDIR}
        PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
    )
    install(CODE "
        execute_process(
            COMMAND ${CMAKE_INSTALL_FULL_BINDIR}/postinstall.sh
            RESULT_VARIABLE POSTINSTALL_RESULT
        )
    ")
 endif()
 # Install man pages
 if(NOT WIN32)
    file(GLOB MAN3_FILES "${CMAKE_CURRENT_SOURCE_DIR}/man/*.3")
    file(GLOB MAN8_FILES "${CMAKE_CURRENT_SOURCE_DIR}/man/*.8")
    install(FILES ${MAN3_FILES} DESTINATION ${CMAKE_INSTALL_MANDIR}/man3)
    install(FILES ${MAN8_FILES} DESTINATION ${CMAKE_INSTALL_MANDIR}/man8)
 endif()
 # Summary
 message(STATUS "")
 message(STATUS "3proxy configuration summary:")
 message(STATUS "  Version: ${PROJECT_VERSION}")
 message(STATUS "  Platform: ${CMAKE_SYSTEM_NAME}")
 message(STATUS "  Compiler: ${CMAKE_C_COMPILER_ID} ${CMAKE_C_COMPILER_VERSION}")
 message(STATUS "  Build type: ${CMAKE_BUILD_TYPE}")
 message(STATUS "")
 message(STATUS "  Options:")
 message(STATUS "    BUILD_SHARED:    ${3PROXY_BUILD_SHARED}")
 message(STATUS "    USE_OPENSSL:     ${3PROXY_USE_OPENSSL}")
 message(STATUS "    USE_PCRE2:       ${3PROXY_USE_PCRE2}")
 message(STATUS "    USE_PAM:         ${3PROXY_USE_PAM}")
 message(STATUS "    USE_ODBC:        ${3PROXY_USE_ODBC}")
 message(STATUS "    USE_POLL:        ${3PROXY_USE_POLL}")
 if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
    message(STATUS "    USE_SPLICE:      ${3PROXY_USE_SPLICE}")
    message(STATUS "    USE_NETFILTER:   ${3PROXY_USE_NETFILTER}")
 endif()
 if(WIN32)
    message(STATUS "    USE_WSAPOLL:     ${3PROXY_USE_WSAPOLL}")
 endif()
 message(STATUS "")
 message(STATUS "  Libraries found:")
 message(STATUS "    OpenSSL: ${OPENSSL_FOUND}")
 message(STATUS "    PCRE2:   ${PCRE2_FOUND}")
 message(STATUS "    PAM:     ${PAM_FOUND}")
 message(STATUS "    ODBC:    ${ODBC_FOUND}")
 message(STATUS "")
 message(STATUS "  Plugins to build: ${ALL_PLUGINS}")
 message(STATUS "")
--- a/Dockerfile.full
+++ b/Dockerfile.full
@ -1,4 +1,4 @@
-# 3proxy.full is fully functional 3proxy build based on busibox:glibc
+# 3proxy.full is fully functional 3proxy build based on busybox:glibc
 #
 #to  build:
 # docker build -f Dockerfile.full -t 3proxy.full .
@ -13,8 +13,11 @@
 # docker run -p 3129:3129 -v /path/to/local/config/directory:/usr/local/3proxy/conf -name 3proxy.full 3proxy.full
 #
 # /path/to/local/config/directory in this example must conrain 3proxy.cfg
-# if you need 3proxy to be executed without chroot with root permissions, replace /etc/3proxy/3proxy.cfg by e.g. mounting config
+# if you need 3proxy to be executed without chroot with root permissions
 # replace /etc/3proxy/3proxy.cfg by e.g. mounting config
 # dir to /etc/3proxy ot by providing config file /etc/3proxy/3proxy.cfg
 # some plugins like SSLPLugin / pamauth also conflict with chroot and must
 # be started prior to chroot.
 # docker run -p 3129:3129 -v /path/to/local/config/directory:/etc/3proxy -name 3proxy.full 3proxy.full
 #
 # use "log" without pathname in config to log to stdout.
@ -24,9 +27,7 @@
 FROM gcc AS buildenv
 COPY . 3proxy
 RUN cd 3proxy &&\
- echo "">> Makefile.Linux &&\
+ apt update && apt install libssl-dev libpam-dev libpcre2-dev &&\
 echo PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin SSLPlugin>>Makefile.Linux &&\
 echo LIBS = -l:libcrypto.a -l:libssl.a -ldl >>Makefile.Linux &&\
 make -f Makefile.Linux &&\
 strip bin/3proxy &&\
 strip bin/StringsPlugin.ld.so &&\
--- a/Makefile.FreeBSD
+++ b/Makefile.FreeBSD
@ -7,16 +7,16 @@
 BUILDDIR = ../bin/
 CC ?= cc
-CFLAGS += -c -fno-strict-aliasing -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
+CFLAGS := -c -fno-strict-aliasing -DNOODBC  -DFD_SETSIZE=4096 -DWITH_POLL $(CFLAGS)
 COUT = -o 
 LN ?= ${CC}
 LDFLAGS += -pthread -fno-strict-aliasing 
 # -lpthreads may be reuiured on some platforms instead of -pthreads
 # -ldl or -lld may be required for some platforms
-DCFLAGS = -fPIC
+DCFLAGS ?= -fPIC
-DLFLAGS = -shared
+DLFLAGS ?= -shared
 DLSUFFICS = .so
-LIBS =
+LIBS ?=
 LIBSPREFIX = -l
 LIBSSUFFIX = 
 LNOUT = -o 
@ -29,7 +29,20 @@ AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Mak
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.FreeBSD
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin PamAuth TransparentPlugin
+PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin
 OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
    LIBS += -l crypto -l ssl
    PLUGINS += SSLPlugin
 endif
 PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
    PLUGINS += PamAuth
 endif
 PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
    PLUGINS += PCREPlugin
 endif
 include Makefile.inc
@ -37,6 +50,7 @@ install: all
 	if [ ! -d "/usr/local/3proxy/bin" ]; then mkdir -p /usr/local/3proxy/bin/; fi
 	install bin/3proxy /usr/local/3proxy/bin/3proxy
 	install bin/mycrypt /usr/local/3proxy/bin/mycrypt
 	install scripts/rc.d/3proxy /usr/local/etc/rc.d/3proxy
 	install scripts/add3proxyuser.sh /usr/local/3proxy/bin/
 	if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then /usr/local/3proxy/3proxy.cfg already exists ; else install scripts/3proxy.cfg /usr/local/etc/3proxy/; fi
 	if [ ! -d /var/log/3proxy/ ]; then mkdir /var/log/3proxy/; fi
--- a/Makefile.Linux
+++ b/Makefile.Linux
@ -1,21 +1,18 @@
 #
 # 3 proxy Makefile for GCC/Linux/Cygwin
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # remove -DNOODBC from CFLAGS and add -lodbc to LIBS to compile with ODBC
 # library support. Add -DSAFESQL for poorely written ODBC library / drivers.
 BUILDDIR = ../bin/
-CC = gcc
+CC ?= gcc
-CFLAGS = -g  -fPIC -O2 -fno-strict-aliasing -c -pthread -DWITHSPLICE -D_GNU_SOURCE -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER
+CFLAGS := -g  -fPIC -O2 -fno-strict-aliasing -c -pthread -DWITHSPLICE -D_GNU_SOURCE -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC  -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER $(CFLAGS)
 COUT = -o 
-LN = $(CC)
+LN ?= ${CC}
-DCFLAGS = 
+DCFLAGS ?= 
-LDFLAGS = -fPIC -O2 -fno-strict-aliasing -pthread
+LDFLAGS := -fPIC -O2 -fno-strict-aliasing -pthread $(LDFLAGS)
-DLFLAGS = -shared
+DLFLAGS ?= -shared
 DLSUFFICS = .ld.so
 # -lpthreads may be reuqired on some platforms instead of -pthreads
 LIBSPREFIX = -l
@ -33,10 +30,22 @@ MAKEFILE = Makefile.Linux
 # PamAuth requires libpam, you may require pam-devel package to be installed
 # SSLPlugin requires  -lcrypto -lssl
 #LIBS = -lcrypto -lssl -ldl 
-LIBS = -ldl 
+LIBS ?= -ldl 
 #PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
+PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin
-
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
    LIBS += -l crypto -l ssl
    PLUGINS += SSLPlugin
 endif
 PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
    PLUGINS += PCREPlugin
 endif
 PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
    PLUGINS += PamAuth
 endif
 include Makefile.inc
 allplugins:
@ -63,8 +72,8 @@ INSTALL_OBJS	= bin/3proxy \
 INSTALL_CFG	 = scripts/3proxy.cfg.chroot
-INSTALL_CFG_OBJS = scripts/3proxy.cfg \
+INSTALL_CFG_INCHROOT = scripts/3proxy.cfg.inchroot
-		   scripts/add3proxyuser.sh
+INSTALL_CFG_OBJS = scripts/add3proxyuser.sh
 INSTALL_CFG_OBJS2 = counters bandlimiters
@ -90,7 +99,6 @@ install-bin:
 	$(INSTALL_BIN) -d $(BINDIR)
 	$(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR)
 	$(INSTALL_BIN) -s bin/*.ld.so $(CHROOTDIR)/libexec
 	chmod -R a-w $(CHROOTDIR)/libexec
 install-etc-dir:
 	$(INSTALL_BIN) -d $(ETCDIR)
@ -103,11 +111,12 @@ install-chroot-dir:
 	$(INSTALL_BIN) -d $(CHROOTDIR)/libexec
 	chmod -R o-rwx $(CHROOTDIR)
-install-etc-default-config:
+install-etc-default-config: install-chroot-dir
 	if [ ! -d $(INSTALL_CFG_DEST) ]; then \
 	   ln -s $(CHROOTREL)/conf $(INSTALL_CFG_DEST); \
 	   $(INSTALL_BIN) $(INSTALL_CFG) $(ETCDIR)/3proxy.cfg; \
 	   $(INSTALL_BIN) $(INSTALL_CFG_OBJS) $(INSTALL_CFG_DEST); \
 	   $(INSTALL_BIN) $(INSTALL_CFG_INCHROOT) $(INSTALL_CFG_DEST)/3proxy.cfg; \
 	fi
 install-etc: install-etc-dir install-etc-default-config
--- a/Makefile.Solaris
+++ b/Makefile.Solaris
@ -1,15 +1,13 @@
 #
 # 3 proxy Makefile for Solaris/SunCC
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
 # library support. Add -DSAFESQL for poorely written ODBC library / drivers.
 BUILDDIR = ../bin/
 CC = cc
-CFLAGS = -xO3 -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
+CFLAGS = -xO3 -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC  -DFD_SETSIZE=4096 -DWITH_POLL
 COUT = -o ./
 LN = $(CC)
 LDFLAGS = -xO3
@ -29,7 +27,7 @@ AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Mak
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.Solaris
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
+PLUGINS = StringsPlugin TrafficPlugin
 include Makefile.inc
--- a/Makefile.Solaris-gcc
+++ b/Makefile.Solaris-gcc
@ -1,8 +1,6 @@
 #
 # 3 proxy Makefile for Solaris/gcc
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
 # library support. Add -DSAFESQL for poorely written ODBC library / drivers.
@ -10,7 +8,7 @@
 BUILDDIR = ../bin/
 CC = gcc
-CFLAGS = -O2 -fno-strict-aliasing -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
+CFLAGS = -O2 -fno-strict-aliasing -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC  -DFD_SETSIZE=4096 -DWITH_POLL
 COUT = -o ./
 LN = $(CC)
 LDFLAGS = -O3
@ -30,7 +28,7 @@ AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Mak
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.Solaris-gcc
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin
+PLUGINS = StringsPlugin TrafficPlugin
 include Makefile.inc
--- a/Makefile.debug
+++ b/Makefile.debug
@ -1,12 +1,10 @@
 #
 # 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
 #
 # You can try to add /D "WITH_STD_MALLOC" to CFLAGS to use standard malloc
 # libraries
 BUILDDIR = ../bin/
 CC = cl
-CFLAGS = /FD /MDd /nologo /W3 /ZI /Wp64 /GS /Gs /RTCsu /EHs- /GA /GF /DEBUG /D "WITH_STD_MALLOC" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32"  /c
+CFLAGS = /FD /MDd /nologo /W3 /ZI /Wp64 /GS /Gs /RTCsu /EHs- /GA /GF /DEBUG  /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32"  /c
 COUT = /Fo
 LN = link
 LDFLAGS = /nologo /subsystem:console /machine:I386 /DEBUG
--- a/Makefile.intl
+++ b/Makefile.intl
@ -1,33 +0,0 @@
 #
 # 3 proxy Makefile for Intel C compiler for Windows (for both make and nmake)
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
 BUILDDIR = ../bin/
 CC = icl
 CFLAGS = /nologo /MD /W3 /G6 /GX /O2 /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /YX /FD /c
 COUT = /Fo
 LN = xilink
 LDFLAGS = /nologo /subsystem:console /incremental:no /machine:I386
 LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib
 DLFLAGS = /DLL
 DLSUFFICS = .dll
 LNOUT = /out:
 EXESUFFICS = .exe
 OBJSUFFICS = .obj
 DEFINEOPTION = /D 
 COMPFILES = *.pch *.idb
 REMOVECOMMAND = del 2>NUL
 TYPECOMMAND = type
 COMPATLIBS =
 MAKEFILE = Makefile.intl
 PLUGINS = WindowsAuthentication TrafficPlugin PCREPlugin
 include Makefile.inc
 allplugins:
 	for /D %%i in ($(PLUGINS)) do (copy Makefile Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)
--- a/Makefile.llvm
+++ b/Makefile.llvm
@ -1,37 +0,0 @@
 #
 # 3 proxy Makefile for GCC/windows
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
 # library support
 BUILDDIR = ../bin/
 CC = clang
 CFLAGS = -O2 -fno-strict-aliasing -c -pthread -static -DWITH_STD_MALLOC -DNOIPV6
 COUT = -o 
 LN = $(CC)
 LDFLAGS = -O2 -fno-strict-aliasing -static -s
 DLFLAGS = -shared
 DLSUFFICS = .dll
 LIBS = -lws2_32 -lodbc32 -ladvapi32
 LIBSPREFIX = -l
 LIBSSUFFIX = 
 LNOUT = -o 
 EXESUFFICS = .exe
 OBJSUFFICS = .o
 DEFINEOPTION = -D
 COMPFILES = *.tmp
 REMOVECOMMAND = rm -f
 AFTERCLEAN = find src/ -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.win
 PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
 include Makefile.inc
 allplugins:
 	for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.o &&cd ..\..)
--- a/Makefile.msvc
+++ b/Makefile.msvc
@ -1,21 +1,20 @@
 #
 # 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
 BUILDDIR = ../bin/
 CC = cl
-CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "WITH_SSL" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
+VERSION = $(VERSION)
 BUILDDATE = $(BUILDDATE)
 CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC"  /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "WITH_SSL" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(BUILDDATE) $(VERSION) 
 COUT = /Fo
 LN = link
-LDFLAGS =  /nologo /subsystem:console /incremental:no /machine:I386
+LDFLAGS =  /nologo /subsystem:console /incremental:no
 DLFLAGS = /DLL
 DLSUFFICS = .dll
 LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib  libcrypto.lib libssl.lib
 LIBSOLD = libeay32MT.lib ssleay32MT.lib
 LIBSPREFIX = 
 LIBSSUFFIX = .lib
 LIBEXT = .lib                                                                                               
@ -28,11 +27,9 @@ REMOVECOMMAND = del
 TYPECOMMAND = type
 COMPATLIBS =
 MAKEFILE = Makefile.msvc
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin FilePlugin SSLPlugin PCREPlugin
 VERFILE = 3proxy.res $(VERFILE)
 VERSION = $(VERSION)
 VERSIONDEP = 3proxy.res $(VERSIONDEP)
 BUILDDATE = $(BUILDDATE)
 AFTERCLEAN = if exist src\*.res (del src\*.res) && if exist src\*.err (del src\*.err)
 include Makefile.inc
--- a/Makefile.msvc64
+++ b/Makefile.msvc64
@ -1,46 +0,0 @@
 #
 # 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
 BUILDDIR = ../bin64/
 CC = cl
 CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_SSL" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
 COUT = /Fo
 LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no /machine:x64
 DLFLAGS = /DLL
 DLSUFFICS = .dll
 LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib libcrypto.lib libssl.lib
 LIBSOLD = libeay32.lib ssleay32.lib
 LIBSPREFIX = 
 LIBSSUFFIX = .lib
 LIBEXT = .lib
 LNOUT = /out:
 EXESUFFICS = .exe
 OBJSUFFICS = .obj
 DEFINEOPTION = /D 
 COMPFILES = *.pch *.idb
 REMOVECOMMAND = del 2>NUL >NUL
 TYPECOMMAND = type
 COMPATLIBS =
 VERFILE = 3proxy.res $(VERFILE)
 VERSIONDEP = 3proxy.res $(VERSIONDEP)
 PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
 AFTERCLEAN = del src\*.res
 include Makefile.inc
 3proxy.res:
 	rc 3proxy.rc
 3proxyres.obj: ../3proxy.res
 	cvtres /out:3proxyres.obj /machine:x64 ../3proxy.res
 allplugins:
 	for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)
--- a/Makefile.msvcARM64
+++ b/Makefile.msvcARM64
@ -1,48 +0,0 @@
 #
 # 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
 BUILDDIR = ../bin64/
 CC = cl
 CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "WITH_SSL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
 COUT = /Fo
 LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no /machine:arm64
 DLFLAGS = /DLL
 DLSUFFICS = .dll
 LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libcrypto.lib libssl.lib
 LIBSOLD =
 LIBSPREFIX = 
 LIBSSUFFIX = .lib
 LIBEXT = .lib
 LNOUT = /out:
 EXESUFFICS = .exe
 OBJSUFFICS = .obj
 DEFINEOPTION = /D 
 COMPFILES = *.pch *.idb
 REMOVECOMMAND = del 2>NUL >NUL
 TYPECOMMAND = type
 COMPATLIBS =
 MAKEFILE = Makefile.msvcARM64
 PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
 VERFILE = 3proxy.res $(VERFILE)
 VERSIONDEP = 3proxy.res $(VERSIONDEP)
 AFTERCLEAN = del src\*.res
 include Makefile.inc
 3proxy.res:
 	rc 3proxy.rc
 3proxyres.obj: ../3proxy.res
 	cvtres /out:3proxyres.obj /machine:x64 ../3proxy.res
 allplugins:
 	for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)
--- a/Makefile.msvcCE
+++ b/Makefile.msvcCE
@ -1,35 +0,0 @@
 #
 # 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
 BUILDDIR = ../bin/
 CC = cl
 CFLAGS = /DARM /D "NOODBC" /nologo /MT /W3 /Wp64 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "_WINCE" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c
 COUT = /Fo
 LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no
 DLFLAGS = /DLL
 DLSUFFICS = .dll
 LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib
 LIBEXT = .lib
 LNOUT = /out:
 EXESUFFICS = .exe
 OBJSUFFICS = .obj
 DEFINEOPTION = /D 
 COMPFILES = *.pch *.idb
 REMOVECOMMAND = del 2>NUL >NUL
 TYPECOMMAND = type
 COMPATLIBS =
 MAKEFILE = Makefile.msvc
 PLUGINS = WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
 include Makefile.inc
 allplugins:
 	for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)
--- a/Makefile.openwrt-mips
+++ b/Makefile.openwrt-mips
@ -1,8 +1,6 @@
 #
 # 3 proxy Makefile for GCC/Linux/Cygwin
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # remove -DNOODBC from CFLAGS and add -lodbc to LIBS to compile with ODBC
 # library support. Add -DSAFESQL for poorely written ODBC library / drivers.
@ -10,11 +8,11 @@
 BUILDDIR = ../bin/
 CC = mips-openwrt-linux-gcc
-CFLAGS = -g -O2 -fno-strict-aliasing -c -pthread -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER
+CFLAGS ?= -g -O2 -fno-strict-aliasing -c -pthread -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC  -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER
 COUT = -o 
 LN = $(CC)
 DCFLAGS = -fPIC
-LDFLAGS = -O2 -fno-strict-aliasing -pthread -s
+LDFLAGS ?= -O2 -fno-strict-aliasing -pthread -s
 DLFLAGS = -shared
 DLSUFFICS = .ld.so
 # -lpthreads may be reuqired on some platforms instead of -pthreads
@ -33,9 +31,22 @@ MAKEFILE = Makefile.openwrt-mips
 # PamAuth requires libpam, you may require pam-devel package to be installed
 # SSLPlugin requires  -lcrypto -lssl
 #LIBS = -lcrypto -lssl -ldl 
-LIBS = -ldl 
+LIBS ?= -ldl 
 #PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
+PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin
 OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
    LIBS += -l crypto -l ssl
    PLUGINS += SSLPlugin
 endif
 PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
    PLUGINS += PCREPlugin
 endif
 PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
    PLUGINS += PamAuth
 endif
 include Makefile.inc
--- a/Makefile.unix
+++ b/Makefile.unix
@ -1,28 +1,26 @@
 #
 # 3 proxy Makefile for GCC/Unix
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
 # library support. Add -DSAFESQL for poorely written ODBC library / drivers.
 BUILDDIR = ../bin/
-CC = gcc
+CC ?= gcc
 # you may need -L/usr/pkg/lib for older NetBSD versions
-CFLAGS = -g -O2 -fno-strict-aliasing -c -pthread -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
+CFLAGS := -g -O2 -fno-strict-aliasing -c -pthread -D_THREAD_SAFE -D_REENTRANT -DNOODBC  -DFD_SETSIZE=4096 -DWITH_POLL $(CFLAGS)
 COUT = -o 
-LN = $(CC)
+LN ?= $(CC)
-LDFLAGS = -O2 -fno-strict-aliasing -pthread
+LDFLAGS ?= -O2 -fno-strict-aliasing -pthread
 # -lpthreads may be reuqired on some platforms instead of -pthreads
 # -ldl or -lld may be required for some platforms
-DCFLAGS = -fPIC
+DCFLAGS ?= -fPIC
-DLFLAGS = -shared
+DLFLAGS ?= -shared
-DLSUFFICS = .ld.so
+DLSUFFICS ?= .ld.so
-LIBS =
+LIBS ?=
-LIBSPREFIX = -l
+LIBSPREFIX ?= -l
-LIBSSUFFIX = 
+LIBSSUFFIX ?= 
 LNOUT = -o 
 EXESUFFICS =
 OBJSUFFICS = .o
@ -33,28 +31,34 @@ AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Mak
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.unix
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin PamAuth TransparentPlugin
+PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin
-
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
    LIBS += -l crypto -l ssl
    PLUGINS += SSLPlugin
 endif
 PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
    PLUGINS += PamAuth
 endif
 PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
    PLUGINS += PCREPlugin
 endif
 include Makefile.inc
 install: all
-	if [ ! -d /usr/local/etc/3proxy/bin ]; then mkdir -p /usr/local/etc/3proxy/bin/; fi
+    if [ ! -d "/usr/local/3proxy/bin" ]; then mkdir -p /usr/local/3proxy/bin/; fi
-	install bin/3proxy /usr/local/etc/3proxy/bin/3proxy
+    install bin/3proxy /usr/local/3proxy/bin/3proxy
-	install bin/mycrypt /usr/local/etc/3proxy/bin/mycrypt
+    install bin/mycrypt /usr/local/3proxy/bin/mycrypt
-	install scripts/rc.d/proxy.sh /usr/local/etc/rc.d/proxy.sh
+    install scripts/rc.d/3proxy /usr/local/etc/rc.d/3proxy
-	install scripts/add3proxyuser.sh /usr/local/etc/3proxy/bin/
+    install scripts/add3proxyuser.sh /usr/local/3proxy/bin/
-	if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then
+    if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then /usr/local/3proxy/3proxy.cfg already exists ; else install scripts/3proxy.cfg /usr/local/etc/3proxy/; fi
-	echo /usr/local/etc/3proxy/3proxy.cfg already exists
+    if [ ! -d /var/log/3proxy/ ]; then mkdir /var/log/3proxy/; fi
-	else
+    touch /usr/local/3proxy/passwd
-	install scripts/3proxy.cfg /usr/local/etc/3proxy/
+    touch /usr/local/3proxy/counters
-	if [ ! -d /var/log/3proxy/ ]; then
+    touch /usr/local/3proxy/bandlimiters
-	mkdir /var/log/3proxy/
+    echo Run /usr/local/3proxy/bin/add3proxyuser.sh to add \'admin\' user
 	fi
 	touch /usr/local/etc/3proxy/passwd
 	touch /usr/local/etc/3proxy/counters
 	touch /usr/local/etc/3proxy/bandlimiters
 	echo Run /usr/local/etc/3proxy/bin/add3proxyuser.sh to add \'admin\' user
 	fi
 allplugins:
 	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;	cd ../.. ; done
--- a/Makefile.unix-install
+++ b/Makefile.unix-install
@ -1,59 +0,0 @@
 DESTDIR		=
 prefix		= /usr/local
 exec_prefix	= $(prefix)
 man_prefix	= $(prefix)/share
 INSTALL		= /usr/bin/install
 INSTALL_BIN	= $(INSTALL) -m 755
 INSTALL_DATA	= $(INSTALL) -m 644
 INSTALL_OBJS	= bin/3proxy \
 		  bin/ftppr \
 		  bin/mycrypt \
 		  bin/pop3p \
 		  bin/proxy \
 		  bin/socks \
 		  bin/tcppm \
 		  bin/udppm \
 		  scripts/add3proxyuser.sh
 INSTALL_CFG_OBJS = scripts/3proxy.cfg
 INSTALL_CFG_DEST = config
 INSTALL_CFG_OBJS2 = passwd counters bandlimiters
 MANDIR1		= $(DESTDIR)$(man_prefix)/man/man1
 MANDIR3		= $(DESTDIR)$(man_prefix)/man/man3
 MANDIR8		= $(DESTDIR)$(man_prefix)/man/man8
 BINDIR		= $(DESTDIR)$(exec_prefix)/bin
 ETCDIR		= $(DESTDIR)$(prefix)/etc/3proxy
 install-bin:
 	$(INSTALL_BIN) -d $(BINDIR)
 	$(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR)
 install-etc-dir:
 	$(INSTALL_BIN) -d $(ETCDIR)
 install-etc-default-config:
 	if [ -f $(ETCDIR)/$(INSTALL_CFG_DEST) ]; then \
 	   : ; \
 	else \
 	   $(INSTALL_DATA) $(INSTALL_CFG_OBJS) $(ETCDIR)/$(INSTALL_CFG_DEST) \
 	fi
 install-etc: install-etc-dir
 	for file in $(INSTALL_CFG_OBJS2); \
 	do \
 	  touch $(ETCDIR)/$$file; chmod 0600 $(ETCDIR)/$$file; \
 	done;
 install-man:
 	$(INSTALL_BIN) -d $(MANDIR1)
 	$(INSTALL_BIN) -d $(MANDIR3)
 	$(INSTALL_BIN) -d $(MANDIR8)
 	$(INSTALL_DATA) man/*.1 $(MANDIR1)
 	$(INSTALL_DATA) man/*.3 $(MANDIR3)
 	$(INSTALL_DATA) man/*.8 $(MANDIR8)
 install: install-bin install-etc install-man
--- a/Makefile.watcom
+++ b/Makefile.watcom
@ -1,14 +1,12 @@
 #
 # 3 proxy Makefile for Open Watcom 2
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
 BUILDDIR = ../bin/
 CC = cl
-CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NOODBC" /D "NORADIUS" /D"WATCOM" /D "MSVC" /D "WITH_STD_MALLOC" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /c $(VERSION) $(BUILDDATE)
+CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NOODBC" /D "NORADIUS" /D"WATCOM" /D "MSVC"  /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRId64=\"I64d\"" /D "PRIu64=\"I64u\"" /D "SCNu64=\"I64u\"" /D "SCNx64=\"I64x\"" /D "SCNd64=\"I64d\"" /D "PRIx64=\"I64x\"" /c $(VERSION) $(BUILDDATE)
 COUT = /Fo
 LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no 
@ -28,7 +26,7 @@ REMOVECOMMAND = del 2>NUL >NUL
 TYPECOMMAND = type
 COMPATLIBS =
 MAKEFILE = Makefile.watcom
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin
 VERFILE = $(VERFILE)
 VERSION = $(VERSION)
 VERSIONDEP = 3proxy.res $(VERSIONDEP)
@ -64,9 +62,3 @@ allplugins:
 	nmake
 	del *.obj *.idb
 	cd ../../
 	copy Makefile plugins\PCREPlugin
 	copy Makefile.var plugins\PCREPlugin
 	cd plugins\PCREPlugin
 	nmake
 	del *.obj *.idb
 	cd ../../
--- a/Makefile.win
+++ b/Makefile.win
@ -1,24 +1,22 @@
 #
 # 3 proxy Makefile for GCC/windows
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
 # library support
 BUILDDIR = ../bin/
-CC = gcc
+CC ?= gcc
-CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOIPV6 -DNORADIUS
+CFLAGS := -O2 -s -c -mthreads  -DWITH_WSAPOLL $(CFLAGS)
 COUT = -o 
-LN = gcc
+LN ?= $(CC)
-LDFLAGS = -O2 -s -mthreads
+LDFLAGS := -O2 -s -mthreads $(LDFLAGS)
-DLFLAGS = -shared
+DLFLAGS ?= -shared
 DLSUFFICS = .dll
-LIBS = -lws2_32 -lodbc32 -ladvapi32
+LIBS := -lws2_32 -lodbc32 -ladvapi32 -luser32 $(LIBS)
 LIBSPREFIX = -l
-LIBSSUFFIX = 
+LIBSSUFFIX =
 LNOUT = -o 
 EXESUFFICS = .exe
 OBJSUFFICS = .o
@ -28,9 +26,34 @@ REMOVECOMMAND = rm -f
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.win
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
+PLUGINS := utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin
 VERFILE := 3proxyres.o $(VERFILE)
 VERSION := $(VERSION)
 VERSIONDEP := 3proxyres.o $(VERSIONDEP)
 BUILDDATE := $(BUILDDATE)
 AFTERCLEAN = (find . -type f -name "*.o" -delete && find . -type f -name "*.res" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
 ifndef OPENSSL_CHECK
 OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
    LIBS += -l crypto -l ssl
    PLUGINS += SSLPlugin
 endif
 PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
    PLUGINS += PamAuth
 endif
 PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n#include <pcre2.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -lpcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
    PLUGINS += PCREPlugin
 endif
 endif
 include Makefile.inc
 3proxyres.o:
 	windres 3proxy.rc -o 3proxyres.o
 allplugins:
-	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;  rm *.o ; cd ../.. ; done
+	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;	cd ../.. ; done
--- a/Makefile.winCE
+++ b/Makefile.winCE
@ -1,34 +0,0 @@
 #
 # 3 proxy Makefile for GCC/windows
 #
 # You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
 # libraries
 #
 # remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
 # library support
 BUILDDIR = ../bin/
 CC = /opt/cegcc/arm-wince-cegcc/bin/gcc
 CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOODBC -D_WINCE -D_WIN32 -DNORADIUS -D__USE_W32_SOCKETS
 COUT = -o 
 LN = /opt/cegcc/arm-wince-cegcc/bin/gcc
 LDFLAGS = -O2 -s -mthreads
 DLFLAGS = -shared
 DLSUFFICS = .dll
 LIBS = -lws2
 LNOUT = -o 
 EXESUFFICS = .exe
 OBJSUFFICS = .o
 DEFINEOPTION = -D
 COMPFILES = *.tmp
 REMOVECOMMAND = rm -f
 TYPECOMMAND = more
 COMPATLIBS =
 MAKEFILE = Makefile.winCE
 PLUGINS = TrafficPlugin StringsPlugin PCREPlugin
 include Makefile.inc
 allplugins:
 	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;  rm *.o ; cd ../.. ; done
--- a/84
+++ b/84
@ -4,32 +4,36 @@
 Branches:
 Master (stable) branch - 3proxy 0.9 
-Devel branch - 3proxy 10
+Devel branch - 3proxy 10 (don't use it)
-Download: 
+* Download
-	Binaries for released (master) versions (Windows, Linux):
+	Binaries and sources for released (master) versions (Windows, Linux):
 	https://github.com/z3APA3A/3proxy/releases
-	Binaries for devel version (Windows, Linux):
+
 	https://3proxy.org/download/devel/
 	Docker images:
-	https://hub.docker.com/repository/docker/3proxy/3proxy
+	https://hub.docker.com/r/3proxy/3proxy
-Archive of old versions: https://github.com/z3APA3A/3proxy-archive
+	Archive of old versions: https://github.com/z3APA3A/3proxy-archive
 * Documentation
 	Documentation (man pages and HTML) available with download, on https://3proxy.org/
 	and in github wiki https://github.com/3proxy/3proxy/wiki
-Windows installation:
+* Windows installation
-3proxy --install 
+3proxy [path_to_config_file] --install 
 	installs and starts proxy as Windows service
-	(config file should be located in the same directory)
+	(config file should be located in the same directory or may be optionally specified)
 3proxy --remove 
 	removes the service (should be stopped before via
 	'net stop 3proxy').
-To build in Linux install git and build-essential packages, use
+* To build in Linux
 With Makefile:
 git clone https://github.com/z3apa3a/3proxy
 cd 3proxy
@ -37,6 +41,7 @@ ln -s Makefile.Linux Makefile
 make
 sudo make install
 Default configuration (for Linux/Unix):
 3proxy uses 2 configuration files:
 /etc/3proxy/3proxy.cfg (before-chroot). This configuration file is executed before chroot and should not be modified.
@ -54,7 +59,58 @@ usage: /etc/3proxy/conf/add3proxyuser.sh username password [day_limit] [bandwidt
 or modify /etc/3proxy/conf/ files directly.
-Please read doc/html/index.html and man pages.
+
 With CMake:
 git clone https://github.com/z3apa3a/3proxy
 cd 3proxy
 mkdir build && cd build
 cmake ..
 cmake --build .
 sudo cmake --install .
 CMake does not use chroot configuration, config file is /etc/3proxy/3proxy.cfg
 * For MacOS X / FreeBSD / *BSD
 With Makefile:
 git clone https://github.com/z3apa3a/3proxy
 cd 3proxy
 ln -s Makefile.FreeBSD Makefile
 make
 (binaries are in bin/ directory)
 With CMake (recommended):
 git clone https://github.com/z3apa3a/3proxy
 cd 3proxy
 mkdir build && cd build
 cmake ..
 cmake --build .
 sudo cmake --install .
 This installs binaries to /usr/local/bin/, configuration to /etc/3proxy/,
 plugins to /usr/local/lib/3proxy/, rc scripts to rc.d for BSD and launchd plist to /Library/LaunchDaemons/ for MacOS.
 Service management on macOS:
 # Load and start service
 sudo launchctl load /Library/LaunchDaemons/org.3proxy.3proxy.plist
 # Stop service
 sudo launchctl stop org.3proxy.3proxy
 # Start service
 sudo launchctl start org.3proxy.3proxy
 # Unload and disable service
 sudo launchctl unload /Library/LaunchDaemons/org.3proxy.3proxy.plist
 Features:
  1. General
@ -130,7 +186,7 @@ Please read doc/html/index.html and man pages.
 	+ All access control entries now support weekday and time limitations
 	+ Hostnames and * templates are supported instead of IP address
  5. Extensions
-	+ Regular expression filtering (with PCRE) via PCREPlugin
+	+ Regular expression filtering (with PCRE2) via PCREPlugin
 	+ Authentication with Windows username/password (cleartext only)
 	+ SSL/TLS decryptions with certificate spoofing
 	+ Transparent redirection support for Linux and *BSD
@ -217,4 +273,4 @@ Run utility with --help option for command line reference.
