13proxy.cfg(3) Universal proxy server 3proxy.cfg(3)
2
6 3proxy.cfg - 3proxy configuration file
7
9 Common structure:
10 Configuration file is a text file 3proxy reads configuration from.
11 Each line of the file is a command executed immediately, as it was
12 given from console. Sequence of commands is important. Configuration
13 file as actually a script for 3proxy executable. Each line of the file
14 is treated as a blank (space or tab) separated command line. Additional
15 space characters are ignored. Think about 3proxy as "application level
16 router" with console interface.
17 Comments:
19 Any string beginning with space character or ´#´ character is comment.
20 It´s ignored. <LF>s are ignored. <CR> is end of command.
21 Quotation:
23 Quotation character is " (double quote). Quotation must be used to
24 quote spaces or another special characters. To use quotation character
25 inside quotation character must be dubbed (BASIC convention). For exam‐
26 ple to use HELLO "WORLD" as an argument you should use it as "HELLO
27 ""WORLD""". Good practice is to quote any argument you use.
28 File inclusion:
30 You can include file by using $FILENAME macro (replace FILENAME with a
31 path to file, for example $/usr/local/etc/3proxy/conf.incl or
32 $"c:\Program Files\3proxy\include.cfg" Quotation is required in last
33 example because path contains space character. For included file <CR>
34 (end of line characters) is treated as space character (arguments
35 delimiter instead of end of command delimiter). Thus, include files
36 are only useful to store long signle-line commands (like userlist, net‐
37 work lists, etc). To use dollar sign somewhere in argument it must be
38 quoted. Recursion is not allowed.
39 Next commands start gateway services:
41 proxy options]
43 socks options]
44 pop3p options]
45 ftppr options]
46 admin options]
47 dnspr options]
48 tcppm options] <SRCPORT> <DSTADDR> <DSTPORT>
49 udppm options] <SRCPORT> <DSTADDR> <DSTPORT>
50 Descriptions:
51 proxy - HTTP/HTTPS proxy (default port 3128)
52 socks - SOCKS 4/4.5/5 proxy (default port 1080)
53 pop3p - POP3 proxy (default port 110)
54 ftppr - FTP proxy (default port 21)
55 admin - Web interface (default port 80)
56 dnspr - caching DNS proxy (default port 53)
57 tcppm - TCP portmapper
58 udppm - UDP portmapper
59 Options:
61 -pNUMBER change default server port to NUMBER
62 -n disable NTLM authentication (required if passwords are stored in
63 Unix crypt format.
64 -n1 enable NTLMv1 authentication.
65 -s (for admin) - secure, allow only secure operations (currently only
66 traffic counters view without ability to reset).
67 (for dnspr) - simple, do not use 'resolver' and 3proxy cache, always
68 use external DNS server.
69 (for udppm) - singlepacket, expect only one packet from both client and
70 server
71 -u Never ask for username/password
72 -u2 (socks) require username/password in authentication methods
73 -a (for proxy) - anonymous proxy (no information about client reported)
74 -a1 (for proxy) - anonymous proxy (random client information reported)
75 -a2 (for proxy) - generate Via: and X-Forwared-For: instead of For‐
76 warded:
77 -6 Only resolve IPv6 addresses. IPv4 addresses are packed in IPv6 in
78 IPV6_V6ONLY compatible way.
79 -4 Only resolve IPv4 addresses
80 -46 Resolve IPv6 addresses if IPv4 address is not resolvable
81 -64 Resolve IPv4 addresses if IPv6 address is not resolvable
82 -RHOST:port listen on given local HOST:port for incoming connections
83 instead of making remote outgoing connection. Can be used with another
84 3proxy service running -r option for connect back functionality. Most
85 commonly used with tcppm. HOST can be given as IP or hostname, useful
86 in case of dynamic DNS.
