13proxy.cfg(3)               Universal proxy server               3proxy.cfg(3)
2
3
4

NAME

6       3proxy.cfg - 3proxy configuration file
7

DESCRIPTION

9        Common structure:
10        Configuration  file  is  a  text file 3proxy reads configuration from.
11       Each line of the file is a command  executed  immediately,  as  it  was
12       given  from  console.  Sequence of commands is important. Configuration
13       file as actually a script for 3proxy executable.  Each line of the file
14       is treated as a blank (space or tab) separated command line. Additional
15       space characters are ignored.  Think about 3proxy as "application level
16       router" with console interface.
17
18        Comments:
19        Any string beginning with space character or ´#´ character is comment.
20       It´s ignored. <LF>s are ignored. <CR> is end of command.
21
22        Quotation:
23        Quotation character is " (double quote). Quotation  must  be  used  to
24       quote  spaces or another special characters. To use quotation character
25       inside quotation character must be dubbed (BASIC convention). For exam‐
26       ple  to  use  HELLO  "WORLD" as an argument you should use it as "HELLO
27       ""WORLD""".  Good practice is to quote any argument you use.
28
29        File inclusion:
30        You can include file by using $FILENAME macro (replace FILENAME with a
31       path to file, for example $/usr/local/etc/3proxy/conf.incl or
32        $"c:\Program  Files\3proxy\include.cfg"  Quotation is required in last
33       example because path contains space character.  For included file  <CR>
34       (end  of  line  characters)  is  treated  as space character (arguments
35       delimiter instead of end of command delimiter).   Thus,  include  files
36       are only useful to store long signle-line commands (like userlist, net‐
37       work lists, etc).  To use dollar sign somewhere in argument it must  be
38       quoted.  Recursion is not allowed.
39
40        Next commands start gateway services:
41
42       proxy options]
43       socks options]
44       pop3p options]
45       ftppr options]
46       admin options]
47       dnspr options]
48       tcppm options] <SRCPORT> <DSTADDR> <DSTPORT>
49       udppm options] <SRCPORT> <DSTADDR> <DSTPORT>
50        Descriptions:
51       proxy - HTTP/HTTPS proxy (default port 3128)
52       socks - SOCKS 4/4.5/5 proxy (default port 1080)
53       pop3p - POP3 proxy (default port 110)
54       ftppr - FTP proxy (default port 21)
55       admin - Web interface (default port 80)
56       dnspr - caching DNS proxy (default port 53)
57       tcppm - TCP portmapper
58       udppm - UDP portmapper
59
60        Options:
61       -pNUMBER change default server port to NUMBER
62       -n  disable  NTLM  authentication  (required if passwords are stored in
63       Unix crypt format.
64       -n1 enable NTLMv1 authentication.
65       -s (for admin) - secure, allow only secure operations  (currently  only
66       traffic counters view without ability to reset).
67       (for  dnspr)  -  simple, do not use 'resolver' and 3proxy cache, always
68       use external DNS server.
69       (for udppm) - singlepacket, expect only one packet from both client and
70       server
71       -u Never ask for username/password
72       -u2 (socks) require username/password in authentication methods
73       -a (for proxy) - anonymous proxy (no information about client reported)
74       -a1 (for proxy) - anonymous proxy (random client information reported)
75       -a2  (for  proxy)  -  generate Via: and X-Forwared-For: instead of For‐
76       warded:
77       -6 Only resolve IPv6 addresses. IPv4 addresses are packed  in  IPv6  in
78       IPV6_V6ONLY compatible way.
79       -4 Only resolve IPv4 addresses
80       -46 Resolve IPv6 addresses if IPv4 address is not resolvable
81       -64 Resolve IPv4 addresses if IPv6 address is not resolvable
82       -RHOST:port  listen  on  given local HOST:port for incoming connections
83       instead of making remote outgoing connection. Can be used with  another
84       3proxy  service  running -r option for connect back functionality. Most
85       commonly used with tcppm. HOST can be given as IP or  hostname,  useful
86       in case of dynamic DNS.
87       -rHOST:port  connect  to  given  remote  HOST:port instead of listening
88       local connection on -p or default port. Can be used with another 3proxy
89       service running -R option for connect back functionality. Most commonly
90       used with proxy or socks. HOST can be given as IP or  hostname,  useful
