13proxy.cfg(3) Universal proxy server 3proxy.cfg(3)
2
3
4
6 3proxy.cfg - 3proxy configuration file
7
9 Common structure:
10 Configuration file is a text file 3proxy reads configuration from.
11 Each line of the file is a command executed immediately, as it was
12 given from console. Sequence of commands is important. Configuration
13 file as actually a script for 3proxy executable. Each line of the file
14 is treated as a blank (space or tab) separated command line. Additional
15 space characters are ignored. Think about 3proxy as "application level
16 router" with console interface.
17
18 Comments:
19 Any string beginning with space character or ´#´ character is comment.
20 It´s ignored. <LF>s are ignored. <CR> is end of command.
21
22 Quotation:
23 Quotation character is " (double quote). Quotation must be used to
24 quote spaces or another special characters. To use quotation character
25 inside quotation character must be dubbed (BASIC convention). For exam‐
26 ple to use HELLO "WORLD" as an argument you should use it as "HELLO
27 ""WORLD""". Good practice is to quote any argument you use.
28
29 File inclusion:
30 You can include file by using $FILENAME macro (replace FILENAME with a
31 path to file, for example $/usr/local/etc/3proxy/conf.incl or
32 $"c:\Program Files\3proxy\include.cfg" Quotation is required in last
33 example because path contains space character. For included file <CR>
34 (end of line characters) is treated as space character (arguments
35 delimiter instead of end of command delimiter). Thus, include files
36 are only useful to store long signle-line commands (like userlist, net‐
37 work lists, etc). To use dollar sign somewhere in argument it must be
38 quoted. Recursion is not allowed.
39
40 Next commands start gateway services:
41
42 proxy [options]
43 socks [options]
44 pop3p [options]
45 ftppr [options]
46 admin [options]
47 dnspr [options]
48 tcppm [options] <SRCPORT> <DSTADDR> <DSTPORT>
49 udppm [options] <SRCPORT> <DSTADDR> <DSTPORT>
50 Descriptions:
51 proxy - HTTP/HTTPS proxy (default port 3128)
52 socks - SOCKS 4/4.5/5 proxy (default port 1080)
53 pop3p - POP3 proxy (default port 110)
54 ftppr - FTP proxy (default port 21)
55 admin - Web interface (default port 80)
56 dnspr - caching DNS proxy (default port 53)
57 tcppm - TCP portmapper
58 udppm - UDP portmapper
59
60 Options:
61 -pNUMBER change default server port to NUMBER
62 -n disable NTLM authentication (required if passwords are stored in
63 Unix crypt format.
64 -n1 enable NTLMv1 authentication.
65 -s (for admin) - secure, allow only secure operations (currently only
66 traffic counters view without ability to reset).
67 (for dnspr) - simple, do not use 'resolver' and 3proxy cache, always
68 use external DNS server.
69 (for udppm) - singlepacket, expect only one packet from both client and
70 server
71 -u Never ask for username/password
72 -u2 (socks) require username/password in authentication methods
73 -a (for proxy) - anonymous proxy (no information about client reported)
74 -a1 (for proxy) - anonymous proxy (random client information reported)
75 -a2 (for proxy) - generate Via: and X-Forwared-For: instead of For‐
76 warded:
77 -6 Only resolve IPv6 addresses. IPv4 addresses are packed in IPv6 in
78 IPV6_V6ONLY compatible way.
79 -4 Only resolve IPv4 addresses
80 -46 Resolve IPv6 addresses if IPv4 address is not resolvable
81 -64 Resolve IPv4 addresses if IPv6 address is not resolvable
82 -RHOST:port listen on given local HOST:port for incoming connections
83 instead of making remote outgoing connection. Can be used with another
84 3proxy service running -r option for connect back functionality. Most
85 commonly used with tcppm. HOST can be given as IP or hostname, useful
86 in case of dynamic DNS.
87 -rHOST:port connect to given remote HOST:port instead of listening
88 local connection on -p or default port. Can be used with another 3proxy
89 service running -R option for connect back functionality. Most commonly
90 used with proxy or socks. HOST can be given as IP or hostname, useful
91 in case of dynamic DNS.
92 Also, all options mentioned for proxy(8) socks(8) pop3p(8) tcppm(8)
93 udppm(8) ftppr(8)
94 are also supported.
