mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-16 19:50:19 +01:00
864 lines
26 KiB
Text
864 lines
26 KiB
Text
#
|
|
# This file contains the default settings for c-icap
|
|
#
|
|
#
|
|
|
|
|
|
# TAG: PidFile
|
|
# Format: PidFile pid_file
|
|
# Description:
|
|
# The file to store the pid of the main process of the c-icap server.
|
|
# Default:
|
|
# PidFile /var/run/c-icap/c-icap.pid
|
|
PidFile /var/run/c-icap/c-icap.pid
|
|
|
|
# TAG: CommandsSocket
|
|
# Format: CommandsSocket socket_file
|
|
# Description:
|
|
# The path of file to use as control socket for c-icap
|
|
# Default:
|
|
# CommandsSocket /var/run/c-icap/c-icap.ctl
|
|
CommandsSocket /var/run/c-icap/c-icap.ctl
|
|
|
|
# TAG: Timeout
|
|
# Format: Timeout seconds
|
|
# Description:
|
|
# The time in seconds after which a connection without activity
|
|
# can be cancelled.
|
|
# Default:
|
|
# Timeout 300
|
|
Timeout 300
|
|
|
|
# TAG: MaxKeepAliveRequests
|
|
# Format: MaxKeepAliveRequests number
|
|
# Description:
|
|
# The maximum number of requests can be served by one connection
|
|
# Set it to -1 for no limit
|
|
# Default:
|
|
# MaxKeepAliveRequests 100
|
|
MaxKeepAliveRequests 100
|
|
|
|
# TAG: KeepAliveTimeout
|
|
# Format: KeepAliveTimeout seconds
|
|
# Description:
|
|
# The maximum time in seconds waiting for a new requests before a
|
|
# connection will be closed.
|
|
# If the value is set to -1, there is no timeout.
|
|
# Default:
|
|
# KeepAliveTimeout 600
|
|
KeepAliveTimeout 600
|
|
|
|
# TAG: StartServers
|
|
# Format: StartServers number
|
|
# Description:
|
|
# The initial number of server processes. Each server process
|
|
# generates a number of threads, which serve the requests.
|
|
# Default:
|
|
# StartServers 3
|
|
StartServers 3
|
|
|
|
# TAG: MaxServers
|
|
# Format: MaxServers number
|
|
# Description:
|
|
# The maximum allowed number of server processes.
|
|
# Default:
|
|
# MaxServers 10
|
|
MaxServers 10
|
|
|
|
# TAG: MinSpareThreads
|
|
# Format: MinSpareThreads number
|
|
# Description:
|
|
# If the number of the available threads is less than number,
|
|
# the c-icap server starts a new child.
|
|
# Default:
|
|
# MinSpareThreads 10
|
|
MinSpareThreads 10
|
|
|
|
# TAG: MaxSpareThreads
|
|
# Format: MaxSpareThreads number
|
|
# Description:
|
|
# If the number of the available threads is more than number then
|
|
# the c-icap server kills a child.
|
|
# Default:
|
|
# MaxSpareThreads 20
|
|
MaxSpareThreads 20
|
|
|
|
# TAG: ThreadsPerChild
|
|
# Format: ThreadsPerChild number
|
|
# Description:
|
|
# The number of threads per child process.
|
|
# Default:
|
|
# ThreadsPerChild 10
|
|
ThreadsPerChild 10
|
|
|
|
# TAG: MaxRequestsPerChild
|
|
# Format: MaxRequestsPerChild number
|
|
# Description:
|
|
# The maximum number of requests that a child process can serve.
|
|
# After this number has been reached, process dies. The goal of this
|
|
# parameter is to minimize the risk of memory leaks and increase the
|
|
# stability of c-icap. It can be disabled by setting its value to 0.
|
|
# Default:
|
|
# MaxRequestsPerChild 0
|
|
MaxRequestsPerChild 0
|
|
|
|
# TAG: InterProcessSharedMemScheme
|
|
# Format: InterProcessSharedMemScheme posix | mmap | sysv
|
|
# Description:
|
|
# The interprocess shared mem scheme to use. Available schemes:
|
|
# posix Use posix shared memory (shm_open interface)
|
|
# mmap Use anonymous mmaped files as shared memory
|
|
# sysv use the sysv ipc shared memory
|
|
# Default:
|
|
# InterProcessSharedMemScheme posix
|
|
|
|
# TAG: InterProcessLockingScheme
|
|
# Format: InterProcessSharedMemScheme file | sysv | posix
|
|
# Description:
|
|
# The interprocess locking scheme to use. Available schemes:
|
|
# file Use lock file
|
|
# sysv Use the sysv ipc semaphores
|
|
# posix Use posix semaphores: Use it with caution you may experienced
|
|
# locking problems if one or more processes crashed.
|
|
# Default:
|
|
# InterProcessLockingScheme file
|
|
|
|
# TAG: Port
|
|
# Format: Port [address:]port
|
|
# Description:
|
|
# The port number that the c-icap server uses to listen to requests.
|
|
# Default:
|
|
# None
|
|
Port 1344
|
|
|
|
# TAG: TlsPort
|
|
# Format: TlsPort [address:]port [tls-method=method] [cert=path_to_pem_cert] [key=path_to_pem_key] [client_ca=path_to_pem_file] [ciphers=ciph1:ciph2...] [tls_options=[!]Opt1|[!]Opt2|...]
