Site Index - Feedback - Impressum |
| |||||||||
|
|
( Archiv ) | ( Neues Thema ) |
24.12.2004 |
oops Config-File (von: Christian/2, 23:46:13) | « ^ » |
Also,
kann jemand was mit folgender Config-file was anfangen? Was müßte ich verändern? PS: Squid und Smartcache habe ich noch gebacken bekommen.... aber oops... da ist momentan bei mir der Wurm drin. oops.cfg: ## ## You can insert include statement at top level config, so that config can ## be combined from several files. 'include' can be nested (maximum depth 10) ## #include <filename> ## # nameservers. Use your own, not our. ## nameserver 192.168.0.64 # nameserver 193.219.193.130 ## # Ports and address to use for HTTP and ICP ## #bind ip_addr|hostname http_port 3128 icp_port 3130 ## ## Change euid to that user ## ## WARNING: if you use 'userid, then you 'reconfigure will not be able to ## open new sockets on reserved (< 1024) ports and will not be able ## to return to original userid. ## ## ## Change root directory. If don't know exactly what are you doing - ## leave commented. #chroot ??? ## # Logfile - just debug output # When used in form 'filename [{N S}] [[un]buffered]' # will be rotated automatically (up to N files up to S bytes in size) ## #logfile /dev/tty logfile ./logs/oops.log { 30 1m } unbuffered ## # Accesslog - the same as for squid. Re rotating - see note for logfile ## #accesslog /dev/tty accesslog ./logs/access.log { 30 1m } unbuffered ## # Pidfile. for kill -1 `cat oops.pid` and for locking. ## pidfile ./logs/oops.pid ## # Statistics file - once per minute flush some statistics to this file ## statistics ./logs/oops_statfile ## # icons - where to find link.gif, dir.gif, binary.gif and so on (for # ftp lists). If omitted - name of running host will be used. But # using explicit names is better way. ## #icons-host ss5.paco.net #icons-port 80 #icons-path icons ## # When total object volume in memory grow over this (this mean # that cachable data from network came faster then we can save on disk) # drop objects (without attempt to save on disk). ## mem_max 4m ## # Hint, how much cached objects keep in memory. # When total amount become larger then this limit - start # swaping cachable objects to disk ## lo_mark 2m ## # start random early drop when number of clients reach some level. # this can protect you against attacks and against situation when # oops cant handle too much connections. By default - 0 (or no limits). ## #start_red 0 ## # refuse any connection when number of already connected clients reach some # level. By default - 0 (or no limits). ## #refuse_at 0 ## # if document contain no Expires: then expire after (in days) # ftp-expire-value - expire time for ftp (in days) ## default-expire-value 7 ftp-expire-value 7 ## # While connecting to public FTP resource, use this string as password ## #anon_ftp_passw oops@localhost ## # if you want expirestart and run only at some time intervals, # then use next instruction ## #expiretime Sun:Sat 0100:0700 ## # Maximum expite time - doc will not keep in cache more then # this number of days (except if defaiult-expire-value used for this documeny) ## max-expire-value 30 ## # in which proportion time passed since last document modification # will accounted in expire time. For example, if last-modified-factor=5 # and there was passed 10 days since document modification, then expiration # will be setted to 2 days in future (but no nore then max-expire-value) ## last-modified-factor 5 ## # If you want not cache replies without Last-Modified: # uncomment next line. ## #dont_cache_without_last_modified # run expire every ( in hours ) ## default-expire-interval 1 ## # negative_cache - how long cache 404 answer from server ## #negative_cache 0 ## # icp_timeout - how long to wait icp reply from peer (in ms, e.g 1000 = 1sec) ## icp_timeout 1000 ## # start disk cache cleanup when free space will be (in %%) # As on the very large storages 1% is large space (1% from 9G is # 90M), then on such storages you can set both disk-low-free and # disk-ok-free to 0. Oops will start cleanup if it have less then 256 # free blocks(1M), and stop when it reach 512 bree blocks(2M). ## disk-low-free 3 ## # stop disk cache cleanup when free space will be (in %%) ## disk-ok-free 5 ## # Force_http11 - turn on http/1.1 for each request to document server # This option required if module 'vary' used. ## force_http11 ## # Always check document freshness, even it is not stale or expired # This force Oops behave like squid - first check cached doc, then send ## #always_check_freshness ## # If user-requestor aborted connection to proxy, but there was received more # then some percent ot the document - then continue. # default value - 75% ## force_completion 75 ## # maximum size of the object we will cache ## maxresident 1m ## # minimum size of the object we will cache ## #minresident 0 insert_x_forwarded_for yes insert_via yes ## # Load documents as fast as we can, or as fast as client can download # First method will save number of opened sockets # Second - save your bandwidth and memory. # Use "yes". ## fetch_with_client_speed yes ## # If host have several interfaces or aliases, use exactly # this name when connecting to server: ## #connect-from proxy.paco.net ## # ACLs - currently: urlregex, urlpath, usercharset # port, dstdom, dstdom_regex, src_ip, time # each acl can be loaded from file. ## #acl CACHEABLECGI urlregex http://www\.topping\.com\.ua/cgi-bin/pingstat\.cgi\?072199131826 #acl WWWPACO urlregex www\.paco\.net #acl NO_RLH urlregex zipper #acl REWRITEPORTS urlregex (www.job.ru|www.sale.ru) #acl REWRITEHOSTS urlregex (www.asm.ru|zipper\.paco) #acl WINUSER usercharset windows-1251 #acl DOSUSER usercharset ibm866 #acl UNIXUSER usercharset koi8-r #acl RUS dstdom ru su #acl UKR dstdom ua #acl BADPORTS port [0:79],110,138,139,513,[6000:6010] #acl BADDOMAIN dstdom baddomain1.com baddomain2.com #acl BADDOMREGEX dstdom_regex baddomain\.((com)|(org)) #acl LOCAL_NETWORKS src_ip include:./etc/acl_local_networks #acl BADNETWORKS src_ip 192.168.10/24 ## WARNING: acl dst_ip is applyed to destination hostname BEFORE ## any redirection used. #acl LOCALDST dst_ip 192.168.10/24 ## #acl WORKTIME time Mon,Tue:Fri 0900:1800 #acl HTMLS content_type text/html #acl USERS username joe acl MSIE header_substr user-agent MSIE acl ADMINS src_ip 127.0.0.1 acl PURGE method PURGE acl CONNECT method CONNECT acl SSLPORT port 443 ## # acl_deny [!]ACL [!]ACL ... # deny access for combined acl ## acl_deny PURGE !ADMINS acl_deny CONNECT !SSLPORT ## # Never cache objects with URL, containing next strings in path ## stop_cache ? stop_cache cgi-bin ## # stop_cache_acl [!]ACL [!]ACL ... # Stop cache using ACL ## #stop_cache_acl WWWPACO ## # refresh_pattern ACLNAME min percent max # 'min' and 'max' are limits between Expite time will be assigned # Iff document have no expire: header and have Last-Modified: header # we will use 'percent' to estimate how far in the future document will # be expired. ## #refresh_pattern CACHEABLECGI 20 50% 200 #refresh_pattern WWWPACO 0 0% 0 ## # bind_acl {hostname|ip} [!]ACL [!]ACL ... # bind to given address when connecting to server # if request match ACLNAME ## #bind_acl outname1 RUS #bind_acl outname2 UKR ## # Always check document freshness, but now on acl basis. # You can have several such lines. ## This example will force to check freshness only for html documents. #always_check_freshness_acl HTMLS ## # line 'parent ....' will force all connections (except to destinations # in local-domain or local-networks) go through parent host ## #parent proxy.paco.net 3128 ## # parent_auth login:password # if your parent require login/password from your proxy ## #parent_auth login:password # ICP peer's #peer proxy.paco.net 3128 3130 { ## ^^^ peer name ^http port ^icp port ## icp port can be 0, in which case we assume this is non-icp ## proxy. We assume that non-icp peer act like parent which ## answer MISS all th etime. If this peer refused connection ## then it goes down for 60 seconds - it doesn't take part in ## any peer-related decisions. # sibling ; ## if this peer require login/password from your proxy # my_auth my_login:my_password; ## we will send requests for these domains # allow dstdomain * ; ## we will NOT send requests for these domains # deny dstdomain * ; ## we will send only requests matched to this acl # peer_access [!]ACL1 [!]ACL2 ## if (and only if) peer is not icp-capable, then , in case of fail we ## leave failed peer alone for the down_timeout interval (in seconds). ## Then we will try again # down_timeout 60 ; #} #peer proxy.gu.net 80 3130 { # parent ; # allow dstdomain * ; # deny dstdomain paco.net odessa.ua ; #} ## # Never use "parent" when connecting to server in