$|=1;
-while (<STDIN>) {
- my $line=$_;
+while (defined(my $line = <STDIN>)) {
if ($line =~ s/^([0-9]+ )//) {
print $1;
}
#copy this to your Apache2 configuration,
#remember to make the server listen on these ports:
###LISTEN_HTTP;
-####LISTEN_HTTPS;
+###LISTEN_HTTPS;
###VIRTUAL_HOST_HTTP;
###SERVER_ADMIN;
# Read the config file, line format:
# some_name = some value # some comment
-while ($line = <$configfile>) {
+while (defined(my $line = <$configfile>)) {
$line =~ s/[\r\n]//g;
- $line =~ s/#.*$//;
- if ($line =~ /^ *([a-zA-Z0-9_]+) *= *(.*)$/){
- $name=$1;
- $value=$2;
- $value =~ s/ *$//;
+ $line =~ s/#.*$//; #comment
+ if ($line =~ /^[ \t]*([a-zA-Z0-9_\-\.]+)[ \t]*=[ \t]*([^ \t](.*[^ \t])?)[ \t]*$/){
+ my $name=$1;
+ my $value=$2;
$set{$name}=$value;
}
}
# ###SOME_NAME;
# If found - replace.
-while ($line = <STDIN>) {
+while (defined($line = <STDIN>)) {
$line =~ s/[\r\n]//g;
if ($line =~ /###([a-zA-Z0-9_]+);/) {
print "$def{$1}\n";
# loop not only the port number but also the host name is required. But is not
# always easy (or possible) to predict if a hostname will point to the proxy
# or not. Blocking port numbers is easier.
- #That's why the proxy should not be installed on the default port numbers, 80
+ # That's why the proxy should not be installed on the default port numbers, 80
# or 443 because then it will not work!
if ($port =~ BLOCK_PORT) {
return fail("Status: 403 Forbidden\n","403 Forbidden","The proxy does not accept port number $port because of infinite loop prevention.");
}
-
-
foreach my $envk (keys %ENV) {
# The relevant http variables either start with HTTP_ or CONTENT_.
my $headarg='';
-There will be more information later.
+This is the proxy software.
+It depends on some other software:
+-Apache2 (2.2)
+-Squid (3.5)
+-Perl
+-curl
+-gzip (only for compressing old log files)
+and for compilation:
+-gcc
+-cp
+-mo
+-rm
+-chmod
+
+It might work with other versions of Apache2 or Squid. It may work with other
+www server software (it uses the "HTTPS" CGI variable to detect if protocol is
+HTTPS, "HTTPS" is not defined in rfc3875).
Recommended situation is when the software and data directories belong to a
dedicatad user account.
Log in to the user account that will own the proxy.
(If not, you will have to change file ownerships later.)
-Edit the file 'settings' to have values relevant to your server.
+Edit the file 'settings' to have values relevant to your server/computer.
Create the directories defined there and set correct permissions and ownership.
Run 'make.sh'. It will generate the programs and copy them to the correct
location.
To set an username/password:
Create a file in data_path/pass. Username is filename.
Inside the file should be one line with URL-encoded password.
+Usernames can be made of letters, numbers and "_".
$|=1;
-while (<STDIN>) {
- if ($_ =~ /^([0-9]+ )/) {
+while (defined($line = <STDIN>)) {
+ if ($line =~ /^([0-9]+ )/) {
print $1;
}
print 'OK rewrite-url="'.REWRITE_URL."\"\n";
#all directory paths must end with '/' and must already exist.
bin_path = /yplom/bin/proxy/ #Where the software will be located
-lib_path = /yplom/lib/proxy/
+lib_path = /yplom/lib/proxy/ #Where the library will be located
data_path = /yplom/data/proxy/ #where the proxy will remember data; subdir:
#access, pass, archive
-log_path = /yplom/log/proxy/ #where the proxy will remember data
+log_path = /yplom/log/proxy/ #where the proxy will write logs
tmp_path = /yplom/tmp/proxy/ #for temporary fies
www_path = /yplom/www/proxy/ #for the www server (unused)
-#the server must recognise these domains as itself (127.0.0.1)
+#the server must recognise these domains as itself (127.0.0.1)!
#http and ssl proxy ports must be accessible from outside
#Don't set the ports to default values of non-proxy http(s): 80, 443!
http_proxy_domain = bicyclesonthemoon.info
# The domain and path used for proxy unlocking
# doesn't have to be a real domain
+# But if it's real it will be proxied without unlock verification!
+# Better set your own domain here.
unlock_domain = yplom.bicyclesonthemoon.info
unlock_path = /proxy/unlock
unlock_domain_regex = ^yplom\.bicyclesonthemoon\.info(:[0-9]*)?$
block_host_regex = ^(localhost|(botcastle[0-9]*))$
#Time in minutes
-timeout_unlock = 90
-timeout_inact = 15
+timeout_unlock = 90 # lock the proxy this many minutes after unlocking
+timeout_inact = 15 # lock the proxy this many minutes after last activity
#Time in seconds
timeout_arch = 172800 # how old files must be to safely remove them
-path = /usr/local/bin:/usr/bin:/bin
+path = /usr/local/bin:/usr/bin:/bin #The path environment variable. Must be
+ #overwritten if SETUID. Otherwise
+ #launching programs may fail. (Perl
+ #security...)
+#paths to software
perl = /usr/bin/perl
curl = /usr/bin/curl
chmod = /bin/chmod
mv = /bin/mv
rm = /bin/rm
gcc = /usr/bin/gcc
-gzip = /bin/gzip
+gzip = /bin/gzip # not needed if logs_uncompressed=0
c_flags = -g -Wall
log_size_limit = 65536 # How big can a log file be
bicyclesonthemoon.info / projects / yplom / proxy / commitdiff