|
|
# Description:
|
|
# The port number that the c-icap server uses to listen for TLS/SSL
|
|
# requests. Options:
|
|
# tls-method
|
|
# Set the SSL method to use. Available methods are:
|
|
# SSLv23 TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2
|
|
# cert
|
|
# Set the certificate to use by the icap server. The certificate
|
|
# should be in pem format.
|
|
# key
|
|
# The key of the configured certificate in pem format. If none
|
|
# set then the c-icap searches for the key inside cert file.
|
|
# client_ca
|
|
# File containing all CA that we accept client certs from. If it
|
|
# is set then c-icap enables client certificates verification.
|
|
# cafile
|
|
# PEM file containing CA certificates to use when verifying client
|
|
# certificates. If not configured the root.pem file will be used.
|
|
# capath
|
|
# Directory containing additional CA certificates to use when
|
|
# verifying client certificates.
|
|
# ciphers
|
|
# Collon separated lists of the ciphers to accept. Please check
|
|
# openSSL manual for supported ciphers.
|
|
# tls-options
|
|
# Sets various options:
|
|
# SSL_OP_NO_SSLv2 disable the use of SSLv2
|
|
# SSL_OP_NO_SSLv3 disable the use of SSLv3
|
|
# SSL_OP_NO_TLSv1 disable the use of TLSv1
|
|
# SSL_OP_NO_TLSv1_2 disable the use of TLSv1.2
|
|
# SSL_OP_NO_TLSv1_1 disable the use of TLSv1.1
|
|
# SSL_OP_NO_TICKET disable the use of RFC5077 session tickets
|
|
# SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
|
|
# When performing renegotiation as a server, always start a
|
|
# new session.
|
|
# SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
|
|
# Allow legacy insecure renegotiation between OpenSSL and
|
|
# unpatched clients or servers.
|
|
#
|
|
# For more options please see the SSL_set_options documentation.
|
|
#
|
|
# By default the SSL_OP_ALL flag is set which enables all of the
|
|
# important bug workarrounds. To reset this flag use the
|
|
# "!SSL_OP_ALL" as first flag:
|
|
# tls-options=!SSL_OP_ALL:SSL_OP_NO_TICKET
|
|
#
|
|
# Default:
|
|
# None
|
|
|
|
# TAG: TlsPassphrase
|
|
# Format: TlsPassphrase /path/to/script
|
|
# Description:
|
|
# Path to the script to run to get the passphrases of TLS certificates
|
|
# keys. The c-icap will pass as arguments the IP address and port number
|
|
# to the script.
|
|
# Default:
|
|
# No value
|
|
# Example:
|
|
# TlsPassphrase /use/local/c-icap/scripts/cert-passphrase.sh
|
|
|
|
# TAG: User
|
|
# Format: User username
|
|
# Description:
|
|
# The user owning c-icap's processes. By default, the owner is the
|
|
# user who runs the program.
|
|
# Default:
|
|
# No value
|
|
# Example:
|
|
# User wwwrun
|
|
|
|
# TAG: Group
|
|
# Format: Group groupname
|
|
# Description:
|
|
# The group of users owning c-icap's processes, which, by default
|
|
# is the group of the current user.
|
|
# Default:
|
|
# No value
|
|
# Example:
|
|
# Group nogroup
|
|
|
|
# TAG: ServerAdmin
|
|
# Format: ServerAdmin admin_mail
|
|
# Description:
|
|
# The Administrator of this server. Used when displaying information
|
|
# about this server (logs, info service, etc)
|
|
# Default:
|
|
# No value
|
|
ServerAdmin admin@localhost
|
|
|
|
# TAG: ServerName
|
|
# Format: ServerName aServerName
|
|
# Description:
|
|
# A name for this server. Used when displaying information about this
|
|
# server (logs, info service, etc)
|
|
# Default:
|
|
# No value
|
|
ServerName localhost
|
|
|
|
# TAG: TmpDir
|
|
# Format: TmpDir dir
|
|
# Description:
|
|
# dir is the location of temporary files.
|
|
# Default:
|
|
# TmpDir /var/tmp
|
|
TmpDir /var/tmp
|
|
|