87 -rHOST:port connect to given remote HOST:port instead of listening
88 local connection on -p or default port. Can be used with another 3proxy
89 service running -R option for connect back functionality. Most commonly
90 used with proxy or socks. HOST can be given as IP or hostname, useful
91 in case of dynamic DNS.
92 Also, all options mentioned for proxy(8) socks(8) pop3p(8) tcppm(8)
93 udppm(8) ftppr(8)
94 are also supported.
95 Portmapping services listen at SRCPORT and connect to DSTADDR:DSTPORT
96 HTTP and SOCKS proxies are standard.
97 POP3 proxy must be configured as POP3 server and requires username in
98 the form of: pop3username@pop3server. If POP3 proxy access must be
99 authenticated, you can specify username as proxy_username:proxy_pass‐
100 word:POP3_username@pop3server
101 DNS proxy resolves any types of records but only hostnames are cached.
102 It requires nserver/nscache to be configured. If nserver is configured
103 as TCP, redirections are applied on connection, so parent proxy may be
104 used to resolve names to IP.
105 FTP proxy can be used as FTP server in any FTP client or configured as
106 FTP proxy on a client with FTP proxy support. Username format is one of
107 FTPuser@FTPServer
108 FTPuser:FTPpassword@FTPserver
109 proxyuser:proxypassword:FTPuser:FTPpassword@FTPserver
110 Please note, if you use FTP client interface for FTP proxy do not add
111 FTPpassword and FTPServer to username, because FTP client does it for
112 you. That is, if you use 3proxy with authentication use proxyuser:prox‐
113 ypassword:FTPuser as FTP username, otherwise do not change original FTP
114 user name
115 include <path>
117 Include config file
118 config <path>
120 Path to configuration file to use on 3proxy restart or to save config‐
121 uration.
122 writable
124 ReOpens configuration file for write access via Web interface, and re-
125 reads it. Usually should be first command on config file but in combi‐
126 nation with "config" it can be used anywhere to open alternate config
127 file. Think twice before using it.
128 end
130 End of configuration
131 log [@|&]logfile] [<LOGTYPE>]
133 sets logfile for all gateways
134 @ - (for Unix) use syslog, filename is used as ident name
135 & - use ODBC, filename consists of comma-delimited datasource,user‐
136 name,password (username and password are optional)
137 LOGTYPE is one of:
138 M - Monthly
139 W - Weekly (starting from Sunday)
140 D - Daily
141 H - Hourly
142 if logfile is not specified logging goes to stdout. You can specify
143 individual logging options for gateway by using -l option in gateway
144 configuration.
145 "log" command supports same format specifications for filename tem‐
146 plate as "logformat" (if filename contains '%' sign it's believed to be
147 template). As with "logformat" filename must begin with 'L' or 'G' to
148 specify Local or Grinwitch time zone for all time-based format specifi‐
149 cators.
150 rotate <n>
152 how many archived log files to keep
153 logformat <format>
155 Format for log record. First symbol in format must be L (local time)
156 or G (absolute Grinwitch time). It can be preceeded with -XXX+Y where
157 XXX is list of characters to be filtered in user input (any non-print‐
158 able characters are filtered too in this case) and Y is replacement
159 character. For example, "-,%+ L" in the beginning of logformat means
160 comma and percent are replaced with space and all time based elemnts
161 are in local time zone.
162 You can use:
163 %y - Year in 2 digit format
165 %Y - Year in 4 digit format
166 %m - Month number
167 %o - Month abbriviature
168 %d - Day
169 %H - Hour
170 %M - Minute
171 %S - Second
172 %t - Timstamp (in seconds since 01-Jan-1970)
173 %. - milliseconds
174 %z - timeZone (from Grinvitch)
175 %D - request duration (in milliseconds)
176 %b - average send rate per request (in Bytes per second) this speed
177 is typically below connection speed shown by download manager.
178 %B - average receive rate per request (in Bytes per second) this
179 speed is typically below connection speed shown by download manager.
