| blob | fb632383dded094dabcfecb46040afb0bd2eb5f5 |
1 #
2 # This file contains the default settings for c-icap
3 #
4 #
7 # TAG: PidFile
8 # Format: PidFile pid_file
9 # Description:
10 # The file to store the pid of the main process of the c-icap server.
11 # Default:
12 # PidFile /var/run/c-icap/c-icap.pid
13 PidFile /var/run/c-icap/c-icap.pid
15 # TAG: CommandsSocket
16 # Format: CommandsSocket socket_file
17 # Description:
18 # The path of file to use as control socket for c-icap
19 # Default:
20 # CommandsSocket /var/run/c-icap/c-icap.ctl
21 CommandsSocket /var/run/c-icap/c-icap.ctl
23 # TAG: Timeout
24 # Format: Timeout seconds
25 # Description:
26 # The time in seconds after which a connection without activity
27 # can be cancelled.
28 # Default:
29 # Timeout 300
30 Timeout 300
32 # TAG: MaxKeepAliveRequests
33 # Format: MaxKeepAliveRequests number
34 # Description:
35 # The maximum number of requests can be served by one connection
36 # Set it to -1 for no limit
37 # Default:
38 # MaxKeepAliveRequests 100
39 MaxKeepAliveRequests 100
41 # TAG: KeepAliveTimeout
42 # Format: KeepAliveTimeout seconds
43 # Description:
44 # The maximum time in seconds waiting for a new requests before a
45 # connection will be closed.
46 # If the value is set to -1, there is no timeout.
47 # Default:
48 # KeepAliveTimeout 600
49 KeepAliveTimeout 600
51 # TAG: StartServers
52 # Format: StartServers number
53 # Description:
54 # The initial number of server processes. Each server process
55 # generates a number of threads, which serve the requests.
56 # Default:
57 # StartServers 3
58 StartServers 3
60 # TAG: MaxServers
61 # Format: MaxServers number
62 # Description:
63 # The maximum allowed number of server processes.
64 # Default:
65 # MaxServers 10
66 MaxServers 10
68 # TAG: MinSpareThreads
69 # Format: MinSpareThreads number
70 # Description:
71 # If the number of the available threads is less than number,
72 # the c-icap server starts a new child.
73 # Default:
74 # MinSpareThreads 10
75 MinSpareThreads 10
77 # TAG: MaxSpareThreads
78 # Format: MaxSpareThreads number
79 # Description:
80 # If the number of the available threads is more than number then
81 # the c-icap server kills a child.
82 # Default:
83 # MaxSpareThreads 20
84 MaxSpareThreads 20
86 # TAG: ThreadsPerChild
87 # Format: ThreadsPerChild number
88 # Description:
89 # The number of threads per child process.
90 # Default:
91 # ThreadsPerChild 10
92 ThreadsPerChild 10
94 # TAG: MaxRequestsPerChild
95 # Format: MaxRequestsPerChild number
96 # Description:
97 # The maximum number of requests that a child process can serve.
98 # After this number has been reached, process dies. The goal of this
99 # parameter is to minimize the risk of memory leaks and increase the
100 # stability of c-icap. It can be disabled by setting its value to 0.
101 # Default:
102 # MaxRequestsPerChild 0
103 MaxRequestsPerChild 0
105 # TAG: Port
106 # Format: Port port
107 # Description:
108 # The port number that the c-icap server uses to listen to requests.
109 # Default:
110 # Port 1344
111 Port 1344
113 # TAG: User
114 # Format: User username
115 # Description:
116 # The user owning c-icap's processes. By default, the owner is the
117 # user who runs the program.
118 # Default:
119 # No value
120 # Example:
121 # User wwwrun
122 User proxy
124 # TAG: Group
125 # Format: Group groupname
126 # Description:
127 # The group of users owning c-icap's processes, which, by default
128 # is the group of the current user.
129 # Default:
130 # No value
131 # Example:
132 # Group nogroup
133 Group proxy
135 # TAG: ServerAdmin
136 # Format: ServerAdmin admin_mail
137 # Description:
138 # The Administrator of this server. Used when displaying information
139 # about this server (logs, info service, etc)
140 # Default:
141 # No value
142 ServerAdmin root@localhost
144 # TAG: ServerName
145 # Format: ServerName aServerName
146 # Description:
147 # A name for this server. Used when displaying information about this
148 # server (logs, info service, etc)
149 # Default:
150 # No value
151 ServerName localhost
153 # TAG: TmpDir
154 # Format: TmpDir dir
155 # Description:
156 # dir is the location of temporary files.