|
# TAG: MaxMemObject
|
|
# Format: MaxMemObject bytes
|
|
# Description:
|
|
# The maximum memory size in bytes taken by an object which
|
|
# is processed by c-icap . If the size of an object's body is
|
|
# larger than the maximum size a temporary file is used.
|
|
# Default:
|
|
# MaxMemObject 131072
|
|
MaxMemObject 131072
|
|
|
|
# TAG: DebugLevel
|
|
# Format: DebugLevel level
|
|
# Description:
|
|
# The level of debugging information to be logged.
|
|
# The acceptable range of levels is between 0 and 10.
|
|
# Default:
|
|
# DebugLevel 1
|
|
DebugLevel 1
|
|
|
|
# TAG: Pipelining
|
|
# Format: Pipelining on|off
|
|
# Description:
|
|
# Enable or disable ICAP requests pipelining
|
|
# Default:
|
|
# Pipelining on
|
|
Pipelining on
|
|
|
|
# TAG: SupportBuggyClients
|
|
# FORMAT: SupportBuggyClients on|off
|
|
# Description:
|
|
# Try to handle requests from buggy clients, for example ICAP requests
|
|
# missing "\r\n" sequences
|
|
# Default:
|
|
# SupportBuggyClients off
|
|
SupportBuggyClients off
|
|
|
|
# TAG: Allow204As200okZeroEncaps
|
|
# Format: Allow204As200okZeroEncaps
|
|
# Description:
|
|
# When used the c-icap instead of allow 204 return "200 OK" responses
|
|
# with zero encapsulated entities.
|
|
# Default:
|
|
# No set
|
|
|
|
# TAG: FakeAllow204
|
|
# Format: FakeAllow204 on|off
|
|
# Description:
|
|
# Support 204 responses from services preview handler to the clients
|
|
# which does not support preview. Requires early responses support
|
|
# from clients.
|
|
# If disabled the c-icap will return 500 response in these cases
|
|
# Default:
|
|
# FakeAllow204 on
|
|
|
|
# TAG: ModulesDir
|
|
# Format: ModulesDir dir
|
|
# Description:
|
|
# The location of modules
|
|
# Default:
|
|
# ModulesDir /usr/lib64/c_icap
|
|
ModulesDir /usr/lib64/c_icap
|
|
|
|
# TAG: ServicesDir
|
|
# Format: ServicesDir dir
|
|
# Description:
|
|
# The location of services
|
|
# Default:
|
|
# ServicesDir /usr/lib64/c_icap
|
|
ServicesDir /usr/lib64/c_icap
|
|
|
|
# TAG: TemplateDir
|
|
# Format: TemplateDir dir
|
|
# Description:
|
|
# The location of the text templates used by c-icap and its services,
|
|
# categorized by language and services/modules
|
|
# Default:
|
|
# No value
|
|
# Example:
|
|
TemplateDir /usr/share/c_icap/templates/
|
|
|
|
# TAG: TemplateDefaultLanguage
|
|
# Format: TemplateDefaultLanguage lang
|
|
# Description:
|
|
# Sets the default language to use for text templates
|
|
# Default:
|
|
# TemplateDefaultLanguage en
|
|
TemplateDefaultLanguage en
|
|
|
|
#TemplateReloadTime 360
|
|
#TemplateCacheSize 20
|
|
#TemplateMemBufSize 8192
|
|
|
|
# TAG: LoadMagicFile
|
|
# Format: LoadMagicFile path
|
|
# Description:
|
|
# Load a c-icap magic file. A magic file contains various
|
|
# data type definitions. Look inside default c-icap.magic file
|
|
# for more informations.
|
|
# It can be used more than once to use multiple magic files.
|
|
# Default:
|
|
# LoadMagicFile /etc/c-icap.magic
|
|
LoadMagicFile /etc/c-icap.magic
|
|
|
|
# TAG: RemoteProxyUsers
|
|
# Format: RemoteProxyUsers onoff
|
|
# Description:
|
|
# Set it to on if you want to use username provided by the proxy server.
|
|
# This is the recomended way to use users in c-icap.
|
|
# If the RemoteProxyUsers is off and c-icap configured to use users or
|
|
# groups the internal authentication mechanism will be used.
|
|
# Default:
|
|
# RemoteProxyUsers off
|
|
RemoteProxyUsers off
|
|
|
|
# TAG: RemoteProxyUserHeader
|
|
# Format: RemoteProxyUserHeader Header
|
|
# Description:
|
|
# Used to specify the icap header used by the proxy server to send
|