 Latest version is available from https://3proxy.org/
-Want to donate the project? https://3proxy.org/donations/
+Want to donate the project? https://3proxy.org/donations/
--- a/cfg/3proxy.cfg.sample
+++ b/cfg/3proxy.cfg.sample
@ -137,14 +137,6 @@ dnspr
 # this is just an alternative form fo giving external and internal address
 # allows you to read this addresses from files
 auth strong
 # We want to protect internal interface
 deny * * 127.0.0.1,192.168.1.1
 # and llow HTTP and HTTPS traffic.
 allow * * * 80-88,8080-8088 HTTP
 allow * * * 443,8443 HTTPS
 proxy -n
 auth none
 # pop3p will be used without any authentication. It's bad choice
 # because it's possible to use pop3p to access any port
@ -160,16 +152,6 @@ tcppm 25 mail.my.provider 25
 # It's very userfull for services like DNS but not for some massive services
 # like multimedia streams or online games.
 auth strong
 flush
 allow 3APA3A,test
 maxconn 20
 socks
 # for socks we will use password authentication and different access control -
 # we flush previously configured ACL list and create new one to allow users
 # test and 3APA3A to connect from any location
 auth strong
 flush
 internal 127.0.0.1
@ -199,3 +181,21 @@ admin
 # now we needn't any root rights. We can chroot and setgid/setuid.
 auth strong
 flush
 # We want to protect internal interface
 deny * * 127.0.0.1,192.168.1.1
 # and llow HTTP and HTTPS traffic.
 allow * * * 80-88,8080-8088 HTTP
 allow * * * 443,8443 HTTPS
 proxy -n
 flush
 allow 3APA3A,test
 maxconn 20
 socks
 # for socks we will use password authentication and different access control -
 # we flush previously configured ACL list and create new one to allow users
 # test and 3APA3A to connect from any location
--- a/cmake/FindODBC.cmake
+++ b/cmake/FindODBC.cmake
@ -0,0 +1,63 @@
 # FindODBC.cmake
 #
 # Find the ODBC library
 #
 # This module defines:
 #  ODBC_FOUND - whether the ODBC library was found
 #  ODBC_INCLUDE_DIRS - the ODBC include directories
 #  ODBC_LIBRARIES - the ODBC libraries
 # Try pkg-config first
 find_package(PkgConfig QUIET)
 if(PkgConfig_FOUND)
    pkg_check_modules(PC_ODBC QUIET odbc)
 endif()
 # Find include directory
 find_path(ODBC_INCLUDE_DIR
    NAMES sql.h
    HINTS
        ${PC_ODBC_INCLUDE_DIRS}
        /usr/include
        /usr/local/include
 )
 # Find library
 if(WIN32)
    # On Windows, ODBC is typically available as odbc32
    find_library(ODBC_LIBRARY
        NAMES odbc32
        HINTS
            ${PC_ODBC_LIBRARY_DIRS}
    )
 else()
    # On Unix, look for odbc
    find_library(ODBC_LIBRARY
        NAMES odbc iodbc
        HINTS
            ${PC_ODBC_LIBRARY_DIRS}
            /usr/lib
            /usr/local/lib
            /usr/lib/x86_64-linux-gnu
    )
 endif()
 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(ODBC
    REQUIRED_VARS ODBC_LIBRARY ODBC_INCLUDE_DIR
 )
 if(ODBC_FOUND)
    set(ODBC_LIBRARIES ${ODBC_LIBRARY})
    set(ODBC_INCLUDE_DIRS ${ODBC_INCLUDE_DIR})
    if(NOT TARGET ODBC::ODBC)
        add_library(ODBC::ODBC UNKNOWN IMPORTED)
        set_target_properties(ODBC::ODBC PROPERTIES
            IMPORTED_LOCATION "${ODBC_LIBRARY}"
            INTERFACE_INCLUDE_DIRECTORIES "${ODBC_INCLUDE_DIR}"
        )
    endif()
 endif()
 mark_as_advanced(ODBC_INCLUDE_DIR ODBC_LIBRARY)
--- a/cmake/FindPAM.cmake
+++ b/cmake/FindPAM.cmake
@ -0,0 +1,45 @@
 # FindPAM.cmake
 #
 # Find the PAM library
 #
 # This module defines:
 #  PAM_FOUND - whether the PAM library was found
 #  PAM_INCLUDE_DIRS - the PAM include directories
 #  PAM_LIBRARIES - the PAM libraries
 # Find include directory
 find_path(PAM_INCLUDE_DIR
    NAMES security/pam_appl.h pam/pam_appl.h
    HINTS
        /usr/include
        /usr/local/include
 )
 # Find library
 find_library(PAM_LIBRARY
    NAMES pam
    HINTS
        /usr/lib
        /usr/local/lib
        /usr/lib/x86_64-linux-gnu
 )
 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(PAM
    REQUIRED_VARS PAM_LIBRARY PAM_INCLUDE_DIR
 )
 if(PAM_FOUND)
    set(PAM_LIBRARIES ${PAM_LIBRARY})
    set(PAM_INCLUDE_DIRS ${PAM_INCLUDE_DIR})
    if(NOT TARGET PAM::PAM)
        add_library(PAM::PAM UNKNOWN IMPORTED)
        set_target_properties(PAM::PAM PROPERTIES
            IMPORTED_LOCATION "${PAM_LIBRARY}"
            INTERFACE_INCLUDE_DIRECTORIES "${PAM_INCLUDE_DIR}"
        )
    endif()
 endif()
 mark_as_advanced(PAM_INCLUDE_DIR PAM_LIBRARY)
--- a/cmake/FindPCRE2.cmake
+++ b/cmake/FindPCRE2.cmake
@ -0,0 +1,69 @@
 # FindPCRE2.cmake
 #
 # Find the PCRE2 library
 #
 # This module defines:
 #  PCRE2_FOUND - whether the PCRE2 library was found
 #  PCRE2_INCLUDE_DIRS - the PCRE2 include directories
 #  PCRE2_LIBRARIES - the PCRE2 libraries
 #  PCRE2_VERSION - the PCRE2 version
 # Try pkg-config first
 find_package(PkgConfig QUIET)
 if(PkgConfig_FOUND)
    pkg_check_modules(PC_PCRE2 QUIET libpcre2-8)
 endif()
 # Find include directory
 find_path(PCRE2_INCLUDE_DIR
    NAMES pcre2.h
    HINTS
        ${PC_PCRE2_INCLUDE_DIRS}
        /usr/include
        /usr/local/include
    PATH_SUFFIXES
        pcre2
 )
 # Find library
 find_library(PCRE2_LIBRARY
    NAMES pcre2-8 pcre2-8d pcre2
    HINTS
        ${PC_PCRE2_LIBRARY_DIRS}
        /usr/lib
        /usr/local/lib
 )
 # Extract version from header
 if(PCRE2_INCLUDE_DIR AND EXISTS "${PCRE2_INCLUDE_DIR}/pcre2.h")
    file(STRINGS "${PCRE2_INCLUDE_DIR}/pcre2.h" PCRE2_VERSION_MAJOR_LINE
        REGEX "^#define[ \t]+PCRE2_MAJOR[ \t]+[0-9]+")
    file(STRINGS "${PCRE2_INCLUDE_DIR}/pcre2.h" PCRE2_VERSION_MINOR_LINE
        REGEX "^#define[ \t]+PCRE2_MINOR[ \t]+[0-9]+")
    string(REGEX REPLACE "^#define[ \t]+PCRE2_MAJOR[ \t]+([0-9]+)" "\\1"
        PCRE2_VERSION_MAJOR "${PCRE2_VERSION_MAJOR_LINE}")
    string(REGEX REPLACE "^#define[ \t]+PCRE2_MINOR[ \t]+([0-9]+)" "\\1"
        PCRE2_VERSION_MINOR "${PCRE2_VERSION_MINOR_LINE}")
    set(PCRE2_VERSION "${PCRE2_VERSION_MAJOR}.${PCRE2_VERSION_MINOR}")
 endif()
 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(PCRE2
    REQUIRED_VARS PCRE2_LIBRARY PCRE2_INCLUDE_DIR
    VERSION_VAR PCRE2_VERSION
 )
 if(PCRE2_FOUND)
    set(PCRE2_LIBRARIES ${PCRE2_LIBRARY})
    set(PCRE2_INCLUDE_DIRS ${PCRE2_INCLUDE_DIR})
    if(NOT TARGET PCRE2::PCRE2)
        add_library(PCRE2::PCRE2 UNKNOWN IMPORTED)
        set_target_properties(PCRE2::PCRE2 PROPERTIES
            IMPORTED_LOCATION "${PCRE2_LIBRARY}"
            INTERFACE_INCLUDE_DIRECTORIES "${PCRE2_INCLUDE_DIR}"
        )
    endif()
 endif()
 mark_as_advanced(PCRE2_INCLUDE_DIR PCRE2_LIBRARY)
--- a/cmake/plugins.cmake
+++ b/cmake/plugins.cmake
@ -0,0 +1,76 @@
 #
 # 3proxy plugin definitions
 #
 # This file defines functions for building plugins
 #
 # Function to add a simple plugin (single source file, no dependencies)
 function(add_3proxy_plugin_simple PLUGIN_NAME SOURCE_FILE)
    if(WIN32)
        set(PLUGIN_SUFFIX ".dll")
    else()
        set(PLUGIN_SUFFIX ".ld.so")
    endif()
    add_library(${PLUGIN_NAME} SHARED ${SOURCE_FILE})
    set_target_properties(${PLUGIN_NAME} PROPERTIES
        PREFIX ""
        SUFFIX ${PLUGIN_SUFFIX}
        LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin
        RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin
    )
    target_link_libraries(${PLUGIN_NAME} PRIVATE Threads::Threads)
    target_include_directories(${PLUGIN_NAME} PRIVATE
        ${CMAKE_SOURCE_DIR}/src
    )
 endfunction()
 # Function to add a plugin with dependencies
 function(add_3proxy_plugin PLUGIN_NAME)
    set(options "")
    set(oneValueArgs "")
    set(multiValueArgs SOURCES LIBRARIES INCLUDE_DIRS COMPILE_DEFINITIONS LINK_OPTIONS)
    cmake_parse_arguments(PLUGIN "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
    if(WIN32)
        set(PLUGIN_SUFFIX ".dll")
    else()
        set(PLUGIN_SUFFIX ".ld.so")
    endif()
    add_library(${PLUGIN_NAME} SHARED ${PLUGIN_SOURCES})
    set_target_properties(${PLUGIN_NAME} PROPERTIES
        PREFIX ""
        SUFFIX ${PLUGIN_SUFFIX}
        LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin
        RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin
    )
    # Always link with Threads
    target_link_libraries(${PLUGIN_NAME} PRIVATE Threads::Threads)
    if(PLUGIN_LIBRARIES)
        target_link_libraries(${PLUGIN_NAME} PRIVATE ${PLUGIN_LIBRARIES})
    endif()
    if(PLUGIN_INCLUDE_DIRS)
        target_include_directories(${PLUGIN_NAME} PRIVATE ${PLUGIN_INCLUDE_DIRS})
    endif()
    if(PLUGIN_COMPILE_DEFINITIONS)
        target_compile_definitions(${PLUGIN_NAME} PRIVATE ${PLUGIN_COMPILE_DEFINITIONS})
    endif()
    if(PLUGIN_LINK_OPTIONS)
        set_target_properties(${PLUGIN_NAME} PROPERTIES LINK_OPTIONS "${PLUGIN_LINK_OPTIONS}")
    endif()
    target_include_directories(${PLUGIN_NAME} PRIVATE
        ${CMAKE_SOURCE_DIR}/src
    )
 endfunction()
--- a/debian/3proxy.manpages
+++ b/debian/3proxy.manpages
@ -1,8 +1,8 @@
 man/3proxy.8
 man/3proxy.cfg.3
 man/ftppr.8
 man/tlspr.8
 man/pop3p.8
 man/tlspr.8
 man/proxy.8
 man/smtpp.8
 man/socks.8
--- a/debian/changelog
+++ b/debian/changelog
@ -1,8 +1,14 @@
-3proxy (0.9.3-210629140419) buster; urgency=medium
+3proxy (0.9.5-1) buster; urgency=medium
- 
+
-  *3proxy 0.9.3 build
+  *3proxy 0.9.5 initial build
- 
+
- -- z3APA3A <3apa3a@3proxy.org>  Thu, 01 Jul 2021 19:48:44 +0300
+ -- z3APA3A <3apa3a@3proxy.org>  Sun, 09 Mar 2025 15:55:48 +0300
 3proxy (0.9.4-1) buster; urgency=medium
  *3proxy 0.9.4 initial build
 -- z3APA3A <3apa3a@3proxy.org>  Fri, 02 Jul 2021 00:47:00 +0300
 3proxy (0.9.3-1) buster; urgency=medium
--- a/debian/postinst
+++ b/debian/postinst
@ -19,8 +19,8 @@ fi
 echo ""
 echo 3proxy installed.
 if /bin/systemctl >/dev/null 2>&1; then \
- /bin/systemctl stop 3proxy.service \
+ /bin/systemctl stop 3proxy.service ;\
- /bin/systemctl start 3proxy.service \
+ /bin/systemctl start 3proxy.service ;\
 echo use ;\
 echo "  "systemctl start 3proxy.service ;\
 echo to start proxy ;\
--- a/doc/html/faqe.html
+++ b/doc/html/faqe.html
@ -1,2 +1,2 @@
-<H2><A href="hotoe.html">See HowTo:</a></H2>
+<H2><A href="howtoe.html">See HowTo:</a></H2>
--- a/doc/html/faqr.html
+++ b/doc/html/faqr.html
@ -1,2 +1,2 @@
-<H2><A href="hotoe.html">См. HowTo</a></H2>
+<H2><A href="howtoe.html">См. HowTo</a></H2>
--- a/doc/html/highload.html
+++ b/doc/html/highload.html
@ -1,12 +1,12 @@
-<h3>Optimizing 3proxy for high load</h3>
+<h3>Optimizing 3proxy for High Load</h3>
-<p>Precaution 1: 3proxy was not initially developed for high load and is positioned as a SOHO product, the main reason is "one connection - one thread" model 3proxy uses. 3proxy is known to work with above 200,000 connections under proper configuration, but use it in production environment under high loads at your own risk and do not expect too much.
+<p>Precaution 1: 3proxy was not initially developed for high load and is positioned as a SOHO product. The main reason is the "one connection - one thread" model 3proxy uses. 3proxy is known to work with over 200,000 connections under proper configuration, but use it in a production environment under high loads at your own risk and do not expect too much.
-<p>Precaution 2: This documentation is incomplete and is not sufficient. High loads may require very specific system tuning including, but not limited to specific or cusomized kernels, builds, settings, sysctls, options, etc. All this is not covered by this documentation.
+<p>Precaution 2: This documentation is incomplete and insufficient. High loads may require very specific system tuning including, but not limited to, specific or customized kernels, builds, settings, sysctls, options, etc. All of this is not covered by this documentation.
 <h4>Configuring 'maxconn'</h4>
-A number of simulatineous connections per service is limited by 'maxconn' option.
+The number of simultaneous connections per service is limited by the 'maxconn' option.
-Default maxconn value since 3proxy 0.8 is 500. You may want to set 'maxconn'
+The default maxconn value since 3proxy 0.8 is 500. You may want to set 'maxconn'
-to higher value. Under this configuration:
+to a higher value. Under this configuration:
 <pre>
 maxconn 1000
 proxy -p3129
@ -14,53 +14,53 @@ proxy -p3128
 socks
 </pre>
 maxconn for every service is 1000, and there are 3 services running
-(2 proxy and 1 socks), so, for all services there can be up to 3000
+(2 proxy and 1 socks), so for all services there can be up to 3000
-simulatineous connections to 3proxy.
+simultaneous connections to 3proxy.
-<p>Avoid setting 'maxconn' to arbitrary high value, it should be carefully
+<p>Avoid setting 'maxconn' to an arbitrarily high value; it should be carefully
-choosen to protect system and proxy from resources exhaution. Setting maxconn
+chosen to protect the system and proxy from resource exhaustion. Setting maxconn
-above resources available can lead to denial of service conditions.
+above available resources can lead to denial of service conditions.
-<h4>Understanding resources requirements</h4>
+<h4>Understanding Resource Requirements</h4>
-Each running service require:
+Each running service requires:
 <ul>
-<li>1*thread (process)
+<li>1 thread (process)
-<li>1*socket (file descriptor)
+<li>1 socket (file descriptor)
 <li>1 stack memory segment + some heap memory, ~64K-128K depending on the system
 </ul>
-Each connected client require:
+Each connected client requires:
 <ul>
-<li>1*thread (process)
+<li>1 thread (process)
-<li>2*socket (file descriptor). For FTP 4 sockets are required. 
+<li>2 sockets (file descriptors). For FTP, 4 sockets are required.
-<br>Under linux since 0.9 splice() is used. It's much more effective, but requires
+<br>Under Linux since 0.9, splice() is used. It's much more efficient but requires
-<br>2*socket (file descriptor) + 2*pipe (file descriptors) = 4 file descriptors.
+<br>2 sockets (file descriptors) + 2 pipes (file descriptors) = 4 file descriptors.
-<br>For FTP 4 sockets and 2 pipes are required with splice().
+<br>For FTP with splice(), 4 sockets and 2 pipes are required.
-<br>Up to 128K (up to 256K in the case of splice()) of kernel buffers memory. This is theoretical maximum, actual numbers depend on connection quality and traffic amount.
+<br>Up to 128K (up to 256K in the case of splice()) of kernel buffer memory. This is the theoretical maximum; actual numbers depend on connection quality and traffic amount.
 <br>1 additional socket (file descriptor) during name resolution for non-cached names
 <br>1 additional socket during authentication or logging for RADIUS authentication or logging.
-<li>1*ephemeral port (3*ephemeral ports for FTP connection).
+<li>1 ephemeral port (3 ephemeral ports for FTP connections).
-<li>1 stack memory segment of ~32K-128K depending on the system + at least 16K and up to few MB (for 'proxy' and 'ftppr') of heap memory. If you are short of memory, prefer 'socks' to 'proxy' and 'ftppr'.
+<li>1 stack memory segment of ~32K-128K depending on the system + at least 16K and up to a few MB (for 'proxy' and 'ftppr') of heap memory. If you are short on memory, prefer 'socks' over 'proxy' and 'ftppr'.
-<li>a lot of system buffers, specially in the case of slow network connections.
+<li>Many system buffers, especially in the case of slow network connections.
 </ul>
 Also, additional resources like system buffers are required for network activity.
 <h4>Setting ulimits</h4>
 Hard and soft ulimits must be set above calculated requirements. Under Linux, you can
-check limits of running process with
+check the limits of a running process with
 <pre>
 cat /proc/PID/limits
 </pre>
-where PID is a pid of the process. 
+where PID is the process ID.
-Validate ulimits match your expectation, especially if you run 3proxy under dedicated account
+Validate that ulimits match your expectations, especially if you run 3proxy under a dedicated account
-by adding e.g.
+by adding, e.g.:
 <pre>
 system "ulimit -Ha >>/tmp/3proxy.ulim.hard"
 system "ulimit -Sa >>/tmp/3proxy.ulim.soft"
 </pre>
-in the beginning (before first service started) and the end of config file.
+at the beginning (before the first service is started) and at the end of the config file.
-Make both hard restart (that is kill and start 3proxy process) and soft restart
+Perform both a hard restart (i.e., kill and start the 3proxy process) and a soft restart
-by sending SIGUSR1 to 3proxy process, check ulimits recorded to files match your
+by sending SIGUSR1 to the 3proxy process; check that the ulimits recorded to files match your
-expecation. In systemd based distros (e.g. latest Debian / Ubuntu) changing limits.conf
+expectations. In systemd-based distros (e.g., latest Debian/Ubuntu), changing limits.conf
-is not enough, limits must be ajusted in systemd configuration, e.g. by setting
+is not enough; limits must be adjusted in the systemd configuration, e.g., by setting:
 <pre>
 DefaultLimitDATA=infinity
 DefaultLimitSTACK=infinity
@ -73,51 +73,51 @@ DefaultLimitMEMLOCK=infinity
 </pre>
 in user.conf / system.conf
-<h4>Extending system limitation</h4>
+<h4>Extending System Limitations</h4>
-Check manuals / documentation for your system limitations e.g. system-wide limit for number of open files
+Check the manuals/documentation for your system's limitations, e.g., the system-wide limit for the number of open files
 (fs.file-max in Linux). You may need to change sysctls or even rebuild the kernel from source.
 <p>
-To help with socket-based system-dependant settings, since 0.9-devel 3proxy supports different
+To help with socket-based system-dependent settings, since 0.9-devel, 3proxy supports different
-socket options which can be set via -ol option for listening socket, -oc for proxy-to-client
+socket options which can be set via the -ol option for the listening socket, -oc for the proxy-to-client
-socket and -os for proxy-to-server socket. Example:
+socket, and -os for the proxy-to-server socket. Example:
 <pre>
 proxy -olSO_REUSEADDR,SO_REUSEPORT -ocTCP_TIMESTAMPS,TCP_NODELAY -osTCP_NODELAY
 </pre>
-available options are system dependant.
+Available options are system-dependent.
-<h4>Using 3proxy in virtual environment</h4>
+<h4>Using 3proxy in a Virtual Environment</h4>
-If 3proxy is used in VPS environment, there can be additional limitations. 
+If 3proxy is used in a VPS environment, there can be additional limitations.
-For example, kernel resources / system CPU usage / IOCTLs can be limited in a different way, and this can become a bottleneck. 
+For example, kernel resources, system CPU usage, and IOCTLs can be limited differently, and this can become a bottleneck.
-Since 0.9 devel, 3proxy uses splice() by default on Linux, splice() prevents network traffic from being copied from
+Since 0.9-devel, 3proxy uses splice() by default on Linux. splice() prevents network traffic from being copied from
-kernel space to 3proxy process and generally increases throughput, epecially in the case of high volume traffic. It especially
+kernel space to the 3proxy process and generally increases throughput, especially in the case of high-volume traffic. This is especially
-true for virtual environment (it can improve thoughput up to 10 times) unless there are additional kernel limitations.
+true for virtual environments (it can improve throughput up to 10 times) unless there are additional kernel limitations.
-Since some work is moved to kernel, it requires up to 2 times more kernel resources in terms of CPU, memory and IOCTLs.
+Since some work is moved to the kernel, it requires up to 2 times more kernel resources in terms of CPU, memory, and IOCTLs.
-If your hosting additionally limits kernel resources (you can see it as nearly 100% CPU usage without any real CPU activity for
+If your hosting additionally limits kernel resources (you can see this as nearly 100% CPU usage without any real CPU activity for
-any application which performs IOCTLS), use -s0 option to disable splice() usage for given service e.g.
+any application performing IOCTLs), use the -s0 option to disable splice() usage for a given service, e.g.:
-<pre> 
+<pre>
 socks -s0
 </pre>
-<h4>Extending ephemeral port range</h4>
+<h4>Extending the Ephemeral Port Range</h4>
-Check ephemeral port range for your system and extend it to the number of the
+Check the ephemeral port range for your system and extend it to the number of
 ports required.
-Ephimeral range is always limited to maximum number of ports (64K). To extend the
+The ephemeral range is always limited to the maximum number of ports (64K). To extend the
-number of outgoing connections above this limit, extending ephemeral port range
+number of outgoing connections above this limit, extending the ephemeral port range
-is not enough, you need additional actions:
+is not enough; you need additional actions:
 <ol>
 <li> Configure multiple outgoing IPs
-<li> Make sure 3proxy is configured to use different outgoing IP by either setting
+<li> Make sure 3proxy is configured to use a different outgoing IP by either setting
-external IP via RADIUS
+the external IP via RADIUS:
 <pre>
 radius secret 1.2.3.4
 auth radius
 proxy
 </pre>
 or by using multiple services with different external
-interfaces, example:
+interfaces, for example:
 <pre>
 allow user1,user11,user111
 proxy -p1111 -e1.1.1.1
@ -133,7 +133,7 @@ proxy -p4444 -e4.4.4.4
 flush
 </pre>
 or via "parent extip" rotation,
-e.g.
+e.g.:
 <pre>
 allow user1,user11,user111
 parent 1000 extip 1.1.1.1 0
@ -156,8 +156,8 @@ socks
 </pre>
 <pre>
 </pre>
-Under latest Linux version you can also start multiple services with different
+Under the latest Linux versions, you can also start multiple services with different
-external addresses on the single port with SO_REUSEPORT on listening socket to
+external addresses on a single port with SO_REUSEPORT on the listening socket to
 evenly distribute incoming connections between outgoing interfaces:
 <pre>
 socks -olSO_REUSEPORT -p3128 -e 1.1.1.1
@ -165,136 +165,136 @@ socks -olSO_REUSEPORT -p3128 -e 2.2.2.2
 socks -olSO_REUSEPORT -p3128 -e 3.3.3.3
 socks -olSO_REUSEPORT -p3128 -e 4.4.4.4
 </pre>
-for Web browsing last two examples are not recommended, because same client can get
+For web browsing, the last two examples are not recommended because the same client can get
-different external address for different requests, you should choose external
+a different external address for different requests; you should choose the external
 interface with user-based rules instead.
-<li> You may need additional system dependant actions to use same port on different IPs,
+<li> You may need additional system-dependent actions to use the same port on different IPs,
-usually by adding SO_REUSEADDR (SO_PORT_SCALABILITY for Windows) socket option to
+usually by adding the SO_REUSEADDR (SO_PORT_SCALABILITY for Windows) socket option to
-external socket. This option can be set (since 0.9 devel) with -os option:
+the external socket. This option can be set (since 0.9-devel) with the -os option:
 <pre>
 proxy -p3128 -e1.2.3.4 -osSO_REUSEADDR
 </pre>
-Behavior for SO_REUSEADDR and SO_REUSEPORT is different between different system,
+The behavior for SO_REUSEADDR and SO_REUSEPORT is different between different systems,
-even between different kernel versions and can lead to unexpected results.
+even between different kernel versions, and can lead to unexpected results.
-Specifics is described <a href="https://stackoverflow.com/questions/14388706/socket-options-so-reuseaddr-and-so-reuseport-how-do-they-differ-do-they-mean-t">here</a>.
+The specifics are described <a href="https://stackoverflow.com/questions/14388706/socket-options-so-reuseaddr-and-so-reuseport-how-do-they-differ-do-they-mean-t">here</a>.
-Use this options only if actually required and if you fully understand possible
+Use these options only if actually required and if you fully understand the possible
-consiquences. E.g. SO_REUSEPORT can help to establish more connections than the
+consequences. For example, SO_REUSEPORT can help establish more connections than the
-number of the client port available, but it can also lead to situation connections
+number of client ports available, but it can also lead to situations where connections
-are randomely fail due to ip+port pairs collision if remote or local system 
+randomly fail due to IP+port pair collisions if the remote or local system
 doesn't support this trick.
 </ol>
-<h4>Setting stacksize</h4>
+<h4>Setting Stack Size</h4>
 'stacksize' is a size added to all stack allocations and can be both positive and
-negative. Stack is required in functions call. 3proxy itself doesn't require large
+negative. Stack is required for function calls. 3proxy itself doesn't require a large
 stack, but it can be required if some
-purely-written libc, 3rd party libraries or system functions called. There is known\
+poorly written libc, 3rd party libraries, or system functions are called. There is known
 dirty code in Unix ODBC
-implementations, build-in DNS resolvers, especially in the case of IPv6 and large
+implementations and built-in DNS resolvers, especially in the case of IPv6 and a large
-number of interfaces. Under most 64-bit system extending stacksize will lead
+number of interfaces. Under most 64-bit systems, extending stacksize will lead
-to additional memory space usage, but do not require actual commited memory,
+to additional memory space usage but does not require actual committed memory,
-so you can inrease stacksize to relatively large value (e.g. 1024000) without
+so you can increase stacksize to a relatively large value (e.g., 1024000) without
-the need to add additional phisical memory,
+the need to add additional physical memory,
-but it's system/libc dependant and requires additional testing under your
+but it's system/libc dependent and requires additional testing under your
-installation. Don't forget about memory related ulimts.
+installation. Don't forget about memory-related ulimits.
-<p>For 32-bit systems address space can be a bottlneck you should consider. If
+<p>For 32-bit systems, address space can be a bottleneck you should consider. If
-you're short of address space you can try to use negative stack size.
+you're short on address space, you can try using a negative stack size.
-<h4>Known system issues</h4>
+<h4>Known System Issues</h4>
-There are known race condition issues in Linux / glibc resolver. The probability
+There are known race condition issues in the Linux/glibc resolver. The probability
-of race condition arises under configuration with IPv6, large number of interfaces
+of a race condition arises under configuration with IPv6, a large number of interfaces
-or IP addresses or resolvers configured. In this case, install local recursor and
+or IP addresses, or with resolvers configured. In this case, install a local recursor and
-use 3proxy built-in resolver (nserver / nscache / nscache6).
+use 3proxy's built-in resolver (nserver / nscache / nscache6).
-<h4>Do not use public resolvers</h4>
+<h4>Do Not Use Public Resolvers</h4>
-Public resolvers like ones from Google have ratelimits. For large number of
+Public resolvers like those from Google have rate limits. For a large number of
-requests install local caching recursor (ISC bind named, PowerDNS recursor, etc).
+requests, install a local caching recursor (ISC bind named, PowerDNS recursor, etc).
-<h4>Avoid large lists</h4>
+<h4>Avoid Large Lists</h4>
 Currently, 3proxy is not optimized to use large ACLs, user lists, etc. All lists
-are processed lineary. In devel version you can use RADIUS authentication to avoid
+are processed linearly. In the devel version, you can use RADIUS authentication to avoid
-user lists and ACLs in 3proxy itself. Also, RADIUS allows to easily set outgoing IP
+user lists and ACLs in 3proxy itself. Also, RADIUS allows you to easily set an outgoing IP
-on per-user basis or more sophisicated logics.
+on a per-user basis or implement more sophisticated logic.
-RADIUS is a new beta feature, test it before using in production.
+RADIUS is a new beta feature; test it before using it in production.
-<h4>Avoid changing configuration too often</h4>
+<h4>Avoid Changing Configuration Too Often</h4>
-Every configuration reload requires additional resources. Do not do frequent
+Every configuration reload requires additional resources. Do not make frequent
-changes, like users addition/deletaion via connfiguration, use alternative
+changes, such as user addition/deletion via configuration; use alternative
 authentication methods instead, like RADIUS.
-<h4>Consider using 'noforce'</h4>
+<h4>Consider Using 'noforce'</h4>
-'force' behaviour (default) re-authenticates all connections after
+The 'force' behavior (default) re-authenticates all connections after
-configuration reload, it may be resource consuming on large number of
+configuration reload; it may be resource-consuming with a large number of
-connections. Consider adding 'noforce' command before services started
+connections. Consider adding the 'noforce' command before services are started
-to prevent connections reauthentication.
+to prevent connection re-authentication.
-<h4>Do not monitor configuration files directly</h4>
+<h4>Do Not Monitor Configuration Files Directly</h4>
-Using configuration file directly in 'monitor' can lead to race condition where
+Using a configuration file directly in 'monitor' can lead to a race condition where
-configuration is reloaded while file is being written.
+the configuration is reloaded while the file is being written.
 To avoid race conditions:
 <ol>
 <li> Update config files only if there is no lock file
-<li> Create lock file then 3proxy configuration is updated, e.g. with
+<li> Create a lock file when the 3proxy configuration is updated, e.g., with
 "touch /some/path/3proxy/3proxy.lck". If you generate config files
-asynchronously, e.g. by user's request via web, you should consider
+asynchronously, e.g., by a user's request via web, you should consider
-implementing existance checking and file creation as atomic operation.
+implementing existence checking and file creation as an atomic operation.
-<li>add
+<li> Add
 <pre>
 system "rm /some/path/3proxy/3proxy.lck"
 </pre>
-at the end of config file to remove it after configuration is successfully loaded
+at the end of the config file to remove it after the configuration is successfully loaded
-<li> Use a dedicated version file to monitor, e.g.
+<li> Use a dedicated version file to monitor, e.g.:
 <pre>
 monitor "/some/path/3proxy/3proxy.ver"
 </pre>
-<li> After config is updated, change version file for 3proxy to reload configuration,
+<li> After the config is updated, change the version file for 3proxy to reload the configuration,
-e.g. with "touch /some/path/3proxy/3proxy.ver".
+e.g., with "touch /some/path/3proxy/3proxy.ver".
 </ol>
-<h4>Use TCP_NODELAY to speed-up connections with small amount of data</h4>
+<h4>Use TCP_NODELAY to Speed Up Connections with Small Amounts of Data</h4>
-If most requests require exchange with a small amount of data in a both ways
+If most requests require an exchange with a small amount of data in both directions
-without the need for bandwidth, e.g. messengers or small web request,
+without the need for bandwidth, e.g., messengers or small web requests,
-you can eliminate Nagle's algorithm delay with TCP_NODELAY flag. Usage example:
+you can eliminate Nagle's algorithm delay with the TCP_NODELAY flag. Usage example:
 <pre>
 proxy -osTCP_NODELAY -ocTCP_NODELAY
 </pre>
 sets TCP_NODELAY for client (oc) and server (os) connections.
-<p>Do not use TCP_NODELAY on slow connections with high delays and then
+<p>Do not use TCP_NODELAY on slow connections with high delays when
 connection bandwidth is a bottleneck.
-<h4>Use splice to speedup large data amount transfers</h4>
+<h4>Use Splice to Speed Up Large Data Amount Transfers</h4>
-splice() allows to copy data between connections without copying to process
+splice() allows copying data between connections without copying to the process
-addres space. It can speedup proxy on high bandwidth connections, if most
+address space. It can speed up the proxy on high-bandwidth connections if most
 connections require large data transfers. Splice is enabled by default on Linux
-since 0.9, "-s0" disables splice usage. Example:
+since 0.9; "-s0" disables splice usage. Example:
 <pre>
 proxy -s0
 </pre>
-Splice is only available on Linux. Splice requires more system buffers and file descriptors,
+Splice is only available on Linux. Splice requires more system buffers and file descriptors
 and produces more IOCTLs but reduces process memory and overall CPU usage.
-Disable splice if there is a lot of short-living connections with no bandwidth
+Disable splice if there are a lot of short-lived connections with no bandwidth
 requirements.
-<p>Use splice only on high-speed connections (e.g. 10GBE), if processor, memory speed or
+<p>Use splice only on high-speed connections (e.g., 10GbE) when the processor, memory speed, or
 system bus are bottlenecks.
-<p>TCP_NODELAY and splice are not contrary to each over and should be combined on
+<p>TCP_NODELAY and splice are not contrary to each other and should be combined on
 high-speed connections.
-<h4>Add grace delay to reduce system calls<h4>
+<h4>Add Grace Delay to Reduce System Calls</h4>
 <pre>proxy -g8000,3,10</pre>
-First parameter is average read size we want to keep, second parameter is
+The first parameter is the average read size we want to keep, the second parameter is
-minimal number of packets in the same direction to apply algorythm,
+the minimal number of packets in the same direction to apply the algorithm,
-last value is delay added after polling and prior to reading data.
+and the last value is the delay added after polling and prior to reading data.
