-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy paththinproxy.conf.example
More file actions
66 lines (53 loc) · 2.02 KB
/
thinproxy.conf.example
File metadata and controls
66 lines (53 loc) · 2.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# thinproxy configuration file
# Lines starting with # are comments. Inline comments are supported.
# CLI flags override values set here.
# Bind address (default: 127.0.0.1)
listen 127.0.0.1
# Listen port (default: 8080)
port 8080
# Drop privileges to this user after binding
#user _thinproxy
# Run as daemon and log to syslog (default: no)
#daemon yes
# Verbose logging: enables all log categories (default: no)
#verbose no
# Selective log categories (repeatable, alternative to verbose)
# requests - log each accepted request with client IP and destination
# denied - log all denials with client IP, destination, and reason
# wildcard - tag wildcard-port CONNECTs (WILDCARD_PORT) on their outcome line
#log requests
#log denied
# Maximum concurrent connections (default: 512, max: 512)
#max_connections 512
# Maximum concurrent connections per source IP (default: 32)
# For IPv6 peers, connections are aggregated by /64.
#max_connections_per_ip 32
# Close idle connections after this many seconds (default: 300)
#idle_timeout 300
# Block connections to private/reserved addresses (default: yes)
# Prevents SSRF by denying RFC 1918, loopback, link-local, etc.
# IPv4-mapped IPv6 and the well-known NAT64 prefix 64:ff9b::/96 are
# unwrapped and their embedded IPv4 is also checked.
#deny_private yes
# Additional NAT64 /96 prefix whose embedded IPv4 should be unwrapped
# during deny_private checks. The low 32 bits must be zero.
#nat64_prefix 2001:db8:64::/96
# Restrict CONNECT method to specific ports (default: 443)
# When set, CONNECT to unlisted ports is denied with 403.
# Config entries replace the defaults.
# Use 0 as a wildcard to allow all ports (logged at WARNING level).
#connect_port 443
#connect_port 8443
#connect_port 0
# Access control lists
# Use either "allow" or "deny" directives, not both.
#
# Whitelist mode: only listed addresses are permitted (deny rest)
#allow 127.0.0.1
#allow 192.168.1.0/24
#allow 10.0.0.0/8
#allow ::1
#
# Blacklist mode: listed addresses are blocked (allow rest)
#deny 203.0.113.0/24
#deny 198.51.100.0/24