# # Configuration file for oops proxy cache server # # Crated by _tgz@enjoy-unix.org # # # Types: # # string: any character # number: a nature number (N >= 0) # boolean: {yes|no} # yes: option is enables # no: option is disabled # # host: # represents a host's name # host_list: { ...} # port: # number must be less than 32768 # port_range: \[:\] # the first must be the lower # port_list: {{|},...} # items separated by commas # # : # number must be less than 256 # ip_addr: ... # ip_addr_list: { ...} # # : # number must be less than 33 # net_addr: / # net_addr_list: { ...} # # ACL_name: # refers to an ACL's name # ACL_list: {{[!]} ...} # '!' means negation # # size: m # refers to something's size # percent: # means whole * percent / 100 # days: # represents some amount of time measured in days # hours: # represents some amount of time measured in hours # milisecs: # represents some amount of time measured in milisecundums (1/1000 # secundum) # # regex: # represents a regular expression # path: # refers to a file's full name (path + filename + extension) # filename: # refers to a file's basename (filename + extension W/O path) # charset: # ??? refers to a character set # username: # represents a user's name (as in /etc/passwd) # # include: include: # get the real value from which contains one value per # line, '#'-style comments are allowed. # # # Which nameservers to use for domain name resolving. You can use this # directive more than once but you must specify at least nameserver. # # Optional: no # # address: # the address of the nameserver # nameserver
nameserver 127.0.0.1 # # Which port oops binds on. # # Optional: ??? # # service: {http_port|icp_port} # http_port: for the http protocol # icp_port: for the Internet Cache Protocol # # http_port 3128 icp_port 3130 # # setuid() to this uid after chroot()'ing. # # Optional: yes # # userid userid oops # # Use chroot(). Remember that all paths below will be relative # to this one. # # Optional: yes # # chroot #chroot /usr/local/oops # # Attributes for oops' logfiles. # # Optional: ??? # # type: {logfile|accesslog} # logfile: debug informations # accesslog: who accessed what (the same as in squid) # logpath: # path to the log file # attribs: \{ \} # S: # rotate logfile if bigger than S # N: # no more than N logfiles will be kept # # logfile /var/log/oops/debug { 3 1m } accesslog /var/log/oops/access { 3 1m } # # Uncomment the line below if you want logfiles to be buffered. # Otherwise they won't. # logs_buffered # # The location of the file where oops keeps its process ID. # # Optional: ??? # # pidfile pidfile /var/run/oops.pid # # Write statistics to this file every minute. # # Optional: ??? # # statistics statistics /var/log/oops/statistic # # Where to search for link.gif, dir.gif, binary.gif etc. (for # ftp lists). If omitted the name of running host will be used. # Using remote files can decrase the speed significally. # # Optional: yes # # location: {icons-host|icons-port|icons-path} # icons-host: ??? # icons-port: ??? # icons-path: ??? # icons-host # icons-port # iconst-path # #icons-host ss5.paco.net #icons-port 80 #icons-path icons # # Memory cache size limits. # # Optional: ??? # # limit: {mem_max|lo_mark} # mem_max: when total object volume in memory grows # over this drop objects without attempt to save it. # (This generally means that cachable data came faster # from the network than we can save it on the disk.) # lo_mark: hint, how much cached objects be kept in memory. # When total amount becomes larger than this limit, # start to swap to the disk. # # mem_max 16m lo_mark 8m # # Object expirations. # # Optional: ??? # # expiration-type: {default-expire-value|ftp-expire-value|max-expire-value} # default-expire-value: expiration time for documents that don't # contain an "Expire:" field # ftp-expire-value: expiration time for ftp objects # max-expire-value: no documents will be kept beyond this time # even if it requested to do. default-expire-value can # ovverride this limit. # # default-expire-value 30 ftp-expire-value 3 max-expire-value 30 # ??? # in which proportion time passed since last document modification # will accounted in expire time. For example, if last-modified-factor=5 # and there was passed 10 days since document modification, then expiration # will be set to 2 days in future (but no nore then max-expire-value) # # Optional: ??? # # divider: # ??? # # last-modifier-factor last-modified-factor 5 # # How often check for expired documents. # # Optional: ??? # # default-expire-interval default-expire-interval 24 # ??? # How long wait for icp reply from peer. # # Optional: ??? # # icp_timeout icp_timeout 1000 # # Disk cache size limits. # # Optional: ??? # # type: {disk-low-free|disk-ok-free} # disk-low-free: clean up cache if free space on the storage # media goes under free_disk. Zero means exactly 1M. # disk-ok-free: stop cache cleanup when free space reaches # free_disk. Zero means exactly 2M. # free_disk: # 100 means the whole size of the media where the storage # is kept on. # # disk-low-free 0 disk-ok-free 8 # # Force to use HTTP/1.1 when communicating with the document server. # This option is required if module "vary" is used. # #force_http11 # ??? # Always check document freshness, even if it's not stale nor expired. # This force oops to behave squid-like: first check the cached document, # then send it. # #always_check_freshness # # If the user aborted connection when we already had downloaded # more than P percent of the document, continue prcessing. # # Optional: ??? # # P: # # force_completion

force_completion 50 # # Only those objects will be cached whose size is smaller than MS. # # Optional: ??? # # MS: # # maxresident maxresident 1m # # Insert some headers in responces: 'X-Forwarded-For:' and 'Via:' # # Optional: yes # # #insert_x_forwarded_for yes #insert_via yes # ??? # Use this name to connect the document server. # # Optional: yes # # connect-from #connect-from proxy.paco.net # # ACL definitions, one ACL per line. # # Optional: yes # # name: # you can refer to the ACL by this name later # type: {urlregex|urlpath|usercharset|port|dstdom|dstdom_regex|src_ip|method} # urlregex: the value field is a which is compared # against the requested URL. # urlpath: ??? # usercharset: the value field is a ??? # port: the value field is a ??? # dstdom: the value field is which is compared # against the destination domain name # dstdom_regex: the value field is a which is compared # against the destination domain name # src_ip: the value field is an {|} # which is compared against the requester's IP address ??? # method: ??? # # data: {|} # value: {||||||PURGE} # PURGE: ??? # # acl #acl CACHEABLECGI urlregex http://www\.topping\.com\.ua/cgi-bin/pingstat\.cgi\?072199131826 #acl WWWPACO urlregex www\.paco\.net #acl NO_RLH urlregex zipper #acl REWRITEPORTS urlregex (www.job.ru|www.sale.ru) #acl REWRITEHOSTS urlregex (www.asm.ru|zipper\.paco) #acl WINUSER usercharset windows-1251 #acl DOSUSER usercharset ibm866 #acl UNIXUSER usercharset koi8-r #acl BADPORTS port [0:79],110,138,139,513,[6000:6010] #acl BADDOMAIN dstdom baddomain1.com baddomain2.com #acl BADDOMREGEX dstdom_regex baddomain\.((com)|(org)) #acl LOCAL_NETWORKS src_ip include:/usr/local/oops/acl_local_networks #acl BADNETWORKS src_ip 192.168.10/24 #acl ADMINS src_ip 127.0.0.1 #acl PURGE method PURGE # ??? # Deny serve requests that came from . # # Optional: yes # # acl_deny acl_deny PURGE !ADMINS # # Never cache objects whose PATH contains . # # Optional: yes # # stop_cache stop_cache ? stop_cache cgi-bin # # Do not cache objects whose ACL matches. # # Optional: yes # # stop_cache_acl #stop_cache_acl WWWPACO # # Check and set expiration date for documents. # # Optional: yes # # min: # Document will not expire earlier then sec in future # P: [%] # Set expiration date in accordance with Last-Modified header # max: # Document will expire earlier then sec in future # # refresh_pattern

#refresh_pattern CACHEABLECGI 20 50% 200 #refresh_pattern WWWPACO 0 0% 0 # # Forward all requests to except local ones (to avoid endless # recursion). This option also suppress any ICP queries to any peer. # # parent #parent proxy.paco.net 3128 # ??? # ICP peers # # Optional: yes # #peer proxy.paco.net 3128 3130 #{ # sibling; # # we will NOT send requests for these domains # deny dstdomain *; # # we will send requests for these domains # allow dstdomain *; #} #peer proxy.gu.net 80 3130 #{ # parent; # allow dstdomain *; # deny dstdomain paco.net odessa.ua; #} # # Do not forward requests to parents if target is N. # # Optional: yes # # N: {|} # # #local-domain odessa.ua od.ua #local-domain odessa.net paco.net netsy.net netsy.com te.net.ua #local-networks 195.114.128/19 10/8 192.168/16 # # Groups # # Optional: ??? # # You can describe group ip adresses here, or using src_ip acl's # with networks_acl directive. # networks_acl always have higher preference (checked first) and # are checked in the order of appearance. # If host wil not