|
# the authenticated client username to c-icap server
|
|
# Default:
|
|
# RemoteProxyUserHeader X-Authenticated-User
|
|
RemoteProxyUserHeader X-Authenticated-User
|
|
|
|
# TAG: RemoteProxyUserHeaderEncoded
|
|
# Format: RemoteProxyUserHeaderEncoded onoff
|
|
# Description:
|
|
# Set it to off if the RemoteProxyUserHeader is not base64 encoded
|
|
# Default:
|
|
# RemoteProxyUserHeaderEncoded on
|
|
RemoteProxyUserHeaderEncoded on
|
|
|
|
# TAG: AuthMethod
|
|
# Format: AuthMethod Method Authenticator
|
|
# Description:
|
|
# Used to define the internal authentication mechanism to use. This
|
|
# feature is not well tested and may cause problems. It is better to use
|
|
# RemoteProxyUser configuration.
|
|
# Method is the authentication method to use (basic, digest, etc).
|
|
# Currently only basic authentication method is implemented as build in
|
|
# module
|
|
# Authenticator currently can only be "basic_simple_db"
|
|
# It can be considered as a user/password store and can be
|
|
# implemented as external module. The basic_simple_db is implemented as
|
|
# build it module
|
|
# Default:
|
|
# No set
|
|
# Example:
|
|
# AuthMethod basic basic_simple_db
|
|
|
|
# TAG: basic.Realm
|
|
# Format: basic.Realm ARealm
|
|
# Description:
|
|
# Specify the basic method realm
|
|
# Default:
|
|
# basic.Realm "Basic authentication"
|
|
# Example:
|
|
# basic.Realm "c-icap server authentication"
|
|
|
|
# TAG: basic_simple_db.UsersDB
|
|
# Format: basic_simple_db.UsersDB LookupTable
|
|
# Description:
|
|
# Specify the lookup table where the usernames/passwords pairs
|
|
# are stored. The paswords must be unencrypted
|
|
# For more information about c-icap lookup tables read c-icap server
|
|
# manual page
|
|
# Default:
|
|
# No value
|
|
# Example:
|
|
# basic_simple_db.UsersDB hash:/usr/local/c-icap/etc/c-icap-users.txt
|
|
|
|
# TAG: GroupSourceByGroup
|
|
# Format: GroupSourceByGroup LookupTable
|
|
# Description:
|
|
# Defines a lookup table where the groups of users are stored indexed
|
|
# by group. It can be used more than once.
|
|
# For more information about c-icap lookup tables read c-icap server
|
|
# manual page
|
|
# Default:
|
|
# No set
|
|
# Example:
|
|
# GroupSourceByGroup hash:/usr/local/c-icap/etc/c-icap-groups.txt
|
|
|
|
# TAG: GroupSourceByUser
|
|
# Format: GroupSourceByUser LookupTable
|
|
# Description:
|
|
# Defines a lookup table where the groups of users are stored indexed
|
|
# by user. It can be used more than once.
|
|
# For more information about c-icap lookup tables read c-icap server
|
|
# manual page
|
|
# Default:
|
|
# No set
|
|
# Example:
|
|
# GroupSourceByUser hash:/usr/local/c-icap/etc/c-icap-user-groups.txt
|
|
|
|
# TAG: acl
|
|
# Format: acl name type[{param}] value1 [value2] [...]
|
|
# Description:
|
|
# Supported acl types are:
|
|
# acl aclname service service1 ...
|
|
# The servicename
|
|
# acl aclname type OPTIONS|RESPMOD|REQMOD ...
|
|
# The icap method
|
|
# acl aclname port port1 ...
|
|
# The icap server port
|
|
# acl aclname src ip1/netmask1 ...
|
|
# The client ip address
|
|
# acl aclname srvip ip1/netmask1 ...
|
|
# The c-icap server ip address
|
|
# acl aclname icap_header{HeaderName} value1 ...
|
|
# Matches the icap header HeaderName with value1 ...
|
|
# The values are in regex form: /avalue/flags
|
|
# acl aclname icap_resp_header{HeaderName} value1 ...
|
|
# The icap response header
|
|
# The values are in regex form: /avalue/flags
|
|
# acl aclname http_req_header{HeaderName} value1 ...
|
|
# The http request header
|
|
