1TINYPROXY.CONF(5) Tinyproxy manual TINYPROXY.CONF(5)
2
3
4
6 tinyproxy.conf - Tinyproxy HTTP proxy daemon configuration file
7
9 tinyproxy.conf
10
12 tinyproxy(8) reads its configuration file, typically stored in
13 /etc/tinyproxy/tinyproxy.conf (or passed to Tinyproxy with -c on the
14 command line). This manpage describes the syntax and contents of the
15 configuration file.
16
17 The Tinyproxy configuration file contains key-value pairs, one per
18 line. Lines starting with # and empty lines are comments and are
19 ignored. Keywords are case-insensitive, whereas values are
20 case-sensitive. Values may be enclosed in double-quotes (") if they
21 contain spaces.
22
23 The possible keywords and their descriptions are as follows:
24
25 User
26 The user which the Tinyproxy process should run as, after the
27 initial port-binding has been done as the root user. Either the
28 user name or the UID may be specified.
29
30 Group
31 The group which the Tinyproxy process should run as, after the
32 initial port-binding has been done as the root user. Either the
33 group name or the GID may be specified.
34
35 Port
36 The port which the Tinyproxy service will listen on. If the port is
37 less than 1024, you will need to start the Tinyproxy process as the
38 root user.
39
40 Listen
41 By default, Tinyproxy listens for connections on all available
42 interfaces (i.e. it listens on the wildcard address 0.0.0.0). With
43 this configuration parameter, Tinyproxy can be told to listen only
44 on one specific address.
45
46 Bind
47 This allows you to specify which address Tinyproxy will bind to for
48 outgoing connections to web servers or upstream proxies.
49
50 BindSame
51 If this boolean parameter is set to yes, then Tinyproxy will bind
52 the outgoing connection to the IP address of the incoming
53 connection that triggered the outgoing request.
54
55 Timeout
56 The maximum number of seconds of inactivity a connection is allowed
57 to have before it is closed by Tinyproxy.
58
59 ErrorFile
60 This parameter controls which HTML file Tinyproxy returns when a
61 given HTTP error occurs. It takes two arguments, the error number
62 and the location of the HTML error file.
63
64 DefaultErrorFile
65 This parameter controls the HTML template file returned when an
66 error occurs for which no specific error file has been set.
67
68 StatHost
69 This configures the host name or IP address that is treated as the
70 stat host: Whenever a request for this host is received, Tinyproxy
71 will return an internal statistics page instead of forwarding the
72 request to that host. The template for this page can be configured
73 with the StatFile configuration option. The default value of
74 StatHost is tinyproxy.stats.
75
76 StatFile
77 This configures the HTML file that Tinyproxy sends when a request
78 for the stathost is received. If this parameter is not set,
79 Tinyproxy returns a hard-coded basic statistics page. See the
80 STATHOST section in the tinyproxy(8) manual page for details.
81
82 Note that the StatFile and the error files configured with
83 ErrorFile and DefaultErrorFile are template files that can contain
84 a few template variables that Tinyproxy expands prior to delivery.
85 Examples are "{cause}" for an abbreviated error description and
86 "{detail}" for a detailed error message. The tinyproxy(8) manual
87 page contains a description of all template variables.
88
89 LogFile
90 This controls the location of the file to which Tinyproxy writes
91 its debug output. Alternatively, Tinyproxy can log to syslog — see
92 the Syslog option.
93
94 Syslog
95 When set to On, this option tells Tinyproxy to write its debug
96 messages to syslog instead of to a log file configured with
97 LogFile. These two options are mutually exclusive.
98
99 LogLevel
100 Sets the log level. Messages from the set level and above are
101 logged. For example, if the LogLevel was set to Warning, then all
102 log messages from Warning to Critical would be output, but Notice
103 and below would be suppressed. Allowed values are:
104
105 · Critical (least verbose)
106
107 · Error
108
109 · Warning
110
111 · Notice
112
113 · Connect (log connections without Info’s noise)
114
115 · Info (most verbose)
116
117 PidFile
118 This option controls the location of the file where the main
119 Tinyproxy process stores its process ID for signaling purposes.
120
121 XTinyproxy
122 Setting this option to Yes tells Tinyproxy to add a header
123 X-Tinyproxy containing the client’s IP address to the request.
124
125 Upstream, No Upstream
126 This option allows you to set up a set of rules for deciding
127 whether an upstream proxy server is to be used, based on the host
128 or domain of the site being accessed. The rules are stored in the
129 order encountered in the configuration file and the LAST matching
130 rule wins. There are three possible forms for specifying upstream
131 rules:
132
133 · upstream host:port turns proxy upstream support on generally.
134
135 · upstream host:port "site_spec" turns on the upstream proxy for
136 the sites matching site_spec.
137
138 · no upstream "site_spec" turns off upstream support for sites
139 matching site_spec.
140
141 The site can be specified in various forms as a hostname, domain
142 name or as an IP range:
143
144 · name matches host exactly
145
146 · .name matches any host in domain "name"
147
148 · . matches any host with no domain (in empty domain)
149
150 · IP/bits matches network/mask
151
152 · IP/mask matches network/mask
153
154 MaxClients
155 Tinyproxy creates one child process for each connected client. This
156 options specifies the absolute highest number processes that will
157 be created. With other words, only MaxClients clients can be
158 connected to Tinyproxy simultaneously.
159
160 MinSpareServers, MaxSpareServers
161 Tinyproxy always keeps a certain number of idle child processes so
162 that it can handle new incoming client requests quickly.
163 MinSpareServer and MaxSpareServers control the lower and upper
164 limits for the number of spare processes. I.e. when the number of
165 spare servers drops below MinSpareServers then Tinyproxy will start
166 forking new spare processes in the background and when the number
167 of spare processes exceeds MaxSpareServers then Tinyproxy will kill
168 off extra processes.
