# ---------------------------------------------------------------------------------------------------------------------------------------- # S E R V E R P A R A M E T E R S # ---------------------------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------------------------- # userver - configuration parameters # ---------------------------------------------------------------------------------------------------------------------------------------- # ENABLE_IPV6 flag to indicate the possible use of ipv6 # SERVER host name or ip address for the listening socket # PORT port number for the listening socket # SOCKET_NAME file name for the listening socket # IP_ADDRESS ip address of host for the interface connected to the Internet (autodetected if not specified) # # ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK]) # ALLOWED_IP_PRIVATE list of comma separated client private address for IP-based access control (IPADDR[/MASK]) for public server # ENABLE_RFC1918_FILTER reject request from private IP to public server address # # MIN_SIZE_FOR_SENDFILE for major size it is better to use sendfile() to serve static content # # LISTEN_BACKLOG max number of ready to be delivered connections to accept() # CLIENT_THRESHOLD min number of clients to active polling # SET_REALTIME_PRIORITY flag indicating that the preforked processes will be scheduled under the real-time policies SCHED_FIFO # # LOAD_BALANCE_CLUSTER list of comma separated IP address (IPADDR[/MASK]) to define the load balance cluster # LOAD_BALANCE_DEVICE_NETWORK network interface name of cluster of physical server # LOAD_BALANCE_LOADAVG_THRESHOLD system load threshold to proxies the request on other userver on the network cluster ([0-9].[0-9]) # # PID_FILE write pid on indicated file # WELCOME_MSG message of welcome to send initially to client # RUN_AS_USER downgrade privileges to that user account # DOCUMENT_ROOT The directory out of which you will serve your documents # # LOG_FILE locations for file log # LOG_FILE_SZ memory size for file log (to use memory mapping and automatic rotate) # LOG_MSG_SIZE limit length of print network message to LOG_MSG_SIZE chars (default 128) (for HTTP -1 indicate to print the header) # # PLUGIN list of plugins to load, a flexible way to add specific functionality to the server # PLUGIN_DIR directory where there are the plugins to load # # ORM_DRIVER list of ORM drivers to load, a flexible way to add specific functionality to the ORM # ORM_DRIVER_DIR directory where there are the ORM drivers to load # # REQ_TIMEOUT timeout for request from client # TCP_KEEP_ALIVE specifies to active the TCP keepalive implementation in the linux kernel # TCP_LINGER_SET specifies how the TCP initiated the close # MAX_KEEP_ALIVE specifies the maximum number of requests that can be served through a Keep-Alive (Persistent) session. (Value <= 0 will disable Keep-Alive) # # DH_FILE [Diffie-Hellman Key Agreement protocol](http://www.rsa.com/rsalabs/node.asp?id=2248) cmd: openssl dhparam -out dh.pem 1024 # CERT_FILE certificate of server # KEY_FILE private key of server # PASSWORD password for private key of server # CA_FILE locations of trusted CA certificates used in the verification # CA_PATH locations of trusted CA certificates used in the verification # VERIFY_MODE mode of verification (SSL_VERIFY_NONE=0, SSL_VERIFY_PEER=1, SSL_VERIFY_FAIL_IF_NO_PEER_CERT=2, SSL_VERIFY_CLIENT_ONCE=4) # CIPHER_SUITE [cipher suite model (Intermediate=0, Modern=1, Old=2)](https://wiki.mozilla.org/Security/Server_Side_TLS) # # ---------------------------------------------------------------------------------------------------------------------------------------- # how to verify peer certificates. The possible values of this setting are: # # SSL_VERIFY_NONE - do not verify anything # SSL_VERIFY_PEER - verify the peer certificate, if one is presented # SSL_VERIFY_FAIL_IF_NO_PEER_CERT - require a peer certificate, fail if one is not presented # # SSL/TLS servers will usually set VERIFY_MODE to SSL_VERIFY_NONE # SSL/TLS clients will usually set