91       in case of dynamic DNS.
92        Also,  all  options  mentioned for proxy(8) socks(8) pop3p(8) tcppm(8)
93       udppm(8) ftppr(8)
94        are also supported.
95        Portmapping services listen at SRCPORT and connect to  DSTADDR:DSTPORT
96       HTTP and SOCKS proxies are standard.
97        POP3  proxy must be configured as POP3 server and requires username in
98       the form of: pop3username@pop3server. If  POP3  proxy  access  must  be
99       authenticated,  you  can specify username as proxy_username:proxy_pass‐
100       word:POP3_username@pop3server
101        DNS proxy resolves any types of records but only hostnames are cached.
102       It  requires nserver/nscache to be configured. If nserver is configured
103       as TCP, redirections are applied on connection, so parent proxy may  be
104       used to resolve names to IP.
105        FTP proxy can be used as FTP server in any FTP client or configured as
106       FTP proxy on a client with FTP proxy support. Username format is one of
107        FTPuser@FTPServer
108        FTPuser:FTPpassword@FTPserver
109        proxyuser:proxypassword:FTPuser:FTPpassword@FTPserver
110        Please note, if you use FTP client interface for FTP proxy do not  add
111       FTPpassword  and  FTPServer to username, because FTP client does it for
112       you. That is, if you use 3proxy with authentication use proxyuser:prox‐
113       ypassword:FTPuser as FTP username, otherwise do not change original FTP
114       user name
115
116       include <path>
117        Include config file
118
119       config <path>
120        Path to configuration file to use on 3proxy restart or to save config‐
121       uration.
122
123       writable
124        ReOpens configuration file for write access via Web interface, and re-
125       reads it. Usually should be first command on config file but in  combi‐
126       nation  with  "config" it can be used anywhere to open alternate config
127       file. Think twice before using it.
128
129       end
130        End of configuration
131
132       log [@|&]logfile] [<LOGTYPE>]
133        sets logfile for all gateways
134        @ - (for Unix) use syslog, filename is used as ident name
135        & - use ODBC, filename consists  of  comma-delimited  datasource,user‐
136       name,password (username and password are optional)
137        LOGTYPE is one of:
138         M - Monthly
139         W - Weekly (starting from Sunday)
140         D - Daily
141         H - Hourly
142        if  logfile  is  not specified logging goes to stdout. You can specify
143       individual logging options for gateway by using -l  option  in  gateway
144       configuration.
145        "log"  command  supports  same format specifications for filename tem‐
146       plate as "logformat" (if filename contains '%' sign it's believed to be
147       template).   As with "logformat" filename must begin with 'L' or 'G' to
148       specify Local or Grinwitch time zone for all time-based format specifi‐
149       cators.
150
151       rotate <n>
152        how many archived log files to keep
153
154       logformat <format>
155        Format  for  log record. First symbol in format must be L (local time)
156       or G (absolute Grinwitch time).  It can be preceeded with -XXX+Y  where
157       XXX  is list of characters to be filtered in user input (any non-print‐
158       able characters are filtered too in this case)  and  Y  is  replacement
159       character.  For  example,  "-,%+ L" in the beginning of logformat means
160       comma and percent are replaced with space and all  time  based  elemnts
161       are in local time zone.
162        You can use:
163
164         %y - Year in 2 digit format
165         %Y - Year in 4 digit format
166         %m - Month number
167         %o - Month abbriviature
168         %d - Day
169         %H - Hour
170         %M - Minute
171         %S - Second
172         %t - Timstamp (in seconds since 01-Jan-1970)
173         %. - milliseconds
174         %z - timeZone (from Grinvitch)
175         %D - request duration (in milliseconds)
176         %b  -  average send rate per request (in Bytes per second) this speed
177       is typically below connection speed shown by download manager.
178         %B - average receive rate per request  (in  Bytes  per  second)  this
179       speed is typically below connection speed shown by download manager.
180         %U - Username
181         %N - service Name
182         %p - service Port
183         %E - Error code
184         %C - Client IP