180 %U - Username
181 %N - service Name
182 %p - service Port
183 %E - Error code
184 %C - Client IP
185 %c - Client port
186 %R - Remote IP
187 %r - Remote port
188 %i - Internal IP used to accept client connection
189 %e - External IP used to establish connection
190 %Q - Requested IP
191 %q - Requested port
192 %n - requested hostname
193 %I - bytes In
194 %O - bytes Out
195 %h - Hops (redirections) count
196 %T - service specific Text
197 %N1-N2T - (N1 and N2 are positive numbers) - log only fields from N1
198 thorugh N2 of service specific text
199 in case of ODBC logging logformat specifies SQL statement, for exmam‐
200 ple:
201 logformat "-'+_Linsert into log (l_date, l_user, l_service, l_in,
202 l_out, l_descr) values ('%d-%m-%Y %H:%M:%S', '%U', '%N', %I, %O, '%T')"
203 logdump <in_traffic_limit> <out_traffic_limit>
205 Immediately creates additional log records if given amount of incom‐
206 ing/outgoing traffic is achieved for connection, without waiting for
207 connection to finish. It may be useful to prevent information about
208 long-lasting downloads on server shutdown.
209 archiver <ext> <commandline>
211 Archiver to use for log files. <ext> is file extension produced by
212 archiver. Filename will be last argument to archiver, optionally you
213 can use %A as produced archive name and %F as filename.
214 timeouts <BYTE_SHORT> <BYTE_LONG> <STRING_SHORT> <STRING_LONG> <CONNEC‐
216 TION_SHORT> <CONNECTION_LONG> <DNS> <CHAIN>
217 Sets timeout values
218 BYTE_SHORT - short timeout for single byte, is usually used for
219 receiving single byte from stream.
220 BYTE_LONG - long timeout for single byte, is usually used for receiv‐
221 ing first byte in frame (for example first byte in socks request).
222 STRING_SHORT - short timeout, for character string within stream (for
223 example to wait between 2 HTTP headers)
224 STRING_LONG - long timeout, for first string in stream (for example
225 to wait for HTTP request).
226 CONNECTION_SHORT - inactivity timeout for short connections (HTTP,
227 POP3, etc).
228 CONNECTION_LONG - inactivity timeout for long connection (SOCKS,
229 portmappers, etc).
230 DNS - timeout for DNS request before requesting next server
231 CHAIN - timeout for reading data from chained connection
232 nserver <ipaddr>[:port][/tcp]
234 Nameserver to use for name resolutions. If none specified or name
235 server fails system routines for name resolution will be used. It's
236 better to specify nserver because gethostbyname() may be thread unsafe.
237 Optional port number may be specified. If optional /tcp is added to IP
238 address, name resolution will be performed over TCP.
239 nscache <cachesize> nscache6 <cachesize>
241 Cache <cachesize> records for name resolution (nscache for IPv4,
242 nscache6 for IPv6). Cachesize usually should be large enougth (for
243 example 65536).
244 nsrecord <hostname> <hostaddr>
246 Adds static record to nscache. nscache must be enabled. If 0.0.0.0 is
247 used as a hostaddr host will never resolve, it can be used to blacklist
248 something or together with dialer command to set up UDL for dialing.
249 fakeresolve
251 All names are resolved to 127.0.0.2 address. Usefull if all requests
252 are redirected to parent proxy with http, socks4+, connect+ or socks5+.
253 dialer <progname>
255 Execute progname if external name can't be resolved. Hint: if you use
256 nscache, dialer may not work, because names will be resolved through
257 cache. In this case you can use something like http://dial.right.now/
258 from browser to set up connection.
259 internal <ipaddr>
262 sets ip address of internal interface. This IP address will be used to
263 bind gateways. Alternatively you can use -i option for individual gate‐
264 ways. Since 0.8 version, IPv6 address may be used.
265 external <ipaddr>
267 sets ip address of external interface. This IP address will be source
268 address for all connections made by proxy. Alternatively you can use -e
269 option to specify individual address for gateway. Since 0.8 version
270 External or -e can be given twice: once with IPv4 and once with IPv6
271 address.