VERIFY_MODE to SSL_VERIFY_FAIL_IF_NO_PEER_CERT # ---------------------------------------------------------------------------------------------------------------------------------------- # PREFORK_CHILD number of child server processes created at startup: -1 - thread approach (experimental) # 0 - serialize, no forking # 1 - classic, forking after accept client # >1 - pool of process serialize plus monitoring process # # if PREFORK_CHILD is not defined is as case (>1) with num process the number of CPU in the system # # CRASH_COUNT this is the threshold for the number of crash of child server processes # CRASH_EMAIL_NOTIFY the email address to send a message whenever the number of crash > CRASH_COUNT # ---------------------------------------------------------------------------------------------------------------------------------------- # This directive are for evasive action in the event of an HTTP DoS or DDoS attack or brute force attack # ---------------------------------------------------------------------------------------------------------------------------------------- # DOS_PAGE_COUNT this is the threshold for the number of requests for the same page (or URI) per page interval # DOS_PAGE_INTERVAL the interval for the page count threshold; defaults to 1 second intervals # DOS_SITE_COUNT this is the threshold for the total number of requests for any object by the same client per site interval # DOS_SITE_INTERVAL the interval for the site count threshold; defaults to 1 second intervals # DOS_BLOCKING_PERIOD the blocking period is the amount of time (in seconds) that a client will be blocked for if they are added to the blocking list (defaults to 10) # DOS_WHITE_LIST list of comma separated IP addresses of trusted clients can be whitelisted to insure they are never denied (IPADDR[/MASK]) # DOS_EMAIL_NOTIFY the email address to send a message whenever an IP address becomes blacklisted # DOS_SYSTEM_COMMAND the system command specified will be executed whenever an IP address becomes blacklisted. Use %.*s to denote the IP address of the blacklisted IP # DOS_LOGFILE the file to write DOS event # ---------------------------------------------------------------------------------------------------------------------------------------- userver { # ENABLE_IPV6 yes # SERVER www.example.org # PORT 8080 # SOCKET_NAME tmp/socket # IP_ADDRESS 10.30.1.131 # ALLOWED_IP 127.0.0.1,10.30.0.0/16 # ALLOWED_IP_PRIVATE 127.0.0.1,10.30.0.0/16 # ENABLE_RFC1918_FILTER yes # MIN_SIZE_FOR_SENDFILE 500k # LISTEN_BACKLOG 1024 # CLIENT_THRESHOLD 100 # SET_REALTIME_PRIORITY yes # LOAD_BALANCE_CLUSTER 10.30.0.0/16 # LOAD_BALANCE_DEVICE_NETWORK eth1 # LOAD_BALANCE_LOADAVG_THRESHOLD 4.5 # PID_FILE /var/run/userver.pid # WELCOME_MSG "220 david.unirel.intranet ULib WEB server (Version 1.1.0) ready.\n" # RUN_AS_USER apache DOCUMENT_ROOT /var/www # LOG_FILE /var/log/userver.log # LOG_FILE_SZ 1M # LOG_MSG_SIZE -1 # PLUGIN "tsa http" # PLUGIN "rpc http" # PLUGIN "soap http" # PLUGIN "fcgi http" # PLUGIN "scgi http" # PLUGIN "proxy http" # PLUGIN "geoip http" # PLUGIN "stream http" # PLUGIN "socket http" # PLUGIN_DIR /usr/local/libexec/ulib # ORM_DRIVER "sqlite mysql pgsql" # ORM_DRIVER_DIR /usr/local/libexec # REQ_TIMEOUT 30 # TCP_KEEP_ALIVE yes # TCP_LINGER_SET 0 # MAX_KEEP_ALIVE 1000 # DH_FILE ../ulib/CA/param.dh # CERT_FILE ../ulib/CA/server.crt # KEY_FILE ../ulib/CA/server.key # PASSWORD stefano # CA_PATH ../ulib/CA/CApath # CA_FILE ../ulib/CA/cacert.pem # VERIFY_MODE 1 # CIPHER_SUITE 0 # PREFORK_CHILD 4 # CRASH_COUNT 5 # CRASH_EMAIL_NOTIFY mail.unirel.com:stefano.casazza2@unirel.com # # DOS_PAGE_COUNT 2 # DOS_PAGE_INTERVAL 1 # DOS_SITE_COUNT 50 # DOS_SITE_INTERVAL 1 # DOS_BLOCKING_PERIOD 10 # DOS_WHITE_LIST 127.0.0.1,10.8.0.0/16 # DOS_EMAIL_NOTIFY mail.unirel.com:stefano.casazza2@unirel.com # DOS_SYSTEM_COMMAND "sh -c 'echo `date \"+[%%d/%%b/%%Y:%%T %%z]\"` %.*s: %.