185         %c - Client port
186         %R - Remote IP
187         %r - Remote port
188         %i - Internal IP used to accept client connection
189         %e - External IP used to establish connection
190         %Q - Requested IP
191         %q - Requested port
192         %n - requested hostname
193         %I - bytes In
194         %O - bytes Out
195         %h - Hops (redirections) count
196         %T - service specific Text
197         %N1-N2T  - (N1 and N2 are positive numbers) - log only fields from N1
198       thorugh N2 of service specific text
199        in case of ODBC logging logformat specifies SQL statement, for  exmam‐
200       ple:
201          logformat  "-'+_Linsert  into  log (l_date, l_user, l_service, l_in,
202       l_out, l_descr) values ('%d-%m-%Y %H:%M:%S', '%U', '%N', %I, %O, '%T')"
203
204       logdump <in_traffic_limit> <out_traffic_limit>
205        Immediately creates additional log records if given amount  of  incom‐
206       ing/outgoing  traffic  is  achieved for connection, without waiting for
207       connection to finish.  It may be useful to  prevent  information  about
208       long-lasting downloads on server shutdown.
209
210       archiver <ext> <commandline>
211        Archiver  to  use  for  log files. <ext> is file extension produced by
212       archiver. Filename will be last argument to  archiver,  optionally  you
213       can use %A as produced archive name and %F as filename.
214
215       timeouts <BYTE_SHORT> <BYTE_LONG> <STRING_SHORT> <STRING_LONG> <CONNEC‐
216       TION_SHORT> <CONNECTION_LONG> <DNS> <CHAIN>
217        Sets timeout values
218         BYTE_SHORT - short timeout for  single  byte,  is  usually  used  for
219       receiving single byte from stream.
220         BYTE_LONG - long timeout for single byte, is usually used for receiv‐
221       ing first byte in frame (for example first byte in socks request).
222         STRING_SHORT - short timeout, for character string within stream (for
223       example to wait between 2 HTTP headers)
224         STRING_LONG  -  long timeout, for first string in stream (for example
225       to wait for HTTP request).
226         CONNECTION_SHORT - inactivity timeout for  short  connections  (HTTP,
227       POP3, etc).
228         CONNECTION_LONG  -  inactivity  timeout  for  long connection (SOCKS,
229       portmappers, etc).
230         DNS - timeout for DNS request before requesting next server
231         CHAIN - timeout for reading data from chained connection
232
233       nserver <ipaddr>[:port][/tcp]
234       Nameserver to use for name  resolutions.  If  none  specified  or  name
235       server  fails  system  routines  for name resolution will be used. It's
236       better to specify nserver because gethostbyname() may be thread unsafe.
237       Optional port number may be specified.  If optional /tcp is added to IP
238       address, name resolution will be performed over TCP.
239
240       nscache <cachesize> nscache6 <cachesize>
241        Cache <cachesize> records  for  name  resolution  (nscache  for  IPv4,
242       nscache6  for  IPv6).  Cachesize  usually  should be large enougth (for
243       example 65536).
244
245       nsrecord <hostname> <hostaddr>
246        Adds static record to nscache. nscache must be enabled. If 0.0.0.0  is
247       used as a hostaddr host will never resolve, it can be used to blacklist
248       something or together with dialer command to set up UDL for dialing.
249
250       fakeresolve
251        All names are resolved to 127.0.0.2 address. Usefull if  all  requests
252       are redirected to parent proxy with http, socks4+, connect+ or socks5+.
253
254       dialer <progname>
255        Execute progname if external name can't be resolved.  Hint: if you use
256       nscache, dialer may not work, because names will  be  resolved  through
257       cache.  In  this case you can use something like http://dial.right.now/
258       from browser to set up connection.
259
260
261       internal <ipaddr>
262        sets ip address of internal interface. This IP address will be used to
263       bind gateways. Alternatively you can use -i option for individual gate‐
264       ways. Since 0.8 version, IPv6 address may be used.
265
266       external <ipaddr>
267        sets ip address of external interface. This IP address will be  source
268       address for all connections made by proxy. Alternatively you can use -e
269       option to specify individual address for  gateway.  Since  0.8  version
270       External  or  -e  can be given twice: once with IPv4 and once with IPv6