169
170 StartServers
171 The number of servers to start initially. This should usually be
172 set to a value between MinSpareServers and MaxSpareServers.
173
174 MaxRequestsPerChild
175 This limits the number of connections that a child process will
176 handle before it is killed. The default value is 0 which disables
177 this feature. This option is meant as an emergency measure in the
178 case of problems with memory leakage. In that case, setting
179 MaxRequestsPerChild to a value of e.g. 1000, or 10000 can be
180 useful.
181
182 Allow, Deny
183 The Allow and Deny options provide a means to customize which
184 clients are allowed to access Tinyproxy. Allow and Deny lines can
185 be specified multiple times to build the access control list for
186 Tinyproxy. The order in the config file is important. If there are
187 no Allow or Deny lines, then all clients are allowed. Otherwise,
188 the default action is to deny access. The argument to Allow or Deny
189 can be a single IP address of a client host, like 127.0.0.1, an IP
190 address range, like 192.168.0.1/24 or a string that will be matched
191 against the end of the client host name, i.e, this can be a full
192 host name like host.example.com or a domain name like .example.com
193 or even a top level domain name like .com.
194
195 AddHeader
196 Configure one or more HTTP request headers to be added to outgoing
197 HTTP requests that Tinyproxy makes. Note that this option will not
198 work for HTTPS traffic, as Tinyproxy has no control over what
199 headers are exchanged.
200
201 AddHeader "X-My-Header" "Powered by Tinyproxy"
202
203 ViaProxyName
204 RFC 2616 requires proxies to add a Via header to the HTTP requests,
205 but using the real host name can be a security concern. If the
206 ViaProxyname option is present, then its string value will be used
207 as the host name in the Via header. Otherwise, the server’s host
208 name will be used.
209
210 DisableViaHeader
211 When this is set to yes, Tinyproxy does NOT add the Via header to
212 the requests. This virtually puts Tinyproxy into stealth mode. Note
213 that RFC 2616 requires proxies to set the Via header, so by
214 enabling this option, you break compliance. Don’t disable the Via
215 header unless you know what you are doing...
216
217 Filter
218 Tinyproxy supports filtering of web sites based on URLs or domains.
219 This option specifies the location of the file containing the
220 filter rules, one rule per line.
221
222 FilterURLs
223 If this boolean option is set to Yes or On, filtering is performed
224 for URLs rather than for domains. The default is to filter based on
225 domains.
226
227 FilterExtended
228 If this boolean option is set to Yes, then extended POSIX regular
229 expressions are used for matching the filter rules. The default is
230 to use basic POSIX regular expressions.
231
232 FilterCaseSensitive
233 If this boolean option is set to Yes, then the filter rules are
234 matched in a case sensitive manner. The default is to match
235 case-insensitively.
236
237 FilterDefaultDeny
238 The default filtering policy is to allow everything that is not
239 matched by a filtering rule. Setting FilterDefaultDeny to Yes
240 changes the policy do deny everything but the domains or URLs
241 matched by the filtering rules.
242
243 Anonymous
244 If an Anonymous keyword is present, then anonymous proxying is
245 enabled. The headers listed with Anonymous are allowed through,
246 while all others are denied. If no Anonymous keyword is present,
247 then all headers are allowed through. You must include quotes
248 around the headers.
249
250 Most sites require cookies to be enabled for them to work
251 correctly, so you will need to allow cookies through if you access
252 those sites.
253
254 Example:
255
256 Anonymous "Host"
257 Anonymous "Authorization"
258 Anonymous "Cookie"
259
260 ConnectPort
261 This option can be used to specify the ports allowed for the
262 CONNECT method. If no ConnectPort line is found, then all ports are
263 allowed. To disable CONNECT altogether, include a single
264 ConnectPort line with a value of 0.
265
266 ReversePath
267 Configure one or more ReversePath directives to enable reverse
268 proxy support. With reverse proxying it’s possible to make a number
269 of sites appear as if they were part of a single site.
270
271 If you uncomment the following two directives and run Tinyproxy on
272 your own computer at port 8888, you can access example.com, using
273 http://localhost:8888/example/.
274
275 ReversePath "/example/" "http://www.example.com/"
276
277 ReverseOnly
278 When using Tinyproxy as a reverse proxy, it is STRONGLY recommended
279 that the normal proxy is turned off by setting this boolean option
280 to Yes.
281
282 ReverseMagic
283 Setting this option to Yes, makes Tinyproxy use a cookie to track
284 reverse proxy mappings. If you need to reverse proxy sites which
285 have absolute links you must use this option.
286
287 ReverseBaseURL
288 The URL that is used to access this reverse proxy. The URL is used
289 to rewrite HTTP redirects so that they won’t escape the proxy. If
290 you have a chain of reverse proxies, you’ll need to put the
291 outermost URL here (the address which the end user types into
292 his/her browser). If this option is not set then no rewriting of
293 redirects occurs.
294
296 To report bugs in Tinyproxy, please visit
297 <https://www.banu.com/tinyproxy/>.
298
300 tinyproxy(8)
301
303 Written by the Tinyproxy project team.
304
306 Copyright (c) 1998-2000 Steven Young; Copyright (c) 2000-2001 Robert
307 James Kaes; Copyright (c) 2009-2010 Mukund Sivaraman; Copyright (c)
308 2009-2010 Michael Adam.
309
310 This program is distributed under the terms of the GNU General Public
311 License version 2 or above. See the COPYING file for additional
312 information.
313
314
315
316Version 1.8.2 06/05/2010 TINYPROXY.CONF(5)