95 Portmapping services listen at SRCPORT and connect to DSTADDR:DSTPORT
96 HTTP and SOCKS proxies are standard.
97 POP3 proxy must be configured as POP3 server and requires username in
98 the form of: pop3username@pop3server. If POP3 proxy access must be
99 authenticated, you can specify username as proxy_username:proxy_pass‐
100 word:POP3_username@pop3server
101 DNS proxy resolves any types of records but only hostnames are cached.
102 It requires nserver/nscache to be configured. If nserver is configured
103 as TCP, redirections are applied on connection, so parent proxy may be
104 used to resolve names to IP.
105 FTP proxy can be used as FTP server in any FTP client or configured as
106 FTP proxy on a client with FTP proxy support. Username format is one of
107 FTPuser@FTPServer
108 FTPuser:FTPpassword@FTPserver
109 proxyuser:proxypassword:FTPuser:FTPpassword@FTPserver
110 Please note, if you use FTP client interface for FTP proxy do not add
111 FTPpassword and FTPServer to username, because FTP client does it for
112 you. That is, if you use 3proxy with authentication use proxyuser:prox‐
113 ypassword:FTPuser as FTP username, otherwise do not change original FTP
114 user name
115
116 include <path>
117 Include config file
118
119 config <path>
120 Path to configuration file to use on 3proxy restart or to save config‐
121 uration.
122
123 writable
124 ReOpens configuration file for write access via Web interface, and re-
125 reads it. Usually should be first command on config file but in combi‐
126 nation with "config" it can be used anywhere to open alternate config
127 file. Think twice before using it.
128
129 end
130 End of configuration
131
132 log [[@|&]logfile] [<LOGTYPE>]
133 sets logfile for all gateways
134 @ - (for Unix) use syslog, filename is used as ident name
135 & - use ODBC, filename consists of comma-delimited datasource,user‐
136 name,password (username and password are optional)
137 LOGTYPE is one of:
138 M - Monthly
139 W - Weekly (starting from Sunday)
140 D - Daily
141 H - Hourly
142 if logfile is not specified logging goes to stdout. You can specify
143 individual logging options for gateway by using -l option in gateway
144 configuration.
145 "log" command supports same format specifications for filename tem‐
146 plate as "logformat" (if filename contains '%' sign it's believed to be
147 template). As with "logformat" filename must begin with 'L' or 'G' to
148 specify Local or Grinwitch time zone for all time-based format specifi‐
149 cators.
150
151 rotate <n>
152 how many archived log files to keep
153
154 logformat <format>
155 Format for log record. First symbol in format must be L (local time)
156 or G (absolute Grinwitch time). It can be preceeded with -XXX+Y where
157 XXX is list of characters to be filtered in user input (any non-print‐
158 able characters are filtered too in this case) and Y is replacement
159 character. For example, "-,%+ L" in the beginning of logformat means
160 comma and percent are replaced with space and all time based elemnts
161 are in local time zone.
162 You can use:
163
164 %y - Year in 2 digit format
165 %Y - Year in 4 digit format
166 %m - Month number
167 %o - Month abbriviature
168 %d - Day
169 %H - Hour
170 %M - Minute
171 %S - Second
172 %t - Timstamp (in seconds since 01-Jan-1970)
173 %. - milliseconds
174 %z - timeZone (from Grinvitch)
175 %D - request duration (in milliseconds)
176 %b - average send rate per request (in Bytes per second) this speed
177 is typically below connection speed shown by download manager.
178 %B - average receive rate per request (in Bytes per second) this
179 speed is typically below connection speed shown by download manager.
180 %U - Username
181 %N - service Name
182 %p - service Port
183 %E - Error code
184 %C - Client IP
185 %c - Client port
186 %R - Remote IP
187 %r - Remote port
188 %e - External IP used to establish connection
189 %Q - Requested IP
190 %q - Requested port
191 %n - requested hostname
192 %I - bytes In
193 %O - bytes Out
194 %h - Hops (redirections) count
195 %T - service specific Text
196 %N1-N2T - (N1 and N2 are positive numbers) - log only fields from N1
197 thorugh N2 of service specific text
198 in case of ODBC logging logformat specifies SQL statement, for exmam‐
199 ple:
200 logformat "-'+_Linsert into log (l_date, l_user, l_service, l_in,
201 l_out, l_descr) values ('%d-%m-%Y %H:%M:%S', '%U', '%N', %I, %O, '%T')"
202
203 logdump <in_traffic_limit> <out_traffic_limit>
204 Immediately creates additional log records if given amount of incom‐
205 ing/outgoing traffic is achieved for connection, without waiting for
206 connection to finish. It may be useful to prevent information about
207 long-lasting downloads on server shutdown.