271       address.
272
273       maxconn <number>
274        sets maximum number of simulationeous  connections  to  each  services
275       started after this command. Default is 100.
276
277       service
278        (depricated).  Indicates  3proxy to behave as Windows 95/98/NT/2000/XP
279       service, no effect for Unix. Not required for 3proxy 0.6 and above.  If
280       you upgraded from previous version of 3proxy use --remove and --install
281       to reinstall service.
282
283       daemon
284        Should be specified to close console. Do not use 'daemon'  with  'ser‐
285       vice'.   At  least under FreeBSD 'daemon' should preceed any proxy ser‐
286       vice and log commands to avoid sockets problem. Always place it in  the
287       beginning of the configuration file.
288
289       auth <authtype> [...]
290        Type of user authorization. Currently supported:
291         none - no authentication or authorization required.
292        Note:  is  auth is none any ip based limitation, redirection, etc will
293       not work.  This is default authentication type
294         iponly - authentication by access control list with username ignored.
295        Appropriate for most cases
296         useronly - authentication by username without checking for any  pass‐
297       word  with  authorization  by  ACLs.  Useful for e.g. SOCKSv4 proxy and
298       icqpr (icqpr set UIN / AOL screen name as a username)
299         dnsname - authentication by DNS hostnname with authorization by ACLs.
300       DNS  hostname  is  resolved  via  PTR  (reverse)  record  and validated
301       (resolved name must resolve to same IP address).  It's  recommended  to
302       use authcache by ip for this authentication.  NB: there is no any pass‐
303       word check, name may be spoofed.
304         strong - username/password authentication required. It will work with
305       SOCKSv5, FTP, POP3 and HTTP proxy.
306         cache - cached authentication, may be used with 'authcache'.
307        Plugins may add additional authentication types.
308
309        It's  possible  to  use few authentication types in the same commands.
310       E.g.
311       auth iponly strong
312        In this case  'strong'  authentication  will  be  used  only  in  case
313       resource access can not be performed with 'iponly' authentication, that
314       is username is required in ACL. It's usefull to protect access to  some
315       resources   with  password  allowing  passwordless  access  to  another
316       resources, or to use IP-based authentication for dedicated laptops  and
317       request username/password for shared ones.
318
319       authcache <cachtype> <cachtime>
320        Cache  authentication  information to given amount of time (cachetime)
321       in seconds.  Cahtype is one of:
322         ip - after successful authentication all connections  during  caching
323       time  from  same  IP  are  assigned  to  the same user, username is not
324       requested.
325         ip,user username is requested and all connections from  the  same  IP
326       are assigned to the same user without actual authentication.
327         user - same as above, but IP is not checked.
328         user,password - both username and password are checked against cached
329       ones.
330       Use auth type 'cache' for cached authentication
331
332       allow <userlist>  <sourcelist>  <targetlist>  <targetportlist>  <opera‐
333       tionlist> <weekdayslist> <timeperiodslist>
334       deny  <userlist>  <sourcelist>  <targetlist>  <targetportlist>  <opera‐
335       tionlist> <weekdayslist> <timeperiodslist>
336        Access control entries. All lists are comma-separated, no  spaces  are
337       allowed.  Usernames  are  case  sensitive (if used with authtype nbname
338       username must be in uppercase). Source and target lists may contain  IP
339       addresses  (W.X.Y.Z),  ranges  A.B.C.D  -  W.X.Y.Z (since 0.8) or CIDRs
340       (W.X.Y.Z/L). Since 0.6, targetlist may also contain host names, instead
341       of  addresses.  It's  possible to use wildmask in the begginning and in
342       the the end of hostname, e.g. *badsite.com or *badcontent*. Hostname is
343       only  checked if hostname presents in request.  Targetportlist may con‐
344       tain ports (X) or port ranges lists (X-Y). For any field *  sign  means
345       "ANY" If access list is empty it's assumed to be
346        allow *
347        If access list is not empty last item in access list is assumed to be
348        deny *