157 # Default:
158 # TmpDir /var/tmp
159 TmpDir /var/tmp
161 # TAG: MaxMemObject
162 # Format: MaxMemObject bytes
163 # Description:
164 # The maximum memory size in bytes taken by an object which
165 # is processed by c-icap . If the size of an object's body is
166 # larger than the maximum size a temporary file is used.
167 # Default:
168 # MaxMemObject 131072
169 MaxMemObject 131072
171 # TAG: DebugLevel
172 # Format: DebugLevel level
173 # Description:
174 # The level of debugging information to be logged.
175 # The acceptable range of levels is between 0 and 10.
176 # Default:
177 # DebugLevel 1
178 DebugLevel 1
180 # TAG: ModulesDir
181 # Format: ModulesDir dir
182 # Description:
183 # The location of modules
184 # Default:
185 # ModulesDir /usr/lib/c_icap
186 ModulesDir /usr/lib/c_icap
188 # TAG: ServicesDir
189 # Format: ServicesDir dir
190 # Description:
191 # The location of services
192 # Default:
193 # ServicesDir /usr/lib/c_icap
194 ServicesDir /usr/lib/c_icap
196 # TAG: TemplateDir
197 # Format: TemplateDir dir
198 # Description:
199 # The location of the text templates used by c-icap and its services,
200 # categorized by language and services/modules
201 # Default:
202 # No value
203 # Example:
204 TemplateDir /usr/share/c_icap/templates/
206 # TAG: TemplateDefaultLanguage
207 # Format: TemplateDefaultLanguage lang
208 # Description:
209 # Sets the default language to use for text templates
210 # Default:
211 # TemplateDefaultLanguage en
212 TemplateDefaultLanguage en
214 #TemplateReloadTime 360
215 #TemplateCacheSize 20
216 #TemplateMemBufSize 8192
218 # TAG: LoadMagicFile
219 # Format: LoadMagicFile path
220 # Description:
221 # Load a c-icap magic file. A magic file contains various
222 # data type definitions. Look inside default c-icap.magic file
223 # for more informations.
224 # It can be used more than once to use multiple magic files.
225 # Default:
226 # LoadMagicFile /usr/etc/c-icap.magic
227 LoadMagicFile /etc/c-icap/c-icap.magic
229 # TAG: RemoteProxyUsers
230 # Format: RemoteProxyUsers onoff
231 # Description:
232 # Set it to on if you want to use username provided by the proxy server.
233 # This is the recomended way to use users in c-icap.
234 # If the RemoteProxyUsers is off and c-icap configured to use users or
235 # groups the internal authentication mechanism will be used.
236 # Default:
237 # RemoteProxyUsers off
238 RemoteProxyUsers off
240 # TAG: RemoteProxyUserHeader
241 # Format: RemoteProxyUserHeader Header
242 # Description:
243 # Used to specify the icap header used by the proxy server to send
244 # the authenticated client username to c-icap server
245 # Default:
246 # RemoteProxyUserHeader X-Authenticated-User
247 RemoteProxyUserHeader X-Authenticated-User
249 # TAG: RemoteProxyUserHeaderEncoded
250 # Format: RemoteProxyUserHeaderEncoded onoff
251 # Description:
252 # Set it to off if the RemoteProxyUserHeader is not base64 encoded
253 # Default:
254 # RemoteProxyUserHeaderEncoded on
255 RemoteProxyUserHeaderEncoded on
257 # TAG: AuthMethod
258 # Format: AuthMethod Method Authenticator
259 # Description:
260 # Used to define the internal authentication mechanism to use. This
261 # feature is not well tested and may cause problems. It is better to use
262 # RemoteProxyUser configuration.
263 # Method is the authentication method to use (basic, digest, etc).