208
209 archiver <ext> <commandline>
210 Archiver to use for log files. <ext> is file extension produced by
211 archiver. Filename will be last argument to archiver, optionally you
212 can use %A as produced archive name and %F as filename.
213
214 timeouts <BYTE_SHORT> <BYTE_LONG> <STRING_SHORT> <STRING_LONG> <CONNEC‐
215 TION_SHORT> <CONNECTION_LONG> <DNS> <CHAIN>
216 Sets timeout values
217 BYTE_SHORT - short timeout for single byte, is usually used for
218 receiving single byte from stream.
219 BYTE_LONG - long timeout for single byte, is usually used for receiv‐
220 ing first byte in frame (for example first byte in socks request).
221 STRING_SHORT - short timeout, for character string within stream (for
222 example to wait between 2 HTTP headers)
223 STRING_LONG - long timeout, for first string in stream (for example
224 to wait for HTTP request).
225 CONNECTION_SHORT - inactivity timeout for short connections (HTTP,
226 POP3, etc).
227 CONNECTION_LONG - inactivity timeout for long connection (SOCKS,
228 portmappers, etc).
229 DNS - timeout for DNS request before requesting next server
230 CHAIN - timeout for reading data from chained connection
231
232 nserver <ipaddr>[:port][/tcp]
233 Nameserver to use for name resolutions. If none specified or name
234 server fails system routines for name resolution will be used. It's
235 better to specify nserver because gethostbyname() may be thread unsafe.
236 Optional port number may be specified. If optional /tcp is added to IP
237 address, name resolution will be performed over TCP.
238
239 nscache <cachesize> nscache6 <cachesize>
240 Cache <cachesize> records for name resolution (nscache for IPv4,
241 nscache6 for IPv6). Cachesize usually should be large enougth (for
242 example 65536).
243
244 nsrecord <hostname> <hostaddr>
245 Adds static record to nscache. nscache must be enabled. If 0.0.0.0 is
246 used as a hostaddr host will never resolve, it can be used to blacklist
247 something or together with dialer command to set up UDL for dialing.
248
249 fakeresolve
250 All names are resolved to 127.0.0.2 address. Usefull if all requests
251 are redirected to parent proxy with http, socks4+, connect+ or socks5+.
252
253 dialer <progname>
254 Execute progname if external name can't be resolved. Hint: if you use
255 nscache, dialer may not work, because names will be resolved through
256 cache. In this case you can use something like http://dial.right.now/
257 from browser to set up connection.
258
259
260 internal <ipaddr>
261 sets ip address of internal interface. This IP address will be used to
262 bind gateways. Alternatively you can use -i option for individual gate‐
263 ways. Since 0.8 version, IPv6 address may be used.
264
265 external <ipaddr>
266 sets ip address of external interface. This IP address will be source
267 address for all connections made by proxy. Alternatively you can use -e
268 option to specify individual address for gateway. Since 0.8 version
269 External or -e can be given twice: once with IPv4 and once with IPv6
270 address.
271
272 maxconn <number>
273 sets maximum number of simulationeous connections to each services
274 started after this command. Default is 100.
275
276 service
277 (depricated). Indicates 3proxy to behave as Windows 95/98/NT/2000/XP
278 service, no effect for Unix. Not required for 3proxy 0.6 and above. If
279 you upgraded from previous version of 3proxy use --remove and --install
280 to reinstall service.
281
282 daemon
283 Should be specified to close console. Do not use 'daemon' with 'ser‐
284 vice'. At least under FreeBSD 'daemon' should preceed any proxy ser‐
285 vice and log commands to avoid sockets problem. Always place it in the
286 beginning of the configuration file.
287
288 auth <authtype> [...]
289 Type of user authorization. Currently supported:
290 none - no authentication or authorization required.
291 Note: is auth is none any ip based limitation, redirection, etc will
292 not work. This is default authentication type
293 iponly - authentication by access control list with username ignored.
294 Appropriate for most cases
295 useronly - authentication by username without checking for any pass‐
296 word with authorization by ACLs. Useful for e.g. SOCKSv4 proxy and
297 icqpr (icqpr set UIN / AOL screen name as a username)
298 dnsname - authentication by DNS hostnname with authorization by ACLs.
299 DNS hostname is resolved via PTR (reverse) record and validated
300 (resolved name must resolve to same IP address). It's recommended to
301 use authcache by ip for this authentication. NB: there is no any pass‐
302 word check, name may be spoofed.