272 maxconn <number>
274 sets maximum number of simulationeous connections to each services
275 started after this command. Default is 100.
276 service
278 (depricated). Indicates 3proxy to behave as Windows 95/98/NT/2000/XP
279 service, no effect for Unix. Not required for 3proxy 0.6 and above. If
280 you upgraded from previous version of 3proxy use --remove and --install
281 to reinstall service.
282 daemon
284 Should be specified to close console. Do not use 'daemon' with 'ser‐
285 vice'. At least under FreeBSD 'daemon' should preceed any proxy ser‐
286 vice and log commands to avoid sockets problem. Always place it in the
287 beginning of the configuration file.
288 auth <authtype> [...]
290 Type of user authorization. Currently supported:
291 none - no authentication or authorization required.
292 Note: is auth is none any ip based limitation, redirection, etc will
293 not work. This is default authentication type
294 iponly - authentication by access control list with username ignored.
295 Appropriate for most cases
296 useronly - authentication by username without checking for any pass‐
297 word with authorization by ACLs. Useful for e.g. SOCKSv4 proxy and
298 icqpr (icqpr set UIN / AOL screen name as a username)
299 dnsname - authentication by DNS hostnname with authorization by ACLs.
300 DNS hostname is resolved via PTR (reverse) record and validated
301 (resolved name must resolve to same IP address). It's recommended to
302 use authcache by ip for this authentication. NB: there is no any pass‐
303 word check, name may be spoofed.
304 strong - username/password authentication required. It will work with
305 SOCKSv5, FTP, POP3 and HTTP proxy.
306 cache - cached authentication, may be used with 'authcache'.
307 Plugins may add additional authentication types.
308 It's possible to use few authentication types in the same commands.
310 E.g.
311 auth iponly strong
312 In this case 'strong' authentication will be used only in case
313 resource access can not be performed with 'iponly' authentication, that
314 is username is required in ACL. It's usefull to protect access to some
315 resources with password allowing passwordless access to another
316 resources, or to use IP-based authentication for dedicated laptops and
317 request username/password for shared ones.
318 authcache <cachtype> <cachtime>
320 Cache authentication information to given amount of time (cachetime)
321 in seconds. Cahtype is one of:
322 ip - after successful authentication all connections during caching
323 time from same IP are assigned to the same user, username is not
324 requested.
325 ip,user username is requested and all connections from the same IP
326 are assigned to the same user without actual authentication.
327 user - same as above, but IP is not checked.
328 user,password - both username and password are checked against cached
329 ones.
330 Use auth type 'cache' for cached authentication
331 allow <userlist> <sourcelist> <targetlist> <targetportlist> <opera‐
333 tionlist> <weekdayslist> <timeperiodslist>
334 deny <userlist> <sourcelist> <targetlist> <targetportlist> <opera‐
335 tionlist> <weekdayslist> <timeperiodslist>
336 Access control entries. All lists are comma-separated, no spaces are
337 allowed. Usernames are case sensitive (if used with authtype nbname
338 username must be in uppercase). Source and target lists may contain IP
339 addresses (W.X.Y.Z), ranges A.B.C.D - W.X.Y.Z (since 0.8) or CIDRs
340 (W.X.Y.Z/L). Since 0.6, targetlist may also contain host names, instead
341 of addresses. It's possible to use wildmask in the begginning and in
342 the the end of hostname, e.g. *badsite.com or *badcontent*. Hostname is
343 only checked if hostname presents in request. Targetportlist may con‐
344 tain ports (X) or port ranges lists (X-Y). For any field * sign means
345 "ANY" If access list is empty it's assumed to be
346 allow *
347 If access list is not empty last item in access list is assumed to be
348 deny *
349 You may want explicitly add "deny *" to the end of access list to pre‐
350 vent HTTP proxy from requesting user's password. Access lists are
351 checked after user have requested any resource. If you want 3proxy to
352 reject connections from specific addresses immediately without any con‐
353 ditions you should either bind proxy to appropriate interface only or
354 to use ip filters.