349        You may want explicitly add "deny *" to the end of access list to pre‐
350       vent HTTP proxy from requesting  user's  password.   Access  lists  are
351       checked  after user have requested any resource.  If you want 3proxy to
352       reject connections from specific addresses immediately without any con‐
353       ditions  you  should either bind proxy to appropriate interface only or
354       to use ip filters.
355
356       Operation is one of:
357         CONNECT - establish outgoing TCP connection
358         BIND - bind TCP port for listening
359         UDPASSOC - make UDP association
360         ICMPASSOC - make ICMP association (for future use)
361         HTTP_GET - HTTP GET request
362         HTTP_PUT - HTTP PUT request
363         HTTP_POST - HTTP POST request
364         HTTP_HEAD - HTTP HEAD request
365         HTTP_CONNECT - HTTP CONNECT request
366         HTTP_OTHER - over HTTP request
367         HTTP - matches any HTTP request except HTTP_CONNECT
368         HTTPS - same as HTTP_CONNECT
369         FTP_GET - FTP get request
370         FTP_PUT - FTP put request
371         FTP_LIST - FTP list request
372         FTP_DATA - FTP data connection. Note:  FTP_DATA  requires  access  to
373       dynamic non-ptivileged (1024-65535) ports on remote side.
374         FTP - matches any FTP/FTP Data request
375         ADMIN - access to administration interface
376        Weeksdays  are week days numbers or periods, 0 or 7 means Sunday, 1 is
377       Monday, 1-5 means Monday through Friday. Timeperiodlists is a  list  of
378       time    periods    in    HH:MM:SS-HH:MM:SS    format.    For   example,
379       00:00:00-08:00:00,17:00:00-24:00:00 lists non-working hours.
380       parent <weight> <type> <ip> <port> <username> <password>
381        this command must follow "allow" rule. It extends last allow  rule  to
382       build  proxy  chain.  Proxies may be grouped. Proxy inside the group is
383       selected randomly. If few groups are specified one  proxy  is  randomly
384       picked  from each group and chain of proxies is created (that is second
385       proxy connected through first one and so on).  Weight is used to  group
386       proxies.  Weigt is a number between 1 and 1000.  Weights are summed and
387       proxies are grouped together untill weight of group is 1000. That is:
388        allow *
389        parent 500 socks5 192.168.10.1 1080
390        parent 500 connect 192.168.10.1 3128
391        makes 3proxy to randomly choose between 2  proxies  for  all  outgoing
392       connections. These 2 proxies form 1 group (summarized weight is 1000).
393        allow * * * 80
394        parent 1000 socks5 192.168.10.1 1080
395        parent 1000 connect 192.168.20.1 3128
396        parent 300 socks4 192.168.30.1 1080
397        parent 700 socks5 192.168.40.1 1080
398        creates  chain  of  3 proxies: 192.168.10.1, 192.168.20.1 and third is
399       (192.168.30.1 with probability of 0.3 or 192.168.40.1 with  probability
400       of 0.7) for outgoing web connections.
401
402        type is one of:
403         tcp - simply redirect connection. TCP is always last in chain.
404         http - redirect to HTTP proxy. HTTP is always last chain.
405         pop3  -  redirect to POP3 proxy (only local redirection is supported,
406       can not be used for chaining)
407         ftp - redirect to FTP proxy (only local redirection is supported, can
408       not be used for chaining)
409         connect - parent is HTTP CONNECT method proxy
410         connect+ - parent is HTTP CONNECT proxy with name resolution
411         socks4 - parent is SOCKSv4 proxy
412         socks4+ - parent is SOCKSv4 proxy with name resolution (SOCKSv4a)
413         socks5 - parent is SOCKSv5 proxy
414         socks5+ - parent is SOCKSv5 proxy with name resolution
415         socks4b  -  parent  is  SOCKS4b  (broken  SOCKSv4 implementation with
416       shortened server reply. I never saw this kind ofservers  byt  they  say
417       there  are).  Normally you should not use this option. Do not mess this
418       option with SOCKSv4a (socks4+).
419         socks5b - parent  is  SOCKS5b  (broken  SOCKSv5  implementation  with
420       shortened  server  reply. I think you will never find it useful). Never
421       use this option unless you know exactly you need it.
422         admin - redirect request to local 'admin' service  (with  -s  parame‐
423       ter).
424        Use "+" proxy only with "fakeresolve" option
425
426        IP  and  port are ip addres and port of parent proxy server.  If IP is
