Never mind. I got a documentation somewhere which showed me the way!! For the English archives:
http://www.linux-france.org/lug/ploug/doc/l-oops-a4.pdf * Wash <[EMAIL PROTECTED]> [20050114 21:00]: wrote: > Hello list, > I am damn newbie to Oops!! So be polite with me. I have searched using > google, but some responses I received is in Russian. My language of > birth is "Luo", in Kenya, Africa ;) > > I am running Oops and a content filter called DansGuardian on the same > box. DansGuardian connects to oops using 127.0.0.1, but Oops refuses > the connection: > > Fri Jan 14 19:12:39 2005 [0x80bb000]init_domain_name(): 1: host_name = > `beastie.wananchi.com' domain_name = `.wananchi.com' > Fri Jan 14 19:12:39 2005 [0x8142000]prep_storages(): Storages checked. > Fri Jan 14 19:12:39 2005 [0x80bb000]report_limits(): RLIMIT_DATA: 1073741824 > Fri Jan 14 19:12:39 2005 [0x80bb000]report_limits(): RLIMIT_NOFILE: 8128 > Fri Jan 14 19:12:39 2005 [0x80bb000]report_limits(): RLIMIT_CORE: 4294967295 > Fri Jan 14 19:12:39 2005 [0x80bb000]main(): oops 1.5.23 Started. > Fri Jan 14 19:12:39 2005 [0x80bb000]run(): http_listen on descriptor 27 > Fri Jan 14 19:12:39 2005 [0x80bb000]run(): icp_listen on descriptor 28 > Fri Jan 14 19:12:39 2005 [0x80bb000]Starting threads > Fri Jan 14 19:12:39 2005 [0x8142200]Statistics started. > Fri Jan 14 19:12:39 2005 [0x8142400]Garbage collector started. > Fri Jan 14 19:12:39 2005 [0x8142600]Garbage drop started. > Fri Jan 14 19:12:39 2005 [0x8142800]Log rotator started. > Fri Jan 14 19:12:39 2005 [0x8142a00]Clean disk started. > Fri Jan 14 19:12:39 2005 [0x8142c00]Eraser started. > Fri Jan 14 19:13:09 2005 [0x8153000]deny_http_access(): No http or > http->allow for address 127.0.0.1 - access denied > > > Now, how do I tell Oops to grant connect to 127.0.0.1??? > > Attached is my oops.cfg > > > Thank you in advance. > > > -Wash > > http://www.netmeister.org/news/learn2quote.html > > -- > +======================================================================+ > |\ _,,,---,,_ | Odhiambo Washington <[EMAIL PROTECTED]> > Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com > |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 > '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 > +======================================================================+ > Democracy is a government where you can say what you think even if you > don't think. > # Name Servers > nameserver 127.0.0.1 > nameserver 62.8.64.4 > > # Ports > #bind 62.8.64.13 > http_port 3128 > icp_port 3140 > > userid oops > #logfile /dev/tty > logfile /usr/local/oops/logs/oops.log > #accesslog /dev/tty > accesslog /usr/local/oops/logs/access.log > pidfile /var/run/oops/oops.pid > statistics /var/run/oops/oops_statfile > > ## > # icons - where to find link.gif, dir.gif, binary.gif and so on (for > # ftp lists). If omitted - name of running host will be used. But > # using explicit names is better way. > ## > > #icons-host ss5.paco.net > #icons-port 80 > #icons-path icons > > ## > # When total object volume in memory grow over this (this mean > # that cachable data from network came faster then we can save on disk) > # drop objects (without attempt to save on disk). > ## > mem_max 64m > > ## > # Hint, how much cached objects keep in memory. > # When total amount become larger then this limit - start > # swaping cachable objects to disk > ## > lo_mark 32m > > ## > # start random early drop when number of clients reach some level. > # this can protect you against attacks and against situation when > # oops cant handle too much connections. By default - 0 (or no limits). > ## > #start_red 0 > > ## > # refuse any connection when number of already connected clients reach some > # level. By default - 0 (or no limits). > ## > #refuse_at 0 > > ## > # if document contain no Expires: then expire after (in days) > # ftp-expire-value - expire time for ftp (in days) > ## > default-expire-value 7 > ftp-expire-value 7 > > ## > # While connecting to public FTP resource, use this string as password > ## > #anon_ftp_passw [EMAIL PROTECTED] > > ## > # if you want expirestart and run only at some time intervals, > # then use next instruction > ## > #expiretime Sun:Sat 0100:0700 > > ## > # Maximum expite time - doc will not keep in cache more then > # this number of days (except if defaiult-expire-value used for this documeny) > ## > max-expire-value 30 > > ## > # in which proportion time passed since last document modification > # will accounted in expire time. For example, if last-modified-factor=5 > # and there was passed 10 days since document modification, then expiration > # will be setted to 2 days in future (but no nore then max-expire-value) > ## > last-modified-factor 5 > > ## > # If you want not cache replies without Last-Modified: > # uncomment next line. > ## > #dont_cache_without_last_modified > > # run expire every ( in hours ) > ## > default-expire-interval 1 > > ## > # negative_cache - how long cache 404 answer from server > ## > #negative_cache 0 > > ## > # icp_timeout - how long to wait icp reply from peer (in ms, e.g 1000 = 1sec) > ## > icp_timeout 1000 > > ## > # start disk cache cleanup when free space will be (in %%) > # As on the very large storages 1% is large space (1% from 9G is > # 90M), then on such storages you can set both disk-low-free and > # disk-ok-free to 0. Oops will start cleanup if it have less then 256 > # free blocks(1M), and stop when it reach 512 bree blocks(2M). > ## > disk-low-free 3 > > ## > # stop disk cache cleanup when free space will be (in %%) > ## > disk-ok-free 5 > > ## > # Force_http11 - turn on http/1.1 for each request to document server > # This option required if module 'vary' used. > ## > force_http11 > > ## > # Always check document freshness, even it is not stale or expired > # This force Oops behave like squid - first check cached doc, then send > ## > #always_check_freshness > > ## > # If user-requestor aborted connection to proxy, but there was received more > # then some percent ot the document - then continue. > # default value - 75% > ## > force_completion 75 > > ## > # maximum size of the object we will cache > ## > maxresident 1m > > ## > # minimum size of the object we will cache > ## > #minresident 0 > > insert_x_forwarded_for yes > insert_via yes > ## > # Load documents as fast as we can, or as fast as client can download > # First method will save number of opened sockets > # Second - save your bandwidth and memory. > # Use "yes". > ## > fetch_with_client_speed yes > > ## > # If host have several interfaces or aliases, use exactly > # this name when connecting to server: > ## > #connect-from proxy.paco.net > > ## > # ACLs - currently: urlregex, urlpath, usercharset > # port, dstdom, dstdom_regex, src_ip, time > # each acl can be loaded from file. > ## > #acl CACHEABLECGI urlregex > http://www\.topping\.com\.ua/cgi-bin/pingstat\.cgi\?072199131826 > #acl WWWPACO urlregex www\.paco\.net > #acl NO_RLH urlregex zipper > #acl REWRITEPORTS urlregex (www.job.ru|www.sale.ru) > #acl REWRITEHOSTS urlregex (www.asm.ru|zipper\.paco) > #acl WINUSER usercharset windows-1251 > #acl DOSUSER usercharset ibm866 > #acl UNIXUSER usercharset koi8-r > #acl RUS dstdom ru su > #acl UKR dstdom ua > #acl BADPORTS port [0:79],110,138,139,513,[6000:6010] > #acl BADDOMAIN dstdom baddomain1.com baddomain2.com > #acl BADDOMREGEX dstdom_regex baddomain\.((com)|(org)) > #acl LOCAL_NETWORKS src_ip > include:/usr/local/oops/oops/acl_local_networks > #acl BADNETWORKS src_ip 192.168.10/24 > ## WARNING: acl dst_ip is applyed to destination hostname BEFORE > ## any redirection used. > #acl LOCALDST dst_ip 192.168.10/24 > ## > #acl WORKTIME time Mon,Tue:Fri 0900:1800 > #acl HTMLS content_type text/html > #acl USERS username joe > acl MSIE header_substr user-agent MSIE > acl ADMINS src_ip 127.0.0.1 > acl PURGE method PURGE > acl CONNECT method CONNECT > acl SSLPORT port 443 > acl OVERRIDE urlregex https://beastie\.wananchi\.com/override > > ## > # acl_deny [!]ACL [!]ACL ... > # deny access for combined acl > ## > acl_deny PURGE !ADMINS > acl_deny CONNECT !SSLPORT > > ## > # Never cache objects with URL, containing next strings in path > ## > stop_cache ? > stop_cache cgi-bin > > > # > # Groups > # > > group override { > networks_acl OVERRIDE; > auth_mods passwd_file; > > http { > allow dstdomain *; > } > } > group wol { > networks 127.0.0.0/8; > networks 62.8.64.0/19; > http { > allow dstdomain *; > } > } > > group world { > networks 0/0; > badports [0:79],110,138,139,513,[6000:6010]; > http { > deny dstdomain * ; > } > icp { > deny dstdomain * ; > } > } > > ## > # Storage section > # Change this for your own situation. Oops can work without > # storages (using only in-memory cache). > ## > > ## > # Storage description (can be several) > # path - filename of storage. can be raw device (be carefull!) > # size - size (of storage file). Can be smthng like 100k or 200m or 4g > # Size used only durig format process (oops -z). > ## > > storage { > path /usr/local/oops/storages/oops_storage ; > # Size of the storage. Can be in bytes or 'auto'. Auto is > # usefull for pre-created storages or disk slices. > # NOTE: 'size auto' won't work for Linux on disk slices. > # To use large ( > 2G ) files run configure with --enable-large-files > > size 20m ; > > # You have to use 'offset' in the case your raw device (or slice) > # require that. For example if you use entire disk as storage > # under AIX and Soalris/Sparc - you have to skip first block > # which contain disk label (that is storage will start from > # next 512 sector. > # offset 512; > } > > #storage { > # path /usr/local/oops/storages/oops_storage1 ; > # size 600m ; > #} > > module lang { > > default_charset utf-8 > > # Recode tables and other charset stuff > CharsetRecodeTable windows-1251 /usr/local/etc/oops/tables/koi-win.tab > CharsetRecodeTable ISO-8859-5 /usr/local/etc/oops/tables/koi-iso.tab > CharsetRecodeTable ibm866 /usr/local/etc/oops/tables/koi-alt.tab > CharsetAgent windows-1251 AIR_Mosaic IWENG/1 MSIE WinMosaic (Windows > (WinNT; > CharsetAgent windows-1251 (Win16; (Win95; (Win98; (16-bit) Opera/3.0 > CharsetAgent ibm866 DosLynx Lynx2/OS/2 > } > > module err { > # error reporting module > > # template > template /usr/local/etc/oops/err_template.html > > # Language to use when generate Error messages > lang en > } > > module passwd_file { > # password proxy-authentication module > # > # default realm, scheme and passwd file > # the only thing you really want to change is 'file' and 'template' > # you don't have to reconfigure oops if you only > # change content passwd file or template: oops authomatically > # reload file > realm oops > scheme Basic > file /usr/local/etc/oops/passwd > template /usr/local/etc/oops/auth_template.html > } > > module pam { > realm oops > scheme Basic > service oops > template /usr/local/etc/oops/auth_template.html > } > > module passwd_pgsql { > # proxy authentication using postgresql > # "Ivan B. Yelnikov" <[EMAIL PROTECTED]> > # > # host - host where database live, > # user,password - login and password for database access > # database - database name > # select - file with request body > # template - file with html doc which user will receive > # during authentication > scheme Basic > realm oops > host <host address/name> > user <database_user> > password <user_password> > database <database_name> > select /usr/local/etc/oops/select.sql > template /usr/local/etc/oops/auth_template.html > } > > module passwd_mysql { > # proxy authentication usin mysql > # "Ivan B. Yelnikov" <[EMAIL PROTECTED]> > # > # look passwd_pgsql description > # > scheme Basic > realm oops > host <host address/name> > user <database_user> > password <user_password> > database <database_name> > select /usr/local/etc/oops/select.sql > template /usr/local/etc/oops/auth_template.html > } > > # You can several (up to 15) redir configs: > # module redir/1 { > # ... > # } > # module redir/2 { > # ... > # } > # ... > # > # Such names (redir/N) can be used in redir_mods statements in group > # description > > module redir { > # file - regex rules. > # each line consist of one or two