-An example above adds 10 millisecond delay before reading data if average
+The example above adds a 10-millisecond delay before reading data if the average
-polling size is below 8000 bytes and 3 read operations are made in the same
+polling size is below 8000 bytes and 3 read operations have been made in the same
-direction. It's specially usefule with splice. <pre>logdump 1 1</pre> is useful
+direction. It's especially useful with splice. <pre>logdump 1 1</pre> is useful
-to see how grace delays work, choose delay value to avoid filling the read
+to see how grace delays work; choose a delay value to avoid filling the read
-pipe/buffer (typically 64K) but keep the request sizes close to chosen average
+pipe/buffer (typically 64K) but keep the request sizes close to the chosen average
-on large file upload/download.
+on large file uploads/downloads.
--- a/doc/html/howtoe.html
+++ b/doc/html/howtoe.html
--- a/doc/html/howtor.html
+++ b/doc/html/howtor.html
@ -5,16 +5,15 @@
  <li><a href="#COMPILE">Компиляция</a>
  <ul>
    <li><a href="#MSVC">Как скомпилировать 3proxy Visual C++</a>
-    <li><a href="#INTL">Как скомпилировать 3proxy Intel C Compiler под Windows</a>
+    <li><a href="#CMAKE">Как скомпилировать 3proxy с помощью CMake</a>
    <li><a href="#GCCWIN">Как скомпилировать 3proxy GCC под Windows</a>
    <li><a href="#GCCUNIX">Как скомпилировать 3proxy GCC под Unix/Linux</a>
    <li><a href="#CCCUNIX">Как скомпилировать 3proxy Compaq C Compiler под Unix/Linux</a>
  </ul>
  <li><a href="#INSTALL">Установка и удаление 3proxy</a>
  <ul>
-    <li><a href="#INSTNT">Как установить/удалить 3proxy под Windows 95/98/ME/NT/2000/XP как службу</a>
+    <li><a href="#INSTNT">Как установить/удалить 3proxy под Windows NT/2000/XP/2003 как службу</a>
    <li><a href="#INST95">Как установить/удалить 3proxy под Windows 95/98/ME</a>
    <li><a href="#INSTUNIX">Как установить/удалить 3proxy под Unix/Linux</a>
    <li><a href="#INSTMACOS">Как установить/удалить 3proxy под macOS</a>
    <li><a href="#INSTDOCKER">Как использовать 3proxy с Docker</a>
  </ul>
  <li><a href="#SERVER">Конфигурация сервера</a>
  <ul>
@ -34,6 +33,8 @@
    <li><a href="#NAMES">Как разрешать имена на родительском прокси?</a></li>
    <li><a href="#ISFTP">Как настроить FTP прокси?</a></li>
    <li><a href="#TLSPR">Как настроить SNI proxy (tlspr)</a></li>
    <li><a href="#SSLPLUGIN">Как настроить TLS/SSL с помощью SSLPlugin (https прокси, mTLS)</a></li>
    <li><a href="#CERTIFICATES">Как создать CA и сертификаты для SSLPlugin</a></li>
    <li><a href="#AUTH">Как ограничить доступ к службе</a>
    <li><a href="#USERS">Как создать список пользователей</a>
    <li><a href="#ACL">Как ограничить доступ пользователей к ресурсам</a>
@ -72,64 +73,67 @@
  <ul>
    <li><a name="MSVC"><i>Как скомпилировать 3proxy Visual C++</i></a>
    <p>
-    Извлеките файлы из архива 3proxy.tgz (например, с помощью WinZip).
+    Извлеките файлы из архива 3proxy.tgz (например, с помощью WinZip) или используйте git.
-    Используйте команду nmake /f Makefile.msvc.
+    <pre>
    nmake /f Makefile.msvc
    </pre>
    Исполняемые файлы будут помещены в каталог <code>bin/</code>.
    </p>
-    <li><a name="INTL"><i>Как скомпилировать 3proxy Intel C Compiler под Windows</i></a>
+    <li><a name="CMAKE"><i>Как скомпилировать 3proxy с помощью CMake</i></a>
    <p>
-    См. <a href="#MSVC">Как скомпилировать 3proxy Visual C++</a>. 
+    CMake предоставляет кроссплатформенную систему сборки. Работает на Windows (MSVC, MinGW), Linux, macOS и BSD.
-    Используйте Makefile.intl вместо Makefile.msvc
+    <br>Базовые шаги сборки:
-    </p>
+    <pre>
-    <li><a name="GCCWIN"><i>Как скомпилировать 3proxy GCC под Windows</i></a></li>
+    mkdir build
-    <p>
+    cd build
-    Извлеките файлы из архива 3proxy.tgz (например, с помощью WinZip или, при наличии
+    cmake ..
-    Cygwin, tar -xzf 3proxy.tgz).
+    cmake --build .</pre>
-    Используйте команду make -f Makefile.win. Если по каким-то причинам вы хотите использовать
+    На Windows с Visual Studio можно также сгенерировать файл решения:
-    библиотеку POSIX-эмуляции CygWin - используйте make -f Makefile.unix.
+    <pre>
-    При использовании CygWin, функции, специфичные для Windows (такие, как запуск в
+    cmake -G "Visual Studio 17 2022" -A x64 ..
-    качестве службы) будут недоступны.
+    cmake --build . --config Release</pre>
    Опциональные функции можно включить через параметры cmake:
    <pre>
    cmake -D3PROXY_USE_OPENSSL=ON -D3PROXY_USE_PCRE2=ON ..</pre>
    Доступные опции: 3PROXY_USE_OPENSSL, 3PROXY_USE_PCRE2, 3PROXY_USE_PAM, 3PROXY_USE_ODBC.
    <br>Исполняемые файлы будут помещены в каталог <code>build/bin/</code>.
    </p>
    <li><a name="GCCUNIX"><i>Как скомпилировать 3proxy GCC под Unix/Linux</i></a></li>
    <p>
-    Используйте make -f Makefile.unix. Должен использоваться GNU make, на
+    Для Linux используйте:
-    некоторых системах необходимо использовать gmake вместо make. Под Linux
+    <pre>
-    необходимо использовать Makefile.Linux, под Solaris - Makefile.Solaris-* (в
+    ln -sf Makefile.Linux Makefile
-    зависимости от используемого компилятора). Компиляция проверена в FreeBSD/i386,
+    make</pre>
-    OpenBSD/i386, NetBSD/i386, RH Linux/Alpha, Debian/i386, Gentoo/i386, Gentoo/PPC,
+    Для FreeBSD используйте:
-    Solaris 10, но должно собираться в любых версиях *BSD/Linux/Solaris.
+    <pre>
-    В других системах может потребоваться модификация make-файла и/или исходных текстов.
+    ln -sf Makefile.FreeBSD Makefile
-    Для компиляции с поддержкой ODBC необходимо убрать -DNOODBC из флагов
+    make</pre>
-    компиляции и добавить -lodbc (или другую ODBC-библиотеку) к флагам линковщика.
+    Для других Unix-подобных систем используйте Makefile.unix. На BSD-производных системах
-    </p>
+    убедитесь, что используете GNU make; иногда он называется gmake вместо make.
-	<li><a name="CCCUNIX"><i>Как скомпилировать 3proxy Compaq C Compiler под Unix/Linux</i></a></li>
+    <br>Компиляция проверена на FreeBSD, NetBSD, OpenBSD, Linux, Solaris и macOS.
-	<p>
+    <br>Для поддержки ODBC необходимо установить Unix ODBC, убрать -DNOODBC из флагов
-	Используйте make -f Makefile.ccc. Компиляция проверена в RH Linux 7.1/Alpha.
+    компиляции и добавить ODBC-библиотеку к флагам линковщика.
-    В других системах может потребоваться модификация файла и/или исходных текстов.
+    <br>Исполняемые файлы будут помещены в каталог <code>bin/</code>.
    </p>
  </ul>
 <hr>
 <li><a name="INSTALL"><b>Установка и удаление 3proxy</b></a>
 <p>
 <ul>
-  <li><a name="INSTNT"><i>Как установить/удалить 3proxy под Windows 95/98/ME/NT/2000/XP/2003 как службу</i></a>
+  <li><a name="INSTNT"><i>Как установить/удалить 3proxy под Windows NT/2000/XP/2003 как службу</i></a>
  <p>
-  Извлеките файлы из архива 3proxy.zip в любой каталог 
+  Извлеките файлы из архива 3proxy.zip в любой каталог
  (например, c:\Program Files\3proxy). Если необходимо, создайте каталог для
  хранения файлов журналов. Создайте файл конфигурации 3proxy.cfg в
  каталоге 3proxy (см. раздел <a href="#SERVER">Конфигурация сервера</a>).
-  Если используется версия более ранняя, чем 0.6, добавьте строку
+  Откройте командную строку (cmd.exe).
  <pre>
  service</pre>
  в файл 3proxy.cfg. Откройте командную строку (cmd.exe).
  Перейдите в каталог с 3proxy и дайте команду 3proxy.exe --install:
  <pre>
  D:\>C:
  C:\>cd C:\Program Files\3proxy
  C:\Program Files\3proxy>3proxy.exe --install</pre>
  Сервис должен быть установлен и запущен. Если сервис не запускается,
-  проверьте содержимое файла журнала,
+  попробуйте запустить 3proxy.exe вручную и проанализировать сообщения об ошибках.
  попробуйте удалить строку service из 3proxy.cfg, запустить 3proxy.exe вручную
  и проанализировать сообщения об ошибках.
  </p><p>
  Для удаления 3proxy необходимо остановить сервис и дать
  команду 3proxy.exe --remove:
@ -139,43 +143,110 @@
  C:\Program Files\3proxy>net stop 3proxy
  C:\Program Files\3proxy>3proxy.exe --remove</pre>
  после чего каталог 3proxy можно удалить.
  <p>
  Установка в качестве системной службы под Windows 9x поддерживается с версии 0.5
  </p>
  <li><a name="INST95"><i>Как установить/удалить 3proxy под Windows 95/98/ME</i></a>
  <p>
  Извлеките файлы из архива 3proxy.zip в любой каталог 
  (например, c:\Program Files\3proxy). Если необходимо, создайте каталог для
  хранения файлов журналов. Создайте файл конфигурации 3proxy.cfg в
  каталоге 3proxy (См. раздел <a href="#SERVER">Конфигурация сервера</a>).
  В файле конфигурации удалите строку
  <pre>
  service</pre>
  и добавьте строку
  <pre>
  daemon</pre>
  Создайте ярлык для 3proxy.exe и поместите его в автозагрузку либо с помощью
  редактора реестра regedit.exe добавьте в разделе
  <br>HKLM\Software\Microsoft\Windows\CurrentVersion\Run</br>
  строковый параметр 
  <br>3proxy = "c:\Program Files\3proxy.exe" "C:\Program Files\3proxy.cfg"<br>
  Использование кавычек при наличии в пути пробела обязательно.
  Перезагрузитесь.
  Если сервер не запускается,
  проверьте содержимое файла журнала,
  попробуйте удалить строку daemon из 3proxy.cfg, запустить 3proxy.exe вручную
  и проанализировать сообщения об ошибках.
  </p>
  <li><a name="INSTUNIX"><i>Как установить/удалить 3proxy под Unix/Linux</i></a>
  <p>
-  Скомпилируйте 3proxy (см. раздел <a href="#COMPILE">Компиляция</a>). Скопируйте
+  <b>С помощью Makefile:</b>
-  исполняемые файлы в подходящий каталог (например, /usr/local/3proxy/sbin для
+  <br>Скомпилируйте 3proxy (см. раздел <a href="#COMPILE">Компиляция</a>), затем выполните:
-  серверных приложений или /usr/local/3proxy/bin для клиентских утилит).
+  <pre>
-  Создайте файл /usr/local/etc/3proxy.cfg. 
+  sudo make install</pre>
-  (См. раздел <a href="#SERVER">Конфигурация сервера</a>).
+  Это установит исполняемые файлы в <code>/usr/local/3proxy/sbin/</code>,
-  Изменить расположение файла конфигурации можно, задав параметр при вызове
+  конфигурацию в <code>/etc/3proxy/</code> и настроит chroot-каталоги.
-  3proxy или изменив путь в файле 3proxy.c до компиляции.
+  Файл конфигурации по умолчанию: <code>/etc/3proxy/3proxy.cfg</code>.
-  Добавьте вызов 3proxy в скрипты начальной инициализации.
+  </p>
  <p>
  <b>С помощью CMake:</b>
  <pre>
  mkdir build && cd build
  cmake ..
  cmake --build .
  sudo cmake --install .</pre>
  </p>
  <p>
  <b>С помощью готовых пакетов из GitHub:</b>
  <br>Скачайте .deb или .rpm пакеты со страницы <a href="https://github.com/3proxy/3proxy/releases">GitHub Releases</a>.
  <br>Для Debian/Ubuntu:
  <pre>
  sudo dpkg -i 3proxy_*.deb</pre>
  Для RHEL/CentOS/Fedora:
  <pre>
  sudo rpm -i 3proxy-*.rpm</pre>
  </p>
  <p>
  Добавьте 3proxy в скрипты автозапуска или используйте systemd:
  <pre>
  sudo systemctl enable 3proxy
  sudo systemctl start 3proxy</pre>
  </p>
  <li><a name="INSTMACOS"><i>Как установить/удалить 3proxy под macOS</i></a>
  <p>
  <b>С помощью CMake (рекомендуется):</b>
  <pre>
  mkdir build && cd build
  cmake ..
  cmake --build .
  sudo cmake --install .</pre>
  Это установит:
  <ul>
  <li>Исполняемые файлы в <code>/usr/local/bin/</code></li>
  <li>Конфигурацию в <code>/etc/3proxy/</code></li>
  <li>Плагины в <code>/usr/local/lib/3proxy/</code></li>
  <li>Launchd plist в <code>/Library/LaunchDaemons/org.3proxy.3proxy.plist</code></li>
  </ul>
  </p>
  <p>
  <b>С помощью Makefile:</b>
  <pre>
  ln -sf Makefile.FreeBSD Makefile
  make
  sudo make install</pre>
  Это установит исполняемые файлы в <code>/usr/local/3proxy/bin/</code> и конфигурацию в <code>/usr/local/etc/3proxy/</code>.
  </p>
  <p>
  <b>Управление службой через launchd:</b>
  <br>После установки через cmake службой можно управлять с помощью launchctl:
  <pre>
  # Загрузить и запустить службу
  sudo launchctl load /Library/LaunchDaemons/org.3proxy.3proxy.plist
  # Остановить службу
  sudo launchctl stop org.3proxy.3proxy
  # Запустить службу
  sudo launchctl start org.3proxy.3proxy
  # Выгрузить и отключить службу
  sudo launchctl unload /Library/LaunchDaemons/org.3proxy.3proxy.plist</pre>
  Служба запускается от имени пользователя <code>proxy</code> (создаётся при установке).
  Файл конфигурации: <code>/etc/3proxy/3proxy.cfg</code>
  </p>
  <li><a name="INSTDOCKER"><i>Как использовать 3proxy с Docker</i></a>
  <p>
  <b>Использование готовых образов из GitHub Container Registry:</b>
  <pre>
  docker pull ghcr.io/3proxy/3proxy:latest</pre>
  </p>
  <p>
  <b>Сборка Docker-образов:</b>
  <br>Предоставляются два Dockerfile:
  <ul>
  <li><code>Dockerfile.minimal</code> - минимальная статическая сборка без плагинов, конфигурация из stdin:
  <pre>
  docker build -f Dockerfile.minimal -t 3proxy.minimal .
  docker run -i -p 3129:3129 --name 3proxy 3proxy.minimal</pre>
  Затем введите конфигурацию, завершив командой "end".
  </li>
  <li><code>Dockerfile.full</code> - полная сборка с плагинами (SSL, PCRE, Transparent):
  <pre>
  docker build -f Dockerfile.full -t 3proxy.full .
  docker run -p 3129:3129 -v /path/to/config:/usr/local/3proxy/conf 3proxy.full</pre>
  Файл конфигурации должен находиться по пути <code>/path/to/config/3proxy.cfg</code>.
  </li>
  </ul>
  </p>
  <p>
  По умолчанию 3proxy работает в chroot-окружении с uid/gid 65535. Используйте <code>nserver</code> в конфигурации для DNS-разрешения в chroot.
  Для запуска без chroot монтируйте конфигурацию в <code>/etc/3proxy</code>.
  </p>
 </ul>
 <hr>
@ -219,7 +290,7 @@
    <li>Служба уже установлена или запущена
  </ul>
  </p>
-  <li><a name="INTEXT">Как разобраться с internal и external</a></li></li>
+  <li><a name="INTEXT">Как разобраться с internal и external</a></li>
  <p>
  Убедитесь, что выправильно понимаете что такое internal и external адреса.
  Оба адреса - это адреса, принадлежищие хосту, на котором установлен 3proxy.
@ -511,29 +582,49 @@
  </p>
    <li><a name="TLSPR"><i>Как настроить SNI proxy (tlspr)</i></a></li>
  <p>
- 
+    SNI proxy может быть использован для транспарентного перенаправления любого TLS трафика (например HTTPS) на внешнем маршрутизаторе
    SNI proxy может быть использовать для транспарентного перенаправления любого TLS трафика (например HTTPS) на внешнем маршрутизаторе
    или локальными правилами. Так же можно использовать его для извлечения имени хоста из TLS хендшейка с целью логгирования или использования в ACL.
    Еще одна задача которую может решать модуль - требование наличия TLS или mTLS (mutual TLS).
-    Если tlspr используется как отдельный сервис без исползования плагина Transparent, то необходимо задать порт назначения через опцию -T (по умолчанию 443),
+    Если tlspr используется как отдельный сервис без использования плагина Transparent, то необходимо задать порт назначения через опцию -P (по умолчанию 443),
    т.к. TLS хендшейк не содержит информации о порте назначения.
-  </p><p>    
+  </p><p>
-    -c контролирует уровень требования к TLS:
+    <b>Опции:</b>
 </p><pre>
-0 (по умолчанию) - пропустить трафик без TLS
+-P &lt;порт&gt;  - порт назначения (по умолчанию: 443)
-1 - требовать TLS, проверять наличие client HELLO
+-c &lt;уровень&gt; - уровень проверки TLS:
-2 - требовать TLS, проверять наличие client и server HELLO
+  0 (по умолчанию) - пропустить трафик без TLS
-3 - требовать TLS, проверять наличие серверного сертификата (не совместим с TLS 1.3+)
+  1 - требовать TLS, проверять наличие client HELLO
-4 - требовать взаимный (mutual) TLS, проверять что сервер запрашивает сертификат и клиент его отправляет (не совместим с TLS 1.3+)    
+  2 - требовать TLS, проверять наличие client и server HELLO
  3 - требовать TLS, проверять наличие серверного сертификата (не совместим с TLS 1.3+)
  4 - требовать взаимный (mutual) TLS, проверять что сервер запрашивает сертификат и клиент его отправляет (не совместим с TLS 1.3+)
 </pre>
 <p>
-примеры конфигурации:
+<b>SNI Break (обход DPI):</b>
-1. Порт 1443 можно использовать для перенаправления в него HTTPS трафика по порту 443 (например с внешнего маршрутизатора)
+<br>tlspr может использоваться как родительский прокси типа "tls" для реализации SNI-фрагментации (аналог NoDPI/GoodByeDPI).
-<pre>
+Клиент отправляет первую часть TLS ClientHello, tlspr разбивает его на расширении SNI и отправляет двумя TCP-пакетами,
 что позволяет обойти некоторые DPI-системы, ищущие заблокированные имена хостов в TLS-рукопожатиях.
 <br>Для включения SNI break используйте <code>parent ... tls 0.0.0.0 0</code> и опцию <code>-s</code> на слушающем сервисе с TCP_NODELAY:
 </p><pre>
 auth iponly
 allow *
 parent 1000 tls 0.0.0.0 0
 allow *
 proxy -s -i127.0.0.1 -ocTCP_NODELAY -osTCP_NODELAY -p1443
 </pre>
 <p>
 TCP_NODELAY необходим, чтобы ядро не объединяло разделенные пакеты.
 </p>
 <p>
 <b>Примеры конфигурации:</b>
 </p>
 <p>
 1. Отдельный SNI proxy на порту 1443 с перенаправлением на порт назначения 443:
 </p><pre>
 tlspr -p1443 -P443 -c1
 </pre>
-2. tlspr используется как родительский прокси в SOCKS чтобы обнаруживать реальный hostname назначения (даже если запрашивается подклюение по IP адресу)
+<p>
-<pre>
+2. Использование tlspr как родительского прокси в SOCKS для обнаружения hostname из TLS (даже если клиент подключается по IP):
 </p><pre>
 allow * * * 80
 parent 1000 http 0.0.0.0 0
 allow * * * * CONNECT
@ -541,9 +632,208 @@ parent 1000 tls 0.0.0.0 0
 deny * * some.not.allowed.host
 allow *
 socks
 </pre>
 <p>
 3. Использование tlspr с HTTP proxy для ACL по имени хоста TLS:
 </p><pre>
 allow * * * 80
 parent 1000 http 0.0.0.0 0
 allow * * * 443
 parent 1000 tls 0.0.0.0 0
 deny * * blocked.example.com
 allow *
 proxy
 </pre>
  </p>
  <li><a name="SSLPLUGIN"><i>Как настроить TLS/SSL с помощью SSLPlugin (https прокси, mTLS)</i></a>
 <p>
 SSLPlugin обеспечивает поддержку TLS/SSL для 3proxy. Он может использоваться для:
 <ul>
 <li>Создания https:// прокси (TLS-шифрованное соединение между клиентом и прокси)</li>
 <li>Реализации MITM для инспекции TLS-трафика</li>
 <li>Соединения с вышестоящими серверами через TLS с аутентификацией по клиентскому сертификату</li>
 <li>Требования аутентификации по клиентскому сертификату (mTLS)</li>
 </ul>
 </p>
 <p>
 <b>Создание https:// прокси:</b>
 <br>Для создания https:// прокси требуется сертификат и ключ сервера. Сертификат не должен быть самоподписанным
 и должен содержать альтернативные имена (SAN) для имени хоста/IP прокси.
 </p><pre>
 plugin /path/to/SSLPlugin.ld.so ssl_plugin
 ssl_server_cert /etc/3proxy/certs/server.crt
 ssl_server_key /etc/3proxy/certs/server.key
 ssl_serv
 proxy -p3129
 ssl_noserv
 proxy -p3128
 </pre>
 <p>
 Создаётся https:// прокси на порту 3129 и http:// прокси на порту 3128.
 Настройте клиенты на использование https://proxy-host:3129/ в качестве URL прокси.
 </p>
 <p>
 <b>Аутентификация по клиентскому сертификату (mTLS):</b>
 <br>Чтобы требовать от клиентов аутентификацию по сертификату, используйте ssl_server_verify и укажите CA-сертификат:
 </p><pre>
 plugin /path/to/SSLPlugin.ld.so ssl_plugin
 ssl_server_cert /etc/3proxy/certs/server.crt
 ssl_server_key /etc/3proxy/certs/server.key
 ssl_server_ca_file /etc/3proxy/certs/ca.crt
 ssl_server_verify
 ssl_serv
 proxy -p3129
 </pre>
 <p>
 Только клиенты с действительным сертификатом, подписанным CA, смогут подключиться.
 </p>
 <p>
 <b>MITM для инспекции TLS-трафика:</b>
 <br>Для перехвата и расшифровки TLS-трафика требуется CA-сертификат для генерации подделанных серверных сертификатов:
 </p><pre>
 plugin /path/to/SSLPlugin.ld.so ssl_plugin
 ssl_server_ca_file /etc/3proxy/certs/ca.crt
 ssl_server_ca_key /etc/3proxy/certs/ca.key
 ssl_client_verify
 ssl_client_ca_file /etc/ssl/certs/ca-certificates.crt
 ssl_mitm
 proxy -p3128
 ssl_nomitm
 proxy -p3129
 </pre>
 <p>
 CA-сертификат должен быть доверенным для клиентов. ssl_client_verify обеспечивает проверку реальных серверных сертификатов.
 Без ssl_client_verify прокси уязвим для MITM-атак.
 </p>
 <p>
 <b>TLS-клиент (соединение с вышестоящим сервером через TLS):</b>
 <br>Для соединения с вышестоящими серверами через TLS с аутентификацией по клиентскому сертификату:
 </p><pre>
 plugin /path/to/SSLPlugin.ld.so ssl_plugin
 ssl_client_cert /etc/3proxy/certs/client.crt
 ssl_client_key /etc/3proxy/certs/client.key
 ssl_client_verify
 ssl_client_ca_file /etc/ssl/certs/ca-certificates.crt
 ssl_cli
 proxy -p3128
 </pre>
  <li><a name="CERTIFICATES"><i>Как создать CA и сертификаты для SSLPlugin</i></a>
 <p>
 <b>Создание удостоверяющего центра (CA):</b>
 <br>Для MITM или mTLS требуется CA. Сгенерируйте закрытый ключ CA и сертификат:
 </p><pre>
 # Генерация закрытого ключа CA
 openssl genrsa -out ca.key 4096
 # Генерация сертификата CA (действителен 10 лет)
 openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 \
    -subj "/C=RU/ST=Region/L=City/O=MyOrg/CN=My CA" \
    -out ca.crt
 </pre>
 <p>
 Для MITM импортируйте ca.crt в браузеры/ОС клиентов как доверенный корневой CA.
 </p>
 <p>
 <b>Создание серверного сертификата для https:// прокси:</b>
 <br>Серверный сертификат должен иметь правильные альтернативные имена (SAN):
 </p><pre>
 # Генерация закрытого ключа сервера
 openssl genrsa -out server.key 2048
 # Создание запроса на подпись сертификата (CSR)
 openssl req -new -key server.key \
    -subj "/C=RU/ST=Region/L=City/O=MyOrg/CN=proxy.example.com" \
    -out server.csr
 # Создание файла расширений для SAN
 cat > server.ext << 'EOF'
 authorityKeyIdentifier=keyid,issuer
 basicConstraints=CA:FALSE
 keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
 extendedKeyUsage = serverAuth
 subjectAltName = @alt_names
 [alt_names]
 DNS.1 = proxy.example.com
 DNS.2 = proxy
 IP.1 = 192.168.1.100
 EOF
 # Подписание сертификата CA
 openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key \
    -CAcreateserial -out server.crt -days 365 -sha256 \
    -extfile server.ext
 </pre>
 <p>
 Для публичного https:// прокси используйте CA вроде Let's Encrypt вместо самоподписанного.
 </p>
 <p>
 <b>Создание клиентского сертификата для mTLS:</b>
 </p><pre>
 # Генерация закрытого ключа клиента
 openssl genrsa -out client1.key 2048
 # Создание CSR
 openssl req -new -key client1.key \
    -subj "/C=RU/ST=Region/L=City/O=MyOrg/CN=client1" \
    -out client1.csr
 # Создание файла расширений
 cat > client.ext << 'EOF'
 basicConstraints=CA:FALSE
 keyUsage = digitalSignature, nonRepudiation, keyEncipherment
 extendedKeyUsage = clientAuth
 EOF
 # Подписание CA
 openssl x509 -req -in client1.csr -CA ca.crt -CAkey ca.key \
    -CAcreateserial -out client1.crt -days 365 -sha256 \
    -extfile client.ext
 # Создание PKCS#12 для импорта в браузер
 openssl pkcs12 -export -out client1.p12 \
    -inkey client1.key -in client1.crt -certfile ca.crt
 </pre>
 <p>
 Импортируйте client1.p12 в хранилище сертификатов браузера или ОС клиента.
 </p>
 <p>
 <b>Скрипт быстрой настройки для разработки/тестирования:</b>
 </p><pre>
 #!/bin/sh
 # Создаёт CA, серверный и клиентский сертификаты для тестирования SSLPlugin
 # CA
 openssl genrsa -out ca.key 4096
 openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 \
    -subj "/CN=3proxy CA" -out ca.crt
 # Сервер
 openssl genrsa -out server.key 2048
 openssl req -new -key server.key -subj "/CN=localhost" -out server.csr
 cat > server.ext << 'EOF'
 basicConstraints=CA:FALSE
 keyUsage = keyEncipherment
 extendedKeyUsage = serverAuth
 subjectAltName = DNS:localhost,DNS:proxy,IP:127.0.0.1
 EOF
 openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key \
    -CAcreateserial -out server.crt -days 365 -sha256 -extfile server.ext
 # Клиент
 openssl genrsa -out client.key 2048
 openssl req -new -key client.key -subj "/CN=client" -out client.csr
 cat > client.ext << 'EOF'
 basicConstraints=CA:FALSE
 extendedKeyUsage = clientAuth
 EOF
 openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key \
    -CAcreateserial -out client.crt -days 365 -sha256 -extfile client.ext
 openssl pkcs12 -export -out client.p12 -passout pass: \
    -inkey client.key -in client.crt -certfile ca.crt
 </pre>
  <li><a name="AUTH"><i>Как ограничить доступ к службе</i></a>
  <p>
  Во-первых, для ограничения доступа необходимо указать внутренний интерфейс,
--- a/doc/html/index.html
+++ b/doc/html/index.html
@ -1,17 +1,17 @@
-<html><title>3proxy documentation</title><body><h2>3proxy documentation</h2> 
+<html><title>3proxy documentation</title><body><h2>3proxy documentation</h2>
-<a href="securityen.html">Security recommendations</a><br> 
+<a href="securityen.html">Security recommendations</a><br>
-<a href="highload.html">Optimizing 3proxy for high loads</a><br> 
+<a href="highload.html">Optimizing 3proxy for high loads</a><br>
-<a href="howtoe.html">How To (English, very incomplete)</a><br> 
+<a href="howtoe.html">How To (English, very incomplete)</a><br>
-<a href="howtor.html">How To (Russian)</a><br> 
+<a href="howtor.html">How To (Russian)</a><br>
-<h3>Man pages:</h> 
+<h3>Man pages:</h3>
-<br><A HREF="man8/3proxy.8.html">3proxy.8</A> 
+<br><A HREF="man8/3proxy.8.html">3proxy.8</A>
-<br><A HREF="man8/ftppr.8.html">ftppr.8</A> 
+<br><A HREF="man8/ftppr.8.html">ftppr.8</A>
-<br><A HREF="man8/pop3p.8.html">pop3p.8</A> 
+<br><A HREF="man8/pop3p.8.html">pop3p.8</A>
-<br><A HREF="man8/proxy.8.html">proxy.8</A> 
+<br><A HREF="man8/proxy.8.html">proxy.8</A>
-<br><A HREF="man8/smtpp.8.html">smtpp.8</A> 
+<br><A HREF="man8/smtpp.8.html">smtpp.8</A>
-<br><A HREF="man8/socks.8.html">socks.8</A> 
+<br><A HREF="man8/socks.8.html">socks.8</A>
-<br><A HREF="man8/tcppm.8.html">tcppm.8</A> 
+<br><A HREF="man8/tcppm.8.html">tcppm.8</A>
-<br><A HREF="man8/tlspr.8.html">tlspr.8</A> 
+<br><A HREF="man8/tlspr.8.html">tlspr.8</A>
-<br><A HREF="man8/udppm.8.html">udppm.8</A> 
+<br><A HREF="man8/udppm.8.html">udppm.8</A>
-<br><A HREF="man3/3proxy.cfg.3.html">3proxy.cfg.3</A> 
+<br><A HREF="man3/3proxy.cfg.3.html">3proxy.cfg.3</A>
-</body></html> 
+</body></html>
--- a/doc/html/man3/3proxy.cfg.3.html
+++ b/doc/html/man3/3proxy.cfg.3.html
--- a/doc/html/man8/3proxy.8.html
+++ b/doc/html/man8/3proxy.8.html
@ -0,0 +1,221 @@
 <!-- Creator     : groff version 1.24.1 -->
 <html>
 <head>
 </head>
 <body>
 <h1 align="center">3proxy</h1>
 <a href="#NAME">NAME</a><br>
 <a href="#SYNOPSIS">SYNOPSIS</a><br>
 <a href="#DESCRIPTION">DESCRIPTION</a><br>
 <a href="#OPTIONS">OPTIONS</a><br>
 <a href="#SIGNALS">SIGNALS</a><br>
 <a href="#FILES">FILES</a><br>
 <a href="#BUGS">BUGS</a><br>
 <a href="#SEE ALSO">SEE ALSO</a><br>
 <a href="#TRIVIA">TRIVIA</a><br>
 <a href="#AUTHORS">AUTHORS</a><br>
 <hr>
 <h2>NAME
 <a name="NAME"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>3proxy</b> -
 3[APA3A] tiny proxy server, or trivial proxy server, or free
 proxy server</p>
 <h2>SYNOPSIS
 <a name="SYNOPSIS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>3proxy</b>
 [<i>config_file</i>] <b><br>
 3proxy</b> [<i>--install</i>] <b><br>
 3proxy</b> [<i>--remove</i>]</p>
 <h2>DESCRIPTION
 <a name="DESCRIPTION"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>3proxy</b> is
 a universal proxy server. It can be used to provide internal
 users with fully controllable access to external resources
 or to provide external users with access to internal
 resources. 3proxy is not developed to replace
 <b>squid</b>(8), but it can extend the functionality of an
 existing caching proxy. It can be used to route requests
 between different types of clients and proxy servers. Think
 about it as application level gateway with configuration
 like hardware router has for network layer. It can establish
 multiple gateways with HTTP and HTTPS proxy with FTP over
 HTTP support, SOCKS v4, v4.5 and v5, POP3 proxy, UDP and TCP
 portmappers. Each gateway is started from the configuration
 file like an independent service <b>proxy</b>(8)
 <b>socks</b>(8) <b>pop3p</b>(8) <b>tcppm</b>(8)
 <b>udppm</b>(8) <b>ftppr</b>(8) <b>dnspr</b> but
 <b>3proxy</b> is not a kind of wrapper or superserver for
 these daemons. It just has the same code compiled in, but
 provides much more functionality. SOCKSv5 implementation
 allows you to use 3proxy with any UDP or TCP based client
 applications designed without proxy support (with
 <i>SocksCAP</i>, <i>FreeCAP</i> or another client-side
 redirector under Windows or with a socksification library
 under Unix). So you can play your favourite games, listen to
 music, exchange files and messages and even accept incoming
 connections behind a proxy server.</p>
 <p style="margin-left:6%; margin-top: 1em"><i>dnspr</i>
 does not exist as an independent service. It&rsquo;s a DNS
 caching proxy (it requires <i>nscache</i> and <i>nserver</i>
 to be set in the configuration. Only A-records are cached.
 Please note that this caching is mostly a &rsquo;hack&rsquo;
 and has nothing to do with a real DNS server, but it works
 perfectly for SOHO networks.</p>
 <p style="margin-left:6%; margin-top: 1em">3proxy supports
 access control lists (ACL) like network router. Source and
 destination networks and destination port can be specified.
 In addition, usernames and gateway action (for example GET
 or POST) can be used in ACLs. In order to filter request on
 username basis user must be authenticated somehow. There are
 few authentication types including password authentication
 and authentication by NetBIOS name for Windows clients
 (it&acute;s very like ident authentication). Depending on
 ACL action request can be allowed, denied or redirected to
 another host or to another proxy server or even to a chain
 of proxy servers.</p>
 <p style="margin-left:6%; margin-top: 1em">It supports
 different types of logging: to logfiles, <b>syslog</b>(3)
 (only under Unix) or to an ODBC database. Logging format is
 tunable to provide compatibility with existing log file
 parsers. It makes it possible to use 3proxy with IIS, ISA,
 Apache or Squid log parsers.</p>
 <h2>OPTIONS
 <a name="OPTIONS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>config_file</b></p>
 <p style="margin-left:15%;">Name of config file. See
 <b>3proxy.cfg</b>(3) for configuration file format. Under
 Windows, if config_file is not specified, <b>3proxy</b>
 looks for a file named <i>3proxy.cfg</i> in the default
 location (in the same directory as the executable file and
 in the current directory). Under Unix, if no config file is
 specified, 3proxy reads configuration from stdin. It makes
 it possible to use the 3proxy.cfg file as an executable
 script just by setting +x mode and adding <br>
 #!/usr/local/3proxy/3proxy <br>
 as a first line in 3proxy.cfg</p>
 <p style="margin-left:6%;"><b>--install</b></p>
 <p style="margin-left:15%;">(Windows NT family only)
 install <b>3proxy</b> as a system service</p>
 <p style="margin-left:6%;"><b>--remove</b></p>
 <p style="margin-left:15%;">(Windows NT family only) remove
 <b>3proxy</b> from system services</p>
 <h2>SIGNALS
 <a name="SIGNALS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">Under Unix there
 are a few signals <b>3proxy</b> catches. See <b>kill</b>(1).