427       zero, ip is taken from original request, only port is changed.  If port
428       is zero, it's taken from original request, only IP is changed.  If both
429       IP and port are zero - it's a special case  of  local  redirection,  it
430       works  only  with  socks proxy. In case of local redirection request is
431       redirected to different service, ftp locally redirects  to  ftppr  pop3
432       locally  redirects  to  pop3p  http  locally  redurects  to proxy admin
433       locally redirects to admin -s service.
434
435        Main purpose of local redirections is to have requested resource  (URL
436       or  POP3  username) logged and protocol-specific filters to be applied.
437       In case of local redirection ACLs are revied  twice:  first,  by  SOCKS
438       proxy  up  to redirected (HTTP, FTP or POP3) after 'parent' command. It
439       means, additional 'allow' command is required for redirected  requests,
440       for example:
441        allow * * * 80
442        parent 1000 http 0.0.0.0 0
443        allow * * * 80 HTTP_GET,HTTP_POST
444        socks
445        redirects  all SOCKS requests with target port 80 to local HTTP proxy,
446       local HTTP proxy parses requests and allows only GET and POST requests.
447        parent 1000 http 1.2.3.4 0
448        Changes external address for given connection to 1.2.3.4  (an  equiva‐
449       lent to -e1.2.3.4)
450        Optional  username  and  password  are  used to authenticate on parent
451       proxy. Username of '*' means username must be supplied by user.
452
453
454       nolog <n>
455        extends last allow or deny command to prevent logging, e.g.
456       allow * * 192.168.1.1
457       nolog
458
459
460       weight <n>
461        extends last allow or deny command to set weight for this request
462        allow * * 192.168.1.1
463        weight 100
464        Weight may be used for different purposes.
465
466
467       force
468       noforce
469        If force is specified for service, configuration reload  will  require
470       all  current sessions of this service to be re-authenticated. If ACL is
471       changed or user account is removed, old connections which do not  match
472       current are closed.
473        noforce allows to keep previously authenticated connections.
474
475       bandlimin  <rate> <userlist> <sourcelist> <targetlist> <targetportlist>
476       <operationlist>
477       nobandlimin  <userlist>  <sourcelist>   <targetlist>   <targetportlist>
478       <operationlist>
479       bandlimout <rate> <userlist> <sourcelist> <targetlist> <targetportlist>
480       <operationlist>
481       nobandlimout  <userlist>  <sourcelist>  <targetlist>   <targetportlist>
482       <operationlist>
483        bandlim  sets  bandwith limitation filter to <rate> bps (bits per sec‐
484       ond) (if you want to specife bytes per second - multiply your value  to
485       8).   bandlim rules act in a same manner as allow/deny rules except one
486       thing: bandwidth limiting is applied to all services, not to some  spe‐
487       cific  service.   bandlimin and nobandlimin applies to incoming traffic
488       bandlimout and nobandlimout applies to outgoing traffic If tou want  to
489       ratelimit  your  clients  with  ip's  192.168.10.16/30 (4 addresses) to
490       57600 bps you have to specify 4 rules like
491        bandlimin 57600 * 192.168.10.16
492        bandlimin 57600 * 192.168.10.17
493        bandlimin 57600 * 192.168.10.18
494        bandlimin 57600 * 192.168.10.19
495        and every of you clients will have 56K channel. If you specify
496        bandlimin 57600 * 192.168.10.16/30
497        you will have 56K channel shared between all clients.   if  you  want,
498       for example, to limit all speed ecept access to POP3 you can use
499        nobandlimin * * * 110
500        before the rest of bandlim rules.
501
502       counter <filename> <reporttype> <repotname>
503       countin  <number>  <type>  <limit> <userlist> <sourcelist> <targetlist>
504       <targetportlist> <operationlist>
505       nocountin <userlist> <sourcelist> <targetlist> <targetportlist> <opera‐
506       tionlist>
507       countout  <number>  <type> <limit> <userlist> <sourcelist> <targetlist>
508       <targetportlist> <operationlist>
509       nocountout <userlist> <sourcelist> <targetlist> <targetportlist> <oper‐
510       ationlist>
511
512        counter,  countin, nocountin, countout, noucountout  commands are used
513       to set traffic limit in MB for period of time  (day,  week  or  month).