*s >> /tmp/dos_blacklist.txt'" # DOS_LOGFILE /tmp/dos_blacklist.txt } # ---------------------------------------------------------------------------------------------------------------------------------------------------- # P L U G I N P A R A M E T E R S # ---------------------------------------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------------------------------------- # http - plugin parameters # ---------------------------------------------------------------------------------------------------------------------------------------------------- # ALIAS vector of URI redirection (request -> alias) # REWRITE_RULE_NF vector of URI rewrite rule applied after checks that files do not exist (regex1 -> uri1 ...) # USP_AUTOMATIC_ALIASING usp page that is recognized automatically as alias of all uri request without suffix # # MAINTENANCE_MODE to switch the site to a maintenance page only # # APACHE_LIKE_LOG file to write NCSA extended/combined log format: "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" # LOG_FILE_SZ memory size for file apache like log (to use memory mapping and automatic rotate) # # ENABLE_INOTIFY enable automatic update of cached document root image with inotify # CACHE_FILE_MASK mask (DOS regexp) of pathfile that content be cached in memory # CACHE_AVOID_MASK mask (DOS regexp) of pathfile that presence NOT be cached in memory # NOCACHE_FILE_MASK mask (DOS regexp) of pathfile that content NOT be cached in memory # CACHE_FILE_STORE pathfile of memory cache filesystem stored on a single file (may be compressed) # # CGI_TIMEOUT timeout for cgi execution # VIRTUAL_HOST flag to activate practice of maintaining more than one server on one machine, as differentiated by their apparent hostname # DIGEST_AUTHENTICATION flag authentication method (yes = digest, no = basic) # # URI_PROTECTED_MASK mask (DOS regexp) of URI protected from prying eyes (that needs authentication) # URI_PROTECTED_ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK # # ENABLE_CACHING_BY_PROXY_SERVERS enable caching by proxy servers (add Cache control: public directive on header response) # # URI_REQUEST_CERT_MASK mask (DOS regexp) of URI where client must comunicate a certificate in the SSL connection # BANDWIDTH_THROTTLING_MASK lets you set maximum byte rates on URLs or URL groups (*.jpg|*.gif 50) # URI_REQUEST_STRICT_TRANSPORT_SECURITY_MASK mask (DOS regexp) of URI where use HTTP Strict Transport Security to force client to use only SSL # # SESSION_COOKIE_OPTION eventual params for session cookie (lifetime, path, domain, secure, HttpOnly) # ---------------------------------------------------------------------------------------------------------------------------------------------------- # This directive gives greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks # ---------------------------------------------------------------------------------------------------------------------------------------------------- # LIMIT_REQUEST_BODY restricts the permitted total size of a HTTP request body sent from the client # REQUEST_READ_TIMEOUT set timeout for receiving a complete request from a client # ------------------------------------------------------------------------------------------------------------------------------------------------ # # ------------------------------------------------------------------------------------------------------------------------------------------------ # PHP # ------------------------------------------------------------------------------------------------------------------------------------------------ # MOUNT_POINT mount point application (to adjust var SCRIPT_NAME) # ------------------------------------------------------------------------------------------------------------------------------------------------ # RUBY # ------------------------------------------------------------------------------------------------------------------------------------------------ # RUBY_LIBDIR directory to add to the ruby libdir search path # ------------------------------------------------------------------------------------------------------------------------------------------------ # PYTHON # ------------------------------------------------------------------------------------------------------------------------------------------------ # PY_PROJECT_APP full python name of WSGI entry point expected in form . # PY_PROJECT_ROOT python module search root; relative to workdir # PY_VIRTUALENV_PATH # ---------------------------------------------------------------------------------------------------------------------------------------------------- http { # Allows you to tell clients about documents that used to exist in your server's namespace, but do not anymore. # The client will make a request for the document at its new location # ALIAS "[ \ # /login /RA/cgi-bin/login.sh \ # /admin /RA/admin/cgi-bin/card-generation.sh \ # ]" # vector of URI rewrite rule applied after checks that files do not exist (regex1 -> uri1 ...) # REWRITE_RULE_NF "[ \ # ^/.*\.[A-Za-z0-9]+.*?$ $0 \ # ^/(.*?)(\?|$)(.*) /sapphire/main.php?url=$1&$3 \ # ]" # USP_AUTOMATIC_ALIASING servlet/example # MAINTENANCE_MODE /ErrorDocument/down.html # APACHE_LIKE_LOG /var/log/httpd/access_log # LOG_FILE_SZ 1M # ENABLE_INOTIFY yes # CACHE_FILE_MASK *.b64|*.txt # CACHE_AVOID_MASK ap|phpldapadmin|login_request|10.1.55.83|immagini # NOCACHE_FILE_MASK banner.html # CACHE_FILE_STORE ../webifv.gz # CGI_TIMEOUT 60 # VIRTUAL_HOST yes # DIGEST_AUTHENTICATION yes # URI_PROTECTED_MASK /RA/admin/cgi-bin/* # URI_PROTECTED_ALLOWED_IP 127.0.0.1,10.30.0.0/16 # ENABLE_CACHING_BY_PROXY_SERVERS yes # URI_REQUEST_CERT_MASK /wi-auth/cgi-bin/cpe.sh # BANDWIDTH_THROTTLING_MASK @FILE:../throttling.txt # URI_REQUEST_STRICT_TRANSPORT_SECURITY_MASK /admin/* # SESSION_COOKIE_OPTION "[\"\" 24 / www.example.com yes yes]" # LIMIT_REQUEST_BODY 100K # REQUEST_READ_TIMEOUT 30 # MOUNT_POINT /phpldapadmin/htdocs } # ------------------------------------------------------------------------------------------------------ # ssi - plugin parameters # ------------------------------------------------------------------------------------------------------ # ENVIRONMENT path of file configuration environment for SSI # # SSI_AUTOMATIC_ALIASING special SSI HTML file (.shtml) that is recognized automatically as alias of all # uri request without suffix (generally cause navigation of directory not working) # ------------------------------------------------------------------------------------------------------ # ssi { # ENVIRONMENT ~/etc/environment.conf # SSI_AUTOMATIC_ALIASING /index.shtml # } # ----------------------------------------------------------------------------------------------- # fcgi - plugin parameters # ----------------------------------------------------------------------------------------------- # FCGI_URI_MASK mask (DOS regexp) of uri type that send request via FCGI (*.php) # # SOCKET_NAME name file for the listening socket # # SERVER host name or ip address for server # PORT port number for the server # # RES_TIMEOUT timeout for response from server FCGI # FCGI_KEEP_CONN If not zero, the server FCGI does not close the connection after # responding to request; the plugin retains responsibility for the connection # # LOG_FILE location for file log (use server log if same value) # ----------------------------------------------------------------------------------------------- # # fcgi { # # FCGI_URI_MASK *.php # SOCKET_NAME tmp/fcgi.socket # SERVER 127.0.0.1 # PORT 8080 # RES_TIMEOUT 20 # FCGI_KEEP_CONN yes # LOG_FILE /var/log/userver.log # } # ----------------------------------------------------------------------------------------------- # scgi - plugin parameters # ----------------------------------------------------------------------------------------------- # SCGI_URI_MASK mask (DOS regexp) of uri type that send request via SCGI (*.py) # # SOCKET_NAME name file for the listening socket # # SERVER host name or ip address for server # PORT port number for the server # # RES_TIMEOUT timeout for response from server SCGI # SCGI_KEEP_CONN If not zero, the server SCGI does not close the connection after # responding to request; the plugin retains responsibility for the connection # # LOG_FILE