 <b><br>
 SIGTERM</b></p>
 <p style="margin-left:15%;">clean up connections and
 exit</p>
 <p style="margin-left:6%;"><b>SIGPAUSE</b></p>
 <p style="margin-left:15%;">stop accepting new connections,
 on second signal - start and re-read configuration</p>
 <p style="margin-left:6%;"><b>SIGCONT</b></p>
 <p style="margin-left:15%;">start to accept new
 connections</p>
 <p style="margin-left:6%;"><b>SIGUSR1</b></p>
 <p style="margin-left:15%;">reload configuration</p>
 <p style="margin-left:6%; margin-top: 1em">Under Windows,
 if <b>3proxy</b> is installed as a service you can use
 standard service management to start, stop, pause and
 continue the 3proxy service, for example: <b><br>
 net start 3proxy <br>
 net stop 3proxy <br>
 net pause 3proxy <br>
 net continue 3proxy</b></p>
 <p style="margin-left:6%; margin-top: 1em">Web admin
 service can also be used to reload configuration. Use wget
 to automate this task.</p>
 <h2>FILES
 <a name="FILES"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><i>/usr/local/3proxy/3proxy.cfg
 (3proxy.cfg)</i></p>
 <p style="margin-left:15%;"><b>3proxy</b> configuration
 file</p>
 <h2>BUGS
 <a name="BUGS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">Report all bugs
 to <b>3proxy@3proxy.org</b></p>
 <h2>SEE ALSO
 <a name="SEE ALSO"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy.cfg(3),
 proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8),
 kill(1), syslogd(8), <br>
 https://3proxy.org/</p>
 <h2>TRIVIA
 <a name="TRIVIA"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3APA3A is
 pronounced as ``zaraza&acute;&acute;.</p>
 <h2>AUTHORS
 <a name="AUTHORS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy is
 designed by Vladimir 3APA3A Dubrovin
 (<i>3proxy@3proxy.org</i>)</p>
 <hr>
 </body>
 </html>
--- a/doc/html/man8/ftppr.8.html
+++ b/doc/html/man8/ftppr.8.html
@ -0,0 +1,232 @@
 <!-- Creator     : groff version 1.24.1 -->
 <html>
 <head>
 </head>
 <body>
 <h1 align="center">ftppr</h1>
 <a href="#NAME">NAME</a><br>
 <a href="#SYNOPSIS">SYNOPSIS</a><br>
 <a href="#DESCRIPTION">DESCRIPTION</a><br>
 <a href="#OPTIONS">OPTIONS</a><br>
 <a href="#CLIENTS">CLIENTS</a><br>
 <a href="#BUGS">BUGS</a><br>
 <a href="#SEE ALSO">SEE ALSO</a><br>
 <a href="#AUTHORS">AUTHORS</a><br>
 <hr>
 <h2>NAME
 <a name="NAME"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>ftppr</b> -
 FTP proxy gateway service</p>
 <h2>SYNOPSIS
 <a name="SYNOPSIS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>ftppr</b>
 [<b>-d</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
 [<b>-p</b><i>port</i>] [<b>-i</b><i>internal_ip</i>]
 [<b>-e</b><i>external_ip</i>]
 [<b>-h</b><i>default_ip[:port]</i>]</p>
 <h2>DESCRIPTION
 <a name="DESCRIPTION"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>ftppr</b> is
 FTP gateway service to allow internal users to access
 external FTP servers.</p>
 <h2>OPTIONS
 <a name="OPTIONS"></a>
 </h2>
 <table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-I</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Inetd mode. Standalone service
 only.</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-d</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Daemonize. Detach service from
 console and run in the background.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-t</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Be silenT. Do not log
 start/stop/accept error records.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-u</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Never look for username
 authentication.</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-e</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">External address. IP address of
 the interface the proxy should initiate connections from. By
 default, the system will decide which address to use in
 accordance with the routing table.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-i</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Internal address. IP address the
 proxy accepts connections to. By default, connections to any
 interface are accepted. It&acute;s usually unsafe.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-h</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Default destination. It&rsquo;s
 used if the target address is not specified by the user.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-p</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Port. Port proxy listens for
 incoming connections. Default is 21.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-l</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Log. By default logging is to
 stdout. If <i>logfile</i> is specified logging is to file.
 Under Unix, if &acute;<i>@</i>&acute; precedes
 <i>logfile</i>, syslog is used for logging.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-S</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Increase or decrease stack size.
 You may want to try something like -S8192 if you experience
 3proxy crashes.</p></td></tr>
 </table>
 <h2>CLIENTS
 <a name="CLIENTS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">You can use any
 FTP client, regardless of FTP proxy support. For a client
 with FTP proxy support, configure <i>internal_ip</i> and
 <i>port</i> in the FTP proxy parameters. For clients without
 FTP proxy support, use <i>internal_ip</i> and <i>port</i> as
 the FTP server. The address of the real FTP server must be
 configured as a part of the FTP username. The format for the
 username is <i>username</i><b>@</b><i>server</i>, where
 <i>server</i> is the address of the FTP server and
 <i>username</i> is the user&acute;s login on this FTP
 server. The login itself may contain an &acute;@&acute;
 sign. Only cleartext authentication is currently
 supported.</p>
 <h2>BUGS
 <a name="BUGS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">Report all bugs
 to <b>3proxy@3proxy.org</b></p>
 <h2>SEE ALSO
 <a name="SEE ALSO"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy(8),
 proxy(8), pop3p(8), socks(8), tcppm(8), udppm(8),
 syslogd(8), <br>
 https://3proxy.org/</p>
 <h2>AUTHORS
 <a name="AUTHORS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy is
 designed by Vladimir 3APA3A Dubrovin
 (<i>3proxy@3proxy.org</i>)</p>
 <hr>
 </body>
 </html>
--- a/doc/html/man8/pop3p.8.html
+++ b/doc/html/man8/pop3p.8.html
@ -0,0 +1,232 @@
 <!-- Creator     : groff version 1.24.1 -->
 <html>
 <head>
 </head>
 <body>
 <h1 align="center">pop3p</h1>
 <a href="#NAME">NAME</a><br>
 <a href="#SYNOPSIS">SYNOPSIS</a><br>
 <a href="#DESCRIPTION">DESCRIPTION</a><br>
 <a href="#OPTIONS">OPTIONS</a><br>
 <a href="#CLIENTS">CLIENTS</a><br>
 <a href="#BUGS">BUGS</a><br>
 <a href="#SEE ALSO">SEE ALSO</a><br>
 <a href="#AUTHORS">AUTHORS</a><br>
 <hr>
 <h2>NAME
 <a name="NAME"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>pop3p</b> -
 POP3 proxy gateway service</p>
 <h2>SYNOPSIS
 <a name="SYNOPSIS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>pop3p</b>
 [<b>-d</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
 [<b>-p</b><i>port</i>] [<b>-i</b><i>internal_ip</i>]
 [<b>-e</b><i>external_ip</i>]
 [<b>-h</b><i>default_ip[:port]</i>]</p>
 <h2>DESCRIPTION
 <a name="DESCRIPTION"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>pop3p</b> is
 POP3 gateway service to allow internal users to access
 external POP3 servers.</p>
 <h2>OPTIONS
 <a name="OPTIONS"></a>
 </h2>
 <table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-I</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Inetd mode. Standalone service
 only.</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-d</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Daemonize. Detach service from
 console and run in the background.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-t</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Be silenT. Do not log
 start/stop/accept error records.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-u</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Never look for username
 authentication.</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-e</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">External address. IP address of
 the interface the proxy should initiate connections from. By
 default, the system will decide which address to use in
 accordance with the routing table.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-i</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Internal address. IP address the
 proxy accepts connections to. By default, connections to any
 interface are accepted. It&acute;s usually unsafe.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-p</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Port. Port proxy listens for
 incoming connections. Default is 110.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-h</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Default destination. It&rsquo;s
 used if the target address is not specified by the user.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-l</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Log. By default logging is to
 stdout. If <i>logfile</i> is specified logging is to file.
 Under Unix, if &acute;<i>@</i>&acute; precedes
 <i>logfile</i>, syslog is used for logging.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-S</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Increase or decrease stack size.
 You may want to try something like -S8192 if you experience
 3proxy crashes.</p></td></tr>
 </table>
 <h2>CLIENTS
 <a name="CLIENTS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">You can use any
 MUA (Mail User Agent) with POP3 support. Set the client to
 use <i>internal_ip</i> and <i>port</i> as a POP3 server. The
 address of the real POP3 server must be configured as a part
 of the POP3 username. The format for the username is
 <i>username</i><b>@</b><i>server</i>, where <i>server</i> is
 the address of the POP3 server and <i>username</i> is the
 user&acute;s login on this POP3 server. The login itself may
 contain an &acute;@&acute; sign. Only cleartext
 authentication is supported, because challenge-response
 authentication (APOP, CRAM-MD5, etc.) requires a challenge
 from the server before we know which server to connect
 to.</p>
 <h2>BUGS
 <a name="BUGS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">Report all bugs
 to <b>3proxy@3proxy.org</b></p>
 <h2>SEE ALSO
 <a name="SEE ALSO"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy(8),
 ftppr(8), proxy(8), socks(8), tcppm(8), udppm(8),
 syslogd(8), <br>
 https://3proxy.org/</p>
 <h2>AUTHORS
 <a name="AUTHORS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy is
 designed by Vladimir 3APA3A Dubrovin
 (<i>3proxy@3proxy.org</i>)</p>
 <hr>
 </body>
 </html>
--- a/doc/html/man8/proxy.8.html
+++ b/doc/html/man8/proxy.8.html
@ -0,0 +1,237 @@
 <!-- Creator     : groff version 1.24.1 -->
 <html>
 <head>
 </head>
 <body>
 <h1 align="center">proxy</h1>
 <a href="#NAME">NAME</a><br>
 <a href="#SYNOPSIS">SYNOPSIS</a><br>
 <a href="#DESCRIPTION">DESCRIPTION</a><br>
 <a href="#OPTIONS">OPTIONS</a><br>
 <a href="#CLIENTS">CLIENTS</a><br>
 <a href="#BUGS">BUGS</a><br>
 <a href="#SEE ALSO">SEE ALSO</a><br>
 <a href="#AUTHORS">AUTHORS</a><br>
 <hr>
 <h2>NAME
 <a name="NAME"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>proxy</b> -
 HTTP proxy gateway service</p>
 <h2>SYNOPSIS
 <a name="SYNOPSIS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>proxy</b>
 [<b>-d</b>][<b>-a</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
 [<b>-p</b><i>port</i>] [<b>-i</b><i>internal_ip</i>]
 [<b>-e</b><i>external_ip</i>]</p>
 <h2>DESCRIPTION
 <a name="DESCRIPTION"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>proxy</b> is
 HTTP gateway service with HTTPS and FTP over HTTPS
 support.</p>
 <h2>OPTIONS
 <a name="OPTIONS"></a>
 </h2>
 <table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-I</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Inetd mode. Standalone service
 only.</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-d</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Daemonize. Detach service from
 console and run in the background.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-t</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Be silenT. Do not log
 start/stop/accept error records.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-u</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Never ask for username
 authentication</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-e</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">External address. IP address of
 the interface the proxy should initiate connections from. By
 default, the system will decide which address to use in
 accordance with the routing table.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-i</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Internal address. IP address the
 proxy accepts connections to. By default, connections to any
 interface are accepted. It&acute;s usually unsafe.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-a</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Anonymous. Hide information
 about client.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-a1</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Anonymous. Show fake information
 about client.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-p</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Port. Port proxy listens for
 incoming connections. Default is 3128.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-l</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Log. By default logging is to
 stdout. If <i>logfile</i> is specified logging is to file.
 Under Unix, if &acute;<i>@</i>&acute; preceeds
 <i>logfile</i>, syslog is used for logging.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-S</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Increase or decrease stack size.
 You may want to try something like -S8192 if you experience
 3proxy crashes.</p></td></tr>
 </table>
 <h2>CLIENTS
 <a name="CLIENTS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">You should use a
 client with HTTP proxy support or configure a router to
 redirect HTTP traffic to the proxy (transparent proxy).
 Configure the client to connect to <i>internal_ip</i> and
 <i>port</i>. HTTPS support allows you to use almost any
 TCP-based protocol. If you need to limit clients, use
 <b>3proxy</b>(8) instead.</p>
 <h2>BUGS
 <a name="BUGS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">Report all bugs
 to <b>3proxy@3proxy.org</b></p>
 <h2>SEE ALSO
 <a name="SEE ALSO"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy(8),
 ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8),
 syslogd(8), <br>
 https://3proxy.org/</p>
 <h2>AUTHORS
 <a name="AUTHORS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy is
 designed by Vladimir 3APA3A Dubrovin
 (<i>3proxy@3proxy.org</i>)</p>
 <hr>
 </body>
 </html>
--- a/doc/html/man8/smtpp.8.html
+++ b/doc/html/man8/smtpp.8.html
@ -0,0 +1,232 @@
 <!-- Creator     : groff version 1.24.1 -->
 <html>
 <head>
 </head>
 <body>
 <h1 align="center">smtpp</h1>
 <a href="#NAME">NAME</a><br>
 <a href="#SYNOPSIS">SYNOPSIS</a><br>
 <a href="#DESCRIPTION">DESCRIPTION</a><br>
 <a href="#OPTIONS">OPTIONS</a><br>
 <a href="#CLIENTS">CLIENTS</a><br>
 <a href="#BUGS">BUGS</a><br>
 <a href="#SEE ALSO">SEE ALSO</a><br>
 <a href="#AUTHORS">AUTHORS</a><br>
 <hr>
 <h2>NAME
 <a name="NAME"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>smtpp</b> -
 SMTP proxy gateway service</p>
 <h2>SYNOPSIS
 <a name="SYNOPSIS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>smtpp</b>
 [<b>-d</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
 [<b>-p</b><i>port</i>] [<b>-i</b><i>internal_ip</i>]
 [<b>-e</b><i>external_ip</i>]
 [<b>-h</b><i>default_ip[:port]</i>]</p>
 <h2>DESCRIPTION
 <a name="DESCRIPTION"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>smtpp</b> is
 SMTP gateway service to allow internal users to access
 external SMTP servers.</p>
 <h2>OPTIONS
 <a name="OPTIONS"></a>
 </h2>
 <table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-I</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Inetd mode. Standalone service
 only.</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-d</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Daemonize. Detach service from
 console and run in the background.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-t</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Be silenT. Do not log
 start/stop/accept error records.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-u</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Never look for username
 authentication.</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-e</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">External address. IP address of
 the interface the proxy should initiate connections from. By
 default, the system will decide which address to use in
 accordance with the routing table.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-i</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Internal address. IP address the
 proxy accepts connections to. By default, connections to any
 interface are accepted. It&acute;s usually unsafe.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-p</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Port. Port proxy listens for
 incoming connections. Default is 25.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-h</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Default destination. It&rsquo;s
 used if the target address is not specified by the user.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-l</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Log. By default logging is to
 stdout. If <i>logfile</i> is specified logging is to file.
 Under Unix, if &acute;<i>@</i>&acute; precedes
 <i>logfile</i>, syslog is used for logging.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-S</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Increase or decrease stack size.
 You may want to try something like -S8192 if you experience
 3proxy crashes.</p></td></tr>
 </table>
 <h2>CLIENTS
 <a name="CLIENTS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">You can use any
 MUA (Mail User Agent) with SMTP authentication support. Set
 the client to use <i>internal_ip</i> and <i>port</i> as an
 SMTP server. The address of the real SMTP server must be
 configured as a part of the SMTP username. The format for
 the username is <i>username</i><b>@</b><i>server</i>, where
 <i>server</i> is the address of the SMTP server and
 <i>username</i> is the user&acute;s login on this SMTP
 server. The login itself may contain an &acute;@&acute;
 sign. Only cleartext authentication is supported, because
 challenge-response authentication (CRAM-MD5, SPA, etc.)
 requires a challenge from the server before we know which
 server to connect to.</p>
 <h2>BUGS
 <a name="BUGS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">Report all bugs
 to <b>3proxy@3proxy.org</b></p>
 <h2>SEE ALSO
 <a name="SEE ALSO"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy(8),
 ftppr(8), proxy(8), socks(8), tcppm(8), udppm(8),
 syslogd(8), <br>
 https://3proxy.org/</p>
 <h2>AUTHORS
 <a name="AUTHORS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy is
 designed by Vladimir 3APA3A Dubrovin
 (<i>3proxy@3proxy.org</i>)</p>
 <hr>
 </body>
 </html>
--- a/doc/html/man8/socks.8.html
+++ b/doc/html/man8/socks.8.html
@ -0,0 +1,232 @@
 <!-- Creator     : groff version 1.24.1 -->
 <html>
 <head>
 </head>
 <body>
 <h1 align="center">socks</h1>
 <a href="#NAME">NAME</a><br>
 <a href="#SYNOPSIS">SYNOPSIS</a><br>
 <a href="#DESCRIPTION">DESCRIPTION</a><br>
 <a href="#OPTIONS">OPTIONS</a><br>
 <a href="#CLIENTS">CLIENTS</a><br>
 <a href="#BUGS">BUGS</a><br>
 <a href="#SEE ALSO">SEE ALSO</a><br>
 <a href="#AUTHORS">AUTHORS</a><br>
 <hr>
 <h2>NAME
 <a name="NAME"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>socks</b> -
 SOCKS 4/4.5/5 gateway service</p>
 <h2>SYNOPSIS
 <a name="SYNOPSIS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>socks</b>
 [<b>-d</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
 [<b>-p</b><i>port</i>] [<b>-i</b><i>internal_ip</i>]
 [<b>-e</b><i>external_ip</i>]</p>
 <h2>DESCRIPTION
 <a name="DESCRIPTION"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>socks</b> is
 SOCKS server. It supports SOCKSv4, SOCKSv4.5 (extension to
 v4 for server side name resolution) and SOCKSv5. SOCKSv5
 specification allows both outgoing and reverse TCP
 connections and UDP portmapping.</p>
 <h2>OPTIONS
 <a name="OPTIONS"></a>
 </h2>
 <table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-I</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Inetd mode. Standalone service
 only.</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-d</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Daemonize. Detach service from
 console and run in the background.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-t</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Be silenT. Do not log
 start/stop/accept error records.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-u</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Never ask for username
 authentication</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-e</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">External address. IP address of
 the interface the proxy should initiate connections from.
 External IP must be specified if you need incoming
 connections. By default, the system will decide which
 address to use in accordance with the routing table.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-N</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">External NAT address 3proxy
 reports to client for BIND and UDPASSOC. By default, the
 external address is reported. It&rsquo;s only useful in the
 case of IP-IP NAT (will not work for PAT).</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-i</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Internal address. IP address the
 proxy accepts connections to. By default, connections to any
 interface are accepted. It&acute;s usually unsafe.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-p</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Port. Port proxy listens for
 incoming connections. Default is 1080.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-l</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Log. By default logging is to
 stdout. If <i>logfile</i> is specified logging is to file.
 Under Unix, if &acute;<i>@</i>&acute; preceeds
 <i>logfile</i>, syslog is used for logging.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-S</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Increase or decrease stack size.
 You may want to try something like -S8192 if you experience
 3proxy crashes.</p></td></tr>
 </table>
 <h2>CLIENTS
 <a name="CLIENTS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">You should use a
 client with SOCKS support or use some socksification support
 (for example <i>SocksCAP</i> or <i>FreeCAP</i>). Configure
 client to use <i>internal_ip</i> and <i>port</i>. SOCKS
 allows you to use almost any application protocol without
 limitation. This implementation also allows you to open
 privileged ports on the server (if socks has sufficient
 privileges). If you need to control access, use
 <b>3proxy</b>(8) instead.</p>
 <h2>BUGS
 <a name="BUGS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">Report all bugs
 to <b>3proxy@3proxy.org</b></p>
 <h2>SEE ALSO
 <a name="SEE ALSO"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy(8),
 proxy(8), ftppr(8), pop3p(8), tcppm(8), udppm(8),
 syslogd(8), <br>
 https://3proxy.org/</p>
 <h2>AUTHORS
 <a name="AUTHORS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy is
 designed by Vladimir 3APA3A Dubrovin
 (<i>3proxy@3proxy.org</i>)</p>
 <hr>
 </body>
 </html>
--- a/doc/html/man8/tcppm.8.html
+++ b/doc/html/man8/tcppm.8.html
@ -0,0 +1,209 @@
 <!-- Creator     : groff version 1.24.1 -->
 <html>
 <head>
 </head>
 <body>
 <h1 align="center">tcppm</h1>
 <a href="#NAME">NAME</a><br>
 <a href="#SYNOPSIS">SYNOPSIS</a><br>
 <a href="#DESCRIPTION">DESCRIPTION</a><br>
 <a href="#OPTIONS">OPTIONS</a><br>
 <a href="#ARGUMENTS">ARGUMENTS</a><br>
 <a href="#CLIENTS">CLIENTS</a><br>
 <a href="#BUGS">BUGS</a><br>
 <a href="#SEE ALSO">SEE ALSO</a><br>
 <a href="#AUTHORS">AUTHORS</a><br>
 <hr>
 <h2>NAME
 <a name="NAME"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>tcppm</b> -
 TCP port mapper</p>
 <h2>SYNOPSIS
 <a name="SYNOPSIS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>tcppm</b>
 [<b>-d</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
 [<b>-i</b><i>internal_ip</i>] [<b>-e</b><i>external_ip</i>]
 <i>local_port remote_host remote_port</i></p>
 <h2>DESCRIPTION
 <a name="DESCRIPTION"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><i><b>tcppm</b></i>
 forwards connections from local to remote TCP port</p>
 <h2>OPTIONS
 <a name="OPTIONS"></a>
 </h2>
 <table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-I</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Inetd mode. Standalone service
 only.</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-d</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Daemonize. Detach service from
 console and run in the background.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-t</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Be silenT. Do not log
 start/stop/accept error records.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-e</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">External address. IP address of
 the interface the proxy should initiate connections from. By
 default, the system will decide which address to use in
 accordance with the routing table.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-i</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Internal address. IP address the
 proxy accepts connections to. By default, connections to any
 interface are accepted. It&acute;s usually unsafe.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-l</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Log. By default logging is to
 stdout. If <i>logfile</i> is specified logging is to file.
 Under Unix, if &acute;<i>@</i>&acute; precedes
 <i>logfile</i>, syslog is used for logging.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-S</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Increase or decrease stack size.
 You may want to try something like -S8192 if you experience
 3proxy crashes.</p></td></tr>
 </table>
 <h2>ARGUMENTS
 <a name="ARGUMENTS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><i>local_port</i></p>
 <p style="margin-left:15%;">- port tcppm accepts
 connections on</p>
 <p style="margin-left:6%;"><i>remote_host</i></p>
 <p style="margin-left:15%;">- IP address of the host the
 connection is forwarded to</p>
 <p style="margin-left:6%;"><i>remote_port</i></p>
 <p style="margin-left:15%;">- remote port the connection is
 forwarded to</p>
 <h2>CLIENTS
 <a name="CLIENTS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">Any TCP-based
 application can be used as a client. Use <i>internal_ip</i>
 and <i>local_port</i> as the destination in the client
 application. The connection is forwarded to
 <i>remote_host</i>:<i>remote_port</i></p>
 <h2>BUGS
 <a name="BUGS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">Report all bugs
 to <b>3proxy@3proxy.org</b></p>
 <h2>SEE ALSO
 <a name="SEE ALSO"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy(8),
 proxy(8), ftppr(8), socks(8), pop3p(8), udppm(8),
 syslogd(8), <br>
 https://3proxy.org/</p>
 <h2>AUTHORS
 <a name="AUTHORS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy is
 designed by Vladimir 3APA3A Dubrovin
 (<i>3proxy@3proxy.org</i>)</p>
 <hr>
 </body>
 </html>
--- a/doc/html/man8/tlspr.8.html
+++ b/doc/html/man8/tlspr.8.html
@ -0,0 +1,272 @@
 <!-- Creator     : groff version 1.24.1 -->
 <html>
 <head>
 </head>
 <body>
 <h1 align="center">tlspr</h1>
 <a href="#NAME">NAME</a><br>
 <a href="#SYNOPSIS">SYNOPSIS</a><br>
 <a href="#DESCRIPTION">DESCRIPTION</a><br>
 <a href="#OPTIONS">OPTIONS</a><br>
 <a href="#CLIENTS">CLIENTS</a><br>
 <a href="#BUGS">BUGS</a><br>
 <a href="#SEE ALSO">SEE ALSO</a><br>
 <a href="#AUTHORS">AUTHORS</a><br>
 <hr>
 <h2>NAME
 <a name="NAME"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>tlspr</b> -
 SNI proxy gateway service</p>
 <h2>SYNOPSIS
 <a name="SYNOPSIS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>tlspr</b>
 [<b>-d</b>][<b>-a</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
 [<b>-p</b><i>listening_port</i>]
 [<b>-P</b><i>destination_port</i>]
 [<b>-c</b><i>tls_check_level</i>]
 [<b>-i</b><i>internal_ip</i>]
 [<b>-e</b><i>external_ip</i>]</p>
 <h2>DESCRIPTION
 <a name="DESCRIPTION"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>tlspr</b> is
 an SNI gateway service (destination host is taken from TLS
 handshake). The destination port must be specified via the
 -P option (or it may be detected with the Transparent
 plugin).</p>
 <h2>OPTIONS
 <a name="OPTIONS"></a>
 </h2>
 <table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-I</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Inetd mode. Standalone service
 only.</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-d</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Daemonize. Detach service from
 console and run in the background.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-t</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Be silenT. Do not log
 start/stop/accept error records.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-u</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Never ask for username
 authentication</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-e</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">External address. IP address of
 the interface the proxy should initiate connections from. By
 default, the system will decide which address to use in
 accordance with the routing table.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-i</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Internal address. IP address the
 proxy accepts connections to. By default, connections to any
 interface are accepted. It&acute;s usually unsafe.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-a</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Anonymous. Hide information
 about client.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-a1</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Anonymous. Show fake information
 about client.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-p</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">listening_port. Port proxy
 listens for incoming connections. Default is 1443.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-P</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">destination_port. Port to
 establish outgoing connections. Required unless the
 Transparent plugin is used, because the TLS handshake does
 not contain port information. Default is 443.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-c</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">TLS_CHECK_LEVEL. 0 (default) -
 allow non-TLS traffic to pass, 1 - require TLS, only check
 client HELLO packet, 2 - require TLS, check both client and
 server HELLO, 3 - require TLS, check that the server sends a
 certificate (not compatible with TLS 1.3), 4 - require
 mutual TLS, check that the server sends a certificate
 request and the client sends a certificate (not compatible
 with TLS 1.3)</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-l</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Log. By default logging is to
 stdout. If <i>logfile</i> is specified logging is to file.
 Under Unix, if &acute;<i>@</i>&acute; precedes
 <i>logfile</i>, syslog is used for logging.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="4%">
 <p style="margin-top: 1em"><b>-S</b></p></td>
 <td width="5%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Increase or decrease stack size.
 You may want to try something like -S8192 if you experience
 3proxy crashes.</p></td></tr>
 </table>
 <h2>CLIENTS
 <a name="CLIENTS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">You should use a
 client with TLS support or configure a router to redirect
 TLS traffic to the proxy (transparent proxy). Configure the
 client to connect to <i>internal_ip</i> and <i>port</i>. If
 you need to limit clients, use <b>3proxy</b>(8) instead.</p>
 <h2>BUGS
 <a name="BUGS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">Report all bugs
 to <b>3proxy@3proxy.org</b></p>
 <h2>SEE ALSO
 <a name="SEE ALSO"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy(8),
 ftppr(8), proxy(8), socks(8), pop3p(8), smtpp(8), tcppm(8),
 udppm(8), syslogd(8), <br>
 https://3proxy.org/</p>
 <h2>AUTHORS
 <a name="AUTHORS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy is
 designed by Vladimir 3APA3A Dubrovin
 (<i>3proxy@3proxy.org</i>)</p>
 <hr>
 </body>
 </html>
--- a/doc/html/man8/udppm.8.html
+++ b/doc/html/man8/udppm.8.html
@ -0,0 +1,225 @@
 <!-- Creator     : groff version 1.24.1 -->
 <html>
 <head>
 </head>
 <body>
 <h1 align="center">udppm</h1>
 <a href="#NAME">NAME</a><br>
 <a href="#SYNOPSIS">SYNOPSIS</a><br>
 <a href="#DESCRIPTION">DESCRIPTION</a><br>
 <a href="#OPTIONS">OPTIONS</a><br>
 <a href="#ARGUMENTS">ARGUMENTS</a><br>
 <a href="#CLIENTS">CLIENTS</a><br>
 <a href="#BUGS">BUGS</a><br>
 <a href="#SEE ALSO">SEE ALSO</a><br>
 <a href="#AUTHORS">AUTHORS</a><br>
 <hr>
 <h2>NAME
 <a name="NAME"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>udppm</b> -
 UDP port mapper</p>
 <h2>SYNOPSIS
 <a name="SYNOPSIS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><b>udppm</b>
 [<b>-ds</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
 [<b>-i</b><i>internal_ip</i>] [<b>-e</b><i>external_ip</i>]
 <i>local_port remote_host remote_port</i></p>
 <h2>DESCRIPTION
 <a name="DESCRIPTION"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><i><b>udppm</b></i>
 forwards datagrams from local to remote UDP port</p>
 <h2>OPTIONS
 <a name="OPTIONS"></a>
 </h2>
 <table width="100%" border="0" rules="none" frame="void"
       cellspacing="0" cellpadding="0">
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-I</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Inetd mode. Standalone service
 only.</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-d</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Daemonize. Detach service from
 console and run in the background.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-t</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Be silenT. Do not log
 start/stop/accept error records.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-e</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">External address. IP address of
 the interface the proxy should initiate datagrams from. By
 default, the system will decide which address to use in
 accordance with the routing table.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-i</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Internal address. IP address the
 proxy accepts datagrams to. By default, connections to any
 interface are accepted. It&acute;s usually unsafe.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-l</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Log. By default logging is to
 stdout. If <i>logfile</i> is specified logging is to file.
 Under Unix, if &acute;<i>@</i>&acute; precedes
 <i>logfile</i>, syslog is used for logging.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-s</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Single packet. By default, only
 one client can use the udppm service, but if -s is
 specified, only one packet will be forwarded between client
 and server. This allows the service to be shared between
 multiple clients for single-packet services (for example,
 name lookups).</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
 <td width="3%">
 <p style="margin-top: 1em"><b>-S</b></p></td>
 <td width="6%"></td>
 <td width="85%">
 <p style="margin-top: 1em">Increase or decrease stack size.
 You may want to try something like -S8192 if you experience
 3proxy crashes.</p></td></tr>
 </table>
 <h2>ARGUMENTS
 <a name="ARGUMENTS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em"><i>local_port</i></p>
 <p style="margin-left:15%;">- port udppm accepts datagrams
 on</p>
 <p style="margin-left:6%;"><i>remote_host</i></p>
 <p style="margin-left:15%;">- IP address of the host
 datagrams are forwarded to</p>
 <p style="margin-left:6%;"><i>remote_port</i></p>
 <p style="margin-left:15%;">- remote port datagrams are
 forwarded to</p>
 <h2>CLIENTS
 <a name="CLIENTS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">Any UDP-based
 application can be used as a client. Use <i>internal_ip</i>
 and <i>local_port</i> as the destination in the client
 application. All datagrams are forwarded to
 <i>remote_host</i>:<i>remote_port</i></p>
 <h2>BUGS
 <a name="BUGS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">Report all bugs
 to <b>3proxy@3proxy.org</b></p>
 <h2>SEE ALSO
 <a name="SEE ALSO"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy(8),
 proxy(8), ftppr(8), socks(8), pop3p(8), udppm(8),
 syslogd(8), <br>
 https://3proxy.org/</p>
 <h2>AUTHORS
 <a name="AUTHORS"></a>
 </h2>
 <p style="margin-left:6%; margin-top: 1em">3proxy is
 designed by Vladimir 3APA3A Dubrovin
 (<i>3proxy@3proxy.org</i>)</p>
 <hr>
 </body>
 </html>
--- a/doc/html/plugins/PCREPlugin.html
+++ b/doc/html/plugins/PCREPlugin.html
@ -1,9 +1,9 @@
-<h3>3proxy Perl Compatible Regular Expressions (PCRE) plugin</h3>
+<h3>3proxy Perl Compatible Regular Expressions (PCRE) Plugin</h3>
-This filtering plugin can be used to create matching and replace
+This filtering plugin can be used to create matching and replacement
-rules with regular expressions for client's request, client and
+rules with regular expressions for client requests, client and
-servers header and client and server data. It adds 3 additional
+server headers, and client and server data. It adds 3 additional
 configuration commands:
 <pre>
@ -12,11 +12,11 @@ pcre_rewrite TYPE FILTER_ACTION REGEXP REWRITE_EXPRESSION [ACE]
 pcre_extend FILTER_ACTION [ACE]
 pcre_options OPTION1 [...]
 </pre>
-pcre - allows to apply some rule for matching
+pcre - allows applying a rule for matching
-<br>pcre_rewrite - in addition to 'pcre' allows to substitute substrings
+<br>pcre_rewrite - in addition to 'pcre', allows substituting substrings
-<br>pcre_extend - extends ACL of the last pcre or pcre_rewrite comand by
+<br>pcre_extend - extends the ACL of the last pcre or pcre_rewrite command by
-adding additional ACE (like with allow/deny configuration commands).
+adding an additional ACE (like with allow/deny configuration commands).
-<br>pcre_options - allows to set matching options. Awailable options are:
+<br>pcre_options - allows setting matching options. Available options are:
 PCRE_CASELESS,
 PCRE_MULTILINE,
 PCRE_DOTALL,
@ -32,7 +32,7 @@ PCRE_UTF8,
 PCRE_NO_AUTO_CAPTURE,
 PCRE_NO_UTF8_CHECK,
 PCRE_AUTO_CALLOUT,
-PCRE_PARTIAL,     
+PCRE_PARTIAL,
 PCRE_DFA_SHORTEST,
 PCRE_DFA_RESTART,
 PCRE_FIRSTLINE,
@ -47,32 +47,31 @@ PCRE_BSR_UNICODE
 <ul>
 <li>TYPE - type of filtered data. May contain one or more
-(comma delimited list) values:
+(comma-delimited list) values:
 <ul>
- <li>request - content of client's request e.g. HTTP GET request string.
+ <li>request - content of the client's request, e.g., the HTTP GET request string.
-(known problem: changing request string doesn't change IP of the host to connect)
+(known problem: changing the request string doesn't change the IP of the host to connect to)
- <li>cliheader - content of client request headers,  e.g. HTTP request header.
+ <li>cliheader - content of the client request headers, e.g., HTTP request headers.