303 strong - username/password authentication required. It will work with
304 SOCKSv5, FTP, POP3 and HTTP proxy.
305 cache - cached authentication, may be used with 'authcache'.
306 Plugins may add additional authentication types.
307
308 It's possible to use few authentication types in the same commands.
309 E.g.
310 auth iponly strong
311 In this case 'strong' authentication will be used only in case
312 resource access can not be performed with 'iponly' authentication, that
313 is username is required in ACL. It's usefull to protect access to some
314 resources with password allowing passwordless access to another
315 resources, or to use IP-based authentication for dedicated laptops and
316 request username/password for shared ones.
317
318 authcache <cachtype> <cachtime>
319 Cache authentication information to given amount of time (cachetime)
320 in seconds. Cahtype is one of:
321 ip - after successful authentication all connections during caching
322 time from same IP are assigned to the same user, username is not
323 requested.
324 ip,user username is requested and all connections from the same IP
325 are assigned to the same user without actual authentication.
326 user - same as above, but IP is not checked.
327 user,password - both username and password are checked against cached
328 ones.
329 Use auth type 'cache' for cached authentication
330
331 allow <userlist> <sourcelist> <targetlist> <targetportlist> <opera‐
332 tionlist> <weekdayslist> <timeperiodslist>
333 deny <userlist> <sourcelist> <targetlist> <targetportlist> <opera‐
334 tionlist> <weekdayslist> <timeperiodslist>
335 Access control entries. All lists are comma-separated, no spaces are
336 allowed. Usernames are case sensitive (if used with authtype nbname
337 username must be in uppercase). Source and target lists may contain IP
338 addresses (W.X.Y.Z), ranges A.B.C.D - W.X.Y.Z (since 0.8) or CIDRs
339 (W.X.Y.Z/L). Since 0.6, targetlist may also contain host names, instead
340 of addresses. It's possible to use wildmask in the begginning and in
341 the the end of hostname, e.g. *badsite.com or *badcontent*. Hostname is
342 only checked if hostname presents in request. Targetportlist may con‐
343 tain ports (X) or port ranges lists (X-Y). For any field * sign means
344 "ANY" If access list is empty it's assumed to be
345 allow *
346 If access list is not empty last item in access list is assumed to be
347 deny *
348 You may want explicitly add "deny *" to the end of access list to pre‐
349 vent HTTP proxy from requesting user's password. Access lists are
350 checked after user have requested any resource. If you want 3proxy to
351 reject connections from specific addresses immediately without any con‐
352 ditions you should either bind proxy to appropriate interface only or
353 to use ip filters.
354
355 Operation is one of:
356 CONNECT - establish outgoing TCP connection
357 BIND - bind TCP port for listening
358 UDPASSOC - make UDP association
359 ICMPASSOC - make ICMP association (for future use)
360 HTTP_GET - HTTP GET request
361 HTTP_PUT - HTTP PUT request
362 HTTP_POST - HTTP POST request
363 HTTP_HEAD - HTTP HEAD request
364 HTTP_CONNECT - HTTP CONNECT request
365 HTTP_OTHER - over HTTP request
366 HTTP - matches any HTTP request except HTTP_CONNECT
367 HTTPS - same as HTTP_CONNECT
368 FTP_GET - FTP get request
369 FTP_PUT - FTP put request
370 FTP_LIST - FTP list request
371 FTP_DATA - FTP data connection. Note: FTP_DATA requires access to
372 dynamic non-ptivileged (1024-65535) ports on remote side.
373 FTP - matches any FTP/FTP Data request
374 ADMIN - access to administration interface
375 Weeksdays are week days numbers or periods, 0 or 7 means Sunday, 1 is
376 Monday, 1-5 means Monday through Friday. Timeperiodlists is a list of
377 time periods in HH:MM:SS-HH:MM:SS format. For example,
378 00:00:00-08:00:00,17:00:00-24:00:00 lists non-working hours.
379 parent <weight> <type> <ip> <port> <username> <password>
380 this command must follow "allow" rule. It extends last allow rule to
381 build proxy chain. Proxies may be grouped. Proxy inside the group is
382 selected randomly. If few groups are specified one proxy is randomly
383 picked from each group and chain of proxies is created (that is second
384 proxy connected through first one and so on). Weight is used to group
385 proxies. Weigt is a number between 1 and 1000. Weights are summed and
386 proxies are grouped together untill weight of group is 1000. That is:
387 allow *
388 parent 500 socks5 192.168.10.1 1080
389 parent 500 connect 192.168.10.1 3128
390 makes 3proxy to randomly choose between 2 proxies for all outgoing
391 connections. These 2 proxies form 1 group (summarized weight is 1000).