location for file log (use server log if same value) # ----------------------------------------------------------------------------------------------- # # scgi { # SCGI_URI_MASK *.py # SOCKET_NAME tmp/scgi.socket # SERVER 127.0.0.1 # PORT 8080 # RES_TIMEOUT 20 # SCGI_KEEP_CONN yes # LOG_FILE /var/log/userver.log # } # ----------------------------------------------------------------------------------------------- # tsa - plugin parameters # ----------------------------------------------------------------------------------------------- # COMMAND command to execute # ENVIRONMENT environment for command to execute # ----------------------------------------------------------------------------------------------- # tsa { # ENV[HOME] = Base directory for op # ENV[OPENSSL] = Openssl path # ENV[OPENSSL_CNF] = Openssl configuration # ENV[ENGINE] = Openssl Engine to use # ENV[PASSWORD] = Password for key decryption # ENV[TSA_CACERT] = TSA CA chain certificate # ENV[TSA_CERT] = TSA certificate # ENV[TSA_KEY] = TSA private key # ENV[FILE_LOG] = Log file for command # ENV[MSG_LOG] = Log separator # ENV[TMPDIR] = Temporary directory # ENV[DEBUG] = Enable debugging # ENVIRONMENT "HOME=TSA \ # OPENSSL=bin/openssl \ # OPENSSL_CNF=CA/openssl.cnf \ # TSA_CACERT=CA/cacert.pem \ # TSA_CERT=CA/server.crt \ # TSA_KEY=CA/server.key" # ARGV[1] = TSA REQUEST # ARGV[2] = TOKEN # ARGV[3] = SEC # ARGV[3] = POLICY # COMMAND TSA/TSA_command/tsa_REPLY_BIN.sh # } # ------------------------------------------------------------------------------------------------------------------------------------------------ # stream - plugin parameters # ------------------------------------------------------------------------------------------------------------------------------------------------ # COMMAND command to execute # ENVIRONMENT environment for command to execute # # URI_PATH specifies the local part of the URL path at which you would like the content to appear (Ex. /my/video.ogv) # METADATA specifies the needs to have setup headers prepended for each codec stream (Ex. /my/audio.ogg) # CONTENT_TYPE specifies the Internet media type of the stream, which will appear in the Content-Type HTTP response header # ------------------------------------------------------------------------------------------------------------------------------------------------ # stream { # ENVIRONMENT "UTRACE=0 5M 0" # COMMAND my_stream.sh # URI_PATH /my/stream # METADATA /tmp/metadata # CONTENT_TYPE text/plain # CONTENT_TYPE "multipart/x-mixed-replace; boundary=++++++++" # } # ------------------------------------------------------------------------------------------------------------------------------------------------ # socket - plugin parameters # ------------------------------------------------------------------------------------------------------------------------------------------------ # COMMAND command (alternative to USP modsocket) to execute # ENVIRONMENT environment for command (alternative to USP modsocket) to execute # # MAX_MESSAGE_SIZE Maximum size (in bytes) of a message to accept; default is approximately 4GB # ------------------------------------------------------------------------------------------------------------------------------------------------ # # socket { # ENVIRONMENT "UTRACE=0 5M 0" # COMMAND my_websocket.sh # MAX_MESSAGE_SIZE 100K # } # ------------------------------------------------------------------------------------------------------ # rpc - plugin parameters # ------------------------------------------------------------------------------------------------------ # METHOD_NAME name of method # COMMAND command to execute # ENVIRONMENT environment for command to execute # RESPONSE_TYPE input/output type of the command ( success_or_failure | # stdin_success_or_failure | # standard_output | # stdin_standard_output | # standard_output_binary | # stdin_standard_output_binary ) # ------------------------------------------------------------------------------------------------------ # rpc { # ------------------------------------------------------------------------------------------------------ # SOAP or RPC services # ------------------------------------------------------------------------------------------------------ # ENV[HOME] = Base directory for op # ENV[FILE_LOG] = Log file for command # ENV[MSG_LOG] = Log separator # ENV[DEBUG] = Enable debugging # ------------------------------------------------------------------------------------------------------ # Method_01 { # activate a card and send back login/pwd via SMS # SMS from client = stringa "From: xxxx\nTo: xxxxx..." input # METHOD_NAME CARD # ENV[LDAP_HOST] = LDAP Host # ENV[LDAP_PASSWORD] = file contenente password for LDAP binding # ENV[MAIL_TO] = Email Address for workflow # ENV[MAIL_FROM] = Email Address for workflow # ENVIRONMENT "HOME=WAGSM \ # DEBUG=1 \ # LDAP_HOST=rosso \ # LDAP_PASSWORD=unwired-portal_rootdn.pw \ # MAIL_TO=card-activation@auth.t-unwired.com \ # MAIL_FROM=gsmbox@auth.t-unwired.com" # COMMAND WAGSM/WAGSM_command/card_activation.sh # RESPONSE_TYPE standard_output # } # } # ------------------------------------------------------------------------------------------------------ # soap - plugin parameters # ------------------------------------------------------------------------------------------------------ # METHOD_NAME name of method # COMMAND command to execute # ENVIRONMENT environment for command to execute # RESPONSE_TYPE input/output type of the command ( success_or_failure | # stdin_success_or_failure | # standard_output | # stdin_standard_output | # standard_output_binary | # stdin_standard_output_binary ) # ------------------------------------------------------------------------------------------------------ # soap { # ------------------------------------------------------------------------------------------------------ # SOAP or RPC services # ------------------------------------------------------------------------------------------------------ # ENV[HOME] = Base directory for op # ENV[FILE_LOG] = Log file for command # ENV[MSG_LOG] = Log separator # ENV[DEBUG] = Enable debugging # ------------------------------------------------------------------------------------------------------ # Method_01 { # activate a card and send back login/pwd via SMS # SMS from client = stringa "From: xxxx\nTo: xxxxx..." input # METHOD_NAME CARD # ENV[LDAP_HOST] = LDAP Host # ENV[LDAP_PASSWORD] = file contenente password for LDAP binding # ENV[MAIL_TO] = Email Address for workflow # ENV[MAIL_FROM] = Email Address for workflow # ENVIRONMENT "HOME=WAGSM \ # DEBUG=1 \ # LDAP_HOST=rosso \ # LDAP_PASSWORD=unwired-portal_rootdn.pw \ # MAIL_TO=card-activation@auth.t-unwired.com \ # MAIL_FROM=gsmbox@auth.t-unwired.com" # COMMAND WAGSM/WAGSM_command/card_activation.sh # RESPONSE_TYPE standard_output # } # } # --------------------------------------------------------------------------------------------------------------------------------- # proxy - plugin parameters # --------------------------------------------------------------------------------------------------------------------------------- # ERROR MESSAGE Allows you to tell clients about what type of error occurred # # URI uri trigger # HOST name host client # METHOD_NAME mask name of what type of HTTP method is permitted (GET|POST|...) # # CLIENT_CERTIFICATE yes if client must comunicate a certificate in the SSL connection # REMOTE_ADDRESS_IP list of comma separated client address for IP-based control (IPADDR[/MASK]) for routing-like policy # WEBSOCKET yes if the proxy act as a Reverse Proxy Web Sockets # # # COMMAND command to execute # ENVIRONMENT environment for command to execute # RESPONSE_TYPE output type of the command (yes = response for client, no = request to server) # # PORT port of server for connection # SERVER name of server for connection # # FOLLOW_REDIRECTS yes if manage to automatically follow redirects from server # USER if manage to follow redirects, in response to a HTTP_UNAUTHORISED response from the HTTP server: user # PASSWORD if manage to follow redirects, in response to a