264 # Currently only basic authentication method is implemented as build in
265 # module
266 # Authenticator currently can only be "basic_simple_db"
267 # It can be considered as a user/password store and can be
268 # implemented as external module. The basic_simple_db is implemented as
269 # build it module
270 # Default:
271 # No set
272 # Example:
273 # AuthMethod basic basic_simple_db
275 # TAG: basic.Realm
276 # Format: basic.Realm ARealm
277 # Description:
278 # Specify the basic method realm
279 # Default:
280 # basic.Realm "Basic authentication"
281 # Example:
282 # basic.Realm "c-icap server authentication"
284 # TAG: basic_simple_db.UsersDB
285 # Format: basic_simple_db.UsersDB LookupTable
286 # Description:
287 # Specify the lookup table where the usernames/passwords pairs
288 # are stored. The paswords must be unencrypted
289 # For more information about c-icap lookup tables read c-icap server
290 # manual page
291 # Default:
292 # No value
293 # Example:
294 # basic_simple_db.UsersDB hash:/usr/local/c-icap/etc/c-icap-users.txt
296 # TAG: GroupSourceByGroup
297 # Format: GroupSourceByGroup LookupTable
298 # Description:
299 # Defines a lookup table where the groups of users are stored indexed
300 # by group. It can be used more than once.
301 # For more information about c-icap lookup tables read c-icap server
302 # manual page
303 # Default:
304 # No set
305 # Example:
306 # GroupSourceByGroup hash:/usr/local/c-icap/etc/c-icap-groups.txt
308 # TAG: GroupSourceByUser
309 # Format: GroupSourceByUser LookupTable
310 # Description:
311 # Defines a lookup table where the groups of users are stored indexed
312 # by user. It can be used more than once.
313 # For more information about c-icap lookup tables read c-icap server
314 # manual page
315 # Default:
316 # No set
317 # Example:
318 # GroupSourceByUser hash:/usr/local/c-icap/etc/c-icap-user-groups.txt
320 # TAG: acl
321 # Format: acl name type[{param}] value1 [value2] [...]
322 # Description:
323 # Supported acl types are:
324 # acl aclname service service1 ...
325 # The servicename
326 # acl aclname type OPTIONS|RESPMOD|REQMOD ...
327 # The icap method
328 # acl aclname port port1 ...
329 # The icap server port
330 # acl aclname src ip1/netmask1 ...
331 # The client ip address
332 # acl aclname srvip ip1/netmask1 ...
333 # The c-icap server ip address
334 # acl aclname icap_header{HeaderName} value1 ...
335 # Matches the icap header HeaderName with value1 ...
336 # The values are in regex form: /avalue/
337 # acl aclname icap_resp_header{HeaderName} value1 ...
338 # The icap response header
339 # The values are in regex form: /avalue/
340 # acl aclname http_req_header{HeaderName} value1 ...
341 # The http request header
342 # The values are in regex form: /avalue/
343 # acl aclname http_resp_header{HeaderName} value1 ...
344 # The http response header
345 # The values are in regex form: /avalue/
346 # acl aclname data_type type1 ...
347 # The data type as recognized by the internal data type
348 # recognizer. The types are defined in c-icap.magic file
349 # acl aclname auth username|* ...
350 # The authenticated users. Using * instead of username means
351 # all users.
352 # acl aclname group group1 ...
353 # if the user of request belongs to given groups
354 # Default:
355 # None set
356 # Examples:
357 # acl OPTIONS type OPTIONS
358 # acl RESPMOD type RESPMOD
359 # acl REQMOD type REQMOD
360 # acl ALLREQUESTS type OPTIONS RESPMOD REQMOD
361 # acl XHEAD icap_header{X-Test} /value/
362 # acl ECHO service echo
363 # acl localnet src 192.168.1.0/255.255.255.0
364 # acl localhost src 127.0.0.1/255.255.255.255
365 # acl all src 0.0.0.0/0.0.0.0
367 # TAG: icap_access
368 # Format: icap_access allow|deny [!]acl1 ...
369 # Description:
370 # Allowing or denying ICAP access based on defined access lists
371 # Default:
372 # None set
373 # Example:
374 # icap_access deny XHEAD
375 # #Allow OPTIONS method for all:
376 # icap_access allow localnet OPTIONS
377 # #Require authentication for all users from local network:
378 # icap_access allow AUTH localnet
379 # icap_access deny all
381 # TAG: client_access
382 # Format: client_access allow|deny acl1 [acl2] [...]
383 # Description:
384 # Allowing or denying connections on c-icap based on
385 # defined access lists. Only the acl types src, srvip and port
386 # can be used.