# The values are in regex form: /avalue/flags
|
|
# acl aclname http_resp_header{HeaderName} value1 ...
|
|
# The http response header
|
|
# The values are in regex form: /avalue/flags
|
|
# acl aclname data_type type1 ...
|
|
# The data type as recognized by the internal data type
|
|
# recognizer. The types are defined in c-icap.magic file
|
|
# acl aclname auth username|* ...
|
|
# The authenticated users. Using * instead of username means
|
|
# all users.
|
|
# acl aclname group group1 ...
|
|
# if the user of request belongs to given groups
|
|
# acl content_length{>|<|=} value1 ...
|
|
# The content length of body data if the related information
|
|
# included in http headers.
|
|
# The parameter can take the value <, > or = to specify that
|
|
# the acl will match if content length is less, greater or
|
|
# equal to acl values.
|
|
# acl time value1 ....
|
|
# It checks agains current time. The values format is:
|
|
# [DAY[,DAY,[..]]][/][HH:MM-HH:MM]
|
|
# The DAY can be one of the following:
|
|
# S - Sunday
|
|
# M - Monday
|
|
# T - Tuesday
|
|
# W - Wednesday
|
|
# H - Thursday
|
|
# F - Friday
|
|
# A - Saturday
|
|
# acl http_client_ip ip1[/netmask1] ...
|
|
# The HTTP client ip address, if it is available.
|
|
# acl http_req_line value1 ...
|
|
# The first line of HTTP request
|
|
# The values are in regex form: /avalue/flags
|
|
# acl http_resp_line value1 ...
|
|
# The first line of HTTP response
|
|
# The values are in regex form: /avalue/flags
|
|
# acl http_req_url value1 ...
|
|
# The HTTP request url without GET request arguments
|
|
# The values are in regex form: /avalue/flags
|
|
# acl http_req_method value1 ...
|
|
# The HTTP request method
|
|
|
|
# Default:
|
|
# None set
|
|
# Examples:
|
|
# acl OPTIONS type OPTIONS
|
|
# acl RESPMOD type RESPMOD
|
|
# acl REQMOD type REQMOD
|
|
# acl ALLREQUESTS type OPTIONS RESPMOD REQMOD
|
|
# acl XHEAD icap_header{X-Test} /value/
|
|
# acl ECHO service echo
|
|
# acl localnet src 192.168.1.0/255.255.255.0
|
|
# acl localhost src 127.0.0.1/255.255.255.255
|
|
# acl all src 0.0.0.0/0.0.0.0
|
|
# acl BigObjects content_length{>} 5000000
|
|
# acl WorkingHours time M,T,W,H,F/8:00-18:00
|
|
# acl FreeHour time Sunday,Saturday/8:00-23:59 M,T,W,H,F/18:01-23:59 M,T,W,H,F/0:00-7.59
|
|
|
|
# TAG: icap_access
|
|
# Format: icap_access allow|deny [!]acl1 ...
|
|
# Description:
|
|
# Allowing or denying ICAP access based on defined access lists
|
|
# Default:
|
|
# None set
|
|
# Example:
|
|
# icap_access deny XHEAD
|
|
# #Allow OPTIONS method for all:
|
|
# icap_access allow localnet OPTIONS
|
|
# #Require authentication for all users from local network:
|
|
# icap_access allow AUTH localnet
|
|
# icap_access deny all
|
|
|
|
# TAG: client_access
|
|
# Format: client_access allow|deny acl1 [acl2] [...]
|
|
# Description:
|
|
# Allowing or denying connections on c-icap based on
|
|
# defined access lists. Only the acl types src, srvip and port
|
|
# can be used.
|
|
# Default:
|
|
# None set
|
|
# Example:
|
|
# client_access allow all
|
|
|
|
# TAG: LogFormat
|
|
# Format: LogFormat Name Format
|
|
# Description:
|
|
# Name is a name for this log format.
|
|
# Format is a string with embedded % format codes. % format codes
|
|
# has the following form:
|
|
# % [-] [width] [{argument}] formatcode
|
|
# if - is specified then the output is left aligned
|
|
# if width specified then the field is exactly width size
|
|
# some formatcodes support arguments given as {argument}
|
|
#
|
|
# Format codes:
|
|
# %a: Remote IP-Address
|
|
# %la: Local IP Address
|
|
# %lp: Local port
|
|