- <li>srvheader - content of server's reply headers, e.g. HTTP status and headers.
+ <li>srvheader - content of the server's reply headers, e.g., HTTP status and headers.
- <li>clidata - data received from client, e.g. HTTP POST request data
+ <li>clidata - data received from the client, e.g., HTTP POST request data
- <li>srvdata - data received from server, e.g. HTML page
+ <li>srvdata - data received from the server, e.g., an HTML page
 </ul>
 <li>FILTER_ACTION - action on match
- <ul>allow - allow this request without checking rest of the given type
+ <ul><li>allow - allow this request without checking the rest of the rules for the given type
-of the rules
+ <li>deny - deny this request without checking the rest of the rules
- <li>deny - deny this request without checking rest of the rules
+ <li>dunno - continue with the rest of the rules (useful with pcre_rewrite)
 <li>dunno - continue with the rest of rules (useful with pcre_rewrite) 
 </ul>
-<li>REGEXP - PCRE (perl) regular expression. Use * if no regexp matching
+<li>REGEXP - PCRE (Perl) regular expression. Use * if no regexp matching
-required.
+is required.
-<li>REWRITE_EXPRESSION - substitution string. May contain perl-style
+<li>REWRITE_EXPRESSION - substitution string. May contain Perl-style
 substrings
-(not tested) $1, $2. $0 - means whole matched string. \r and \n may be used
+(not tested) $1, $2. $0 means the whole matched string. \r and \n may be used
-to insert new strings, string may be empty ("").
+to insert new strings; the string may be empty ("").
 <li>ACE - access control entry (user names, source IPs, destination IPs,
-ports, etc), absolutely identical to allow/deny/bandlimin commands.
+ports, etc.), absolutely identical to allow/deny/bandlimin commands.
-Regular expression is only matched if ACL matches connection data.
+The regular expression is only matched if the ACL matches the connection data.
 Warning:
-reqular expression doesn't require authentication and can not replace
+Regular expressions don't require authentication and cannot replace
 authentication and/or allow/deny ACLs.
 </ul>
@ -88,7 +87,7 @@ pcre_extend deny * 192.168.0.1/16
 <h4>Download:</h4>
 <ul>
- <li>Plugin is included into 3proxy 0.6 binary and source distribution
+ <li>Plugin is included in the 3proxy 0.6 binary and source distribution
 <li>Example configuration (by Dennis Garber): <A HREF="NoPornLitest.cfg.txt">NoPornLitest.cfg</A>
-</ul>
+</li></ul>
--- a/doc/html/plugins/PCREPlugin.ru.html
+++ b/doc/html/plugins/PCREPlugin.ru.html
@ -56,7 +56,7 @@ PCRE_BSR_UNICODE
 <li>srvdata - данные полученные от сервера, например содержимое HTML-страницы
 </ul>
 <li>FILTER_ACTION - действие при совпадении. Может принимать значение
- <ul>allow - разрешить данный запрос без просмотра дальнейших правил
+ <ul><li>allow - разрешить данный запрос без просмотра дальнейших правил
 <li>deny - запретить данный запрос без просмотра дальнейших правил
 <li>dunno - продолжить анализ правил (полезно для pcre_rewrite) 
 </ul>
@ -87,4 +87,4 @@ pcre_extend deny * 192.168.0.1/16
 <ul>
 <li>Плагин включен в дистрибутив 3proxy 0.6
 <li>Пример конфигурации (by Dennis Garber): <A HREF="NoPornLitest.cfg.txt">NoPornLitest.cfg</A>
-</ul>
+</li></ul>
--- a/doc/html/plugins/SSLPlugin.html
+++ b/doc/html/plugins/SSLPlugin.html
@ -1,45 +1,61 @@
-<h3>3proxy SSL/TLS plugin</h3>
+<h3>3proxy SSL/TLS Plugin</h3>
-Plugin can be used to transparently decypher SSL/TLS data and TLS encryption for  proxy traffic.
+This plugin can be used to transparently decrypt SSL/TLS data, provide TLS encryption for proxy traffic, and authenticate using client certificates.
-
+<h4>For transparent certificate spoofing (MITM):</h4>
 <h4>For transparent certificate spoofing:</h4>
 <br>ssl_mitm - spoof certificates for services started below. Usage without ssl_client_verify is insecure.
 <br>ssl_nomitm - do not spoof certificates for services started below
-<h4>To protect traffic to server (https:// proxy) - since 0.9.5 version</h4>
+<h4>To protect traffic to the server (https:// proxy):</h4>
 ssl_serv - require TLS connection for services below
 <br>ssl_noserv - do not require TLS connection for services below
-Parameters:
+ssl_serv (or ssl_server) - require TLS connection from clients for services below
-<br>ssl_server_cert /path/to/cert - Server certificate (should not be selfsigned and must contain Alternative name) for ssl_serv
+<br>ssl_noserv (or ssl_noserver) - do not require TLS connection from clients for services below
-<br>ssl_server_key /path/to/key - Server ceritifacte key for ssl_server_cert or generated mitm certificate
+
-<br>ssl_client_ciphersuites ciphersuites_list - TLS client ciphers for TLS 1.3, e.g. ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
+<h4>To use TLS for upstream connections:</h4>
-<br>ssl_server_ciphersuites ciphersuites_list - TLS server ciphers for TLS 1.3
+
-<br>ssl_client_cipher_list ciphersuites_list - TLS client ciphers for TLS 1.2 and below , e.g. ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+ssl_cli (or ssl_client) - establish TLS connection to upstream server for services below
-<br>ssl_server_cipher_list ciphersuites_list - TLS server ciphers for TLS 1.2 and below
+<br>ssl_nocli (or ssl_noclient) - do not establish TLS connection to upstream server for services below
-<br>ssl_client_min_proto_version tls_version - TLS client min TLS version (e.g. TLSv1.2)
+
-<br>ssl_server_min_proto_version tls_version - TLS server min TLS version (e.g. TLSv1.2)
+<h4>Parameters:</h4>
-<br>ssl_client_max_proto_version tls_version - TLS client max TLS version (e.g. TLSv1.2)
+
-<br>ssl_server_max_proto_version tls_version - TLS server max TLS version (e.g. TLSv1.2)
+<br><b>ssl_server_cert</b> /path/to/cert - Server certificate (should not be self-signed and must contain an Alternative Name) for ssl_serv
-<br>ssl_client_verify - verify certificate for upstream server in TLS client functionality (used with ssl_mitm)
+<br><b>ssl_server_key</b> /path/to/key - Server certificate key for ssl_server_cert or generated MITM certificate
-<br>ssl_client_no_verify - do not verify certificate for upstream server in TLS client functionality (default)
+<br><b>ssl_client_cert</b> /path/to/cert - Client certificate for authentication on upstream server (used with ssl_cli)
-<br>ssl_server_ca_file /path/to/cafile - CA certificate file for mitm
+<br><b>ssl_client_key</b> /path/to/key - Client certificate key for ssl_client_cert
-<br>ssl_server_ca_key /path/to/cakey - key for ssl_server_ca_file mitm CA
+<br><b>ssl_client_ciphersuites</b> ciphersuites_list - TLS client ciphers for TLS 1.3, e.g., ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
-<br>ssl_client_ca_file, ssl_client_ca_dir, ssl_client_ca_store - locations for root CAs used with ssl_client_verify for TLS client
+<br><b>ssl_server_ciphersuites</b> ciphersuites_list - TLS server ciphers for TLS 1.3
-<br>ssl_certcache /path/to/cache/ - location for generated mitm certificates cache, optional, if ssl_server_ca_file / ssl_server_ca_key are configured.
+<br><b>ssl_client_cipher_list</b> ciphers_list - TLS client ciphers for TLS 1.2 and below, e.g., ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
-Cache may contain 3 files: 3proxy.pem - public
+<br><b>ssl_server_cipher_list</b> ciphers_list - TLS server ciphers for TLS 1.2 and below
-self-signed certificates (used if ssl_server_ca_file is not configured), 
+<br><b>ssl_client_min_proto_version</b> tls_version - TLS client minimum TLS version (e.g., TLSv1.2)
-3proxy.key - key for public certificates, used if ssl_server_ca_keyserver.key is not configured, server.key - this key is used if ssl_server_key is not configured to generates
+<br><b>ssl_server_min_proto_version</b> tls_version - TLS server minimum TLS version (e.g., TLSv1.2)
 <br><b>ssl_client_max_proto_version</b> tls_version - TLS client maximum TLS version (e.g., TLSv1.2)
 <br><b>ssl_server_max_proto_version</b> tls_version - TLS server maximum TLS version (e.g., TLSv1.2)
 <br><b>ssl_client_verify</b> - verify the certificate for the upstream server in TLS client functionality (used with ssl_mitm or ssl_cli)
 <br><b>ssl_client_no_verify</b> - do not verify the certificate for the upstream server in TLS client functionality (default)
 <br><b>ssl_server_verify</b> - require client certificate authentication (mTLS) for ssl_serv
 <br><b>ssl_server_no_verify</b> - do not require client certificate (default)
 <br><b>ssl_server_ca_file</b> /path/to/cafile - CA certificate file for MITM
 <br><b>ssl_server_ca_key</b> /path/to/cakey - key for ssl_server_ca_file MITM CA
 <br><b>ssl_server_ca_dir</b> /path/to/cadir - CA directory for ssl_server_verify
 <br><b>ssl_server_ca_store</b> /path/to/castore - CA store for ssl_server_verify (OpenSSL 3.0+)
 <br><b>ssl_client_ca_file</b> /path/to/cafile - CA file for ssl_client_verify
 <br><b>ssl_client_ca_dir</b> /path/to/cadir - CA directory for ssl_client_verify
 <br><b>ssl_client_ca_store</b> /path/to/castore - CA store for ssl_client_verify (OpenSSL 3.0+)
 <br><b>ssl_client_sni</b> hostname - SNI hostname to send to upstream server (overrides the requested hostname)
 <br><b>ssl_client_alpn</b> protocol1 protocol2 ... - ALPN protocols to negotiate with upstream server (e.g., ssl_client_alpn h2 http/1.1)
 <br><b>ssl_client_mode</b> mode - when to establish TLS connection: 0 - on connect (default), 1 - after authentication, 2 - before data
 <br><b>ssl_certcache</b> /path/to/cache/ - location for the generated MITM certificates cache, optional if ssl_server_ca_file / ssl_server_ca_key are configured.
 The cache may contain 3 files: 3proxy.pem - public
 self-signed certificates (used if ssl_server_ca_file is not configured),
 3proxy.key - key for public certificates, used if ssl_server_ca_key is not configured, server.key - this key is used if ssl_server_key is not configured to generate
 spoofed certificates. If server.key is absent, 3proxy.key is used to generate certificates.
-Generated certificates are placed to the same path.
+Generated certificates are placed in the same path.
-<h4>mitm example:</h4>
+<h4>MITM example:</h4>
 <pre>
-plugin /path/to/SslPlugin.dll ssl_plugin
+plugin /path/to/SSLPlugin.so ssl_plugin
 ssl_server_ca_file /path/to/cafile
 ssl_server_ca_key /path/to/cakey
 ssl_mitm
@ -47,7 +63,7 @@ proxy -p3128
 ssl_nomitm
 proxy -p3129
 </pre>
-mitm's traffic with spoofed ceritifacate for port 3128 proxy.
+MITM's traffic with a spoofed certificate for the port 3128 proxy.
 <h4>https:// proxy example:</h4>
 <pre>
@ -59,6 +75,30 @@ proxy -p33128
 ssl_noserv
 proxy -p3128
 </pre>
-creates https:// proxy on 33128 and http:// proxy on 3128
+Creates an https:// proxy on port 33128 and an http:// proxy on port 3128
 <h4>TLS client example (connect to upstream via TLS):</h4>
 <pre>
 plugin /path/to/SSLPlugin.so ssl_plugin
 ssl_client_cert /path/to/client.crt
 ssl_client_key /path/to/client.key
 ssl_client_verify
 ssl_client_ca_file /path/to/ca.crt
 ssl_cli
 proxy -p3128
 </pre>
 Creates an HTTP proxy that connects to upstream servers via TLS with client certificate authentication.
 <h4>mTLS example (require client certificate):</h4>
 <pre>
 plugin /path/to/SSLPlugin.so ssl_plugin
 ssl_server_cert /path/to/server.crt
 ssl_server_key /path/to/server.key
 ssl_server_ca_file /path/to/ca.crt
 ssl_server_verify
 ssl_serv
 proxy -p3128
 </pre>
 Creates an https:// proxy that requires client certificate authentication.
 &copy; Vladimir Dubrovin, License: BSD style
--- a/doc/html/plugins/SSLPlugin.ru.html
+++ b/doc/html/plugins/SSLPlugin.ru.html
@ -1,41 +1,58 @@
 <h3>3proxy SSL/TLS плагин</h3>
-Плагин можно использовать для перехвата и дешифровки SSL/TLS трафика и для шифрования трафика прокси-сервера
+Плагин можно использовать для перехвата и дешифровки SSL/TLS трафика, для шифрования трафика прокси-сервера и аутентификации с помощью клиентских сертификатов.
-<h4>Для транспаретной перехватки трафика (mitm):</h4>
+<h4>Для прозрачного перехвата трафика (MITM):</h4>
-<br>ssl_mitm - подменять сертификаты для сервисов стартованных ниже. Не безопасно использовать без ssl_client_verify.
+<br>ssl_mitm - подменять сертификаты для сервисов, запущенных ниже. Использование без ssl_client_verify небезопасно.
-<br>ssl_nomitm - не подменять сертификаты для сервисов стартованных ниже.
+<br>ssl_nomitm - не подменять сертификаты для сервисов, запущенных ниже.
 <h4>Для защиты трафика прокси-сервера (https:// proxy):</h4>
-<h4>Для защиты трафика прокси-сервера (например https:// proxy) - начиная с 0.9.5</h4>
+ssl_serv (или ssl_server) - требовать TLS-соединение от клиентов для сервисов, запущенных ниже
-ssl_serv - включает TLS для соединений к сервисам ниже
+<br>ssl_noserv (или ssl_noserver) - не требовать TLS-соединение от клиентов для сервисов, запущенных ниже
 <br>ssl_noserv - отключает TLS для соединений к сервисам ниже
-Параметры:
+<h4>Для использования TLS при соединении к вышестоящему серверу:</h4>
-<br>ssl_server_cert /path/to/cert - сертификат сервера, не должен быть самоподписаным, имя CN должно содержаться в альтернативных именах - используется для ssl_serv
+
-<br>ssl_server_key /path/to/key - ключ сертификата сервера для ssl_server_cert или сгенерированного сертификата ssl_mitm
+ssl_cli (или ssl_client) - устанавливать TLS-соединение к вышестоящему серверу для сервисов, запущенных ниже
-<br>ssl_client_ciphersuites ciphersuites_list - наборы шифрова TLS для TLS 1.3, пример ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
+<br>ssl_nocli (или ssl_noclient) - не устанавливать TLS-соединение к вышестоящему серверу для сервисов, запущенных ниже
-<br>ssl_server_ciphersuites ciphersuites_list - наборы шифрова TLS для TLS 1.3
+
-<br>ssl_client_cipher_list ciphersuites_list - наборы шифрова TLS для TLS 1.2 и ниже, пример ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+<h4>Параметры:</h4>
-<br>ssl_server_cipher_list ciphersuites_list - наборы шифрова TLS для TLS 1.2 и ниже
+
-<br>ssl_client_min_proto_version tls_version - минимальная версия TLS клиента (например ssl_client_min_proto_version TLSv1.2)
+<br><b>ssl_server_cert</b> /path/to/cert - сертификат сервера (не должен быть самоподписанным, должен содержать альтернативные имена) для ssl_serv
-<br>ssl_server_min_proto_version tls_version - минимальная версия TLS сервера
+<br><b>ssl_server_key</b> /path/to/key - ключ сертификата сервера для ssl_server_cert или сгенерированного MITM-сертификата
-<br>ssl_client_max_proto_version tls_version - максимальная версия TLS клиента
+<br><b>ssl_client_cert</b> /path/to/cert - клиентский сертификат для аутентификации на вышестоящем сервере (используется с ssl_cli)
-<br>ssl_server_max_proto_version tls_version - максимальная версия TLS сервера
+<br><b>ssl_client_key</b> /path/to/key - ключ клиентского сертификата для ssl_client_cert
-<br>ssl_client_verify - проверять сертификат сервера назначения (используется с ssl_mitm)
+<br><b>ssl_client_ciphersuites</b> ciphersuites_list - наборы шифров TLS для TLS 1.3 (клиент), пример: ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
-<br>ssl_client_no_verify - не проверять сертификат сервера назначения
+<br><b>ssl_server_ciphersuites</b> ciphersuites_list - наборы шифров TLS для TLS 1.3 (сервер)
-<br>ssl_server_ca_file /path/to/cafile - CA сертификат для ssl_mitm
+<br><b>ssl_client_cipher_list</b> ciphers_list - наборы шифров TLS для TLS 1.2 и ниже (клиент), пример: ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
-<br>ssl_server_ca_key /path/to/cakey - ключ CA сертификата  ssl_server_ca_file mitm
+<br><b>ssl_server_cipher_list</b> ciphers_list - наборы шифров TLS для TLS 1.2 и ниже (сервер)
-<br>ssl_client_ca_file, ssl_client_ca_dir, ssl_client_ca_store - расположения корневых сертификатов ssl_client_verify
+<br><b>ssl_client_min_proto_version</b> tls_version - минимальная версия TLS клиента (например, ssl_client_min_proto_version TLSv1.2)
-<br>ssl_certcache /path/to/cache/ - расположение кеша сгенерированных сертификатов ssl_mitm. Кеш может содержать
+<br><b>ssl_server_min_proto_version</b> tls_version - минимальная версия TLS сервера
-файлы 3proxy.pem, 3proxy.key server.key, которые используются как ssl_server_ca_file,
+<br><b>ssl_client_max_proto_version</b> tls_version - максимальная версия TLS клиента
-ssl_server_ca_key и ssl_server_key соответственно если они не заданы. Если server.key не задан,
+<br><b>ssl_server_max_proto_version</b> tls_version - максимальная версия TLS сервера
 <br><b>ssl_client_verify</b> - проверять сертификат вышестоящего сервера (используется с ssl_mitm или ssl_cli)
 <br><b>ssl_client_no_verify</b> - не проверять сертификат вышестоящего сервера (по умолчанию)
 <br><b>ssl_server_verify</b> - требовать клиентский сертификат (mTLS) для ssl_serv
 <br><b>ssl_server_no_verify</b> - не требовать клиентский сертификат (по умолчанию)
 <br><b>ssl_server_ca_file</b> /path/to/cafile - файл CA-сертификата для MITM
 <br><b>ssl_server_ca_key</b> /path/to/cakey - ключ CA-сертификата ssl_server_ca_file для MITM
 <br><b>ssl_server_ca_dir</b> /path/to/cadir - директория CA-сертификатов для ssl_server_verify
 <br><b>ssl_server_ca_store</b> /path/to/castore - хранилище CA-сертификатов для ssl_server_verify (OpenSSL 3.0+)
 <br><b>ssl_client_ca_file</b> /path/to/cafile - файл CA-сертификатов для ssl_client_verify
 <br><b>ssl_client_ca_dir</b> /path/to/cadir - директория CA-сертификатов для ssl_client_verify
 <br><b>ssl_client_ca_store</b> /path/to/castore - хранилище CA-сертификатов для ssl_client_verify (OpenSSL 3.0+)
 <br><b>ssl_client_sni</b> hostname - SNI-имя хоста для отправки вышестоящему серверу (переопределяет запрошенное имя хоста)
 <br><b>ssl_client_alpn</b> протокол1 протокол2 ... - ALPN-протоколы для согласования с вышестоящим сервером (например, ssl_client_alpn h2 http/1.1)
 <br><b>ssl_client_mode</b> режим - когда устанавливать TLS-соединение: 0 - при подключении (по умолчанию), 1 - после аутентификации, 2 - перед передачей данных
 <br><b>ssl_certcache</b> /path/to/cache/ - расположение кеша сгенерированных MITM-сертификатов. Кеш может содержать
 файлы 3proxy.pem, 3proxy.key, server.key, которые используются как ssl_server_ca_file,
 ssl_server_ca_key и ssl_server_key соответственно, если они не заданы. Если server.key не задан,
 3proxy.key используется для генерации серверного сертификата.
-<h4>Пример mitm:</h4>
+<h4>Пример MITM:</h4>
 <pre>
-plugin /path/to/SslPlugin.dll ssl_plugin
+plugin /path/to/SSLPlugin.so ssl_plugin
 ssl_server_ca_file /path/to/cafile
 ssl_server_ca_key /path/to/cakey
 ssl_mitm
@ -43,9 +60,9 @@ proxy -p3128
 ssl_nomitm
 proxy -p3129
 </pre>
-Перехватывается трафик в прокси на порту 3128
+Перехватывается трафик в прокси на порту 3128.
-<h4>Пример конфигурации https:// прокси (curl -x https://...):</h4>
+<h4>Пример конфигурации https:// прокси:</h4>
 <pre>
 plugin /path/to/SSLPlugin.so ssl_plugin
 ssl_server_cert path_to_cert
@ -55,7 +72,30 @@ proxy -p33128
 ssl_noserv
 proxy -p3128
 </pre>
-На порту 33128 создается https:// прокси (не путать с CONNECT прокси aka HTTPS over HTTP прокси), на порту 3128
+На порту 33128 создается https:// прокси, на порту 3128 - http:// прокси.
-создается http:// прокси (может пропуска в т.ч. и HTTPS коннекты)
+
 <h4>Пример TLS-клиента (соединение к вышестоящему серверу через TLS):</h4>
 <pre>
 plugin /path/to/SSLPlugin.so ssl_plugin
 ssl_client_cert /path/to/client.crt
 ssl_client_key /path/to/client.key
 ssl_client_verify
 ssl_client_ca_file /path/to/ca.crt
 ssl_cli
 proxy -p3128
 </pre>
 Создается HTTP-прокси, который соединяется с вышестоящими серверами через TLS с аутентификацией по клиентскому сертификату.
 <h4>Пример mTLS (требование клиентского сертификата):</h4>
 <pre>
 plugin /path/to/SSLPlugin.so ssl_plugin
 ssl_server_cert /path/to/server.crt
 ssl_server_key /path/to/server.key
 ssl_server_ca_file /path/to/ca.crt
 ssl_server_verify
 ssl_serv
 proxy -p3128
 </pre>
 Создается https:// прокси, требующий аутентификацию по клиентскому сертификату.
 &copy; Vladimir Dubrovin, License: BSD style
--- a/doc/html/plugins/StringsPlugin.html
+++ b/doc/html/plugins/StringsPlugin.html
@ -1,16 +1,16 @@
-<h3>3proxy strings substitution plugin</h3>
+<h3>3proxy Strings Substitution Plugin</h3>
-May be used to make interface more pretty or to translate proxy server
+This may be used to make the interface more attractive or to translate proxy server
-messages to different language. All messages are taken from proxy.c and
+messages to a different language. All messages are taken from proxy.c and
-moved to external text file (e.g. rus.3ps). On the moment of
+moved to an external text file (e.g., rus.3ps). At the time of
-writing there are 15 sections. Sections are delimited with "[end]".
+writing, there are 15 sections. Sections are delimited with "[end]".
 <h4>Example:</h4>
 <pre>plugin "StringsPlugin.dll" start c:\3proxy\bin\rus.3ps
 </pre>
 <h4>Download:</h4>
 <ul>
- <li>Plugin is included into 3proxy 0.6 binary and source distribution
+ <li>Plugin is included in the 3proxy 0.6 binary and source distribution
 </li></ul>
-©Kirill Lopuchov
+&copy; Kirill Lopuchov
--- a/doc/html/plugins/StringsPlugin.ru.html
+++ b/doc/html/plugins/StringsPlugin.ru.html
@ -15,4 +15,4 @@ plugin "StringsPlugin.dll" start c:\3proxy\bin\rus-win1251.3ps
 <h4>Загрузить:</h4>
 <ul>
 <li>Плагин включен в дистрибутив 3proxy 0.6
-</ul>
+</li></ul>
--- a/doc/html/plugins/TrafficPlugin.html
+++ b/doc/html/plugins/TrafficPlugin.html
@ -1,15 +1,15 @@
-<h3>3proxy traffic correction plugin</h3>
+<h3>3proxy Traffic Correction Plugin</h3>
-3proxy logs and counts traffic on application level, while provider usually does
+3proxy logs and counts traffic at the application level, while providers usually do
-it on network or link level. It's significant if you use 3proxy for billing,
+so at the network or link level. This is significant if you use 3proxy for billing,
-especially in case where network packets are small, e.g. network games.
+especially in cases where network packets are small, e.g., online games.
 <p>
-This plugin attempts to correct 3proxy computations to approximate network or
+This plugin attempts to correct 3proxy's computations to approximate network or
-link level traffic by using either fixed coefficients by port number or
+link-level traffic by using either fixed coefficients by port number or
-attempting to predict number and sizes of network packets.
+by attempting to predict the number and sizes of network packets.
 </p><h4>Usage:</h4>
 <ol>
- <li>Extract TrafficPlugin.dll to the same folder with 3proxy executable.
+ <li>Extract TrafficPlugin.dll to the same folder as the 3proxy executable.
- </li><li>Start plugin in 3proxy.cfg with 
+ </li><li>Start the plugin in 3proxy.cfg with:
 <pre>plugin TrafficPlugin.dll start
 </pre>
 </li><li>Add correction rules:
@ -17,36 +17,36 @@ attempting to predict number and sizes of network packets.
 FOR FIXED COEFFICIENTS MODE:
 <pre>trafcorrect m &lt;service&gt; &lt;target port&gt; &lt;coefficient&gt;
 </pre>
-where &lt;service&gt; - one of proxy, socks4, socks45, socks5, tcppm, udppm, pop3p, * matches "any".
+where &lt;service&gt; - one of proxy, socks4, socks45, socks5, tcppm, udppm, pop3p; * matches "any".
-<br> &lt;target port&gt; - target port, * matches any
+<br> &lt;target port&gt; - target port; * matches any
 <br> &lt;coefficient&gt; - coefficient to multiply traffic for this port.
 <br>
-FOR PACKET HEADER PREDICTION MODE
+FOR PACKET HEADER PREDICTION MODE:
 <pre>trafcorrect p &lt;service&gt; &lt;tcp/udp&gt; &lt;target port&gt; [empty packet size]
 </pre>
-tcp ot udp - transport level protocol to apply rule
+tcp or udp - transport-level protocol to apply the rule to
 <br>
-empty packet size - average size of "empty" packet, that is sum of average network/transport headers.
+empty packet size - average size of an "empty" packet, i.e., the sum of average network/transport headers.
-You can use network sniffer, such is Ethereal to discover it. Usually packet size
+You can use a network sniffer such as Ethereal to discover it. Usually, the packet size
-is 42 for UDP and 
+is 42 for UDP and
 <br>Modes can be mixed.
-<br>Plugin creates a list of rules, first matching rule will be applied.
+<br>The plugin creates a list of rules; the first matching rule will be applied.
 </li></ol>
-For any mode plugin approximates traffic, logged or counted amount is not exact.
+For any mode, the plugin approximates traffic; the logged or counted amount is not exact.
 <h4>Example:</h4>
 <pre>plugin "TrafficPlugin.dll" start
 trafcorrect m socks5 6112 4.5
 trafcorrect m socks5 * 1.1
 </pre>
-wrong usage:
+Wrong usage:
 <pre>trafcorrect m socks5 * 1.1
 trafcorrect m socks5 6112 4.5
 </pre>
-second rule will never be applied.
+The second rule will never be applied.
 <h4>Download:</h4>
 <ul>
- <li>Plugin is included into 3proxy 0.6 binary and source distribution
+ <li>Plugin is included in the 3proxy 0.6 binary and source distribution
 </li></ul>
-©Maslov Michael aka Flexx(rus)
+&copy; Maslov Michael aka Flexx(rus)
--- a/doc/html/plugins/TrafficPlugin.ru.html
+++ b/doc/html/plugins/TrafficPlugin.ru.html
@ -46,7 +46,7 @@ trafcorrect p &lt;сервис&gt; &lt;tcp/udp&gt; &lt;исходящий пор
 Когда происходит окончание соединения выполняется первое подходящее правило.
 </ol>
 Подсчет трафика в любом режиме не является точным, это некоторая аппроксимация
-позволяющаяподсчитать трафик с точностью до нескольких процентов.
+позволяющая подсчитать трафик с точностью до нескольких процентов.
 <h4>Пример:</h4>
 <pre>
@ -66,4 +66,4 @@ trafcorrect m socks5 6112 4.5
 <h4>Загрузить:</h4>
 <ul>
 <li>Плагин включен в дистрибутив 3proxy 0.6
-</ul>
+</li></ul>
--- a/doc/html/plugins/TransparentPlugin.html
+++ b/doc/html/plugins/TransparentPlugin.html
@ -1,9 +1,9 @@
-<h3>3proxy TransparentPlugin plugin (Linux/BSD only)</h3>
+<h3>3proxy TransparentPlugin (Linux/BSD only)</h3>
-Plugin can turn 3proxy into transparent proxy for virtually any TCP-based protocol
+This plugin can turn 3proxy into a transparent proxy for virtually any TCP-based protocol
 and use all 3proxy features - redirections, parent proxies, ACLs, traffic limitations,
-etc. TransparentPlugin plugin takes destination IP:port from Linux and uses this
+etc. The TransparentPlugin takes the destination IP:port from Linux and uses this
-information as a target IP in proxy. An example of usage:
+information as the target IP in the proxy. An example usage:
 <pre>
 plugin /path/to/TransparentPlugin.ld.so transparent_plugin
@ -19,13 +19,13 @@ notransparent
 proxy
 </pre>
 Now, any TCP traffic transparently redirected to port 12345 will be routed via
-parent SOCKSv5 proxy and logged, all URLs for web requests are visible in logs.
+the parent SOCKSv5 proxy and logged; all URLs for web requests are visible in logs.
-Paremeters '127.0.0.1 11111' in this case are not used and are overwritten by
+The parameters '127.0.0.1 11111' in this case are not used and are overwritten by
-destination IP:port for each transparent connection.
+the destination IP:port for each transparent connection.
 <h4>Download:</h4>
 <ul>
- <li>Plugin included into 3proxy 0.8
+ <li>Plugin is included in 3proxy 0.8
-</ul>
+</li></ul>
 &copy; Vladimir Dubrovin, License: BSD style
--- a/doc/html/plugins/TransparentPlugin.ru.html
+++ b/doc/html/plugins/TransparentPlugin.ru.html
@ -28,6 +28,6 @@ HTTP-запросов по порту TCP/80 будут видны параме
 <h4>Загрузить:</h4>
 <ul>
 <li>Плагин включен в дистрибутив 3proxy 0.8
-</ul>
+</li></ul>
 &copy; Vladimir Dubrovin, License: BSD style
--- a/doc/html/plugins/WindowsAuthentication.html
+++ b/doc/html/plugins/WindowsAuthentication.html
@ -1,33 +1,33 @@
-<h3>3proxy Windows Authentication plugin</h3>
+<h3>3proxy Windows Authentication Plugin</h3>
-Support for cleartext authentication against Windows domain or local Windows account.
+Support for cleartext authentication against a Windows domain or local Windows account.
 <h4>Usage:</h4>
 <ol>
- <li>Extract WindowsAuthentication.dll to the same folder with 3proxy executable.
+ <li>Extract WindowsAuthentication.dll to the same folder as the 3proxy executable.
- <li>Create 3ProxyAllowedGroup - Windows system group allowed to use proxy.
+ <li>Create 3ProxyAllowedGroup - a Windows system group allowed to use the proxy.
- You can choose different group name. Group can be either local or
+ You can choose a different group name. The group can be either local or
 Active Directory. Every account allowed to use 3proxy must be included in this
 group either directly or through group nesting.
- <li>Configure plugin with 'plugin' command in 3proxy.cfg, e.g.:
+ <li>Configure the plugin with the 'plugin' command in 3proxy.cfg, e.g.:
 <pre><code>
 plugin &quot;WindowsAuthentication.dll&quot; WindowsAuthentication &quot;3ProxyAllowedGroup&quot;
 </code></pre>
-<br>WindowsAuthentication.dll - location of DLL, if DLL is located in different folder
+<br>WindowsAuthentication.dll - location of the DLL; if the DLL is located in a different folder
-from 3proxy.exe you must specify complete path to DLL here. 3ProxyAllowedGroup - Windows
+from 3proxy.exe, you must specify the complete path to the DLL here. 3ProxyAllowedGroup - the Windows
 system group allowed to use 3proxy.
-After plugin is loaded, 'windows' authentication type is supported.
+After the plugin is loaded, the 'windows' authentication type is supported.
 <li>Configure 'auth windows' for services that require Windows authentication.
- <li>It's recommended you also configure authentication caching (see 'authcache'),
+ <li>It is recommended that you also configure authentication caching (see 'authcache')
- to prevent excessive workload for domain controller. Example:
+ to prevent excessive workload on the domain controller. Example:
 <pre>
 authcache user,pass 900
 auth cache windows
 </pre>
- <li>NTLM authentication is not currently supported for plugins, you should use proxy -n key to disable it.
+ <li>NTLM authentication is not currently supported for plugins; you should use the proxy -n switch to disable it.
 </ol>
 <h4>Download:</h4>
 <ul>
- <li>Plugin is included into 3proxy 0.6 binary and source distribution
+ <li>Plugin is included in the 3proxy 0.6 binary and source distribution
-</ul>
+</li></ul>
--- a/doc/html/plugins/WindowsAuthentication.ru.html
+++ b/doc/html/plugins/WindowsAuthentication.ru.html
@ -31,5 +31,5 @@ auth windows
 <h4>Загрузить:</h4>
 <ul>
 <li>Плагин включен в дистрибутив 3proxy 0.6
-</ul>
+</li></ul>
--- a/doc/html/securityen.html
+++ b/doc/html/securityen.html
@ -1,35 +1,33 @@
-<h3>3proxy security considirations</h3>
+<h3>3proxy Security Considerations</h3>
 </ul>
 <ul>
-<li>Never install 3proxy suid. If you need it to run suid write some
+<li>Never install 3proxy suid. If you need it to run suid, write a
-wrapper with fixed configuration file.
+wrapper with a fixed configuration file.
-<li>Make configuration file only available to account 3proxy starts with.
+<li>Make the configuration file accessible only to the account 3proxy starts with.
-<li>Under Windows if 3proxy is used as service create new
+<li>Under Windows, if 3proxy is used as a service, create a new
-unprivileged local account without "logon locally" right. Assign this account
+unprivileged local account without "logon locally" rights. Assign this account
-to 3proxy service.
+to the 3proxy service.
-<li>Under unix use chroot to jail 3proxy (make sure files included in
+<li>Under Unix, use chroot to jail 3proxy (make sure files included in
-configuration file after 'chroot' command, if any, are available from jail)
+the configuration file after the 'chroot' command, if any, are available from within the jail).
-<li>Under Unix, either start 3proxy with unprivileged account or, if you need
+<li>Under Unix, either start 3proxy with an unprivileged account or, if you need
 some privileged ports to be used by 3proxy, use setgid/setuid commands inside
-3proxy.cfg immediately after last occurance of service binded to
+3proxy.cfg immediately after the last occurrence of a service bound to a
-privileged port in configuration file (setgid must preceed setuid).
+privileged port in the configuration file (setgid must precede setuid).
-<li>Allways use full paths in configuration file
+<li>Always use full paths in the configuration file.
 <li>Try to avoid 'strong' authentication, because only cleartext
-authentication method is currently available.