387 # Default:
388 # None set
389 # Example:
390 # client_access allow all
392 # TAG: LogFormat
393 # Format: LogFormat Name Format
394 # Description:
395 # Name is a name for this log format.
396 # Format is a string with embedded % format codes. % format codes
397 # has the following form:
398 # % [-] [width] [{argument}] formatcode
399 # if - is specified then the output is left aligned
400 # if width specified then the field is exactly width size
401 # some formatcodes support arguments given as {argument}
402 #
403 # Format codes:
404 # %a: Remote IP-Address
405 # %la: Local IP Address
406 # %lp: Local port
407 # %>a: Http Client IP Address. Only supported if the proxy
408 # client supports the "X-Client-IP" header
409 # %<A: Http Server IP Address. Only supported if the proxy
410 # client supports the "X-Server-IP" header
411 # %ts: Seconds since epoch
412 # %tl: Local time. Supports optional strftime format argument
413 # %tg: GMT time. Supports optional strftime format argument
414 # %>ho: Modified Http request header. Supports header name
415 # as argument. If no argument given the first line returned
416 # %huo: Modified Http request url
417 # %<ho: Modified Http reply header. Supports header name
418 # as argument. If no argument given the first line returned
419 # %iu: Icap request url
420 # %im: Icap method
421 # %is: Icap status code
422 # %>ih: Icap request header. Supports header name
423 # as argument. If no argument given the first line returned
424 # %<ih: Icap response header. Supports header name
425 # as argument. If no argument given the first line returned
426 # %Ih: Http bytes received
427 # %Oh: Http bytes sent
428 # %Ib: Http body bytes received
429 # %Ob: Http body bytes sent
430 # %I: Bytes received
431 # %O: Bytes sent
432 # %bph: The first 5 bytes of the body preview data. Non
433 # printable characters printed in hex form.
434 # Supports the number of bytes to output as argument.
435 # %un: Username
436 # Default:
437 # None set
438 # Example:
439 # LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph"
441 # TAG: ServerLog
442 # Format: ServerLog LogFile
443 # Description:
444 # the file used by the build-in logger file_logger to
445 # store debugging information, errors and other
446 # information about the c-icap server.
447 # Default:
448 # ServerLog /usr/var/log/server.log
449 ServerLog /var/log/c-icap/server.log
451 # TAG: AccessLog
452 # Format: AccessLog LogFile [LogFormat] [[!]acl1] [[!]acl2] [...]
453 # Description:
454 # LogFile is a file where to log access information.
455 # LogFormat is the log format to use. If ommited c-icap uses:
456 # "%tl, %la %a %im %iu %is"
457 # Also acls can be used to select certain requests to be logged.
458 # This directive can be used more than once to specify more than
459 # one access log files
460 # Default:
461 # AccessLog /usr/var/log/access.log
462 # Example:
463 # AccessLog /usr/var/log/access.log MyFormat all
464 AccessLog /var/log/c-icap/access.log
466 # TAG: Logger
467 # Format: Logger LoggerName
468 # Description:
469 # Specify wich logger to use. By default uses the build in "file_logger" which
470 # uses files for access and server logging.
471 # Default:
472 # Logger file_logger
473 # Example:
474 # Logger sys_logger
476 # TAG: Module
477 # Format: Module Type ModuleFile
478 # Description:
479 # Load an external module/plugin to c-icap.
480 # ModuleFile is the filename of the module. If no full path given then c-icap
481 # searche in path defined by the ModulesDir configuration parameter.
482 # Type is the type of the external module and can be one of the following:
483 # - "logger" for modules implement a logger
484 # - "common" for general purpose modules
485 # Default:
486 #
487 # Example:
488 # Module logger sys_logger.so
490 # TAG: Service
491 # Format: Service aName ServiceFile
492 # Description:
493 # It loads the service ServiceFile. The argument aName used
494 # as alias name for the service
495 # Default:
496 #
497 # Example:
498 # Service echo_service srv_echo.so
500 # TAG: ServiceAlias
501 # Format: ServiceAlias AliasName ServiceName[?param1=value1¶m2=value2...]
502 # Description:
503 # Used to define an alias name for a service.