# %>a: Http Client IP Address. Only supported if the proxy
|
|
# client supports the "X-Client-IP" header
|
|
# %<A: Http Server IP Address. Only supported if the proxy
|
|
# client supports the "X-Server-IP" header
|
|
# %ts: Seconds since epoch
|
|
# %tl: Local time. Supports optional strftime format argument
|
|
# %tg: GMT time. Supports optional strftime format argument
|
|
# %>ho: Modified Http request header. Supports header name
|
|
# as argument. If no argument given the first line returned
|
|
# %huo: Modified Http request url
|
|
# %<ho: Modified Http reply header. Supports header name
|
|
# as argument. If no argument given the first line returned
|
|
# %iu: Icap request url
|
|
# %im: Icap method
|
|
# %is: Icap status code
|
|
# %>ih: Icap request header. Supports header name
|
|
# as argument. If no argument given the first line returned
|
|
# %<ih: Icap response header. Supports header name
|
|
# as argument. If no argument given the first line returned
|
|
# %Ih: Http bytes received
|
|
# %Oh: Http bytes sent
|
|
# %Ib: Http body bytes received
|
|
# %Ob: Http body bytes sent
|
|
# %I: Bytes received
|
|
# %O: Bytes sent
|
|
# %bph: The first 5 bytes of the body preview data. Non
|
|
# printable characters printed in hex form.
|
|
# Supports the number of bytes to output as argument.
|
|
# %un: Username
|
|
# %Sl: Service log string
|
|
# %Sa: Attribute value set by service. The attribute name must
|
|
# given as argument.
|
|
# Default:
|
|
# None set
|
|
# Example:
|
|
# LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph"
|
|
|
|
# TAG: ServerLog
|
|
# Format: ServerLog LogFile
|
|
# Description:
|
|
# the file used by the build-in logger file_logger to
|
|
# store debugging information, errors and other
|
|
# information about the c-icap server.
|
|
# Default:
|
|
# ServerLog /usr/var/log/server.log
|
|
ServerLog /var/log/c-icap/server.log
|
|
|
|
# TAG: AccessLog
|
|
# Format: AccessLog LogFile [LogFormat] [[!]acl1] [[!]acl2] [...]
|
|
# Description:
|
|
# LogFile is a file where to log access information.
|
|
# LogFormat is the log format to use. If ommited c-icap uses:
|
|
# "%tl, %la %a %im %iu %is"
|
|
# Also acls can be used to select certain requests to be logged.
|
|
# This directive can be used more than once to specify more than
|
|
# one access log files
|
|
# Default:
|
|
# AccessLog /usr/var/log/access.log
|
|
# Example:
|
|
# AccessLog /usr/var/log/access.log MyFormat all
|
|
AccessLog /var/log/c-icap/access.log
|
|
|
|
# TAG: Logger
|
|
# Format: Logger LoggerName
|
|
# Description:
|
|
# Specify wich logger to use. By default uses the build in "file_logger" which
|
|
# uses files for access and server logging.
|
|
# Default:
|
|
# Logger file_logger
|
|
# Example:
|
|
# Logger sys_logger
|
|
|
|
# TAG: Module
|
|
# Format: Module Type ModuleFile [forceUnload=off]
|
|
# Description:
|
|
# Load an external module/plugin to c-icap.
|
|
# ModuleFile is the filename of the module. If no full path given then
|
|
# the c-icap uses the path defined by the ModulesDir configuration
|
|
# parameter.
|
|
# Type is the type of the external module and can be one of the following:
|
|
# "logger" for modules implement a logger
|
|
# "common" for general purpose modules
|
|
# forceUnload=off
|
|
# Forces c-icap to not unload services/modules loaded as external
|
|
# dynamic libraries on shutdown or reconfigure.
|
|
# This option may required when the services/modules are using
|
|
# c++, or they are linked with c++ libraries.
|
|
# Default:
|
|
#
|
|
# Example:
|
|
# Module logger sys_logger.so
|
|
|
|