+authentication is currently available.
 <li>Always specify internal and external interfaces.
-<li>Always limit connections to internal network and localhost (to 127.0.0.1 and
+<li>Always limit connections to the internal network and localhost (to 127.0.0.1 and
-all interfaces) with ACLs. Be carefull, because BIND command in SOCKS requies
+all interfaces) with ACLs. Be careful, because the BIND command in SOCKS requires the
-BIND method with external interface IP address to be allowed.
+BIND method with the external interface IP address to be allowed.
-<li> Before 3proxy 0.8 always use nserver and nscache under Unix, overwise DoS attack is possible
+<li>Before 3proxy 0.8, always use nserver and nscache under Unix; otherwise, a DoS attack is possible
-with unreachable DNS server (because gethostbyname will block over threads).
+with an unreachable DNS server (because gethostbyname will block other threads).
-<li>Keep logs in secure location, because some confidential information from
+<li>Keep logs in a secure location, because some confidential information from
-user's request can be logged.
+user requests can be logged.
 <li>Use -xyz+A character filtering sequences for 'logformat', especially with
-ODBC logging to prevent SQL and log record injections. 
+ODBC logging, to prevent SQL and log record injections.
-<li>Immediately report all service crashes to developers
+<li>Immediately report all service crashes to the developers.
 <li>Participate in code audit :)
 </ol>
 </ul>
 <p>
--- a/doc/ru/example1.txt
+++ b/doc/ru/example1.txt
@ -3,26 +3,26 @@ KOI8-R
 Kirill Lopuchov, lopuchov at mail ru
 <3proxy>
-Довольно часто перед системным администратором встает задача предоставить доступ к Internet-ресурсам группе пользователей (небольшой офис, Internet-кафе). Данную задачу можно решить, настроив на Internet-шлюзе proxy-сервер, службу NAT (трансляция сетевых адресов) или раздать каждому пользователю реальный IP адрес.
+Довольно часто перед системным администратором встает задача предоставить доступ к Internet-ресурсам группе пользователей (небольшой офис, Internet-кафе). Данную задачу можно решить, настроив на Internet-шлюзе proxy-сервер, службу NAT (трансляция сетевых адресов) или раздать каждому пользователю реальный IP адрес.
-Давайте рассмотрим самый простой способ подключения - установку proxy-сервера. Традиционно для этих целей применяется популярный proxy Squid, но не всегда бывает необходимость в столь тяжеловатой программе :), да и в squid отсутствуют такие иногда необходимые вещи как SOCKS4/5-сервер, TCP/UP порт-маппинг. Поэтому вторым номером хочется представить вашему вниманию PROXY-сервер, под названием "3proxy" (http://3proxy.ru/), разработанный нашим программистом из г. Нижний Новгород. Одним из главных его достоинств является компактность и высокая переносимость. Код сервера написан так, что легко компилируется как для Win9x/2000/XP так и для Linux и FreeBSD.
+Давайте рассмотрим самый простой способ подключения - установку proxy-сервера. Традиционно для этих целей применяется популярный proxy Squid, но не всегда бывает необходимость в столь тяжеловатой программе :), да и в squid отсутствуют такие иногда необходимые вещи как SOCKS4/5-сервер, TCP/UP порт-маппинг. Поэтому вторым номером хочется представить вашему вниманию PROXY-сервер, под названием "3proxy" (http://3proxy.ru/), разработанный нашим программистом из г. Нижний Новгород. Одним из главных его достоинств является компактность и высокая переносимость. Код сервера написан так, что легко компилируется как для Win9x/2000/XP так и для Linux и FreeBSD.
-Сервер поддерживает следующие возможности:
+Сервер поддерживает следующие возможности:
 HTTP(S) proxy;
 FTP over HTTP proxy;
 SOCKS4/5 proxy;
 POP3 proxy;
-TCP & UDP маппинг портов;
+TCP & UDP маппинг портов;
-листы доступа к различным службам и адресам;
+листы доступа к различным службам и адресам;
-ограничение пропускной способности канала каждого пользователя (чтобы пользователь не съел весь канал, качая кучу файлов в несколько потоков :) ); 
+ограничение пропускной способности канала каждого пользователя (чтобы пользователь не съел весь канал, качая кучу файлов в несколько потоков :) ); 
-ограничение трафика пользователя на день, неделю и месяц;
+ограничение трафика пользователя на день, неделю и месяц;
-авторизацию пользователей ко всем proxy-службам по имени и паролю или по ip адресам;
+авторизацию пользователей ко всем proxy-службам по имени и паролю или по ip адресам;
-ведение журналов через ODBC (по-моему, такого нет ни в одном proxy) и syslog и т. д. 
+ведение журналов через ODBC (по-моему, такого нет ни в одном proxy) и syslog и т. д. 
-К недостаткам можно отнести отсутствие кэширования информации :-|. Но в последнее время Inernet-контент становится все более динамичным (то есть не поддающийся кэшированию) и может быть для кого-то экономия в 25% трафика за счет его кэширования не будет столь критична. Для тех пользователей, кому она может оказаться критичной, автор предлагает использовать цепочку из 2-х серверов и в качестве кэша такие сервера как wwwoffle или им подобные, либо ждать появления поддержки кеша в 3proxy :)
+К недостаткам можно отнести отсутствие кэширования информации :-|. Но в последнее время Inernet-контент становится все более динамичным (то есть не поддающийся кэшированию) и может быть для кого-то экономия в 25% трафика за счет его кэширования не будет столь критична. Для тех пользователей, кому она может оказаться критичной, автор предлагает использовать цепочку из 2-х серверов и в качестве кэша такие сервера как wwwoffle или им подобные, либо ждать появления поддержки кеша в 3proxy :)
-Установка
+Установка
 # wget http://3proxy.ru/current/3proxy.tgz
 # tar -xvzf 3proxy.tgz
@ -35,64 +35,64 @@ TCP & UDP
 # touch /usr/local/3proxy/3proxy.cfg
 # chown -R nobody:nogroup /usr/local/3proxy 
-Далее приведу небольшой пример конфигурационного файла 3proxy.cfg с 
+Далее приведу небольшой пример конфигурационного файла 3proxy.cfg с 
-комментариями, более подробную информацию по конфигурированию можно 
+комментариями, более подробную информацию по конфигурированию можно 
-найти файле 3proxy.cfg.sample или в 
+найти файле 3proxy.cfg.sample или в 
 HowTo http://3proxy.ru/howtor.asp
-и FAQ http://3proxy.ru/faqr.asp
+и FAQ http://3proxy.ru/faqr.asp
 -------------3proxy.cfg-------------
-# ВНИМАНИЕ !! не должны быть пробелов
+# ВНИМАНИЕ !! не должны быть пробелов
-# перед любыми опциями конфигурации !!
+# перед любыми опциями конфигурации !!
-# ip-адрес DNS-сервера провайдера или локального
+# ip-адрес DNS-сервера провайдера или локального
 nserver 127.0.0.1
 timeouts 1 5 30 60 180 1800 15 60
-# Создаем двух пользователей vasia, petia и vova 
+# Создаем двух пользователей vasia, petia и vova 
-# и назначаем им пароли 24555, 14656 и 45455 соответственно
+# и назначаем им пароли 24555, 14656 и 45455 соответственно
 users vasia:CL:24555
 users petia:CL:14656
 users vova:CL:45455
-# Лог-файл со списком запросов пользователей 
+# Лог-файл со списком запросов пользователей 
-# будет создаваться каждый день новый
+# будет создаваться каждый день новый
 log /usr/local/3proxy/logs/3proxy.log D
 logformat "%d-%m-%Y %H:%M:%S %U %C:%c %R:%r %O %I %T"
-# Внешний интерфейс,
+# Внешний интерфейс,
-# через который будут уходить запросы от сервера
+# через который будут уходить запросы от сервера
 external 10.1.1.1
-# ip-адрес интерфейса, на котором будут приниматься 
+# ip-адрес интерфейса, на котором будут приниматься 
-# запросы от клиентов
+# запросы от клиентов
 internal 192.168.1.1
-# Устанавливаем тип авторизации по имени и паролю
+# Устанавливаем тип авторизации по имени и паролю
 auth strong
-# Разрешаем доступ к портам 80,8080-8088
+# Разрешаем доступ к портам 80,8080-8088
 allow * * * 80,8080-8088
-# Расскоментировать секцию parent, если у вас есть прокси верхнего 
+# Расскоментировать секцию parent, если у вас есть прокси верхнего 
-# уровня и заменить ip, порт, имя пользователя и пароль на свои значения 
+# уровня и заменить ip, порт, имя пользователя и пароль на свои значения 
 # parent 1000 http 192.168.0.1 8080 username passwd
 # allow *
-# Запускаем службу HTTP-proxy на порту (3128) и 
+# Запускаем службу HTTP-proxy на порту (3128) и 
-# (-n) c отключенной NTLM-авторизацией)
+# (-n) c отключенной NTLM-авторизацией)
 proxy -p3128 -n
-# Ограничиваем толшину канала для пользователей 
+# Ограничиваем толшину канала для пользователей 
-# vasia и petia в 20000 bps,
+# vasia и petia в 20000 bps,
-# а для vova 10000 bps
+# а для vova 10000 bps
 bandlimin 20000 vasia,petia
 bandlimin 10000 vova 
-# Запускаем сервер от пользователя nobody 
+# Запускаем сервер от пользователя nobody 
-# (возможно в вашей ОС uid и gid пользователя nobody
+# (возможно в вашей ОС uid и gid пользователя nobody
-# будут другими. Для их определения воспользуйтесь коммандой id nobody) 
+# будут другими. Для их определения воспользуйтесь коммандой id nobody) 
 setgid 65534
 setuid 65534
 ------------------------------------
-После того как мы создали конфигурационный файл сервера, запускаем 3proxy командой:
+После того как мы создали конфигурационный файл сервера, запускаем 3proxy командой:
 /usr/local/3proxy/3proxy /usr/local/3proxy/3proxy.cfg
--- a/doc/ru/iodbc.txt
+++ b/doc/ru/iodbc.txt
@ -2,9 +2,9 @@ KOI8-R
 Kirill Lopuchov, lopuchov at mail ru
-Ведение логов сервера в SQL-базе имеет свои приемущества перед обычными текстовыми файлами. 3proxy поддерживает ведение логов через ODBC-менеджер в любой базе данных, имеющих ODBC-драйвер. Этот менеджер стал стандартом де-факто в среде Windows, чего, к сожалению, не скажешь про Unix. Поэтому далее  рассмотрим на примере FreeBSD настройку ведения логов в базе SQLite. Эта  база данных выбрана в качестве примера потому,  что она проста в установке и настроке (в принципе настройка ведения логов в любой другой базе mysql или  postgresql отличается только настройкой его odbc-драйвера)
+Ведение логов сервера в SQL-базе имеет свои приемущества перед обычными текстовыми файлами. 3proxy поддерживает ведение логов через ODBC-менеджер в любой базе данных, имеющих ODBC-драйвер. Этот менеджер стал стандартом де-факто в среде Windows, чего, к сожалению, не скажешь про Unix. Поэтому далее  рассмотрим на примере FreeBSD настройку ведения логов в базе SQLite. Эта  база данных выбрана в качестве примера потому,  что она проста в установке и настроке (в принципе настройка ведения логов в любой другой базе mysql или  postgresql отличается только настройкой его odbc-драйвера)
- Устанавливаем SQLite
+ Устанавливаем SQLite
 wget http://www.sqlite.org/sqlite-2.8.14.tar.gz
 tar -xvzf sqlite-2.8.14.tar.gz
 cd sqlite 
@ -12,7 +12,7 @@ cd sqlite
 gmake 
 gmake install
- Устанавливаем iODBC менеджер
+ Устанавливаем iODBC менеджер
 wget http://www.iodbc.org/libiodbc-3.51.2.tar.gz
 tar -xvzf libiodbc-3.51.2.tar.gz
 cd libiodbc-3.51.2
@ -20,24 +20,24 @@ cd libiodbc-3.51.2
 make 
 make install
- Устанавливаем odbc драйвер SQLite
+ Устанавливаем odbc драйвер SQLite
 wget http://www.ch-werner.de/sqliteodbc/sqliteodbc-0.62.tar.gz
 tar -xvzf sqliteodbc-0.62.tar.gz
 cd sqliteodbc-0.62
 ./configure
- Если у вас скрипт configure выдал ошибку : 
+ Если у вас скрипт configure выдал ошибку : 
 (configure: error: SQLite library too old)
- то ее можно попробовать обойти, вставив (SQLITE_COMPILE=1
+ то ее можно попробовать обойти, вставив (SQLITE_COMPILE=1
- в стр. 5092 после условия if endif) в файле configure
+ в стр. 5092 после условия if endif) в файле configure
 make 
 make install
- Далее настраиваем записи для iODBC менеджера в
+ Далее настраиваем записи для iODBC менеджера в
-файлах /etc/odbcinst.ini и /etc/odbc.ini
+файлах /etc/odbcinst.ini и /etc/odbc.ini
-Настраиваем odbc драйвер 
+Настраиваем odbc драйвер 
 --------------/etc/odbcinst.ini-------------
 [ODBC Drivers]
 SQLite=Installed
@ -46,8 +46,8 @@ SQLite=Installed
 Driver=/usr/local/lib/libsqliteodbc.so
 ---------------------------------------
-Создаем DSN для базы c именем "sqlite", которая будет 
+Создаем DSN для базы c именем "sqlite", которая будет 
-располагаться в каталоге: /usr/local/3proxy/logs.db
+располагаться в каталоге: /usr/local/3proxy/logs.db
 --------------/etc/odbc.ini----------------
 [ODBC Data Sources]
@ -61,8 +61,8 @@ Database=/usr/local/3proxy/logs.db
 Timeout=2000
 ---------------------------------------
-Создаем базу для логов и таблицу в формате (logformat 
+Создаем базу для логов и таблицу в формате (logformat 
-см. описание в 3proxy.cfg.sample )
+см. описание в 3proxy.cfg.sample )
 sqlite /usr/local/3proxy/logs.db
@ -79,7 +79,7 @@ sqlite>create table log (
   ...>);
-Добавляем следующие записи в конфигурационный файл 3proxy.cfg
+Добавляем следующие записи в конфигурационный файл 3proxy.cfg
 ---------------3proxy.cfg-----------------   
 log &sqlite
@ -88,12 +88,12 @@ l_descr)
 values ('%d-%m-%Y', '%H:%M:%S', '%U', '%N', %I, %O, '%T')"
 ------------------------------------------
-Cобрать 3proxy c поддрежкой iODBC, для этого в Makefile.unix поменять
+Cобрать 3proxy c поддрежкой iODBC, для этого в Makefile.unix поменять
 CFLAGS = -Wall -O2 -c -pthread -D_THREAD_SAFE -D_REENTRANT -DWITH_STD_MALLOC -I/usr/local/include
 LIBS = -L /usr/local/lib -lodbc
-и дать команды
+и дать команды
 make clean
 make -f Makefile.unix
--- a/doc/ru/odbc.txt
+++ b/doc/ru/odbc.txt
@ -1,6 +1,6 @@
 Eugene: Re: 3proxy 0.6 + iODBC + PostgreSQL  22.11.2007 19:04:23
- 	 	 	 	 	Наконец-то я разобрался и запустил.
+ 	 	 	 	 	Наконец-то я разобрался и запустил.
-1. Я использовал пакет unixODBC.
+1. Я использовал пакет unixODBC.
 2. /etc/unixODBC/odbc.ini
 [proxy]
 Description             = PostgreSQL ODBC driver
@ -12,7 +12,7 @@ ServerName              = localhost
 Description             = PostgreSQL ODBC driver
 Driver          = /usr/local/lib/psqlodbcw.so
 Setup           = /usr/lib/libodbcpsqlS.so
-4. Собирал вручную psqlodbc-08.02.0500, слитый с postgresql.org (получился psqlodbcw.so).
+4. Собирал вручную psqlodbc-08.02.0500, слитый с postgresql.org (получился psqlodbcw.so).
 5. 3proxy.conf
 log &proxy,logger,123
 logformat "LINSERT INTO logger (ldatetime,username,userip,trafin,trafout,service,host,port,
@ -20,9 +20,9 @@ url) VALUES ('%Y-%m-%d %H:%M:%S','%U','%C',
 '%I','%O','%N',
 '%n','%r','%T');"
-То есть пароли и логины в odbc.ini прописывать не надо - система падает на драйвере ODBC.
+То есть пароли и логины в odbc.ini прописывать не надо - система падает на драйвере ODBC.
-Использовать libiodbc тоже не надо - система падает на libiodbc.so.
+Использовать libiodbc тоже не надо - система падает на libiodbc.so.
-Все вышесказанное справедливо для unixODBC + psqlodbc производства postgresql.org, как с -DSAFESQL, так и без оного.
+Все вышесказанное справедливо для unixODBC + psqlodbc производства postgresql.org, как с -DSAFESQL, так и без оного.
-С myodbc + unixODBC проблем не наблюдалось никаких.
+С myodbc + unixODBC проблем не наблюдалось никаких.
-Шаманство, в общем ;) 
+Шаманство, в общем ;) 
--- a/man/3proxy.8
+++ b/man/3proxy.8
@ -14,18 +14,18 @@ server
 .RI [ \-\-remove ]
 .SH DESCRIPTION
 .B 3proxy
-is universal proxy server. It can be used to provide internal users wuth
+is a universal proxy server. It can be used to provide internal users with
 fully controllable access to external resources or to provide external
 users with access to internal resources. 3proxy is not developed to replace
 .BR squid (8),
-but it can extend functionality of existing cashing proxy.
+but it can extend the functionality of an existing caching proxy.
 It can be used to route requests between different types of clients and proxy
 servers. Think about it as application level
 gateway with configuration like hardware router has for network layer.
 It can establish multiple
 gateways with HTTP and HTTPS proxy with FTP over HTTP support, SOCKS v4,
 v4.5 and v5, POP3 proxy, UDP and TCP portmappers. Each gateway is started
-from configuration file like independant service 
+from the configuration file like an independent service 
 .BR proxy (8)
 .BR socks (8)
 .BR pop3p (8)
@ -35,24 +35,24 @@ from configuration file like independant service
 .BR dnspr
 but
 .BR 3proxy
-is not a kind of wrapper or superserver for this daemons. It just has same
+is not a kind of wrapper or superserver for these daemons. It just has the same
 code compiled in, but provides much more functionality. SOCKSv5
-implementatation allows to use 3proxy with any UDP or TCP based client
+implementation allows you to use 3proxy with any UDP or TCP based client
 applications designed without
 proxy support (with
 .IR SocksCAP ,
 .I FreeCAP
-or another client-side redirector under Windows of with socksification library
+or another client-side redirector under Windows or with a socksification library
-under Unix). So you can play your favourite games, listen music, exchange
+under Unix). So you can play your favourite games, listen to music, exchange
-files and messages and even accept incoming connections behind proxy server.
+files and messages and even accept incoming connections behind a proxy server.
 .PP
 .I dnspr
-does not exist as independant service. It\' DNS caching proxy (it requires
+does not exist as an independent service. It's a DNS caching proxy (it requires
 .I nscache
 and
 .I nserver
-to be set in configuration. Only A-records are cached. Please note, the
+to be set in the configuration. Only A-records are cached. Please note that
-this caching is mostly a 'hack' and has nothing to do with real
+this caching is mostly a 'hack' and has nothing to do with a real
 DNS server, but it works perfectly for SOHO networks.
 .PP
@ -65,9 +65,9 @@ NetBIOS name for Windows clients (it\'s very like ident authentication).
 Depending on ACL action request can be allowed, denied or redirected to another
 host or to another proxy server or even to a chain of proxy servers.
 .PP
-It supports different types of logging: to logfiles, 
+It supports different types of logging: to logfiles,
 .BR syslog (3)
-(only under Unix) or to ODBC database. Logging format is turnable to provide
+(only under Unix) or to an ODBC database. Logging format is tunable to provide
 compatibility with existing log file parsers. It makes it possible to use
 3proxy with IIS, ISA, Apache or Squid log parsers.
 .SH OPTIONS
@ -77,12 +77,12 @@ Name of config file. See
 .BR 3proxy.cfg (3)
 for configuration file format. Under Windows, if config_file is not specified,
 .BR 3proxy
-looks for file named
+looks for a file named
 .I 3proxy.cfg
-in the default location (in same directory with executable file and in current
+in the default location (in the same directory as the executable file and in the current
 directory). Under Unix, if no config file is specified, 3proxy reads
-configuration from stdin. It makes it possible to use 3proxy.cfg file as
+configuration from stdin. It makes it possible to use the 3proxy.cfg file as
-executable script just by setting +x mode and adding
+an executable script just by setting +x mode and adding
 .br
 #!/usr/local/3proxy/3proxy
 .br
@ -98,28 +98,28 @@ as a system service
 .BR 3proxy
 from system services
 .SH SIGNALS
-Under Unix there are few signals
+Under Unix there are a few signals
 .BR 3proxy
 catches. See
 .BR kill (1).
 .TP
 .B SIGTERM
-cleanup connections and exit
+clean up connections and exit
 .TP
 .B SIGPAUSE
-stop to accept new connections, on second signal - start and re-read
+stop accepting new connections, on second signal - start and re-read
 configuration
 .TP
 .B SIGCONT
-start to accept new conenctions
+start to accept new connections
 .TP
 .B SIGUSR1
 reload configuration
 .PP
 Under Windows, if
 .BR 3proxy
-is installed as service you can standard service management to start, stop,
+is installed as a service you can use standard service management to start, stop,
-pause and continue 3proxy service, for example:
+pause and continue the 3proxy service, for example:
 .br
 .BR "net start 3proxy"
 .br
--- a/man/3proxy.cfg.3
+++ b/man/3proxy.cfg.3
@ -6,9 +6,9 @@
 Common structure:
 .br
 Configuration file is a text file 3proxy reads configuration from. Each line
-of the file is a command executed immediately, as it was given from
+of the file is a command executed immediately, as if it were given from the
-console. Sequence of commands is important. Configuration file as actually a
+console. The sequence of commands is important. The configuration file is actually a
-script for 3proxy executable.
+script for the 3proxy executable.
 Each line of the file is treated as a blank (space or tab) separated
 command line. Additional space characters are ignored. 
 Think about 3proxy as "application level router" with console interface.
@ -16,16 +16,16 @@ Think about 3proxy as "application level router" with console interface.
 .br
 Comments:
 .br
- Any string beginning with space character or \'#\' character is comment. It\'s
+ Any line beginning with a space character or \'#\' character is a comment. It\'s
-ignored. <LF>s are ignored. <CR> is end of command.
+ignored. <LF>s are ignored. <CR> is the end of a command.
 .br
 Quotation:
 .br
- Quotation character is " (double quote). Quotation must be used to quote
+ The quotation character is " (double quote). Quotation must be used to quote
-spaces or another special characters. To use quotation character inside
+spaces or other special characters. To use a quotation character inside
-quotation character must be dubbed (BASIC convention). For example to use
+a quoted string, the character must be doubled (BASIC convention). For example, to use
-HELLO "WORLD" as an argument you should use it as "HELLO ""WORLD""".
+HELLO "WORLD" as an argument, you should write it as "HELLO ""WORLD""".
 Good practice is to quote any argument you use.
 .br
@ -37,7 +37,7 @@ to file, for example $/usr/local/etc/3proxy/conf.incl or
 required in last example because path contains space character. 
 For included file <CR> (end of line characters) is treated as space character
 (arguments delimiter instead of end of command delimiter). 
-Thus, include files are only useful to store long signle-line commands
+Thus, include files are only useful to store long single-line commands
 (like userlist, network lists, etc).
 To use dollar sign somewhere in argument it must be quoted. 
 Recursion is not allowed.
@ -55,6 +55,9 @@ Recursion is not allowed.
 .B pop3p
 [options]
 .br
 .B smtpp
 [options]
 .br
 .B ftppr
 [options]
 .br
@ -120,7 +123,7 @@ disable NTLM authentication (required if passwords are stored in Unix crypt form
 enable NTLMv1 authentication.
 .br
 .B -g(GRACE_TRAFF,GRACE_NUM,GRACE_DELAY)
-delay GRACE_DELAY  milliseconds before polling if average polling size below  GRACE_TRAFF bytes and GRACE_NUM read operations in single directions are detected within 1 second. Useful to minimize polling
+delay GRACE_DELAY milliseconds before polling if average polling size is below GRACE_TRAFF bytes and GRACE_NUM read operations in a single direction are detected within 1 second. Useful to minimize polling
 .B -s
 (for admin) secure, allow only secure operations, currently only traffic counters
 view without ability to reset.
@ -142,7 +145,7 @@ Never ask for username/password
 (for proxy) anonymous proxy (random client information reported)
 .br
 .B -a2
-(for proxy) generate Via: and X-Forwared-For: instead of Forwarded:
+(for proxy) generate Via: and X-Forwarded-For: instead of Forwarded:
 .br
 .B -6
 Only resolve IPv6 addresses. IPv4 addresses are packed in IPv6 in IPV6_V6ONLY compatible way.
@ -167,17 +170,17 @@ options for proxy-to-client (oc), proxy-to-server (os), proxy listening (ol), co
 Options like TCP_CORK, TCP_NODELAY, TCP_DEFER_ACCEPT, TCP_QUICKACK, TCP_TIMESTAMPS, USE_TCP_FASTOPEN, SO_REUSEADDR, SO_REUSEPORT, SO_PORT_SCALABILITY, SO_REUSE_UNICASTPORT, SO_KEEPALIVE, SO_DONTROUTE may be supported depending on OS.
 .br
 .B -DiINTERFACE, -DeINTERFACE
-bind internal interface / external inteface to given INTERFACE (e.g. eth0) if SO_BINDTODEVICE supported by system. You may need to run as root or to have CAP_NET_RAW capability in order to bind to interface, depending on system, so this option may require root privileges and can be incompatible with some configuraton commands like chroot and setuid (and daemon if setcap is used).
+bind internal interface / external interface to given INTERFACE (e.g. eth0) if SO_BINDTODEVICE is supported by the system. You may need to run as root or have CAP_NET_RAW capability in order to bind to an interface, depending on the system, so this option may require root privileges and can be incompatible with some configuration commands like chroot and setuid (and daemon if setcap is used).
 .br
 .B -e
-External address. IP address of interface proxy should initiate connections
+External address. IP address of the interface the proxy should initiate connections
 from. External IP must be specified if you need incoming connections.
-By default system will deside which address to use in accordance
+By default the system will decide which address to use in accordance
-with routing table.
+with the routing table.
 .br
 .B -i
-Internal address. IP address proxy accepts connections to.
+Internal address. IP address the proxy accepts connections to.
-By default connection to any interface is accepted. 
+By default, connections to any interface are accepted. 
 .br
 .B -N
 (for socks) External NAT address 3proxy reports to client for BIND and UDPASSOC
@ -256,13 +259,17 @@ alternate config file. Think twice before using it.
 .br
 LOGTYPE is one of:
 .br
-  M Monthly
+  c Minutely
 .br
-  W Weekly (starting from Sunday)
+  H Hourly
 .br
  D Daily
 .br
-  H Hourly
+  W Weekly (starting from Sunday)
 .br
  M Monthly
 .br
  Y Annually
 .br
 if logfile is not specified logging goes to stdout. You can specify individual logging options for gateway by using -l
 option in gateway configuration.
@ -298,7 +305,7 @@ with space and all time based elemnts are in local time zone.
 .br
  %m Month number
 .br
-  %o Month abbriviature
+  %o Month abbreviation
 .br
  %d Day
 .br
@ -308,17 +315,17 @@ with space and all time based elemnts are in local time zone.
 .br
  %S Second
 .br
-  %t Timstamp (in seconds since 01-Jan-1970)
+  %t Timestamp (in seconds since 01-Jan-1970)
 .br
  %. milliseconds
 .br
-  %z timeZone (from Grinvitch)
+  %z time zone (from Greenwich)
 .br
  %D request duration (in milliseconds)
 .br
-  %b average send rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
+  %b average send rate per request (in bytes per second); this speed is typically below the connection speed shown by the download manager.
 .br
-  %B average receive rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
+  %B average receive rate per request (in bytes per second); this speed is typically below the connection speed shown by the download manager.
 .br
  %U Username
 .br
@ -354,9 +361,9 @@ with space and all time based elemnts are in local time zone.
 .br
  %T service specific Text
 .br
-  %N1-N2T (N1 and N2 are positive numbers) log only fields from N1 thorugh N2 of service specific text
+  %N1-N2T (N1 and N2 are positive numbers) log only fields from N1 through N2 of service-specific text
 .br
- in the case of ODBC logging logformat specifies SQL statement, for exmample:
+ In the case of ODBC logging, logformat specifies an SQL statement, for example:
 .br
 logformat "-\'+_Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values (\'%d-%m-%Y %H:%M:%S\', \'%U\', \'%N\', %I, %O, \'%T\')"
@ -369,6 +376,14 @@ traffic is achieved for connection, without waiting for connection to finish.
 It may be useful to prevent information about long-lasting downloads on server
 shutdown.
 .br
 .B delimchar
 <char>
 .br
 Sets the delimiter character used to separate username from hostname in proxy
 authentication strings (e.g. for FTP, POP3 proxies). Default is \'@\'. For example,
 to use \'#\' instead: delimchar #. This allows usernames to contain the \'@\' character.
 .br
 .B archiver
 <ext> <commandline>
@ -401,6 +416,14 @@ can use %A as produced archive name and %F as filename.
 .br
 default timeouts 1 5 30 60 180 1800 15 60 15 5
 .br
 .B maxseg
 <value>
 .br
 Sets TCP maximum segment size (MSS) for outgoing connections. This can be used
 to work around path MTU discovery issues or to optimize traffic for specific
 network conditions.
 .br
 .B radius 
 <NAS_SECRET> <radius_server_1[:port][/local_address_1]> <radius_server_2[:port][/local_address_2]>
@ -428,12 +451,19 @@ Use authcache to speedup authentication. RADIUS feature is currently experimenta
 .B nserver
 <ipaddr>[:port][/tcp]
 .br
- Nameserver to use for name resolutions. If none specified 
+ Nameserver to use for name resolutions. If none specified
 system routines for name resolution is
 used. Optional port number may be specified.
 If optional /tcp is added to IP address, name resolution is
 performed over TCP.
 .br
 .B authnserver
 <ipaddr>[:port][/tcp]
 .br
 Nameserver to use for DNS-based authentication (e.g. dnsname auth type).
 If not specified, nserver is used. The syntax is the same as for nserver.
 .br
 .B nscache
 <cachesize>
@ -441,8 +471,8 @@ performed over TCP.
 <cachesize>
 .br
 Cache <cachesize> records for name resolution (nscache for IPv4,
-nscache6 for IPv6). Cachesize usually should be large enougth
+nscache6 for IPv6). The cache size should usually be large enough
-(for example 65536).
+(for example, 65536).
 .br
 .B nsrecord
@ -457,8 +487,8 @@ command to set up UDL for dialing.
 .br
 .B fakeresolve
 .br
- All names are resolved to 127.0.0.2 address. Usefull if all requests are
+ All names are resolved to the 127.0.0.2 address. Useful if all requests are
-redirected to parent proxy with http, socks4+, connect+ or socks5+.
+redirected to a parent proxy with http, socks4+, connect+ or socks5+.
 .br
 .B dialer
@ -491,8 +521,8 @@ External or -e can be given twice: once with IPv4 and once with IPv6 address.
 .B maxconn
 <number>
 .br
- sets maximum number of simulationeous connections to each service
+ sets the maximum number of simultaneous connections to each service
-started after this command on network level. Default is 100.
+started after this command at the network level. Default is 100.
 .br
 To limit clients, use connlim instead. maxconn will silently ignore
 new connections, while connlim will report back to the client that
@ -507,17 +537,17 @@ the connection limit has been reached.
 .br
 .B service
 .br
- (depricated). Indicates 3proxy to behave as Windows 95/98/NT/2000/XP
+ (deprecated). Indicates that 3proxy should behave as a Windows 95/98/NT/2000/XP
-service, no effect for Unix. Not required for 3proxy 0.6 and above. If
+service; has no effect under Unix. Not required for 3proxy 0.6 and above. If
-you upgraded from previous version of 3proxy use --remove and --install
+you upgraded from a previous version of 3proxy, use --remove and --install
-to reinstall service.
+to reinstall the service.
 .br
 .B daemon
 .br
- Should be specified to close console. Do not use \'daemon\' with \'service\'.
+ Should be specified to close the console. Do not use \'daemon\' with \'service\'.
-At least under FreeBSD \'daemon\' should preceed any proxy service
+At least under FreeBSD, \'daemon\' should precede any proxy service
-and log commands to avoid sockets problem. Always place it in the beginning
+and log commands to avoid socket problems. Always place it in the beginning
 of the configuration file.
 .br
@ -528,8 +558,8 @@ of the configuration file.
 .br
 none - no authentication or authorization required.
 .br
- Note: is auth is none any ip based limitation, redirection, etc will not work. 
+ Note: if auth is none, any IP-based limitation, redirection, etc. will not work.
-This is default authentication type
+This is the default authentication type
 .br
 iponly - authentication by access control list with username ignored.
 Appropriate for most cases
@ -538,11 +568,11 @@ This is default authentication type
 authorization by ACLs. Useful for e.g. SOCKSv4 proxy and icqpr (icqpr set UIN /
 AOL screen name as a username)
 .br
- dnsname - authentication by DNS hostnname with authorization by ACLs.
+ dnsname - authentication by DNS hostname with authorization by ACLs.
-DNS hostname is resolved via PTR (reverse) record and validated (resolved
+The DNS hostname is resolved via a PTR (reverse) record and validated (the resolved
-name must resolve to same IP address). It\'s recommended to use authcache by
+name must resolve to the same IP address). It\'s recommended to use authcache by
-ip for this authentication.
+IP for this authentication.
-NB: there is no any password check, name may be spoofed.
+NB: there is no password check; the name may be spoofed.
 .br
 strong - username/password authentication required. It will work with
 SOCKSv5, FTP, POP3 and HTTP proxy. 
@ -554,23 +584,23 @@ SOCKSv5, FTP, POP3 and HTTP proxy.
 Plugins may add additional authentication types.
 .br
- It\'s possible to use few authentication types in the same commands. E.g.
+ It\'s possible to use multiple authentication types in the same command. E.g.
 .br
 auth iponly strong
 .br
- In this case \'strong\' authentication will be used only in case resource
+ In this case, \'strong\' authentication will be used only if resource
-access can not be performed with \'iponly\' authentication, that is username is
+access cannot be performed with \'iponly\' authentication, that is, a username is
-required in ACL. It\'s usefull to protect access to some resources with
+required in the ACL. It\'s useful to protect access to some resources with
-password allowing passwordless access to another resources, or to use
+a password while allowing passwordless access to other resources, or to use
-IP-based authentication for dedicated laptops and request username/password for
+IP-based authentication for dedicated laptops and request a username/password for
 shared ones.
 .br
 .B authcache
 <cachtype> <cachtime>
 .br
- Cache authentication information to given amount of time (cachetime) in seconds.
+ Cache authentication information for a given amount of time (cachetime) in seconds.
-Cahtype is one of:
+Cachetype is one of:
 .br
 ip - after successful authentication all connections during caching time
 from same IP are assigned to the same user, username is not requested.
@ -598,15 +628,19 @@ Use auth type \'cache\' for cached authentication
 .B deny
 <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
 <weekdayslist> <timeperiodslist>
 .br
 .B redirect
 <ip> <port> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
 <weekdayslist> <timeperiodslist>
 .br
 Access control entries. All lists are comma-separated, no spaces are
 allowed. Usernames are case sensitive (if used with authtype nbname
 username must be in uppercase). Source and target lists may contain
-IP addresses (W.X.Y.Z), ranges A.B.C.D - W.X.Y.Z (since 0.8) or CIDRs (W.X.Y.Z/L). 