HTTP_UNAUTHORISED response from the HTTP server: password # REPLACE_RESPONSE if NOT manage to follow redirects, vector of substitution string # --------------------------------------------------------------------------------------------------------------------------------- # proxy { # --------------------------------------------------------------------------- # Allows you to tell clients about what type of error occurred # --------------------------------------------------------------------------- # ERROR MESSAGE [ # @STRING "HTTP/1.1 400 Bad Request\r\n\ # Date: %D\r\n\ # Server: ULib/1.0\r\n\ # Connection: close\r\n\ # Content-Type: text/html; charset=iso-8859-1\r\n\ # Content-Length: 238\r\n\ # \r\n\ # \r\n\ # \r\n\ # Accesso negato\r\n\ # \r\n\ #

Bad Request

\r\n\ #

Errore parsing header
\r\n\

\r\n\ #
\r\n\ #
ULib Server (proxy)
\r\n\ # \r\n" # # @FILE error_msg/X509_REJECTED # ] # Service_WAYF { # # URI ^/(WAYF/?|SWITCHaai/images/.*\.gif$) # HOST localhost:444 # # METHOD_NAME GET|POST # # PORT 80 # SERVER localhost # # CLIENT_CERTIFICATE yes # # la redirect chiede di nuovo al proxy (444)...!!! # FOLLOW_REDIRECTS no # } # # Service_IDP { # # URI ^/shibboleth-idp/SSO # HOST localhost:444 # # METHOD_NAME GET # # PORT 80 # SERVER laptop # # FOLLOW_REDIRECTS yes # # In response to a HTTP_UNAUTHORISED response from the HTTP server, # obtain a user and password for the scheme/realm returned from the HTTP server # # USER user01 # PASSWORD stefano1 # } # # Service_webmail { # # URI /webmail # HOST localhost # # METHOD_NAME GET|POST # # PORT 80 # SERVER ca.eraclito.unirel.test # # only if NOT manage to follow redirects # REPLACE_RESPONSE [ # "^Location: http:" "Location: https:" # ] # } # } # ------------------------------------------------------------------------------------------------------------------------------------------ # geoip - plugin parameters # ------------------------------------------------------------------------------------------------------------------------------------------ # COUNTRY_FORBIDDEN_MASK mask (DOS regexp) of GEOIP country code that give forbidden access # ------------------------------------------------------------------------------------------------------------------------------------------ # geoip { # COUNTRY_FORBIDDEN_MASK CN|JP # } # ----------------------------------------------------------------------------------------------------------------------- # nocat - plugin parameters # ----------------------------------------------------------------------------------------------------------------------- # FW_ENV environment for shell script to execute # FW_CMD shell script to manage the firewall # DECRYPT_KEY DES3 password stuff # ALLOWED_MEMBERS file with list of allowed MAC/IP pairs or NETWORKS (default: /etc/nodog.allowed) # LOCAL_NETWORK_LABEL access point localization tag to be used from portal # LOGIN_TIMEOUT number of seconds after a client last login/renewal to terminate their connection # CHECK_TYPE mode of verification (U_CHECK_NONE=0, U_CHECK_ARP_CACHE=1, U_CHECK_ARP_PING=2, U_CHECK_TRAFFIC=4) # CHECK_EXPIRE_INTERVAL number of seconds to check if some client has terminate their connection # NUM_PEERS_PREALLOCATE size of memory block to preallocate for table of users # ----------------------------------------------------------------------------------------------------------------------- # nocat { # shell script to manage the firewall # FW_CMD firewall/nodog.fw # FW_ENV "FW_CONF=/etc/nodog_fw.conf \ # AuthServiceAddr=http://www.auth-firenze.com/login" # DES3 password stuff # DECRYPT_KEY PASSWORD # access point localization tag to be used from portal # LOCAL_NETWORK_LABEL "radio1 radio2" # Number of seconds after a client last login/renewal to terminate their connection # Probably do not want to set this to less than 60 or a lot of bandwidth is likely to get consumed by the client renewal attempts # LOGIN_TIMEOUT 86400 # one notification per day # Number of seconds to check if some client has terminate their connection # CHECK_EXPIRE_INTERVAL 360 # }