these domains ## local-domain odessa.ua od.ua local-domain odessa.net paco.net netsy.net netsy.com te.net.ua local-networks 192.168/16 # # Groups # group mygroup { networks 192.168.0/24; http { allow dstdomain *; } auth_mods passwd_file; } #group paco { ## # You can describe group ip adresses here, or using src_ip acl's # with networks_acl directive. # networks_acl always have higher preference (checked first) and # are checked in the order of appearance. # If host wil not fall in any networks_acl - we check in networks. # networks are ordered by masklen - longest masks(most specific networks) # are checked first. ## # networks 195.114.128/19 127/8 195.5.40.93/32 ; # networks_acl LOCAL_NETWORKS !BAD_NETWORKS ; # badports [0:79],110,138,139,513,[6000:6010] ; # miss allow; ## # denytime - when deny access to proxy server for this group ## # denytime Sat,Sun 0642:1000 # denytime Mon,Thu:Fri,Sun 0900:2100 ## # Authentication modules for this group (seprated by space) ## # auth_mods passwd_file; # auth_mods pam; ## # URL-Redirector (porno, ad. filtering) modules for this group (separate by # space) # NOTE: modules redir and fastredir can use several configs, one per group. # use next form: redir_mods redir/1; # and redir_mods redir/2; # in the groups section. # You also have to have correspondent module redir/1 {...} and # redir/2 {...} sections. ## # redir_mods redir; ## # limit whole group to 8Kbytes per sec ## # bandwidth 8k; ## # limit each host 8Kbytes per sec ## # per_ip_bw 8k; ## # limit connections number from each host ## # per_ip_conn 8; ## # Connect from specified ip address for group. # You can be use the ip address or host name. ## # connect_from <ip-addr>; ## # limit request rate from this group (requests per second). This is crude, # and must be used as last resort ## # maxreqrate 100; ## # icp acl ... ## # icp { # allow dstdomain * ; # } ## # http acl ## # http { ## # http acls can be in form 'allow dstdomain domainname domainname ... domainname ; # or in form 'allow dstdomain include:filename ; # where filename - name of the file, which contain # domainnames (one per line, # - comment line); # the same rules for 'deny' ## # allow dstdomain * ; # } #} #group world { # networks 0/0; # badports [0:79],110,138,139,513,[6000:6010]; # http { # deny dstdomain * ; # } # icp { # deny dstdomain * ; # } #} ## # Storage section # Change this for your own situation. Oops can work without # storages (using only in-memory cache). ## ## # Storage description (can be several) # path - filename of storage. can be raw device (be carefull!) # size - size (of storage file). Can be smthng like 100k or 200m or 4g # Size used only durig format process (oops -z). ## storage { path ./storages/oops_storage ; # Size of the storage. Can be in bytes or 'auto'. Auto is # usefull for pre-created storages or disk slices. # NOTE: 'size auto' won't work for Linux on disk slices. # To use large ( > 2G ) files run configure with --enable-large-files size 100m ; # You have to use 'offset' in the case your raw device (or slice) # require that. For example if you use entire disk as storage # under AIX and Soalris/Sparc - you have to skip first block # which contain disk label (that is storage will start from # next 512 sector. # offset 512; } #storage { # path ./storages/oops_storage1 ; # size 600m ; #} module lang { default_charset koi8-r # Recode tables and other charset stuff CharsetRecodeTable windows-1251 ./etc/tables/koi-win.tab CharsetRecodeTable ISO-8859-5 ./etc/tables/koi-iso.tab CharsetRecodeTable ibm866 ./etc/tables/koi-alt.tab CharsetAgent windows-1251 AIR_Mosaic IWENG/1 MSIE WinMosaic (Windows (WinNT; CharsetAgent windows-1251 (Win16; (Win95; (Win98; (16-bit) Opera/3.0 CharsetAgent ibm866 DosLynx Lynx2/OS/2 } module err { # error reporting module # template template ./etc/err_template.html # Language to use when generate Error messages lang ru } module passwd_file { # password proxy-authentication module # # default realm, scheme and passwd file # the only thing you really want to change is 'file' and 'template' # you don't have to reconfigure oops if you only # change content passwd file or template: oops authomatically # reload file realm oops scheme Basic file ./etc/passwd template ./etc/auth_template.html } module pam { realm oops scheme Basic service oops template ./etc/auth_template.html } module passwd_pgsql { # proxy authentication using postgresql # "Ivan B. Yelnikov" <bahek@khspu.ru> # # host - host where database live, # user,password - login and password for database access # database - database name # select - file with request body # template - file with html doc which user will receive # during authentication scheme Basic realm oops host <host address/name> user <database_user> password <user_password> database <database_name> select ./etc/select.sql template ./etc/auth_template.html } module passwd_mysql { # proxy authentication usin mysql # "Ivan B. Yelnikov" <bahek@khspu.ru> # # look passwd_pgsql description # scheme Basic realm oops host <host address/name> user <database_user> password <user_password> database <database_name> select ./etc/select.sql template ./etc/auth_template.html } # You can several (up to 15) redir configs: # module redir/1 { # ... # } # module redir/2 { # ... # } # ... # # Such names (redir/N) can be used in redir_mods statements in group # description module redir { # file - regex rules. # each line consist of one or two fields (separated with white space) # 1. regular expression # 2. redirect-location # if requested (by client) url match regex then # if we have redirect-url then we send '302 Moved Temporary' to # redirect-location # if we have no redirect-location (i.e. we have no 2-nd field) # then we send template.html (%R will be substituted by rule) # or some default message if we have no template. # you don't have to reconfigure oops each time # you edit rules or template, they will be reloaded authomatically file ./etc/redir_rules template ./etc/redir_template.html ## mode control will redir rewrite url or send Location: header ## with new location. Values are 'rewrite' or 'bounce' # mode rewrite # myport can have next form: # myport [{hostname|ip_addr}:]port ... # myport 3128 # it configure redir module to process requests on # given port myport 3128 # This module can process requests which come on http_port # and/or on different port. For example, you wish oops # bind on two ports - 3128 and 3129, and all requests which come on # port 3129 must pass through filters, and requests which come on port # 3128 (common http_port) - not. Then you have to uncomment next line # myport 3129 # which means exactly: bind oops to additional port 3129 and process # requests which come on this port. # myport can be in the next form: # myport [{hostname|ip_addr}:]port } module oopsctl { # path to oopsctl unix socket # under os/2, it must be "\socket\xxxx" (default is "\socket\oopsctl"); # name is case-sensitive. socket_path \socket\oopsctl # time to auto-refresh page (seconds) html_refresh 300 } ## ## This module hadnle 'Vary' header - it was written to better support ## Russian Apache ## module vary { user-agent by_charset accept-charset ignore } ## ## WWW -accelerator. To use - add word accel to ## redir_mods line for ## the group 'world' description ## You will find more description of this module in supplied accel_maps file ## #module accel { # myport can have next form: # myport [{hostname|ip_addr}:]port ... # myport 80 ## # access can have next form: # access [{hostname|ip_addr}:]port ... # If this directive is set, then incoming packets will be checked # for module "accel", according to this directive, not "myports". # In this case "oops" will open sockets according to "myports" # as well as when rule "access" is missed. This is needed when destination # of incoming packet doesn't match "oops" bindings ,for example when we're # forwarding packets using firewall. # # This allows us to produce the following construction : # firewall: forward network 80-85 -> ip:80 # oops: myport ip:80 # oops: access 80 81 82 83 84 85 # (in this case "oops" will bind only to ip:80 according to rule "myports") ## # access 80 81 # ## # allow access to proxy through accel module. # Deny will stop proxy through accel completely, regardless # of any other access rules ## # proxy_requests deny # ## # File with maps and other config directives # Checked once per minute. No need to restart oops if maps changed ## # file ./etc/accel_maps #} ## ## Transparent proxy. To use - add word 'transparent' into ## redir_mods line for your group. ## in the your local (or any other) group description ## #module transparent { # myport can have next form: # myport [{hostname|ip_addr}:]port ... # myport 3128 # broken_browsers MSIE #} ## ## %h - remote ip address ## %A - local ip address ## %d - ip address of source (peer or document server) ## %l - remote logname from identd (not suported now) ## %U - remote user (from 'Authorization' header) ## %u - remote user (from proxy-auth) ## %{format}t - time with optional {format} (for strftime) ## %t - time with standard format %d/%b/%Y:%T %Z ## %r - request line ## %s - status code ## %b - bytes received ## %{header}i - value of header in request ## %m - HIT/MISS ## %k - hierarchy (DIRECT/NONE/...) ## ## directive buffered can be followed by size of the buffer, ## like 'buffered 32000' ## module customlog { path ./logs/access_custom1 format "%h %l %u %t \"%r\" %>s %b" # squid httpd mode log emulation # format "%h %u %l %t \"%r\" %s %b %m:%k" # buffered # path /usr/local/oops/logs/access_custom2 # format "%h->%A %l %u [%t] \"%r\" %s %b \"%{User-Agent}i\"" } module berkeley_db { ## # dbhome - directory where all DB indexes reside. Use full path # this directory must exist. # dbname - filename for index file. Use just filename (no full path) ## dbhome ./storages dbname dburl ## # This parameter specifies internal cache size of BerkeleyDB. # Increase this parameter for best performance (if you have a lot of memory). # For example: db_cache_mem 64m # Default and minimum value: 4m # # This memory pool is not part of memory pool, specified by mem_max parameter. # WARNING: the amount of RAM used by oops will be increased by the value of # this parameter. ## #db_cache_mem 4m } #module gigabase_db { # This module enable GigaBASE as database engine. # You can use berkeley_db or gigabase_db, not both. # Also, important notice - indexes created with different modules # are not compatible. # ## # # dbhome - directory where all DB indexes reside. Use full path # # this directory must exist. # # dbname - filename for index file. Use just filename (no full path) # ## # # dbhome ./DB # dbname gdburl # # ## # # This parameter specifies internal cache size of BerkeleyDB. # # Increase this parameter for best performance (if you have a lot of memory). # # For example: db_cache_mem 64m # # Default and minimum value: 4m # # # # This memory pool is not part of memory pool, specified by mem_max parameter. # # WARNING: the amount of RAM used by oops will be increased by the value of # # this parameter. # ## # #db_cache_mem 4m # #} #module wccp2 { # Cache identity. # Ip address under which your cache will be visible. # You should set it only in case oops can't determine it's IP in other other way # identity proxy.yourdomain.tld # # Service group. # Look Cisco documentation what service group is. # In two words - this is group of caches and routers which handle transparently # some kind of traffic. To intercept www requests from your users use # next 'service-group' definition # # service-group web-cache # # Routers for this service group. # Here you list ip-addresses of routers in service group. # To avoid problems list addresses from which cisco will reply - that is # address of interface which is directed to cache. You can describe several # (up to 32) routers. # # router 10.10.10.1 # #} #module netflow { # # This module exports netflow v5 records to flow collector(s) # Each record consists of source (document source, peer,...) address # destination address (client requested document), bytes transferred. # If you supply file with route prefix table and autonomouos system numbers, # then source and desctination ASNs will also present in flow records # # file - path to the tile with prefixes (see file INSTALL). # # file ./prefix_table # # source - flow records source address and port. # # source 127.0.0.1:3333 # # collector - address and port of collector # you can have several lines(collectors). # # collector 127.0.0.1:6666 #} [ Leser: 53 ] |
|
Mit * markierte Felder müssen ausgefüllt werden ! |
( Zeige alle Einträge ) | ( Zur Startübersicht ) |
|
| Christian/2 | 77 | 23.12.2004 | 18:40 |
| Christian/2 | 59 | 24.12.2004 | 08:18 |
| Jan | 56 | 24.12.2004 | 10:31 |
| Christian/2 | 53 | 24.12.2004 | 23:46 |
| Jan | 45 | 26.12.2004 | 15:08 |
| Christian/2 | 36 | 27.12.2004 | 12:32 |
| jan | 34 | 27.12.2004 | 13:42 |
| Christian/2 | 32 | 27.12.2004 | 18:50 |
| Jan | 34 | 27.12.2004 | 20:20 |
| Christian/2 | 29 | 29.12.2004 | 10:25 |
|