504 # Default:
505 #
506 # Example:
507 # ServiceAlias avscan srv_clamav?allow204=on&sizelimit=off&mode=simple
510 #
511 # TAG: General configuration parameters for all services
512 # Description:
513 # PreviewSize: The preview data size to advertise to the icap client
514 # MaxConnections: The client should not use more than MaxConnections
515 # for this service.
516 # TransferPreview: The list of file extensions, seperated by commas,
517 # for which the client should send preview data.
518 # TransferIgnore: The list of file extensions that should not be sent
519 # to the icap server
520 # TransferComplete: The list of file extensions that should be sent
521 # in their entirety, without preview, to the icap server
522 # Example:
523 # echo.PreviewSize 512
524 # echo.TransferIgnore gif, jpeg
527 ######################################################
528 # External modules comming with core c-icap server
529 #
530 # Module: echo
531 # Description:
532 # Simple test service
533 # Example:
534 # Service echo srv_echo.so
535 #Service echo srv_echo.so
537 # Module: sys_logger
538 # Description:
539 # Add support for logging access and server events to syslog server
540 # Use "Module" configuration parameter to load this module and "Logger"
541 # to make it default logger for the c-icap.
542 # Example:
543 # Module logger sys_logger.so
544 # Logger sys_logger
547 # TAG: sys_logger.Prefix
548 # Format: sys_logger.Prefix string
549 # Description:
550 # string is be presented in every syslog message.
551 # Default:
552 # sys_logger.Prefix "C-ICAP:"
554 # TAG: sys_logger.Facility
555 # Format: sys_logger.Facility daemon|user|local1|local2|local3|local4|local5|local6|local7
556 # Description:
557 # specifies the facility type of syslog.
558 # Default:
559 # sys_logger.Facility daemon
561 # TAG: sys_logger.access_priority
562 # Format: sys_logger.access_priority alert|crit|debug|emerg|err|info|notice|warning
563 # Description:
564 # determines the importance of the access log message
565 # Default:
566 # sys_logger.access_priority info
568 # TAG: sys_logger.server_priority
569 # Format: sys_logger.server_priority alert|crit|debug|emerg|err|info|notice|warning
570 # Description:
571 # determines the importance of the server log message
572 # Default:
573 # sys_logger.server_priority crit
575 # TAG: sys_logger.LogFormat
576 # Format: sys_logger.LogFormat LOGFORMAT
577 # Description:
578 # The log format to use. If no log format defined then
579 # the following will be used:
580 # "%la %a %im %iu %is"
581 # Default:
582 # None set
583 # Example:
584 # Logformat BasicFormat "%la %a %im %iu %is"
585 # sys_logger.LogFormat BasicFormat
587 # TAG: sys_logger.access
588 # Format: sys_logger.access [!]acl1 ...
589 # Description:
590 # Allow selecting ICAP requests to be logged using acls.
591 # By default all requests will be logged.
592 # Default:
593 # None set
594 # Example:
595 # sys_logger.access all
597 # End module: sys_logger
599 # Module: bdb_tables
600 # Description:
601 # Add support for Berkeley DB based lookup tables. The format for
602 # bdb path of the lookup table is:
603 # bdb:/path/to/bdb
604 # Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables
605 # Example:
606 # Module common bdb_tables.so
608 # End module: bdb_tables
610 # Module: dnsbl_tables
611 # Description:
612 # Add support for dns lookup tables. Can be used to access
613 # dns block lists. The dnsbl lookup table path definition is:
614 # dnsbl:domainname
615 # For example the lookup table for accessing the black.uribl.com
616 # dns black list is:
617 # dnsbl:black.uribl.com
618 # Example:
619 # Module common dnsbl_tables.so
621 # End module: dnsbl_tables
623 # Module: ldap_module
624 # Description:
625 # Add LDAP support to c-icap. The user can use LDAP based lookup tables
626 # using the following lookup table path:
627 # ldap://[username:password@]ldapserver?base?attr1,attr2?filter
628 # The filter can contain the "%s" formating code which will be replaced by
629 # the search key
630 # Examples of supported ldap urls:
631 # ldap://ldap.chtsanti.net?o=chtsanti?cn,uid?uid=%s
632 # ldap://cn=Directory Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))
633 #
634 # WARNING: is not enough tested it may contain bugs!
635 # Example:
636 # Module common ldap_module.so
638 # End module: ldap_module