355 Operation is one of:
357 CONNECT - establish outgoing TCP connection
358 BIND - bind TCP port for listening
359 UDPASSOC - make UDP association
360 ICMPASSOC - make ICMP association (for future use)
361 HTTP_GET - HTTP GET request
362 HTTP_PUT - HTTP PUT request
363 HTTP_POST - HTTP POST request
364 HTTP_HEAD - HTTP HEAD request
365 HTTP_CONNECT - HTTP CONNECT request
366 HTTP_OTHER - over HTTP request
367 HTTP - matches any HTTP request except HTTP_CONNECT
368 HTTPS - same as HTTP_CONNECT
369 FTP_GET - FTP get request
370 FTP_PUT - FTP put request
371 FTP_LIST - FTP list request
372 FTP_DATA - FTP data connection. Note: FTP_DATA requires access to
373 dynamic non-ptivileged (1024-65535) ports on remote side.
374 FTP - matches any FTP/FTP Data request
375 ADMIN - access to administration interface
376 Weeksdays are week days numbers or periods, 0 or 7 means Sunday, 1 is
377 Monday, 1-5 means Monday through Friday. Timeperiodlists is a list of
378 time periods in HH:MM:SS-HH:MM:SS format. For example,
379 00:00:00-08:00:00,17:00:00-24:00:00 lists non-working hours.
380 parent <weight> <type> <ip> <port> <username> <password>
381 this command must follow "allow" rule. It extends last allow rule to
382 build proxy chain. Proxies may be grouped. Proxy inside the group is
383 selected randomly. If few groups are specified one proxy is randomly
384 picked from each group and chain of proxies is created (that is second
385 proxy connected through first one and so on). Weight is used to group
386 proxies. Weigt is a number between 1 and 1000. Weights are summed and
387 proxies are grouped together untill weight of group is 1000. That is:
388 allow *
389 parent 500 socks5 192.168.10.1 1080
390 parent 500 connect 192.168.10.1 3128
391 makes 3proxy to randomly choose between 2 proxies for all outgoing
392 connections. These 2 proxies form 1 group (summarized weight is 1000).
393 allow * * * 80
394 parent 1000 socks5 192.168.10.1 1080
395 parent 1000 connect 192.168.20.1 3128
396 parent 300 socks4 192.168.30.1 1080
397 parent 700 socks5 192.168.40.1 1080
398 creates chain of 3 proxies: 192.168.10.1, 192.168.20.1 and third is
399 (192.168.30.1 with probability of 0.3 or 192.168.40.1 with probability
400 of 0.7) for outgoing web connections.
401 type is one of:
403 tcp - simply redirect connection. TCP is always last in chain.
404 http - redirect to HTTP proxy. HTTP is always last chain.
405 pop3 - redirect to POP3 proxy (only local redirection is supported,
406 can not be used for chaining)
407 ftp - redirect to FTP proxy (only local redirection is supported, can
408 not be used for chaining)
409 connect - parent is HTTP CONNECT method proxy
410 connect+ - parent is HTTP CONNECT proxy with name resolution
411 socks4 - parent is SOCKSv4 proxy
412 socks4+ - parent is SOCKSv4 proxy with name resolution (SOCKSv4a)
413 socks5 - parent is SOCKSv5 proxy
414 socks5+ - parent is SOCKSv5 proxy with name resolution
415 socks4b - parent is SOCKS4b (broken SOCKSv4 implementation with
416 shortened server reply. I never saw this kind ofservers byt they say
417 there are). Normally you should not use this option. Do not mess this
418 option with SOCKSv4a (socks4+).
419 socks5b - parent is SOCKS5b (broken SOCKSv5 implementation with
420 shortened server reply. I think you will never find it useful). Never
421 use this option unless you know exactly you need it.