# TAG: Service
|
|
# Format: Service aName ServiceFile [forceUnload=off]
|
|
# Description:
|
|
# It loads the service ServiceFile. The argument aName used
|
|
# as alias name for the service
|
|
# forceUnload=off
|
|
# Forces c-icap to not unload services/modules loaded as external
|
|
# dynamic libraries on shutdown or reconfigure.
|
|
# This option may required when the services/modules are using
|
|
# c++, or they are linked with c++ libraries.
|
|
|
|
# Default:
|
|
#
|
|
# Example:
|
|
# Service echo_service srv_echo.so
|
|
|
|
|
|
# TAG: ServiceAlias
|
|
# Format: ServiceAlias AliasName ServiceName[?param1=value1¶m2=value2...]
|
|
# Description:
|
|
# Used to define an alias name for a service.
|
|
# Default:
|
|
#
|
|
# Example:
|
|
# ServiceAlias avscan srv_clamav?allow204=on&sizelimit=off&mode=simple
|
|
|
|
|
|
|
|
#
|
|
# TAG: General configuration parameters for all services
|
|
# Description:
|
|
# PreviewSize: The preview data size to advertise to the icap client
|
|
# MaxConnections: The client should not use more than MaxConnections
|
|
# for this service.
|
|
# TransferPreview: The list of file extensions, seperated by commas,
|
|
# for which the client should send preview data.
|
|
# TransferIgnore: The list of file extensions that should not be sent
|
|
# to the icap server
|
|
# TransferComplete: The list of file extensions that should be sent
|
|
# in their entirety, without preview, to the icap server
|
|
# OptionsTTL: The options ttl for the service. The "sec[s]", "min" or
|
|
# "hour[s]" can be used to secify that the time is in seconds
|
|
# minutes or hours respectively. If no time-units given
|
|
# seconds are assumed.
|
|
# Allow206 on|off: Enable/disable advertise of 206 responses.
|
|
#
|
|
# Example:
|
|
# echo.PreviewSize 512
|
|
# echo.TransferIgnore gif, jpeg
|
|
# echo.OptionsTTL 3 min
|
|
|
|
|
|
######################################################
|
|
# External modules comming with core c-icap server
|
|
#
|
|
# Module: echo
|
|
# Description:
|
|
# Simple test service
|
|
# Example:
|
|
# Service echo srv_echo.so
|
|
Service echo srv_echo.so
|
|
|
|
# Module: sys_logger
|
|
# Description:
|
|
# Add support for logging access and server events to syslog server
|
|
# Use "Module" configuration parameter to load this module and "Logger"
|
|
# to make it default logger for the c-icap.
|
|
# Example:
|
|
# Module logger sys_logger.so
|
|
# Logger sys_logger
|
|
|
|
|
|
# TAG: sys_logger.Prefix
|
|
# Format: sys_logger.Prefix string
|
|
# Description:
|
|
# string is be presented in every syslog message.
|
|
# Default:
|
|
# sys_logger.Prefix "C-ICAP:"
|
|
|
|
# TAG: sys_logger.Facility
|
|
# Format: sys_logger.Facility daemon|user|local1|local2|local3|local4|local5|local6|local7
|
|
# Description:
|
|
# specifies the facility type of syslog.
|
|
# Default:
|
|
# sys_logger.Facility daemon
|
|
|
|
# TAG: sys_logger.access_priority
|
|
# Format: sys_logger.access_priority alert|crit|debug|emerg|err|info|notice|warning
|
|
# Description:
|
|
# determines the importance of the access log message
|
|
# Default:
|
|
# sys_logger.access_priority info
|
|
|
|
# TAG: sys_logger.server_priority
|
|
# Format: sys_logger.server_priority alert|crit|debug|emerg|err|info|notice|warning
|
|
# Description:
|
|
# determines the importance of the server log message
|
|
# Default:
|
|
# sys_logger.server_priority crit
|
|
|
|
# TAG: sys_logger.LogFormat
|
|
# Format: sys_logger.LogFormat LOGFORMAT
|
|
# Description:
|
|
# The log format to use. If no log format defined then
|
|
# the following will be used:
|
|