392 allow * * * 80
393 parent 1000 socks5 192.168.10.1 1080
394 parent 1000 connect 192.168.20.1 3128
395 parent 300 socks4 192.168.30.1 1080
396 parent 700 socks5 192.168.40.1 1080
397 creates chain of 3 proxies: 192.168.10.1, 192.168.20.1 and third is
398 (192.168.30.1 with probability of 0.3 or 192.168.40.1 with probability
399 of 0.7) for outgoing web connections.
400
401 type is one of:
402 tcp - simply redirect connection. TCP is always last in chain.
403 http - redirect to HTTP proxy. HTTP is always last chain.
404 pop3 - redirect to POP3 proxy (only local redirection is supported,
405 can not be used for chaining)
406 ftp - redirect to FTP proxy (only local redirection is supported, can
407 not be used for chaining)
408 connect - parent is HTTP CONNECT method proxy
409 connect+ - parent is HTTP CONNECT proxy with name resolution
410 socks4 - parent is SOCKSv4 proxy
411 socks4+ - parent is SOCKSv4 proxy with name resolution (SOCKSv4a)
412 socks5 - parent is SOCKSv5 proxy
413 socks5+ - parent is SOCKSv5 proxy with name resolution
414 socks4b - parent is SOCKS4b (broken SOCKSv4 implementation with
415 shortened server reply. I never saw this kind ofservers byt they say
416 there are). Normally you should not use this option. Do not mess this
417 option with SOCKSv4a (socks4+).
418 socks5b - parent is SOCKS5b (broken SOCKSv5 implementation with
419 shortened server reply. I think you will never find it useful). Never
420 use this option unless you know exactly you need it.
421 admin - redirect request to local 'admin' service (with -s parame‐
422 ter).
423 Use "+" proxy only with "fakeresolve" option
424
425 IP and port are ip addres and port of parent proxy server. If IP is
426 zero, ip is taken from original request, only port is changed. If port
427 is zero, it's taken from original request, only IP is changed. If both
428 IP and port are zero - it's a special case of local redirection, it
429 works only with socks proxy. In case of local redirection request is
430 redirected to different service, ftp locally redirects to ftppr pop3
431 locally redirects to pop3p http locally redurects to proxy admin
432 locally redirects to admin -s service.
433
434 Main purpose of local redirections is to have requested resource (URL
435 or POP3 username) logged and protocol-specific filters to be applied.
436 In case of local redirection ACLs are revied twice: first, by SOCKS
437 proxy up to redirected (HTTP, FTP or POP3) after 'parent' command. It
438 means, additional 'allow' command is required for redirected requests,
439 for example:
440 allow * * * 80
441 parent 1000 http 0.0.0.0 0
442 allow * * * 80 HTTP_GET,HTTP_POST
443 socks
444 redirects all SOCKS requests with target port 80 to local HTTP proxy,
445 local HTTP proxy parses requests and allows only GET and POST requests.
446 parent 1000 http 1.2.3.4 0
447 Changes external address for given connection to 1.2.3.4 (an equiva‐
448 lent to -e1.2.3.4)
449 Optional username and password are used to authenticate on parent
450 proxy. Username of '*' means username must be supplied by user.
451
452
453 nolog <n>
454 extends last allow or deny command to prevent logging, e.g.
455 allow * * 192.168.1.1
456 nolog
457
458
459 weight <n>
460 extends last allow or deny command to set weight for this request
461 allow * * 192.168.1.1
462 weight 100
463 Weight may be used for different purposes.
464
465 bandlimin <rate> <userlist> <sourcelist> <targetlist> <targetportlist>
466 <operationlist>
467 nobandlimin <userlist> <sourcelist> <targetlist> <targetportlist>
468 <operationlist>
469 bandlimout <rate> <userlist> <sourcelist> <targetlist> <targetportlist>
470 <operationlist>
471 nobandlimout <userlist> <sourcelist> <targetlist> <targetportlist>
472 <operationlist>
473 bandlim sets bandwith limitation filter to <rate> bps (bits per sec‐
474 ond) (if you want to specife bytes per second - multiply your value to
475 8). bandlim rules act in a same manner as allow/deny rules except one
476 thing: bandwidth limiting is applied to all services, not to some spe‐
477 cific service. bandlimin and nobandlimin applies to incoming traffic
478 bandlimout and nobandlimout applies to outgoing traffic If tou want to
479 ratelimit your clients with ip's 192.168.10.16/30 (4 addresses) to
480 57600 bps you have to specify 4 rules like
481 bandlimin 57600 * 192.168.10.16
482 bandlimin 57600 * 192.168.10.17
483 bandlimin 57600 * 192.168.10.18
484 bandlimin 57600 * 192.168.10.19
485 and every of you clients will have 56K channel. If you specify
486 bandlimin 57600 * 192.168.10.16/30
487 you will have 56K channel shared between all clients. if you want,
488 for example, to limit all speed ecept access to POP3 you can use
489 nobandlimin * * * 110
490 before the rest of bandlim rules.