422 admin - redirect request to local 'admin' service (with -s parame‐
423 ter).
424 Use "+" proxy only with "fakeresolve" option
425 IP and port are ip addres and port of parent proxy server. If IP is
427 zero, ip is taken from original request, only port is changed. If port
428 is zero, it's taken from original request, only IP is changed. If both
429 IP and port are zero - it's a special case of local redirection, it
430 works only with socks proxy. In case of local redirection request is
431 redirected to different service, ftp locally redirects to ftppr pop3
432 locally redirects to pop3p http locally redurects to proxy admin
433 locally redirects to admin -s service.
434 Main purpose of local redirections is to have requested resource (URL
436 or POP3 username) logged and protocol-specific filters to be applied.
437 In case of local redirection ACLs are revied twice: first, by SOCKS
438 proxy up to redirected (HTTP, FTP or POP3) after 'parent' command. It
439 means, additional 'allow' command is required for redirected requests,
440 for example:
441 allow * * * 80
442 parent 1000 http 0.0.0.0 0
443 allow * * * 80 HTTP_GET,HTTP_POST
444 socks
445 redirects all SOCKS requests with target port 80 to local HTTP proxy,
446 local HTTP proxy parses requests and allows only GET and POST requests.
447 parent 1000 http 1.2.3.4 0
448 Changes external address for given connection to 1.2.3.4 (an equiva‐
449 lent to -e1.2.3.4)
450 Optional username and password are used to authenticate on parent
451 proxy. Username of '*' means username must be supplied by user.
452 nolog <n>
455 extends last allow or deny command to prevent logging, e.g.
456 allow * * 192.168.1.1
457 nolog
458 weight <n>
461 extends last allow or deny command to set weight for this request
462 allow * * 192.168.1.1
463 weight 100
464 Weight may be used for different purposes.
465 force
468 noforce
469 If force is specified for service, configuration reload will require
470 all current sessions of this service to be re-authenticated. If ACL is
471 changed or user account is removed, old connections which do not match
472 current are closed.
473 noforce allows to keep previously authenticated connections.
474 bandlimin <rate> <userlist> <sourcelist> <targetlist> <targetportlist>
476 <operationlist>
477 nobandlimin <userlist> <sourcelist> <targetlist> <targetportlist>
478 <operationlist>
479 bandlimout <rate> <userlist> <sourcelist> <targetlist> <targetportlist>
480 <operationlist>
481 nobandlimout <userlist> <sourcelist> <targetlist> <targetportlist>
482 <operationlist>
483 bandlim sets bandwith limitation filter to <rate> bps (bits per sec‐
484 ond) (if you want to specife bytes per second - multiply your value to
485 8). bandlim rules act in a same manner as allow/deny rules except one
486 thing: bandwidth limiting is applied to all services, not to some spe‐
487 cific service. bandlimin and nobandlimin applies to incoming traffic
488 bandlimout and nobandlimout applies to outgoing traffic If tou want to
489 ratelimit your clients with ip's 192.168.10.16/30 (4 addresses) to
490 57600 bps you have to specify 4 rules like
491 bandlimin 57600 * 192.168.10.16
492 bandlimin 57600 * 192.168.10.17
493 bandlimin 57600 * 192.168.10.18
494 bandlimin 57600 * 192.168.10.19
495 and every of you clients will have 56K channel. If you specify
496 bandlimin 57600 * 192.168.10.16/30
497 you will have 56K channel shared between all clients. if you want,
498 for example, to limit all speed ecept access to POP3 you can use
499 nobandlimin * * * 110
500 before the rest of bandlim rules.
501 counter <filename> <reporttype> <repotname>
503 countin <number> <type> <limit> <userlist> <sourcelist> <targetlist>
504 <targetportlist> <operationlist>
505 nocountin <userlist> <sourcelist> <targetlist> <targetportlist> <opera‐
506 tionlist>
507 countout <number> <type> <limit> <userlist> <sourcelist> <targetlist>
508 <targetportlist> <operationlist>
509 nocountout <userlist> <sourcelist> <targetlist> <targetportlist> <oper‐
510 ationlist>
511 counter, countin, nocountin, countout, noucountout commands are used
513 to set traffic limit in MB for period of time (day, week or month).