+IP addresses (W.X.Y.Z), ranges A.B.C.D - W.X.Y.Z (since 0.8) or CIDRs (W.X.Y.Z/L).
-Since 0.6, targetlist may also contain host names,
+Since 0.6, the targetlist may also contain host names,
-instead of addresses. It\'s possible to use wildmask in
+instead of addresses. It\'s possible to use a wildmask in
-the begginning and in the the end of hostname, e.g. *badsite.com or *badcontent*.
+the beginning and at the end of the hostname, e.g. *badsite.com or *badcontent*.
-Hostname is only checked if hostname presents in request.
+The hostname is only checked if a hostname is present in the request.
 Targetportlist may contain ports (X) or port ranges lists (X-Y). For any field *
 sign means ANY. If access list is empty it\'s assumed to be
 .br
@ -657,14 +691,14 @@ to appropriate interface only or to use ip filters.
 FTP_LIST FTP list request
 .br
 FTP_DATA FTP data connection. Note: FTP_DATA requires access to dynamic
-non-ptivileged (1024-65535) ports on remote side.
+non-privileged (1024-65535) ports on the remote side.
 .br
 FTP matches any FTP/FTP Data request
 .br
 ADMIN access to administration interface
 .br
- Weeksdays are week days numbers or periods, 0 or 7 means Sunday, 1 is Monday, 1-5 means Monday through Friday.
+ Weekdays are week day numbers or periods, 0 or 7 means Sunday, 1 is Monday, 1-5 means Monday through Friday.
 .br
 Timeperiodlists is a list of time
 periods in HH:MM:SS-HH:MM:SS format. For example, 00:00:00-08:00:00,17:00:00-24:00:00 lists non-working hours.
@ -678,9 +712,9 @@ build proxy chain. Proxies may be grouped. Proxy inside the
 group is selected randomly. If few groups are specified one proxy
 is randomly picked from each group and chain of proxies is created
 (that is second proxy connected through first one and so on).
-Weight is used to group proxies. Weigt is a number between 1 and 1000.
+Weight is used to group proxies. Weight is a number between 1 and 1000.
-Weights are summed and proxies are grouped together untill weight of
+Weights are summed and proxies are grouped together until the weight of
-group is 1000. That is:
+the group is 1000. That is:
 .br
 allow *
 .br
@ -708,7 +742,7 @@ with probability of 0.7) for outgoing web connections. Chains are only applied t
 .br
 type is one of:
 .br
- extip does not actully redirect request, it sets external address for this request to <ip>. It can be chained with another parent types. It's usefaul to set external IP based on ACL or make it random.
+ extip does not actually redirect the request; it sets the external address for this request to <ip>. It can be chained with another parent type. It's useful to set the external IP based on ACL or make it random.
 .br
 tcp simply redirect connection. TCP is always last in chain. This type of proxy is a simple TCP redirection, it does not support parent authentication.
 .br
@ -732,8 +766,8 @@ if used with different service, it works as tcp redirection.
 socks5+ parent is SOCKSv5 proxy with name resolution
 .br
 socks4b parent is SOCKS4b (broken SOCKSv4 implementation with shortened
-server reply. I never saw this kind ofservers byt they say there are).
+server reply; I never saw this kind of server, but they say there are some).
-Normally you should not use this option. Do not mess this option with
+Normally you should not use this option. Do not confuse this option with
 SOCKSv4a (socks4+).
 .br
 socks5b parent is SOCKS5b (broken SOCKSv5 implementation with shortened
@ -759,18 +793,18 @@ locally redirects to
 locally redirects to
 .B pop3p
 .B http
-locally redurects to
+locally redirects to
 .B proxy
 .B admin
-locally redirects to admin -s service.
+locally redirects to the admin -s service.
 .br
- Main purpose of local redirections is to have requested resource
+ Main purpose of local redirections is to have the requested resource
-(URL or POP3 username) logged and protocol-specific filters to be applied.
+(URL or POP3 username) logged and protocol-specific filters applied.
-In case of local redirection ACLs are revied twice: first, by SOCKS proxy up to \'parent\'
+In case of local redirection, ACLs are reviewed twice: first, by the SOCKS proxy up to the \'parent\'
-command and then with gateway service connection is
+command and then by the gateway service the connection is
-redirected (HTTP, FTP or POP3) after \'parent\' command. It means,
+redirected to (HTTP, FTP or POP3) after the \'parent\' command. It means
-additional \'allow\' command is required for redirected requests, for
+an additional \'allow\' command is required for redirected requests, for
 example:
 .br
 allow * * * 80
@ -786,11 +820,17 @@ local HTTP proxy parses requests and allows only GET and POST requests.
 .br
 parent 1000 http 1.2.3.4 0
 .br
- Changes external address for given connection to 1.2.3.4 (an equivalent to -e1.2.3.4)
+ Changes the external address for a given connection to 1.2.3.4 (equivalent to -e1.2.3.4)
 .br
 Optional username and password are used to authenticate on parent
 proxy. Username of \'*\' means username must be supplied by user.
 .br
 .B parentretries
 <number>
 .br
 Number of retries to connect to parent proxy. Default is 1.
 .br
 .B nolog
@ -843,15 +883,17 @@ noforce allows to keep previously authenticated connections.
 <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
 <weekdayslist> <timeperiodslist>
 .br
- bandlim sets bandwith limitation filter to <rate> bps (bits per second)
+ bandlim sets a bandwidth limitation filter to <rate> bps (bits per second).
-If you want to specife bytes per second - multiply your value to 8.
+If you want to specify bytes per second, multiply your value by 8.
-bandlim rules act in a same manner as allow/deny rules except
+bandlim rules act in the same manner as allow/deny rules, except for
 one thing: bandwidth limiting is applied to all services, not to some
 specific service. 
-bandlimin and nobandlimin applies to incoming traffic
+bandlimin and nobandlimin apply to incoming traffic
-bandlimout and nobandlimout applies to outgoing traffic
+.br
-If tou want to ratelimit your clients with IPs 192.168.10.16/30 (4
+bandlimout and nobandlimout apply to outgoing traffic
-addresses) to 57600 bps you have to specify 4 rules like
+.br
 If you want to ratelimit your clients with IPs 192.168.10.16/30 (4
 addresses) to 57600 bps, you have to specify 4 rules like
 .br
 bandlimin 57600 * 192.168.10.16
 .br
@ -861,12 +903,12 @@ addresses) to 57600 bps you have to specify 4 rules like
 .br
 bandlimin 57600 * 192.168.10.19
 .br
- and every of you clients will have 56K channel. If you specify
+ and each of your clients will have a 56K channel. If you specify
 .br
 bandlimin 57600 * 192.168.10.16/30
 .br
- you will have 56K channel shared between all clients.
+ you will have a 56K channel shared between all clients.
-if you want, for example, to limit all speed ecept access to POP3 you can use
+If you want, for example, to limit all speed except access to POP3, you can use
 .br
 nobandlimin * * * 110
 .br
@ -891,17 +933,17 @@ connlim limits a number of parallel connections.
 .br
 connlim 20 0 * 127.0.0.1
 .br
- allows 20 simulationeous connections for 127.0.0.1.
+ allows 20 simultaneous connections for 127.0.0.1.
 .br
- Like with bandlimin, if individual limit is required per client, separate
+ Like with bandlimin, if an individual limit is required per client, a separate
-rule mustbe added for every client. Like with nobanlimin, noconnlim adds an
+rule must be added for every client. Like with nobandlimin, noconnlim adds an
 exception.
 .br
 .B counter
-<filename> <reporttype> <repotname>
+<filename> <reporttype> <reportname>
 .br
 .B countin
 <number> <type> <limit> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
@ -928,29 +970,29 @@ exception.
 <weekdayslist> <timeperiodslist>
 .br
- counter, countin, nocountin, countout, noucountout, countall,
+ counter, countin, nocountin, countout, nocountout, countall,
-nocountall commands are used to set traffic limit
+nocountall commands are used to set a traffic limit
-in MB for period of time (day, week or month). Filename is a path
+in MB for a period of time (day, week or month). Filename is a path
 to a special file where traffic information is permanently stored.
-number is sequential number of record in this file. If number is 0
+The number is the sequential number of the record in this file. If the number is 0,
-this counter is not preserved in counter file (that is
+this counter is not preserved in the counter file (that is,
-if proxy restarted all counters with 0 are flushed) overwise it
+if the proxy is restarted, all counters with 0 are flushed); otherwise, it
-should be unique sequential number which points to position of
+should be a unique sequential number which points to the position of
-the couter within the file.
+the counter within the file.
 Type specifies a type of counter. Type is one of:
 .br
- H - counter is resetted hourly
+ H - counter is reset hourly
 .br
- D - counter is resetted daily
+ D - counter is reset daily
 .br
- W - counter is resetted weekly
+ W - counter is reset weekly
 .br
- M - counter is resetted monthely
+ M - counter is reset monthly
 .br
- reporttype/repotname may be used to generate traffic reports.
+ reporttype/reportname may be used to generate traffic reports.
-Reporttype is one of D,W,M,H(hourly) and repotname specifies filename
+Reporttype is one of D, W, M, H (hourly) and reportname specifies the filename
-template for reports. Report is text file with counter values in
+template for reports. The report is a text file with counter values in
-format:
+the format:
 .br
 <COUNTERNUMBER> <TRAF>
 .br
@ -969,6 +1011,8 @@ username[:pwtype:password] ...
 CR - password is crypt-style password
 .br
 NT - password is NT password (in hex)
 .br
 LM - password is LM password (in hex)
 .br
 example:
 .br
@ -976,13 +1020,13 @@ username[:pwtype:password] ...
 .br
 users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
 .br
- Note: double quotes are requiered because password contains $ sign.	
+ Note: double quotes are required because the password contains a $ sign.	
 .br
 .B flush
 .br
- empty active access list. Access list must be flushed avery time you creating
+ empty the active access list. The access list must be flushed every time you create a
-new access list for new service. For example:
+new access list for a new service. For example:
 .br
 allow *
 .br
@ -1043,14 +1087,14 @@ for all threads.
 .B stacksize
 <value_to_add_to_default_stack_size>
 .br
- Change default size for threads stack. May be required in some situation,
+ Change the default size for thread stacks. May be required in some situations,
-e.g. with non-default plugins, on on some platforms (some FreeBSD version
+e.g. with non-default plugins, or on some platforms (some FreeBSD versions
-may require adjusting stack size due to invalid defined value in system
+may require adjusting the stack size due to an incorrectly defined value in system
-header files, this value is also oftent reqruied to be changed for ODBC and
+header files; this value is also often required to be changed for ODBC and
-PAM support on Linux. If you experience 3proxy
+PAM support on Linux). If you experience 3proxy
 crash on request processing, try to set some positive value. You may start with
-stacksize 65536 
+stacksize 65536
-and then find the minimal value for service to work. If you experience
+and then find the minimal value for the service to work. If you experience
 memory shortage, you can try to experiment with negative values.
 .SH PLUGINS
@ -1070,9 +1114,9 @@ as
 .B filtermaxsize
 <max_size_of_data_to_filter>
 .br
- If Content-length (or another data length) is greater than given value, no
+ If Content-length (or another data length) is greater than the given value, no
-data filtering will be performed thorugh filtering plugins to avoid data
+data filtering will be performed through filtering plugins to avoid data
-corruption and/or Content-Length chaging. Default is 1MB (1048576).
+corruption and/or Content-Length changing. Default is 1MB (1048576).
 .SH BUGS
 Report all bugs to
--- a/man/ftppr.8
+++ b/man/ftppr.8
@ -19,7 +19,7 @@ servers.
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
@ -28,17 +28,17 @@ Be silenT. Do not log start/stop/accept error records.
 Never look for username authentication.
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
+External address. IP address of the interface the proxy should initiate connections
-from. 
+from.
-By default system will deside which address to use in accordance
+By default, the system will decide which address to use in accordance
-with routing table.
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
+Internal address. IP address the proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -h
-Default destination. It's used if targed address is not specified by user.
+Default destination. It's used if the target address is not specified by the user.
 .TP
 .B -p
 Port. Port proxy listens for incoming connections. Default is 21.
@ -48,7 +48,7 @@ Log. By default logging is to stdout. If
 .I logfile
 is specified logging is to file. Under Unix, if
 .RI \' @ \'
-preceeds
+precedes
 .IR logfile ,
 syslog is used for logging.
 .TP
@ -56,24 +56,24 @@ syslog is used for logging.
 Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
 crashes.
 .SH CLIENTS
-You can use any FTP client, regardless of FTP proxy support. For client with
+You can use any FTP client, regardless of FTP proxy support. For a client with
-FTP proxy support configure
+FTP proxy support, configure
 .I internal_ip
 and
 .IR port
-in FTP proxy parameters.
+in the FTP proxy parameters.
-For clients without FTP proxy support use
+For clients without FTP proxy support, use
 .I internal_ip
 and
 .IR port
-as FTP server. Address of real FTP server must be configured as a part of
+as the FTP server. The address of the real FTP server must be configured as a part of
-FTP username. Format for username is
+the FTP username. The format for the username is
 .IR username \fB@ server ,
 where
 .I server
-is address of FTP server and
+is the address of the FTP server and
 .I username
-is user\'s login on this FTP server. Login itself may contain \'@\' sign.
+is the user\'s login on this FTP server. The login itself may contain an \'@\' sign.
 Only cleartext authentication is currently supported.
 .SH BUGS
 Report all bugs to
--- a/man/pop3p.8
+++ b/man/pop3p.8
@ -19,7 +19,7 @@ servers.
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
@ -28,27 +28,27 @@ Be silenT. Do not log start/stop/accept error records.
 Never look for username authentication.
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
+External address. IP address of the interface the proxy should initiate connections
-from. 
+from.
-By default system will deside which address to use in accordance
+By default, the system will decide which address to use in accordance
-with routing table.
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
+Internal address. IP address the proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -p
 Port. Port proxy listens for incoming connections. Default is 110.
 .TP
 .B -h
-Default destination. It's used if targed address is not specified by user.
+Default destination. It's used if the target address is not specified by the user.
 .TP
 .B -l
 Log. By default logging is to stdout. If
 .I logfile
 is specified logging is to file. Under Unix, if
 .RI \' @ \'
-preceeds
+precedes
 .IR logfile ,
 syslog is used for logging.
 .TP
@ -56,21 +56,21 @@ syslog is used for logging.
 Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
 crashes.
 .SH CLIENTS
-You can use any MUA (Mail User Agent) with POP3 support. Set client to use
+You can use any MUA (Mail User Agent) with POP3 support. Set the client to use
 .I internal_ip
 and
 .IR port
-as a POP3 server. Address of real POP3 server must be configured as a part of
+as a POP3 server. The address of the real POP3 server must be configured as a part of
-POP3 username. Format for username is
+the POP3 username. The format for the username is
 .IR username \fB@ server ,
 where
 .I server
-is address of POP3 server and
+is the address of the POP3 server and
 .I username
-is user\'s login on this POP3 server. Login itself may contain \'@\' sign.
+is the user\'s login on this POP3 server. The login itself may contain an \'@\' sign.
 Only cleartext authentication is supported, because challenge-response
-authentication (APOP, CRAM-MD5, etc) requires challenge from server before
+authentication (APOP, CRAM-MD5, etc.) requires a challenge from the server before
-we know which server to connect.
+we know which server to connect to.
 .SH BUGS
 Report all bugs to
 .BR 3proxy@3proxy.org
--- a/man/proxy.8
+++ b/man/proxy.8
@ -17,7 +17,7 @@ is HTTP gateway service with HTTPS and FTP over HTTPS support.
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
@ -26,14 +26,14 @@ Be silenT. Do not log start/stop/accept error records.
 Never ask for username authentication
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
+External address. IP address of the interface the proxy should initiate connections
-from. 
+from.
-By default system will deside which address to use in accordance
+By default, the system will decide which address to use in accordance
-with routing table.
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
+Internal address. IP address the proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -a
 Anonymous. Hide information about client.
@ -57,12 +57,12 @@ syslog is used for logging.
 Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
 crashes.
 .SH CLIENTS
-You should use client with HTTP proxy support or configure router to redirect
+You should use a client with HTTP proxy support or configure a router to redirect
-HTTP traffic to proxy (transparent proxy). Configure client to connect to
+HTTP traffic to the proxy (transparent proxy). Configure the client to connect to
 .I internal_ip
 and
 .IR port .
-HTTPS support allows to use almost any TCP based protocol. If you need to
+HTTPS support allows you to use almost any TCP-based protocol. If you need to
 limit clients, use 
 .BR 3proxy (8)
 instead.
--- a/man/smtpp.8
+++ b/man/smtpp.8
@ -19,7 +19,7 @@ servers.
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
@ -28,27 +28,27 @@ Be silenT. Do not log start/stop/accept error records.
 Never look for username authentication.
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
+External address. IP address of the interface the proxy should initiate connections
-from. 
+from.
-By default system will deside which address to use in accordance
+By default, the system will decide which address to use in accordance
-with routing table.
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
+Internal address. IP address the proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -p
 Port. Port proxy listens for incoming connections. Default is 25.
 .TP
 .B -h
-Default destination. It's used if targed address is not specified by user.
+Default destination. It's used if the target address is not specified by the user.
 .TP
 .B -l
 Log. By default logging is to stdout. If
 .I logfile
 is specified logging is to file. Under Unix, if
 .RI \' @ \'
-preceeds
+precedes
 .IR logfile ,
 syslog is used for logging.
 .TP
@ -57,21 +57,21 @@ Increase or decrease stack size. You may want to try something like -S8192 if yo
 crashes.
 .SH CLIENTS
 You can use any MUA (Mail User Agent) with SMTP authentication support.
-Set client to use
+Set the client to use
 .I internal_ip
 and
 .IR port
-as a SMTP server. Address of real SMTP server must be configured as a part of
+as an SMTP server. The address of the real SMTP server must be configured as a part of
-SMTP username. Format for username is
+the SMTP username. The format for the username is
 .IR username \fB@ server ,
 where
 .I server
-is address of SMTP server and
+is the address of the SMTP server and
 .I username
-is user\'s login on this SMTP server. Login itself may contain \'@\' sign.
+is the user\'s login on this SMTP server. The login itself may contain an \'@\' sign.
 Only cleartext authentication is supported, because challenge-response
-authentication (CRAM-MD5, SPA, etc) requires challenge from server before
+authentication (CRAM-MD5, SPA, etc.) requires a challenge from the server before
-we know which server to connect.
+we know which server to connect to.
 .SH BUGS
 Report all bugs to
 .BR 3proxy@3proxy.org
--- a/man/socks.8
+++ b/man/socks.8
@ -19,7 +19,7 @@ outgoing and reverse TCP connections and UDP portmapping.
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
@ -28,19 +28,19 @@ Be silenT. Do not log start/stop/accept error records.
 Never ask for username authentication
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
+External address. IP address of the interface the proxy should initiate connections
 from. External IP must be specified if you need incoming connections.
-By default system will deside which address to use in accordance
+By default, the system will decide which address to use in accordance
-with routing table.
+with the routing table.
 .TP
 .B -N
-External NAT address 3proxy reports to client for BIND and UDPASSOC
+External NAT address 3proxy reports to client for BIND and UDPASSOC.
-By default external address is reported. It's only useful in the case
+By default, the external address is reported. It's only useful in the case
-of IP-IP NAT (will not work for PAT)
+of IP-IP NAT (will not work for PAT).
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
+Internal address. IP address the proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -p
 Port. Port proxy listens for incoming connections. Default is 1080.
@ -58,7 +58,7 @@ syslog is used for logging.
 Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
 crashes.
 .SH CLIENTS
-You should use client with SOCKS support or use some socksification support
+You should use a client with SOCKS support or use some socksification support
 (for example
 .I SocksCAP
 or
@ -67,9 +67,9 @@ Configure client to use
 .I internal_ip
 and
 .IR port .
-SOCKS allows to use almost any application protocol without limitation. This
+SOCKS allows you to use almost any application protocol without limitation. This
-implementation also allows to open priviledged port on server (if socks has
+implementation also allows you to open privileged ports on the server (if socks has
-sufficient privileges). If you need to control access use
+sufficient privileges). If you need to control access, use
 .BR 3proxy (8)
 instead.
 .SH BUGS
--- a/man/tcppm.8
+++ b/man/tcppm.8
@ -17,27 +17,27 @@ forwards connections from local to remote TCP port
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
+External address. IP address of the interface the proxy should initiate connections
-from. 
+from.
-By default system will deside which address to use in accordance
+By default, the system will decide which address to use in accordance
-with routing table.
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
+Internal address. IP address the proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -l
 Log. By default logging is to stdout. If
 .I logfile
 is specified logging is to file. Under Unix, if
 .RI \' @ \'
-preceeds
+precedes
 .IR logfile ,
 syslog is used for logging.
 .TP
@ -47,19 +47,19 @@ crashes.
 .SH ARGUMENTS
 .TP
 .I local_port
- port tcppm accepts connection
+- port tcppm accepts connections on
 .TP
 .I remote_host
- IP address of the host connection is forwarded to
+- IP address of the host the connection is forwarded to
 .TP
 .I remote_port
- remote port connection is forwarded to
+- remote port the connection is forwarded to
 .SH CLIENTS
-Any TCP based application can be used as a client. Use
+Any TCP-based application can be used as a client. Use
 .I internal_ip
 and
 .I local_port
-as a destination in client application. Connection is forwarded to
+as the destination in the client application. The connection is forwarded to
 .IR remote_host : remote_port
 .SH BUGS
 Report all bugs to
--- a/man/tlspr.8
+++ b/man/tlspr.8
@ -11,15 +11,15 @@
 .IB \fR[ -i internal_ip\fR]
 .IB \fR[ -e external_ip\fR]
 .SH DESCRIPTION
-.B proxy
+.B tlspr
-is SNI gateway service (destination host is taken from TLS handshake). Destination port must be specified via -P option (or it may be detected with Transparent plugin).
+is an SNI gateway service (destination host is taken from TLS handshake). The destination port must be specified via the -P option (or it may be detected with the Transparent plugin).
 .SH OPTIONS
 .TP
 .B -I
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
@ -28,14 +28,14 @@ Be silenT. Do not log start/stop/accept error records.
 Never ask for username authentication
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
+External address. IP address of the interface the proxy should initiate connections
-from. 
+from.
-By default system will deside which address to use in accordance
+By default, the system will decide which address to use in accordance
-with routing table.
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
+Internal address. IP address the proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -a
 Anonymous. Hide information about client.
@ -47,17 +47,17 @@ Anonymous. Show fake information about client.
 listening_port. Port proxy listens for incoming connections. Default is 1443.
 .TP
 .B -P
-destination_port. Port to establish outgoing connections. One is required unless Transparent plugin is not used because TLS handshake does not contain port information. Default is 443.
+destination_port. Port to establish outgoing connections. Required unless the Transparent plugin is used, because the TLS handshake does not contain port information. Default is 443.
 .TP
 .B -c
-TLS_CHECK_LEVEL. 0 (default) - allow non-TLS traffic to pass, 1 - require TLS, only check client HELLO packet, 2 - require TLS, check both client and server HELLO, 3 - require TLS, check server send certificate (not compatible with TLS 1.3), 4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
+TLS_CHECK_LEVEL. 0 (default) - allow non-TLS traffic to pass, 1 - require TLS, only check client HELLO packet, 2 - require TLS, check both client and server HELLO, 3 - require TLS, check that the server sends a certificate (not compatible with TLS 1.3), 4 - require mutual TLS, check that the server sends a certificate request and the client sends a certificate (not compatible with TLS 1.3)
 .TP
 .B -l
 Log. By default logging is to stdout. If
 .I logfile
 is specified logging is to file. Under Unix, if
 .RI \' @ \'
-preceeds
+precedes
 .IR logfile ,
 syslog is used for logging.
 .TP
@ -65,13 +65,12 @@ syslog is used for logging.
 Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
 crashes.
 .SH CLIENTS
-You should use client with HTTP proxy support or configure router to redirect
+You should use a client with TLS support or configure a router to redirect
-HTTP traffic to proxy (transparent proxy). Configure client to connect to
+TLS traffic to the proxy (transparent proxy). Configure the client to connect to
 .I internal_ip
 and
 .IR port .
-HTTPS support allows to use almost any TCP based protocol. If you need to
+If you need to limit clients, use
 limit clients, use 
 .BR 3proxy (8)
 instead.
 .SH BUGS
--- a/man/udppm.8
+++ b/man/udppm.8
@ -3,7 +3,7 @@
 .B udppm
 \- UDP port mapper
 .SH SYNOPSIS
-.BR "pop3p " [ -ds ]
+.BR "udppm " [ -ds ]
 .IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
 .IB \fR[ -i internal_ip\fR]
 .IB \fR[ -e external_ip\fR]
@ -17,35 +17,35 @@ forwards datagrams from local to remote UDP port
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
 .TP
 .B -e
-External address. IP address of interface proxy should initiate datagrams
+External address. IP address of the interface the proxy should initiate datagrams
-from. 
+from.
-By default system will deside which address to use in accordance
+By default, the system will decide which address to use in accordance
-with routing table.
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts datagrams to.
+Internal address. IP address the proxy accepts datagrams to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -l
 Log. By default logging is to stdout. If
 .I logfile
 is specified logging is to file. Under Unix, if
 .RI \' @ \'
-preceeds
+precedes
 .IR logfile ,
 syslog is used for logging.
 .TP
 .B -s
-Single packet. By default only one client can use udppm service, but
+Single packet. By default, only one client can use the udppm service, but
-if -s is specified only one packet will be forwarded between client and server.
+if -s is specified, only one packet will be forwarded between client and server.
-It allows to share service between multiple clients for single packet services
+This allows the service to be shared between multiple clients for single-packet services
-(for example name lookups).
+(for example, name lookups).
 .TP
 .B -S
 Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
@ -53,7 +53,7 @@ crashes.
 .SH ARGUMENTS
 .TP
 .I local_port
- port udppm accepts datagrams
+- port udppm accepts datagrams on
 .TP
 .I remote_host
 - IP address of the host datagrams are forwarded to
@ -61,11 +61,11 @@ crashes.
 .I remote_port
 - remote port datagrams are forwarded to
 .SH CLIENTS
-Any UDP based application can be used as a client. Use
+Any UDP-based application can be used as a client. Use
 .I internal_ip
 and
 .I local_port
-as a destination in client application. All datagrams are forwarded to
+as the destination in the client application. All datagrams are forwarded to
 .IR remote_host : remote_port
 .SH BUGS
 Report all bugs to
--- a/scripts/3proxy-linux-install.sh
+++ b/scripts/3proxy-linux-install.sh
@ -1,985 +0,0 @@
 #!/bin/bash
 # 3proxy build and install script for Debian Linux 
 # Release 2.0 at 29.12.2016
 # (с) Evgeniy Solovyev 
 # mail-to: eugen-soloviov@yandex.ru
 ScriptPath=""
 Src3proxyDirPath=""
 ScriptName=""
 ScriptFullName=""
 SourceRoot=""
 ResourcesData=""
 ProxyVersion=""
 LasestProxyVersion=""
 LasestProxyVersionLink=""
 UseSudo=0
 PacketFiles=""
 NeedSourceUpdate=0
 main()
 {
 	local msgNewVersion
 	local msgInsertYorN
 	VarsInit
 	LoadResources
 	CheckRunConditions
 	if [ $UseSudo == 1 ]
 	then
 		sudo bash "${0}"
 		exit $?
 	fi
 	CheckLocation
 	GetLasestVersionInfo
 	SourceDownloadOrUpdate
 	cd "${SourceRoot}"
 	Build3Proxy
 	BinInstall
 	ManInstall
 	CreateLogDir
 	CopyConfig
 	SetInit
 	Pack3proxyFiles
 }
 VarsInit()
 {
 	cd `dirname $0`
 	ScriptPath="${PWD}"
 	ScriptName=`basename $0`
 	ScriptFullName="${ScriptPath}/${ScriptName}"
 }
 CheckLocation()
 {
 	Src3proxyDirPath="${ScriptPath}"
 	if echo ${ScriptPath} | grep -e "/scripts$"
 	then
 		if [ -e "../src/version.h" ]
 		then
 			ProxyVersion=`cat "../src/version.h" | awk '/VERSION/ { gsub("\"", "\n"); print; exit }' | grep "3proxy"`
 			cd ../
 			SourceRoot="${PWD}"
 			cd ../
 			Src3proxyDirPath="${PWD}"
 			cd "${ScriptPath}"
 		fi
 	fi
 }
 GetLasestVersionInfo()
 {
 	local Githublink
 	local msg
 	Githublink=`wget https://github.com/3proxy/3proxy/releases/latest -O /dev/stdout |
 	awk '/<a.+href=.+\.tar\.gz/ { gsub("\"", "\n"); print; exit }' |
 	grep -e ".tar.gz"`
 	if [ $? != 0 ]
 	then
 		msg=`GetResource "msgInternetConnectionError"`
 		echo -e "${msg}"
 		exit 255
 	fi
 	LasestProxyVersionLink="https://github.com${Githublink}"
 	LasestProxyVersion=`basename "${Githublink}" | awk 'gsub(".tar.gz", "") { print "3proxy-" $0 }'`
 }
 CheckRunConditions()
 {
 	local UserName
 	local answer
 	local msg
 	local msgContinueWork
 	local msgInsertYorN
 	UserName=`whoami`
 	if [  $UID != 0 ]
 	then
 		if [ `CheckPacketInstall "sudo"` == 0 ]
 		then
 			msg=`GetResource "msgSudoNotInstalled"`
 			echo -e "${msg}"
 			exit 255
 		fi
 		UseSudo=1
 		if [ -z `cat /etc/group | grep -e "^sudo" | grep "${UserName}"`  ]
 		then
 			msg=`GetResource "msgUserNotMemberOfSudoGroup"`
 			echo -e "${msg}"
 			exit 255
 		fi
 		if [ `env | grep -e ^http_proxy` != "" ]
 		then
 			msg=`GetResource "msgSystemUseProxy"`
 			echo -e "${msg}"
 			msgContinueWork=`GetResource "msgDoYouWishContinue"`
 			msgInsertYorN=`GetResource "msgPleaseInsertYorN"`
 			while true; do
 				read -s -n1 -p "${msgContinueWork}" answer
 				case $answer in
 					[Yy]* ) echo -ne "\n";break;;
 					[Nn]* ) echo -ne "\n"; sleep 0; exit 0;;
 					* ) echo -e "${msgInsertYorN}";;
 				esac
 			done
 		fi
 	fi
 }
 DonwnloadSource()
 {
 	if [ ! -e "${Src3proxyDirPath}/${LasestProxyVersion}.tar.gz" ] 
 	then
 		wget "${LasestProxyVersionLink}" -O "${Src3proxyDirPath}/${LasestProxyVersion}.tar.gz"
 	fi
 	ProxyVersion="${LasestProxyVersion}"
 }
 UnpackSource()
 {
 	if [ ! -d "${Src3proxyDirPath}/${LasestProxyVersion}" ]
 	then
 		tar -xvf "${Src3proxyDirPath}/${LasestProxyVersion}.tar.gz" -C "${Src3proxyDirPath}"
 	fi
 	SourceRoot="${Src3proxyDirPath}/${LasestProxyVersion}"
 }
 SourceDownloadOrUpdate()
 {
 	if [ -z "${ProxyVersion}" ]
 	then
 		NeedSourceUpdate=1
 	else
 		if [ "${ProxyVersion}" != "${LasestProxyVersion}" ]
 		then
 			msgNewVersion=`GetResource "msgNewVersion"`
 			msgInsertYorN=`GetResource "msgPleaseInsertYorN"`
 			echo -ne "\a"
 			while true; do
 				read -s -n1 -p "${msgNewVersion}" answer
 				case $answer in
 					[Yy]* ) echo -ne "\n"; NeedSourceUpdate=1; sleep 0; break;;
 					[Nn]* ) echo -ne "\n"; NeedSourceUpdate=0; sleep 0; break;;
 					* ) echo -e "${msgInsertYorN}";;
 				esac
 			done
 		fi
 	fi
 	if [ $NeedSourceUpdate == 1 ]
 	then
 		DonwnloadSource
 		UnpackSource
 	fi
 }
 Build3Proxy()
 {
 	local msg
 	if [ `CheckPacketInstall "build-essential"` == 0 ]
 	then
 		apt-get -y install build-essential
 	fi
 	if [ `CheckPacketInstall "build-essential"` == 0 ]
 	then
 		msg=`GetResource "msgBuildEssentialNotInstalled"`
 		echo -e "${msg}"
 		exit 255
 	fi
 	make -f Makefile.Linux
 }
 BinInstall()
 {
 	local binlist
 	local liblist
 	if [! -d bin]
 	then
 		mkdir bin
 	fi
 	cd bin
 	binlist=`ls -l --time-style="+%d.%m.%Y %H:%m" | awk '$1 ~ /x$/ && $1 ~ /^[^d]/ && $8 !~ /\.so$/ { print $8 }'`
 	for file in $binlist
 	do
 		cp -vf "${file}" /usr/bin
 		PacketFiles=`echo -e "${PacketFiles}\n/usr/bin/${file}"`
 	done
 	liblist=`ls -l --time-style="+%d.%m.%Y %H:%m" | awk '$1 ~ /x$/ && $1 ~ /^[^d]/ && $8 ~ /\.so$/ { print $8 }'`
 	for file in $liblist
 	do
 		cp -vf "${file}" /usr/lib
 		PacketFiles=`echo -e "${PacketFiles}\n/usr/lib/${file}"`
 	done
 	cd ..
 }
 ManInstall()
 {
 	local man3list
 	local man8list
 	cd man
 	man3list=`ls -l --time-style="+%d.%m.%Y %H:%m" | awk '$8 ~ /\.3$/ { print $8 }'`
 	gzip -vfk $man3list
 	man3list=`echo "${man3list}" | awk '{ print $1 ".gz" }'`
 	for file in $man3list
 	do
 		mv -vf "${file}" /usr/share/man/man3
 		PacketFiles="${PacketFiles}\n/usr/share/man/man3/${file}" 
 	done
 	man8list=`ls -l --time-style="+%d.%m.%Y %H:%m" | awk '$8 ~ /\.8$/ { print $8 }'`
 	gzip -vfk $man8list
 	man8list=`echo "${man8list}" | awk '{ print $1 ".gz" }'`
 	for file in $man8list
 	do
 		mv -vf "${file}" /usr/share/man/man8
 		PacketFiles=`echo -e "${PacketFiles}\n/usr/share/man/man8/${file}"`
 	done
 	cd ..