491
492 counter <filename> <reporttype> <repotname>
493 countin <number> <type> <limit> <userlist> <sourcelist> <targetlist>
494 <targetportlist> <operationlist>
495 nocountin <userlist> <sourcelist> <targetlist> <targetportlist> <opera‐
496 tionlist>
497 countout <number> <type> <limit> <userlist> <sourcelist> <targetlist>
498 <targetportlist> <operationlist>
499 nocountout <userlist> <sourcelist> <targetlist> <targetportlist> <oper‐
500 ationlist>
501
502 counter, countin, nocountin, countout, noucountout commands are used
503 to set traffic limit in MB for period of time (day, week or month).
504 Filename is a path to a special file where traffic information is per‐
505 manently stored. number is sequential number of record in this file.
506 If number is 0 no traffic information on this counter is saved in file
507 (that is if proxy restarted all information is loosed) overwise it
508 should be unique sequential number. Type specifies a type of counter.
509 Type is one of:
510 H - counter is resetted hourly
511 D - counter is resetted daily
512 W - counter is resetted weekly
513 M - counter is resetted monthely
514 reporttype/repotname may be used to generate traffic reports. Report‐
515 type is one of D,W,M,H(hourly) and repotname specifies filename tem‐
516 plate for reports. Report is text file with counter values in format:
517 <COUNTERNUMBER> <TRAF>
518 The rest of parameters is identical to bandlim/nobandlim.
519
520 users username[:pwtype:password] ...
521 pwtype is one of:
522 none (empty) - use system authentication
523 CL - password is cleartext
524 CR - password is crypt-style password
525 NT - password is NT password (in hex)
526 example:
527 users test1:CL:password1 "test2:CR:$1$lFDGlder$pLRb4cU2D7GAT58YQvY49."
528 users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
529 Note: double quotes are requiered because password contains $ sign.
530
531 flush
532 empty active access list. Access list must be flushed avery time you
533 creating new access list for new service. For example:
534 allow *
535 pop3p
536 flush
537 allow * 192.168.1.0/24
538 socks
539 sets different ACLs for pop3p and socks
540
541 system <command>
542 execute system command
543
544 pidfile <filename>
545 write pid of current process to file. It can be used to manipulate
546 3proxy with signals under Unix. Currently next signals are available:
547
548 monitor <filename>
549 If file monitored changes in modification time or size, 3proxy reloads
550 configuration within one minute. Any number of files may be monitored.
551
552 setuid <uid>
553 calls setuid(uid), uid must be numeric. Unix only. Warning: under some
554 Linux kernels setuid() works onle for current thread. It makes it
555 impossible to suid for all threads.
556
557 setgid <gid>
558 calls setgid(gid), gid must be numeric. Unix only.
559
560 chroot <path>
561 calls chroot(path). Unix only.
562
564 plugin <path_to_shared_library> <function_to_call> [<arg1> ...]
565 Loads specified library and calls given export function with given
566 arguments, as
567 int functions_to_call(struct pluginlink * pl, int argc, char *
568 argv[]);
569 function_to_call must return 0 in case of success, value > 0 to indi‐
570 cate error.
571
572 filtermaxsize <max_size_of_data_to_filter>
573 If Content-length (or another data length) is greater than given
574 value, no data filtering will be performed thorugh filtering plugins to
575 avoid data corruption and/or Content-Length chaging. Default is 1MB
576 (1048576).
577
578
580 Report all bugs to 3proxy@3proxy.ru
581
583 3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8),
584 syslogd(8),
585 http://3proxy.ru/
586
588 3APA3A is pronounced as ``zaraza´´.
589
591 3proxy is designed by Vladimir 3APA3A Dubrovin (3proxy@3proxy.ru)
592
593
594
5953proxy 0.8 January 2016 3proxy.cfg(3)