fall in any networks_acl - we check in networks. # networks are ordered by masklen - longest masks(most specific networks) # are checked first. #group paco #{ # networks 195.114.128/19 127/8 195.5.40.93/32; # networks_acl LOCAL_NETWORKS !BAD_NETWORKS # badports [0:79],110,138,139,513,[6000:6010]; # miss allow; # # # When deny access to proxy server for this group # denytime Sat,Sun 0642:1000 # denytime Mon,Thu:Fri,Sun 0900:2100 # # # Authentication modules for this group, seprated by space. # auth_mods passwd_file; # # # URL-Redirector modules for this group, separated by space. # redir_mods redir; # # # limit whole group to 8 KB/s # bandwidth 8k; # # icp # { # allow dstdomain *; # } # # http # { # # deny dstdomain {|} # # allow dstdomain {|} # # allow dstdomain *; # } #} #group world #{ # networks 0/0; # badports [0:79],110,138,139,513,[6000:6010]; # # http # { # deny dstdomain *; # } # # icp # { # deny dstdomain *; # } #} # # The location of database index files. # dbhome: directory where all DB indices resides. This directory # must exists. # dbname: filename for the index file # Without DB oops will cache only to memory. # # Optional: yes # # dbhost # dbname # dbhome /var/local/oops/DB dbname dburl # # Storage section. You can define zero or more storage devices. # Zero means that oops will cache only to memory. # # Optional: yes # # path: # path to the file or device # size: {|auto} # specifies the storage's size (this information is needed # for the format process (oops -z). On existing storages you can # use the keyword "auto" (for disk slices it won't work on Linux and # some other platforms). # offset: # don't touch the first N sectors ??? # storage { path /dev/sda2; size auto; # offset 512; } #storage #{ # path /usr/local/oops/storages/oops_storage1 ; # size 600m ; #} # # Module configuration # # Optional: yes # # # Module to handle national languages # #module lang #{ # # default_charset koi8-r # # # Recode tables and other charset stuff # CharsetRecodeTable windows-1251 /usr/local/lib/oops/tables/koi-win.tab # CharsetRecodeTable ISO-8859-5 /usr/local/lib/oops/tables/koi-iso.tab # CharsetRecodeTable ibm866 /usr/local/lib/oops/tables/koi-alt.tab # CharsetAgent windows-1251 AIR_Mosaic IWENG/1 MSIE WinMosaic (Windows (WinNT; # CharsetAgent windows-1251 (Win16; (Win95; (Win98; (16-bit) Opera/3.0 # CharsetAgent ibm866 DosLynx Lynx2/OS/2 #} # The error reporting module module err { # template template /usr/local/lib/oops/templates/err_template.html; # Language to use when generate Error messages lang en; } # # The password proxy-authentication module. # # Default realm, scheme and password file. The only # thing you can really want to change is 'file' # and 'template'. You don't have to reconfigure oops # if you only change the content of passwd file or # template: oops will automatically reload them. # module passwd_file { realm oops scheme Basic file /usr/local/etc/oops/passwd template /usr/local/lib/oops/templates/auth_template.html } # # The redirection module. # # file: # path to the redirection rules # template: # path to the local error template # myport: [{|}:] # process redirection only on those requests which arreive on # this interface/port # You don't have to reconfigure oops # if you only change the content of rules file or # template: oops will automatically reload them. # # module redir { file /usr/local/etc/oops/redir_rules template /usr/local/lib/oops/templates/redir_template.html #myport 3129 } # # Module which handle requests of oopsctl - programm to control proxy server # module oopsctl { # Path to oopsctl unix socket socket_path /var/local/oops/oopsctl; # Time to auto-refresh page (in seconds) html_refresh 300; } # # This module hanldle 'Vary' header in serever responce. # In cooperation with 'force_http11' it can give you more hits for # documents served by HTTP/1.1 servers # It was written spaecial for better cooperation with Russian Apache. #module vary #{ # user-agent by_charset # accept-charset ignore #} # # The WWW-accelerator module. # To use for a group (???) add the word ``accel'' # to its redir_mods list. # # myport: {[{|ip_addr}:]} ... # ??? # file: # configuration file for maps and other directives. Checked in # every minute. # #module accel #{ # file /usr/local/oops/accel_maps # myport 80 #} # # The transparent proxy module. # To use for a group (???) add the word ``transparent'' # to its redir_mods list. # # myport: {[{|ip_addr}:]} ... # ??? # #module transparent #{ # myport 3128; #}