 }
 CreateLogDir()
 {
 	local LogDir
 	LogDir="/var/log/3proxy"
 	if [ ! -d  "${LogDir}" ]
 	then
 		mkdir "${LogDir}"
 	fi
 	chown nobody:nogroup "${LogDir}"
 	chmod 775 "${LogDir}"
 	PacketFiles="${PacketFiles}\n${LogDir}" 
 }
 CopyConfig()
 {
 	local ConfigDir
 	ConfigDir="/etc/3proxy"
 	if [ ! -d  "${ConfigDir}" ]
 	then
 		mkdir "${ConfigDir}"
 	fi
 	LoadGlobalResource "ConfigFile" > "${ConfigDir}/3proxy.cfg"
 	PacketFiles=`echo -e "${PacketFiles}\n${ConfigDir}/3proxy.cfg"`
 }
 SetInit()
 {
 	LoadGlobalResource "InitScript" > "/etc/init.d/3proxy"
 	chown root:root "/etc/init.d/3proxy"
 	chmod 755 "/etc/init.d/3proxy"
 	PacketFiles=`echo -e "${PacketFiles}\n/etc/init.d/3proxy"`
 	update-rc.d 3proxy defaults
 }
 Pack3proxyFiles()
 {
 	local CPU_Arc
 	CPU_Arc=`uname -m`
 	cd ../
 	tar -czPpvf "${ProxyVersion}-${CPU_Arc}.tar.gz" $PacketFiles
 }
 LoadResources()
 {
 	local StartRow
 	local EndRow
 	local LngLabel
 	local msgResourceErr="\aError! Script could not find resources!"
 	if env | grep -q 'LANG=ru_RU.UTF-8' 
 	then
 		LngLabel="RU"
 #LngLabel="EN"
 	else
 		LngLabel="EN"
 	fi
 	StartRow=`cat "${ScriptFullName}" | awk "/^#Resources_${LngLabel}/ { print NR; exit}"`
 	if [ -z "${StartRow}" ]
 	then
 		echo -e "${msgResourceErr}"
 		exit 255
 	fi
 	EndRow=`cat "${ScriptFullName}" | awk "NR > ${StartRow} && /^#Resources_${LngLabel}_end/ { print NR; exit}"`
 	if [ -z "${EndRow}" ]
 	then
 		echo -e "${msgResourceErr}"
 		exit 255
 	fi
 	ResourcesData=`cat "${ScriptFullName}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'`
 }
 # $1 - Name of Resource
 GetResource()
 {
 	local StartRow
 	local EndRow
 	local msgResourceErr="\aError! Script could not find resource \"${1}\"!"
 	StartRow=`echo "${ResourcesData}" | awk "/^#Resource=${1}/ { print NR; exit}"`
 	if [ -z "${StartRow}" ]
 	then
 		echo -e "${msgResourceErr}" > /dev/stderr
 		exit 255
 	fi
 	EndRow=`echo "${ResourcesData}" | awk "NR > ${StartRow} && /^#endResource=${1}/ { print NR; exit}"`
 	if [ -z "${EndRow}" ]
 	then
 		echo -e "${msgResourceErr}" > /dev/stderr
 		exit 255
 	fi
 	echo "${ResourcesData}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'
 }
 # $1 - Name of Resource
 LoadGlobalResource()
 {
 	local StartRow
 	local EndRow
 	local LngLabel
 	local msgResourceErr="\aError! Script could not find resource \"${1}\"!"
 	StartRow=`cat "${ScriptFullName}" | awk "/^#Resource=${1}/ { print NR; exit}"`
 	if [ -z "${StartRow}" ]
 	then
 		echo -e "${msgResourceErr}" > /dev/stderr
 		exit 255
 	fi
 	EndRow=`cat "${ScriptFullName}" | awk "NR > ${StartRow} && /^#endResource=${1}/ { print NR; exit}"`
 	if [ -z "${EndRow}" ]
 	then
 		echo -e "${msgResourceErr}" > /dev/stderr
 		exit 255
 	fi
 	cat "${ScriptFullName}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'
 }
 CheckPacketInstall()
 {
 	if [ `dpkg -l ${1} 2>&1 | wc -l` -le 1 ]  
 	then
 		echo 0
 		return
 	fi
 	if [ `dpkg -l ${1} | grep -e ^un | wc -l` == 1 ]
 	then
 		echo 0
 		return
 	fi
 	echo 1
 }
 main
 exit 0
 #Resources_EN
 #Resource=msgSudoNotInstalled
 \aThe script is running under the account a non-privileged user.
 "Sudo" package is not installed in the system.
 The script can not continue, as the execution of operations,
 requiring rights "root" - is not possible!
 Please run the script under the account "root",
 or install and configure "sudo" package!
 #endResource=msgSudoNotInstalled
 #Resource=msgUserNotMemberOfSudoGroup
 \aThe script is running under account a non-privileged user.
 The account of the current user is not included in the "sudo" group!
 The script can not continue, as the execution of operations,
 requiring rights "root" - is not possible!
 Please run the script under the account "root",
 or configure "sudo" package!
 #endResource=msgUserNotMemberOfSudoGroup
 #Resource=msgSystemUseProxy
 \aAttention! The operating system uses proxy-server.
 For correctly work of package manager "apt" 
 in the file "/etc/sudoers" should be present line:
 Defaults env_keep = "http_proxy https_proxy"
 #endResource=msgSystemUseProxy
 #Resource=msgDoYouWishContinue
 Do you wish to the script continued executing? (y/n):
 #endResource=msgDoYouWishContinue
 #Resource=msgPleaseInsertYorN
 \a\nPlease insert "y" or "n"!
 #endResource=msgPleaseInsertYorN
 #Resource=msgInternetConnectionError
 \aError downloading "https://github.com/z3APA3A/3proxy/releases/latest"!
 Please check the settings of the Internet connection.
 #endResource=msgInternetConnectionError
 #Resource=msgNewVersion
 The new version of "3proxy" detected, do you want download it?
 #endResource=msgNewVersion
 #Resource=msgBuildEssentialNotInstalled
 \aPackage "build-essential" was not installed.
 The installation can not be continued!
 #endResource=msgBuildEssentialNotInstalled
 #Resources_EN_end
 #Resources_RU
 #Resource=msgSudoNotInstalled
 \aСкрипт запущен под учётной записью обычного пользователя.
 В системе не установлен пакет "sudo".
 Скрипт не может продолжить работу, так как выполнение операций,
 требующих прав "root" - не представляется возможным!
 Пожалуйста, запустите скрипт под учётной записью "root", 
 либо установите и настройте пакет "sudo"!
 #endResource=msgSudoNotInstalled
 #Resource=msgUserNotMemberOfSudoGroup
 \aСкрипт запущен под учётной записью обычного пользователя.
 Учётная запись текущего пользователя не включена в группу "sudo"!
 Скрипт не может продолжить работу, так как выполнение операций,
 требующих прав "root" - не представляется возможным!
 Пожалуйста, запустите скрипт под учётной записью "root", 
 либо настройте пакет "sudo"!
 #endResource=msgUserNotMemberOfSudoGroup
 #Resource=msgSystemUseProxy
 \aВнимание! В системе используется прокси-сервер.
 Чтобы менеджер пакетов "apt" работал корректно,
 в файле "/etc/sudoers" должна присутствовать строка:
 Defaults env_keep = "http_proxy https_proxy"
 #endResource=msgSystemUseProxy
 #Resource=msgDoYouWishContinue
 Хотите чтобы скрипт дальше продолжил работу? (y/n):
 #endResource=msgDoYouWishContinue
 #Resource=msgPleaseInsertYorN
 \a\nПожалуйста введите "y" или "n"!
 #endResource=msgPleaseInsertYorN
 #Resource=msgInternetConnectionError
 \aОшибка закачки "https://github.com/z3APA3A/3proxy/releases/latest"!
 Пожалуйста, проверьте настройки интернет соединения.
 #endResource=msgInternetConnectionError
 #Resource=msgNewVersion
 Обнаружена новая версия "3proxy", скачать её (y/n)?
 #endResource=msgNewVersion
 #Resource=msgBuildEssentialNotInstalled
 \aПакет "build-essential" не был установлен.
 Дальнейшая установка не может быть продолжена!
 #endResource=msgBuildEssentialNotInstalled
 #Resources_RU_end
 #Resource=ConfigFile
 noconfig
 # If in this file have line "noconfig", then 3proxy not to be runned!
 # For usung this configuration file 3proxy you must to delete 
 # or comment out the line with "noconfig".
 daemon
 # Parameter "daemon" - means run 3proxy as daemon
 pidfile /tmp/3proxy.pid
 # PID file location 
 # This parameter must have the same value as 
 # the variable "PidFile" in  the script "/etc/init.d/3proxy"
 # Configuration file location
 config /etc/3proxy/3proxy.cfg
 internal 127.0.0.1
 # Internal is address of interface proxy will listen for incoming requests
 # 127.0.0.1 means only localhost will be able to use this proxy. This is
 # address you should specify for clients as proxy IP.
 # You MAY use 0.0.0.0 but you shouldn't, because it's a chance for you to
 # have open proxy in your network in this case.
 external 192.168.0.1
 # External is address 3proxy uses for outgoing connections. 0.0.0.0 means any
 # interface. Using 0.0.0.0 is not good because it allows to connect to 127.0.0.1
 # DNS IP addresses
 nserver 8.8.8.8
 nserver 8.8.4.4
 # DNS cache size
 nscache 65536
 # Timeouts settings
 timeouts 1 5 30 60 180 1800 15 60
 # log file location
 log /var/log/3proxy/3proxy.log D
 # log file format
 logformat "L%C - %U [%d-%o-%Y %H:%M:%S %z] ""%T"" %E %I %O %N/%R:%r"
 archiver gz /usr/bin/gzip %F
 # If archiver specified log file will be compressed after closing.
 # you should specify extension, path to archiver and command line, %A will be
 # substituted with archive file name, %f - with original file name.
 # Original file will not be removed, so archiver should care about it.
 rotate 30
 # We will keep last 30 log files
 proxy -p3128
 # Run http/https proxy on port 3128
 auth none
 # No authentication is requires
 setgid 65534
 setuid 65534
 # Run 3proxy under account "nobody" with group "nobody"
 #endResource=ConfigFile
 #Resource=InitScript
 #!/bin/sh
 #
 # 3proxy daemon control script
 #
 ### BEGIN INIT INFO
 # Provides:          3proxy
 # Required-Start:    $network $remote_fs $syslog
 # Required-Stop:     $network $remote_fs $syslog
 # Should-Start:      $named
 # Should-Stop:       $named
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: 3proxy HTTP Proxy
 ### END INIT INFO
 ScriptName="3proxy"
 ScriptFullName="/etc/init.d/3proxy"
 ConfigFile="/etc/3proxy/3proxy.cfg"
 LogDir="/var/log/3proxy"
 PidFile="/tmp/3proxy.pid"
 ResourcesData=""
 main()
 {
 	LoadResources
 	if [ ! -d "${LogDir}" ]
 	then
 		mkdir -p "${LogDir}";
 	fi
 	case "$1" in
 		start)		Start ;;
 		stop)		Stop ;;
 		restart)	Stop; Start ;;
 		status)		Status ;;
 		*)			ShowHelp;;
 	esac
 }
 Start()
 {
 	local msg
 	local ProxyPID
 	if [ ! -f "${ConfigFile}" ]
 	then
 		msg=`GetResource "msgConfigFileNotFound"`
 		printf "${msg}" "${ConfigFile}"
 		return
 	fi
 	if cat "${ConfigFile}" | grep -qe "^noconfig"
 	then
 		msg=`GetResource "msgNoconfigDetected"`
 		printf "${msg}" "${ConfigFile}"
 		return
 	fi
 	ProxyPID=`Get3proxyPID`
 	if [ ! -z "${ProxyPID}" ]
 	then
 		msg=`GetResource "msg3proxyAlreadyRunning"`
 		printf "${msg}" "${ProxyPID}"
 		return
 	fi
 	3proxy "${ConfigFile}"
 	sleep 1
 	ProxyPID=`Get3proxyPID`
 	if [ ! -f "${PidFile}" ] 
 	then
 		msg=`GetResource "msg3proxyStartProblems"`
 		printf "${msg}"
 		return
 	fi
 	if [ `cat "${PidFile}"` != "${ProxyPID}" ]
 	then
 		msg=`GetResource "msg3proxyStartProblems"`
 		printf "${msg}"
 		return
 	fi
 	msg=`GetResource "msg3proxyStartedSuccessfully"`
 	printf "${msg}" `date +%d-%m-%Y" "%H:%M:%S` "${ProxyPID}"
 }
 Stop()
 {
 	local msg
 	local ProxyPID
 	ProxyPID=`Get3proxyPID`
 	if [ -f "${PidFile}" ] 
 	then
 		if [ `cat "${PidFile}"` = "${ProxyPID}" ]
 		then
 			kill -9 "${ProxyPID}"
 			rm -f "${PidFile}"
 			msg=`GetResource "msg3proxyStoppedSuccessfully"`
 			printf "${msg}" `date +%d-%m-%Y" "%H:%M:%S`
 			return
 		fi
 	fi
 	if [ -z "${ProxyPID}" ]
 	then
 		msg=`GetResource "msg3proxyProxyNotDetected"`
 		printf "${msg}"
 		return
 	fi
 	pkill -o 3proxy
 	msg=`GetResource "msg3proxyStoppedByKillall"`
 	printf "${msg}" `date +%d-%m-%Y" "%H:%M:%S` "${PidFile}"
 }
 Status()
 {
 	local msg
 	local ProxyPID
 	if [ -f "${PidFile}" ] 
 	then
 		msg=`GetResource "msgPidFileExists"`
 		printf "${msg}" "${PidFile}" `cat "${PidFile}"`
 	else
 		msg=`GetResource "msgPidFileNotExists"`
 		printf "${msg}" "${PidFile}"
 	fi
 	ProxyPID=`Get3proxyPID`
 	if [ ! -z  "${ProxyPID}" ]
 	then
 		msg=`GetResource "msg3proxyProcessDetected"`
 		printf "${msg}"
 		ps -ef | awk '$8 ~ /^3proxy/ { print "User: " $1 "\tPID: " $2 }'
 	else
 		msg=`GetResource "msg3proxyProcessNotDetected"`
 		printf "${msg}"
 	fi
 }
 ShowHelp()
 {
 	local msg
 	msg=`GetResource "msg3proxyHelp"`
 	printf "${msg}" "${ScriptFullName}" "${ScriptName}"
 }
 Get3proxyPID()
 {
 	ps -ef | awk '$8 ~ /^3proxy/ { print $2; exit }'
 }
 LoadResources()
 {
 	local StartRow
 	local EndRow
 	local LngLabel
 	local msgResourceErr="\aError! Script could not find resources!"
 	if env | grep -q 'LANG=ru_RU.UTF-8' 
 	then
 		LngLabel="RU"
 	else
 		LngLabel="EN"
 	fi
 	StartRow=`cat "${ScriptFullName}" | awk "/^#Resources_${LngLabel}/ { print NR; exit}"`
 	if [ -z "${StartRow}" ]
 	then
 		echo -e "${msgResourceErr}"
 		exit 255
 	fi
 	EndRow=`cat "${ScriptFullName}" | awk "NR > ${StartRow} && /^#Resources_${LngLabel}_end/ { print NR; exit}"`
 	if [ -z "${EndRow}" ]
 	then
 		echo -e "${msgResourceErr}"
 		exit 255
 	fi
 	ResourcesData=`cat "${ScriptFullName}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'`
 }
 # $1 - Name of Resource
 GetResource()
 {
 	local StartRow
 	local EndRow
 	local msgResourceErr="\aError! Script could not find resource \"${1}\"!"
 	StartRow=`echo "${ResourcesData}" | awk "/^#Resource=${1}/ { print NR; exit}"`
 	if [ -z "${StartRow}" ]
 	then
 		echo -e "${msgResourceErr}" > /dev/stderr
 		exit 255
 	fi
 	EndRow=`echo "${ResourcesData}" | awk "NR > ${StartRow} && /^#endResource=${1}/ { print NR; exit}"`
 	if [ -z "${EndRow}" ]
 	then
 		echo -e "${msgResourceErr}" > /dev/stderr
 		exit 255
 	fi
 	echo "${ResourcesData}" | awk -v StartRow="${StartRow}" -v EndRow="${EndRow}" 'NR > StartRow && NR < EndRow { print $0 }'
 }
 main $@
 exit 0;
 #Resources_EN
 #Resource=msg3proxyHelp
 Usage:
 \t%s {start|stop|restart}
 or
 \tservice %s {start|stop|restart|status}\\n
 #endResource=msg3proxyHelp
 #Resource=msgConfigFileNotFound
 \a3proxy configuration file - "%s" is not found!\\n
 #endResource=msgConfigFileNotFound
 #Resource=msgNoconfigDetected
 Parameter "noconfig" found in 3proxy configuration file -
 "% s" !
 To run 3proxy this parameter should be disabled.\\n
 #endResource=msgNoconfigDetected
 #Resource=msg3proxyAlreadyRunning
 \a3proxy already running PID: %s\\n
 #endResource=msg3proxyAlreadyRunning
 #Resource=msg3proxyStartProblems
 With the start of 3proxy, something is wrong! 
 Use: service 3proxy status\\n
 #endResource=msg3proxyStartProblems
 #Resource=msg3proxyStartedSuccessfully
 [ %s %s ] 3proxy started successfully! PID: %s\\n
 #endResource=msg3proxyStartedSuccessfully
 #Resource=msg3proxyStoppedSuccessfully
 [ %s %s ] 3proxy stopped successfully!\\n
 #endResource=msg3proxyStoppedSuccessfully
 #Resource=msg3proxyProxyNotDetected
 Process "3proxy" is not detected!\\n
 #endResource=msg3proxyProxyNotDetected
 #Resource=msg3proxyStoppedByKillall
 [ %s %s ] Command "pkill -o 3proxy" was executed,
 because process number was not stored in "%s",
 but in fact 3proxy was runned!\\n
 #endResource=msg3proxyStoppedByKillall
 #Resource=msgPidFileExists
 File "%s" exists. It contains the PID: %s\\n
 #endResource=msgPidFileExists
 #Resource=msgPidFileNotExists
 File "%s" not found, that is, PID 3proxy was not stored!\\n
 #endResource=msgPidFileNotExists
 #Resource=msg3proxyProcessDetected
 Process 3proxy detected:\\n
 #endResource=msg3proxyProcessDetected
 #Resource=msg3proxyProcessNotDetected
 Processes of 3proxy is not found!\\n
 #endResource=msg3proxyProcessNotDetected
 #Resources_EN_end
 #Resources_RU
 #Resource=msg3proxyHelp
 Используйте:
 \t%s {start|stop|restart}
 или
 \tservice %s {start|stop|restart|status}\\n
 #endResource=msg3proxyHelp
 #Resource=msgConfigFileNotFound
 \aФайл конфигурации 3proxy - "%s", не найден!\\n
 #endResource=msgConfigFileNotFound
 #Resource=msgNoconfigDetected
 \aОбнаружен параметр "noconfig" в файле конфигурации 3proxy -
 "%s" !
 Для запуска 3proxy этот параметр нужно отключить.\\n
 #endResource=msgNoconfigDetected
 #Resource=msg3proxyAlreadyRunning
 \a3proxy уже запущен PID: %s\\n
 #endResource=msg3proxyAlreadyRunning
 #Resource=msg3proxyStartProblems
 \aСо стартом 3proxy, что-то не так!
 Используйте: service 3proxy status\\n
 #endResource=msg3proxyStartProblems
 #Resource=msg3proxyStartedSuccessfully
 [ %s %s ] 3proxy успешно стартовал! PID: %s\\n
 #endResource=msg3proxyStartedSuccessfully
 #Resource=msg3proxyStoppedSuccessfully
 [ %s %s ] 3proxy успешно остановлен!\\n
 #endResource=msg3proxyStoppedSuccessfully
 #Resource=msg3proxyProxyNotDetected
 Процесс "3proxy" не обнаружен!\\n
 #endResource=msg3proxyProxyNotDetected
 #Resource=msg3proxyStoppedByKillall
 [ %s %s ] Выполнена команда "pkill -o 3proxy",
 т.к. номер процесса не записан в "%s",
 но по факту 3proxy рабатал!\\n
 #endResource=msg3proxyStoppedByKillall
 #Resource=msgPidFileExists
 Файл "%s" есть. Он содержит PID: %s\\n
 #endResource=msgPidFileExists
 #Resource=msgPidFileNotExists
 Файл "%s" не найден, т.е. PID 3proxy не был сохранён!\\n
 #endResource=msgPidFileNotExists
 #Resource=msg3proxyProcessDetected
 Обнаружен процесс 3proxy:\\n
 #endResource=msg3proxyProcessDetected
 #Resource=msg3proxyProcessNotDetected
 Процессов 3proxy не обнаружено!\\n
 #endResource=msg3proxyProcessNotDetected
 #Resources_RU_end
 #endResource=InitScript
--- a/scripts/3proxy.cfg
+++ b/scripts/3proxy.cfg
@ -1,25 +1,4 @@
-nscache 65536
+#!/usr/local/bin/3proxy
 nserver 8.8.8.8
 nserver 8.8.4.4
-config /conf/3proxy.cfg
+#use standard syslog logging
-monitor /conf/3proxy.cfg
+log @3proxy
 log /logs/3proxy-%y%m%d.log D
 rotate 60
 counter /count/3proxy.3cf
 users $/conf/passwd
 include /conf/counters
 include /conf/bandlimiters
 auth strong
 deny * * 127.0.0.1
 allow *
 proxy -n
 socks
 flush
 allow admin
 admin -p8080
--- a/scripts/3proxy.cfg.inchroot
+++ b/scripts/3proxy.cfg.inchroot
@ -0,0 +1,25 @@
 nscache 65536
 nserver 8.8.8.8
 nserver 8.8.4.4
 config /conf/3proxy.cfg
 monitor /conf/3proxy.cfg
 log /logs/3proxy-%y%m%d.log D
 rotate 60
 counter /count/3proxy.3cf
 users $/conf/passwd
 include /conf/counters
 include /conf/bandlimiters
 auth strong
 deny * * 127.0.0.1
 allow *
 proxy -n
 socks
 flush
 allow admin
 admin -p8080
--- a/scripts/3proxy.service.in
+++ b/scripts/3proxy.service.in
@ -0,0 +1,23 @@
 [Unit]
 Description=3proxy tiny proxy server
 Documentation=man:3proxy(1)
 After=network.target
 [Service]
 Type=simple
 User=proxy
 Group=proxy
 Environment=CONFIGFILE=/etc/3proxy/3proxy.cfg
 ExecStart=@CMAKE_INSTALL_FULL_BINDIR@/3proxy ${CONFIGFILE}
 ExecReload=/bin/kill -SIGUSR1 $MAINPID
 KillMode=process
 Restart=on-failure
 RestartSec=60s
 LimitNOFILE=65536
 LimitNPROC=32768
 RuntimeDirectory=3proxy
 RuntimeDirectoryMode=0755
 [Install]
 WantedBy=multi-user.target
 Alias=3proxy.service
--- a/scripts/3proxy.tmpfiles.in
+++ b/scripts/3proxy.tmpfiles.in
@ -0,0 +1,3 @@
 # tmpfiles.d configuration for 3proxy
 # This creates the runtime directory for 3proxy
 d /run/3proxy 0755 proxy proxy -
--- a/scripts/debian/3proxy.manpages
+++ b/scripts/debian/3proxy.manpages
@ -1,10 +0,0 @@
 man/3proxy.8
 man/3proxy.cfg.3
 man/ftppr.8
 man/pop3p.8
 man/tlspr.8
 man/proxy.8
 man/smtpp.8
 man/socks.8
 man/tcppm.8
 man/udppm.8
--- a/scripts/debian/changelog
+++ b/scripts/debian/changelog
@ -1,24 +0,0 @@
 3proxy (0.9.5-1) buster; urgency=medium
  *3proxy 0.9.5 initial build
 -- z3APA3A <3apa3a@3proxy.org>  Sun, 09 Mar 2025 15:55:48 +0300
 3proxy (0.9.4-1) buster; urgency=medium
  *3proxy 0.9.4 initial build
 -- z3APA3A <3apa3a@3proxy.org>  Fri, 02 Jul 2021 00:47:00 +0300
 3proxy (0.9.3-1) buster; urgency=medium
  *3proxy 0.9.3 initial build
 -- z3APA3A <3apa3a@3proxy.org>  Thu, 03 Dec 2020 21:13:58 +0300
 3proxy (0.9.2-1) buster; urgency=medium
  *3proxy 0.9.2 initial build
 -- z3APA3A <3apa3a@3proxy.org>  Thu, 19 Nov 2020 19:19:19 +0300
--- a/scripts/debian/compat
+++ b/scripts/debian/compat
@ -1 +0,0 @@
 9
--- a/scripts/debian/conffiles
+++ b/scripts/debian/conffiles
@ -1,4 +0,0 @@
 /usr/local/3proxy/conf/3proxy.cfg
 /usr/local/3proxy/conf/add3proxyuser.sh
 /usr/local/3proxy/conf/bandlimiters
 /usr/local/3proxy/conf/counters
--- a/scripts/debian/control
+++ b/scripts/debian/control
@ -1,18 +0,0 @@
 Source: 3proxy
 Maintainer: z3APA3A <3apa3a@3proxy.org>
 Section: net
 Priority: optional
 Standards-Version: 4.0.0
 Build-Depends: debhelper (>=10)
 Homepage: https://3proxy.org/
 Vcs-Git: https://github.com/z3APA3A/3proxy
 Vcs-Browser: https://github.com/z3APA3A/3proxy
 Package: 3proxy
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Description: tiny free proxy server
 3Proxy tiny free proxy server is really tiny freeware proxy servers set. 
 It includes HTTP proxy with HTTPS and FTP support, SOCKSv4/SOCKSv4.5/SOCKSv5 proxy (socks/socks.exe), POP3 proxy, SMTP proxy, FTP proxy, caching DNS proxy, TCP and UDP portmappers.
 You can use every proxy as a standalone program (socks, proxy, tcppm, udppm, pop3p) or use combined program (3proxy). Combined proxy additionally supports features like access control, bandwidth limiting, limiting daily/weekly/monthly traffic amount, proxy chaining, log rotation, syslog and ODBC logging, etc.
 It's created to be small, simple and yet very functional. 
--- a/scripts/debian/copyright
+++ b/scripts/debian/copyright
@ -1,20 +0,0 @@
 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: 3proxy
 Upstream-Contact: 3proxy@3proxy.org
 Source: https://3proxy.org/
 Files: *
 Copyright: 2000-2020 3APA3A, Vladimir Dubrovin, 3proxy.org
 License: BSD-3-clause or Apache or GPL-2+ or LGPL-2+
 Files: src/libs/md*.*
 Copyright: 1990,1991,1992  RSA Data Security, Inc
 License: public-domain
 Files: src/libs/regex.*
 Copyright: Henry Spencer
 License: public-domain
 Files: src/libs/smbdes.c
 Copyright: Andrew Tridgell 1998
 License: GPL-2+
--- a/scripts/debian/postinst
+++ b/scripts/debian/postinst
@ -1,43 +0,0 @@
 if [ ! -f /usr/local/3proxy/conf/passwd ]; then \
 touch /usr/local/3proxy/conf/passwd;\
 fi
 chown -R proxy:proxy /usr/local/3proxy
 chmod 550  /usr/local/3proxy/
 chmod 550  /usr/local/3proxy/conf/
 chmod 440  /usr/local/3proxy/conf/*
 if /bin/systemctl >/dev/null 2>&1; then \
 /usr/sbin/update-rc.d 3proxy disable || true; \
 /usr/sbin/chkconfig 3proxy off || true; \
 /bin/systemctl enable 3proxy.service; \
 elif [ -x /usr/sbin/update-rc.d ]; then \
 /usr/sbin/update-rc.d 3proxy defaults; \
 /usr/sbin/update-rc.d 3proxy enable; \
 elif [ -x /usr/sbin/chkconfig ]; then \
 /usr/sbin/chkconfig 3proxy on; \
 fi
 echo ""
 echo 3proxy installed.
 if /bin/systemctl >/dev/null 2>&1; then \
 /bin/systemctl stop 3proxy.service \
 /bin/systemctl start 3proxy.service \
 echo use ;\
 echo "  "systemctl start 3proxy.service ;\
 echo to start proxy ;\
 echo "  "systemctl stop 3proxy.service ;\
 echo to stop proxy ;\
 elif [ -x /usr/sbin/service ]; then \
 /usr/sbin/service 3proxy stop  || true;\
 /usr/sbin/service 3proxy start  || true;\
 echo "  "service 3proxy start ;\
 echo to start proxy ;\
 echo "  "service 3proxy stop ;\
 echo to stop proxy ;\
 fi
 echo "  "/usr/local/3proxy/conf/add3proxyuser.sh
 echo to add users
 echo ""
 echo Default config uses Google\'s DNS.
 echo It\'s recommended to use provider supplied DNS or install local recursor, e.g. pdns-recursor.
 echo Configure preferred DNS in /usr/local/3proxy/conf/3proxy.cfg.
 echo run \'/usr/local/3proxy/conf/add3proxyuser.sh admin password\' to configure \'admin\' user
--- a/scripts/debian/preinst
+++ b/scripts/debian/preinst
@ -1,4 +0,0 @@
 if [ -x /usr/sbin/useradd ]; then \
 /usr/bin/getent group proxy >/dev/null || (/usr/sbin/groupadd -f -r proxy || true); \
 /usr/bin/getent passwd proxy >/dev/null || (/usr/sbin/useradd -Mr -s /bin/false -g proxy -c 3proxy proxy || true); \
 fi
--- a/scripts/debian/rules
+++ b/scripts/debian/rules
@ -1,16 +0,0 @@
 #!/usr/bin/make -f
 %:
 	dh $@
 override_dh_auto_build:
 	ln -s Makefile.Linux Makefile || true
 	dh_auto_build
 override_dh_auto_clean:
 	find src/ -type f -name "*.o" -delete
 	find src/ -type f -name "Makefile.var" -delete
 	find bin/ -type f -executable -delete
 	rm -f Makefile
 override_dh_usrlocal:
--- a/scripts/debian/source/format
+++ b/scripts/debian/source/format
@ -1 +0,0 @@
 3.0 (quilt)
--- a/scripts/init.d/3proxy.in
+++ b/scripts/init.d/3proxy.in
@ -0,0 +1,109 @@
 #!/bin/sh
 ### BEGIN INIT INFO
 # Provides:          3proxy
 # Required-Start:    $network $local_fs
 # Required-Stop:     $network $local_fs
 # Should-Start:
 # Should-Stop:
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: Start/stop 3proxy
 # Description:       Start/stop 3proxy, tiny proxy server
 ### END INIT INFO
 # chkconfig: 2345 20 80
 # description: 3proxy tiny proxy server
 DAEMON=@CMAKE_INSTALL_FULL_BINDIR@/3proxy
 CONFIGFILE=/etc/3proxy/3proxy.cfg
 PIDFILE=/var/run/3proxy/3proxy.pid
 USER=proxy
 GROUP=proxy
 # Source function library if available
 if [ -f /etc/init.d/functions ]; then
    . /etc/init.d/functions
 fi
 case "$1" in
   start)
       echo -n "Starting 3Proxy: "
       if [ ! -d /var/run/3proxy ]; then
           mkdir -p /var/run/3proxy
           chown $USER:$GROUP /var/run/3proxy 2>/dev/null || true
       fi
       if command -v start-stop-daemon >/dev/null 2>&1; then
           # Debian/Ubuntu style
           start-stop-daemon --start --quiet --pidfile $PIDFILE \
               --chuid $USER:$GROUP --exec $DAEMON -- $CONFIGFILE
       elif [ -f /etc/init.d/functions ]; then
           # RedHat/CentOS style
           daemon --user=$USER $DAEMON $CONFIGFILE
       else
           # Fallback
           su -s /bin/sh $USER -c "$DAEMON $CONFIGFILE"
       fi
       RETVAL=$?
       echo
       [ $RETVAL = 0 ] && touch /var/lock/subsys/3proxy
       ;;
   stop)
       echo -n "Stopping 3Proxy: "
       if command -v start-stop-daemon >/dev/null 2>&1; then
           # Debian/Ubuntu style
           start-stop-daemon --stop --quiet --pidfile $PIDFILE
       elif [ -f /etc/init.d/functions ]; then
           # RedHat/CentOS style
           killproc -p $PIDFILE $DAEMON
       else
           # Fallback
           if [ -f $PIDFILE ]; then
               kill `cat $PIDFILE` 2>/dev/null
           else
               killall 3proxy 2>/dev/null
           fi
       fi
       RETVAL=$?
       echo
       [ $RETVAL = 0 ] && rm -f /var/lock/subsys/3proxy
       ;;
   restart|reload)
       echo -n "Reloading 3Proxy: "
       if [ -f $PIDFILE ]; then
           kill -s USR1 `cat $PIDFILE` 2>/dev/null
           RETVAL=$?
       else
           echo "PID file not found, cannot reload"
           RETVAL=1
       fi
       echo
       ;;
   status)
       if command -v status >/dev/null 2>&1; then
           status -p $PIDFILE $DAEMON
       elif [ -f $PIDFILE ]; then
           if kill -0 `cat $PIDFILE` 2>/dev/null; then
               echo "3proxy is running (pid `cat $PIDFILE`)"
               RETVAL=0
           else
               echo "3proxy is dead but pid file exists"
               RETVAL=1
           fi
       else
           echo "3proxy is not running"
           RETVAL=3
       fi
       ;;
   *)
       echo "Usage: $0 {start|stop|restart|reload|status}"
       exit 1
 esac
 exit ${RETVAL:-0}
--- a/scripts/install-unix.sh
+++ b/scripts/install-unix.sh
@ -1,22 +0,0 @@
 #!/bin/sh
 cd ..
 cp Makefile.unix Makefile
 make
 if [ ! -d /usr/local/etc/3proxy/bin ]; then mkdir -p /usr/local/etc/3proxy/bin/; fi
 install bin/3proxy /usr/local/bin/3proxy
 install bin/mycrypt /usr/local/bin/mycrypt
 install scripts/rc.d/proxy.sh /usr/local/etc/rc.d/proxy.sh
 install scripts/add3proxyuser.sh /usr/local/etc/3proxy/bin/
 if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then
 echo /usr/local/etc/3proxy/3proxy.cfg already exists
 else
 install scripts/3proxy.cfg /usr/local/etc/3proxy/
 if [ ! -d /var/log/3proxy/ ]; then
  mkdir /var/log/3proxy/
 fi
 touch /usr/local/etc/3proxy/passwd
 touch /usr/local/etc/3proxy/counters
 touch /usr/local/etc/3proxy/bandlimiters
 echo Run /usr/local/etc/3proxy/bin/add3proxyuser.sh to add \'admin\' user
 fi
--- a/scripts/org.3proxy.3proxy.plist.in
+++ b/scripts/org.3proxy.3proxy.plist.in
@ -0,0 +1,35 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
    <key>Label</key>
    <string>org.3proxy.3proxy</string>
    <key>ProgramArguments</key>
    <array>
        <string>@CMAKE_INSTALL_FULL_BINDIR@/3proxy</string>
        <string>/etc/3proxy/3proxy.cfg</string>
    </array>
    <key>UserName</key>
    <string>proxy</string>
    <key>GroupName</key>
    <string>proxy</string>
    <key>RunAtLoad</key>
    <true/>
    <key>KeepAlive</key>
    <true/>
    <key>StandardOutPath</key>
    <string>/var/log/3proxy.log</string>
    <key>StandardErrorPath</key>
    <string>/var/log/3proxy.log</string>
    <key>SoftResourceLimits</key>
    <dict>
        <key>NumberOfFiles</key>
        <integer>65536</integer>
    </dict>
    <key>HardResourceLimits</key>
    <dict>
        <key>NumberOfFiles</key>
        <integer>65536</integer>
    </dict>
 </dict>
 </plist>
--- a/Show More
+++ b/Show More
`@ -1,2 +1,2 @@`

	`<H2><A href="hotoe.html">See HowTo:</a></H2>`	`<H2><A href="howtoe.html">See HowTo:</a></H2>`
`@ -1,2 +1,2 @@`

	`<H2><A href="hotoe.html">См. HowTo</a></H2>`	`<H2><A href="howtoe.html">См. HowTo</a></H2>`