fields (separated with white space) > # 1. regular expression > # 2. redirect-location > # if requested (by client) url match regex then > # if we have redirect-url then we send '302 Moved Temporary' to > # redirect-location > # if we have no redirect-location (i.e. we have no 2-nd field) > # then we send template.html (%R will be substituted by rule) > # or some default message if we have no template. > # you don't have to reconfigure oops each time > # you edit rules or template, they will be reloaded authomatically > > file /usr/local/etc/oops/redir_rules > template /usr/local/etc/oops/redir_template.html > ## mode control will redir rewrite url or send Location: header > ## with new location. Values are 'rewrite' or 'bounce' > # mode rewrite > > # myport can have next form: > # myport [{hostname|ip_addr}:]port ... > # myport 3128 > # it configure redir module to process requests on > # given port > myport 3128 > # This module can process requests which come on http_port > # and/or on different port. For example, you wish oops > # bind on two ports - 3128 and 3129, and all requests which come on > # port 3129 must pass through filters, and requests which come on port > # 3128 (common http_port) - not. Then you have to uncomment next line > # myport 3129 > # which means exactly: bind oops to additional port 3129 and process > # requests which come on this port. > # myport can be in the next form: > # myport [{hostname|ip_addr}:]port > } > > module oopsctl { > # path to oopsctl unix socket > socket_path /var/run/oops/oopsctl > # time to auto-refresh page (seconds) > html_refresh 300 > } > > ## > ## This module hadnle 'Vary' header - it was written to better support > ## Russian Apache > ## > module vary { > user-agent by_charset > accept-charset ignore > } > > ## > ## WWW -accelerator. To use - add word accel to > ## redir_mods line for > ## the group 'world' description > ## You will find more description of this module in supplied accel_maps file > ## > #module accel { > # myport can have next form: > # myport [{hostname|ip_addr}:]port ... > # myport 80 > ## > # access can have next form: > # access [{hostname|ip_addr}:]port ... > # If this directive is set, then incoming packets will be checked > # for module "accel", according to this directive, not "myports". > # In this case "oops" will open sockets according to "myports" > # as well as when rule "access" is missed. This is needed when destination > # of incoming packet doesn't match "oops" bindings ,for example when we're > # forwarding packets using firewall. > # > # This allows us to produce the following construction : > # firewall: forward network 80-85 -> ip:80 > # oops: myport ip:80 > # oops: access 80 81 82 83 84 85 > # (in this case "oops" will bind only to ip:80 according to rule "myports") > ## > # access 80 81 > # > ## > # allow access to proxy through accel module. > # Deny will stop proxy through accel completely, regardless > # of any other access rules > ## > # proxy_requests deny > # > ## > # File with maps and other config directives > # Checked once per minute. No need to restart oops if maps changed > ## > # file /usr/local/etc/oops/accel_maps > #} > > ## > ## Transparent proxy. To use - add word 'transparent' into > ## redir_mods line for your group. > ## in the your local (or any other) group description > ## > #module transparent { > # myport can have next form: > # myport [{hostname|ip_addr}:]port ... > # myport 3128 > # broken_browsers MSIE > #} > > ## > ## %h - remote ip address > ## %A - local ip address > ## %d - ip address of source (peer or document server) > ## %l - remote logname from identd (not suported now) > ## %U - remote user (from 'Authorization' header) > ## %u - remote user (from proxy-auth) > ## %{format}t - time with optional {format} (for strftime) > ## %t - time with standard format %d/%b/%Y:%T %Z > ## %r - request line > ## %s - status code > ## %b - bytes received > ## %{header}i - value of header in request > ## %m - HIT/MISS > ## %k - hierarchy (DIRECT/NONE/...) > ## > ## directive