# "%la %a %im %iu %is"
|
|
# Default:
|
|
# None set
|
|
# Example:
|
|
# Logformat BasicFormat "%la %a %im %iu %is"
|
|
# sys_logger.LogFormat BasicFormat
|
|
|
|
# TAG: sys_logger.access
|
|
# Format: sys_logger.access [!]acl1 ...
|
|
# Description:
|
|
# Allow selecting ICAP requests to be logged using acls.
|
|
# By default all requests will be logged.
|
|
# Default:
|
|
# None set
|
|
# Example:
|
|
# sys_logger.access all
|
|
|
|
# End module: sys_logger
|
|
|
|
# Module: bdb_tables
|
|
# Description:
|
|
# Add support for Berkeley DB based lookup tables. The format for
|
|
# bdb path of the lookup table is:
|
|
# bdb:/path/to/bdb[{param1=val, ...}]
|
|
# bdb table parameters can be one or more of the followings:
|
|
# cache-size=Size[K|M]
|
|
# The cache size to use. Default is the berkeleyDB default value.
|
|
# cache-num=num
|
|
# The number of caches to create. The cache will be split across
|
|
# num separate regions, where the region size is equal to the
|
|
# initial cache size divided by ncache.
|
|
# Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables
|
|
# Example:
|
|
# Module common bdb_tables.so
|
|
|
|
# End module: bdb_tables
|
|
|
|
# Module: dnsbl_tables
|
|
# Description:
|
|
# Add support for dns lookup tables. Can be used to access
|
|
# dns block lists. The dnsbl lookup table path definition is:
|
|
# dnsbl:domainname[{param1=val, ...}]
|
|
# dnsbl table parameters can be one or more of the followings:
|
|
# cache=no|cache_type
|
|
# The cache type to use or 'no' for no cache.
|
|
# cache-size=Size[K|M]
|
|
# The cache size in RAM
|
|
# cache-ttl=ttl
|
|
# The cache ttl to use
|
|
#
|
|
# For example the lookup table for accessing the black.uribl.com
|
|
# dns black list is:
|
|
# dnsbl:black.uribl.com
|
|
# Example:
|
|
# Module common dnsbl_tables.so
|
|
|
|
# End module: dnsbl_tables
|
|
|
|
# Module: ldap_module
|
|
# Description:
|
|
# Add LDAP support to c-icap. The user can use LDAP based lookup tables
|
|
# using the following lookup table paths:
|
|
# ldap://[username:password@]ldapserver?base?attr1,attr2?filter[{[param=value, ...]}]
|
|
# ldaps://...
|
|
# ldapi://...
|
|
# The filter can contain the "%s" formating code which will be replaced by
|
|
# the search key.
|
|
# ldap table parameters can be one or more of the followings:
|
|
# name=aName
|
|
# A unique name to use for this table
|
|
# cache=no|cache_type
|
|
# The cache type to use or no for no cache.
|
|
# cache-size=Size[K|M]
|
|
# The cache size in RAM
|
|
# cache-ttl=ttl
|
|
# The cache ttl to use
|
|
# cache-item-size=ItemSize[K|M]
|
|
# The maximum item size
|
|
#
|
|
# Examples of supported ldap urls:
|
|
# ldap://ldap.chtsanti.net?o=chtsanti?cn,uid?uid=%s{cache=memcached}
|
|
# ldap://cn=Directory Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))
|
|
#
|
|
# WARNING: is not enough tested it may contain bugs!
|
|
# Example:
|
|
# Module common ldap_module.so
|
|
|
|
# End module: ldap_module
|
|
|
|
# Module: memcached
|
|
# Description:
|
|
# Add support for memcached c-icap cache.
|
|
# Example:
|
|
# Module common memcached.so
|
|
|
|
# TAG: memcached.servers
|
|
# Format: memcached.servers hostname1 hostname2 ...
|
|
# Description:
|
|
# Set the memcached servers to use
|
|
# Default:
|
|
# memcached.servers 127.0.0.1
|
|
|
|
# TAG: memcached.use_md5_keys
|
|
# Format: memcached.use_md5_keys on|off
|
|
# Description:
|
|
# Whether to use or not md5 hash as key when the key exceeds the
|
|
# MEMCACHED_MAX_KEY (normaly 251 bytes)
|
|
# Default:
|
|
# memcached.use_md5_keys on
|
|
|
|
# End module: memcached
|