514       Filename  is a path to a special file where traffic information is per‐
515       manently stored.  number is sequential number of record in  this  file.
516       If number is 0 no traffic information  on this counter is saved in file
517       (that is if proxy restarted all  information  is  loosed)  overwise  it
518       should  be unique sequential number.  Type specifies a type of counter.
519       Type is one of:
520        H - counter is resetted hourly
521        D - counter is resetted daily
522        W - counter is resetted weekly
523        M - counter is resetted monthely
524        reporttype/repotname may be used to generate traffic reports.  Report‐
525       type  is  one  of D,W,M,H(hourly) and repotname specifies filename tem‐
526       plate for reports. Report is text file with counter values in format:
527        <COUNTERNUMBER> <TRAF>
528        The rest of parameters is identical to bandlim/nobandlim.
529
530       users username[:pwtype:password] ...
531        pwtype is one of:
532         none (empty) - use system authentication
533         CL - password is cleartext
534         CR - password is crypt-style password
535         NT - password is NT password (in hex)
536        example:
537        users test1:CL:password1 "test2:CR:$1$lFDGlder$pLRb4cU2D7GAT58YQvY49."
538        users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
539        Note: double quotes are requiered because password contains $ sign.
540
541       flush
542        empty active access list. Access list must be flushed avery  time  you
543       creating new access list for new service. For example:
544        allow *
545        pop3p
546        flush
547        allow * 192.168.1.0/24
548        socks
549        sets different ACLs for pop3p and socks
550
551       system <command>
552        execute system command
553
554       pidfile <filename>
555        write  pid  of  current  process to file. It can be used to manipulate
556       3proxy with signals under Unix. Currently next signals are available:
557
558       monitor <filename>
559        If file monitored changes in modification time or size, 3proxy reloads
560       configuration within one minute. Any number of files may be monitored.
561
562       setuid <uid>
563        calls setuid(uid), uid must be numeric. Unix only. Warning: under some
564       Linux kernels setuid() works onle  for  current  thread.  It  makes  it
565       impossible to suid for all threads.
566
567       setgid <gid>
568        calls setgid(gid), gid must be numeric. Unix only.
569
570       chroot <path>
571        calls chroot(path). Unix only.
572
573       stacksize <value_to_add_to_default_stack_size>
574        Change  default size for threads stack. May be required in some situa‐
575       tion,
576        e.g. with non-default plugins, on on some platforms (some FreeBSD ver‐
577       sion
578        may  require adjusting stack size due to invalid defined value in sys‐
579       tem
580        header files, this value is also oftent reqruied  to  be  changed  for
581       ODBC and
582        PAM support on Linux. If you experience 3proxy
583        crash  on  request processing, try to set some positive value. You may
584       start with
585        stacksize 65536
586        and then find the minimal value for service to work. If you experience
587        memory shortage, you can try to experiment with negative values.
588

PLUGINS

590       plugin <path_to_shared_library> <function_to_call> [<arg1> ...]
591        Loads specified library and calls given  export  function  with  given
592       arguments, as
593        int  functions_to_call(struct  pluginlink  *  pl,  int  argc,  char  *
594       argv[]);
595        function_to_call must return 0 in case of success, value > 0 to  indi‐
596       cate error.
597
598       filtermaxsize <max_size_of_data_to_filter>
599        If  Content-length  (or  another  data  length)  is greater than given
600       value, no data filtering will be performed thorugh filtering plugins to
601       avoid  data  corruption  and/or  Content-Length chaging. Default is 1MB
602       (1048576).
603
604

BUGS

606       Report all bugs to 3proxy@3proxy.ru
607

SEE ALSO

609       3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8),  udppm(8),
610       syslogd(8),
611       http://3proxy.ru/
612

TRIVIA

614       3APA3A is pronounced as ``zaraza´´.
615

AUTHORS

617       3proxy is designed by Vladimir 3APA3A Dubrovin (3proxy@3proxy.ru)
618
619
620
6213proxy 0.8                       January 2016                    3proxy.cfg(3)
Impressum