buffered can be followed by size of the buffer, > ## like 'buffered 32000' > ## > #module customlog { > # path /usr/local/oops/logs/access_custom1 > # format "%h %l %u %t \"%r\" %>s %b" > # squid httpd mode log emulation > # format "%h %u %l %t \"%r\" %s %b %m:%k" > # buffered > # path /usr/local/oops/logs/access_custom2 > # format "%h->%A %l %u [%t] \"%r\" %s %b \"%{User-Agent}i\"" > #} > > module berkeley_db { > ## > # dbhome - directory where all DB indexes reside. Use full path > # this directory must exist. > # dbname - filename for index file. Use just filename (no full path) > ## > > dbhome /usr/local/oops/DB > dbname dburl > > ## > # This parameter specifies internal cache size of BerkeleyDB. > # Increase this parameter for best performance (if you have a lot of > memory). > # For example: db_cache_mem 64m > # Default and minimum value: 4m > # > # This memory pool is not part of memory pool, specified by mem_max > parameter. > # WARNING: the amount of RAM used by oops will be increased by the value > of > # this parameter. > ## > #db_cache_mem 4m > > } > > #module gigabase_db { > # This module enable GigaBASE as database engine. > # You can use berkeley_db or gigabase_db, not both. > # Also, important notice - indexes created with different modules > # are not compatible. > # ## > # # dbhome - directory where all DB indexes reside. Use full path > # # this directory must exist. > # # dbname - filename for index file. Use just filename (no full path) > # ## > # > # dbhome /usr/local/oops/DB > # dbname gdburl > # > # ## > # # This parameter specifies internal cache size of BerkeleyDB. > # # Increase this parameter for best performance (if you have a lot of > memory). > # # For example: db_cache_mem 64m > # # Default and minimum value: 4m > # # > # # This memory pool is not part of memory pool, specified by mem_max > parameter. > # # WARNING: the amount of RAM used by oops will be increased by the > value of > # # this parameter. > # ## > # #db_cache_mem 4m > # > #} > > #module wccp2 { > # Cache identity. > # Ip address under which your cache will be visible. > # You should set it only in case oops can't determine it's IP in other other > way > # identity proxy.yourdomain.tld > # > # Service group. > # Look Cisco documentation what service group is. > # In two words - this is group of caches and routers which handle > transparently > # some kind of traffic. To intercept www requests from your users use > # next 'service-group' definition > # > # service-group web-cache > # > # Routers for this service group. > # Here you list ip-addresses of routers in service group. > # To avoid problems list addresses from which cisco will reply - that is > # address of interface which is directed to cache. You can describe several > # (up to 32) routers. > # > # router 10.10.10.1 > # > #} > > #module netflow { > # > # This module exports netflow v5 records to flow collector(s) > # Each record consists of source (document source, peer,...) address > # destination address (client requested document), bytes transferred. > # If you supply file with route prefix table and autonomouos system numbers, > # then source and desctination ASNs will also present in flow records > # > # file - path to the tile with prefixes (see file INSTALL). > # > # file /usr/local/oops/prefix_table > # > # source - flow records source address and port. > # > # source 127.0.0.1:3333 > # > # collector - address and port of collector > # you can have several lines(collectors). > # > # collector 127.0.0.1:6666 > #} -Wash http://www.netmeister.org/news/learn2quote.html -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington <[EMAIL PROTECTED]> Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ "No, `Eureka' is Greek for `This bath is too hot.'" -- Dr. Who ===================================================================== If you would like to unsubscribe from this list send message to [EMAIL PROTECTED] with "unsubscribe oops-eng" in message body. Archive is accessible on http://lists.paco.net/oops-eng/