514 Filename is a path to a special file where traffic information is per‐
515 manently stored. number is sequential number of record in this file.
516 If number is 0 no traffic information on this counter is saved in file
517 (that is if proxy restarted all information is loosed) overwise it
518 should be unique sequential number. Type specifies a type of counter.
519 Type is one of:
520 H - counter is resetted hourly
521 D - counter is resetted daily
522 W - counter is resetted weekly
523 M - counter is resetted monthely
524 reporttype/repotname may be used to generate traffic reports. Report‐
525 type is one of D,W,M,H(hourly) and repotname specifies filename tem‐
526 plate for reports. Report is text file with counter values in format:
527 <COUNTERNUMBER> <TRAF>
528 The rest of parameters is identical to bandlim/nobandlim.
529 users username[:pwtype:password] ...
531 pwtype is one of:
532 none (empty) - use system authentication
533 CL - password is cleartext
534 CR - password is crypt-style password
535 NT - password is NT password (in hex)
536 example:
537 users test1:CL:password1 "test2:CR:$1$lFDGlder$pLRb4cU2D7GAT58YQvY49."
538 users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
539 Note: double quotes are requiered because password contains $ sign.
540 flush
542 empty active access list. Access list must be flushed avery time you
543 creating new access list for new service. For example:
544 allow *
545 pop3p
546 flush
547 allow * 192.168.1.0/24
548 socks
549 sets different ACLs for pop3p and socks
550 system <command>
552 execute system command
553 pidfile <filename>
555 write pid of current process to file. It can be used to manipulate
556 3proxy with signals under Unix. Currently next signals are available:
557 monitor <filename>
559 If file monitored changes in modification time or size, 3proxy reloads
560 configuration within one minute. Any number of files may be monitored.
561 setuid <uid>
563 calls setuid(uid), uid must be numeric. Unix only. Warning: under some
564 Linux kernels setuid() works onle for current thread. It makes it
565 impossible to suid for all threads.
566 setgid <gid>
568 calls setgid(gid), gid must be numeric. Unix only.
569 chroot <path>
571 calls chroot(path). Unix only.
572 stacksize <value_to_add_to_default_stack_size>
574 Change default size for threads stack. May be required in some situa‐
575 tion,
576 e.g. with non-default plugins, on on some platforms (some FreeBSD ver‐
577 sion
578 may require adjusting stack size due to invalid defined value in sys‐
579 tem
580 header files, this value is also oftent reqruied to be changed for
581 ODBC and
582 PAM support on Linux. If you experience 3proxy
583 crash on request processing, try to set some positive value. You may
584 start with
585 stacksize 65536
586 and then find the minimal value for service to work. If you experience
587 memory shortage, you can try to experiment with negative values.
588
590 plugin <path_to_shared_library> <function_to_call> [<arg1> ...]
591 Loads specified library and calls given export function with given
592 arguments, as
593 int functions_to_call(struct pluginlink * pl, int argc, char *
594 argv[]);
595 function_to_call must return 0 in case of success, value > 0 to indi‐
596 cate error.
597 filtermaxsize <max_size_of_data_to_filter>
599 If Content-length (or another data length) is greater than given
600 value, no data filtering will be performed thorugh filtering plugins to
601 avoid data corruption and/or Content-Length chaging. Default is 1MB
602 (1048576).
603
606 Report all bugs to 3proxy@3proxy.ru
607
609 3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8),
610 syslogd(8),
611 http://3proxy.ru/
612
614 3APA3A is pronounced as ``zaraza´´.
615
617 3proxy is designed by Vladimir 3APA3A Dubrovin (3proxy@3proxy.ru)
6183proxy 0.8 January 2016 3proxy.cfg(3)