Hello list, I am damn newbie to Oops!! So be polite with me. I have searched using google, but some responses I received is in Russian. My language of birth is "Luo", in Kenya, Africa ;)
I am running Oops and a content filter called DansGuardian on the same box. DansGuardian connects to oops using 127.0.0.1, but Oops refuses the connection: Fri Jan 14 19:12:39 2005 [0x80bb000]init_domain_name(): 1: host_name = `beastie.wananchi.com' domain_name = `.wananchi.com' Fri Jan 14 19:12:39 2005 [0x8142000]prep_storages(): Storages checked. Fri Jan 14 19:12:39 2005 [0x80bb000]report_limits(): RLIMIT_DATA: 1073741824 Fri Jan 14 19:12:39 2005 [0x80bb000]report_limits(): RLIMIT_NOFILE: 8128 Fri Jan 14 19:12:39 2005 [0x80bb000]report_limits(): RLIMIT_CORE: 4294967295 Fri Jan 14 19:12:39 2005 [0x80bb000]main(): oops 1.5.23 Started. Fri Jan 14 19:12:39 2005 [0x80bb000]run(): http_listen on descriptor 27 Fri Jan 14 19:12:39 2005 [0x80bb000]run(): icp_listen on descriptor 28 Fri Jan 14 19:12:39 2005 [0x80bb000]Starting threads Fri Jan 14 19:12:39 2005 [0x8142200]Statistics started. Fri Jan 14 19:12:39 2005 [0x8142400]Garbage collector started. Fri Jan 14 19:12:39 2005 [0x8142600]Garbage drop started. Fri Jan 14 19:12:39 2005 [0x8142800]Log rotator started. Fri Jan 14 19:12:39 2005 [0x8142a00]Clean disk started. Fri Jan 14 19:12:39 2005 [0x8142c00]Eraser started. Fri Jan 14 19:13:09 2005 [0x8153000]deny_http_access(): No http or http->allow for address 127.0.0.1 - access denied Now, how do I tell Oops to grant connect to 127.0.0.1??? Attached is my oops.cfg Thank you in advance. -Wash http://www.netmeister.org/news/learn2quote.html -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington <[EMAIL PROTECTED]> Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Democracy is a government where you can say what you think even if you don't think.
# Name Servers nameserver 127.0.0.1 nameserver 62.8.64.4 # Ports #bind 62.8.64.13 http_port 3128 icp_port 3140 userid oops #logfile /dev/tty logfile /usr/local/oops/logs/oops.log #accesslog /dev/tty accesslog /usr/local/oops/logs/access.log pidfile /var/run/oops/oops.pid statistics /var/run/oops/oops_statfile ## # icons - where to find link.gif, dir.gif, binary.gif and so on (for # ftp lists). If omitted - name of running host will be used. But # using explicit names is better way. ## #icons-host ss5.paco.net #icons-port 80 #icons-path icons ## # When total object volume in memory grow over this (this mean # that cachable data from network came faster then we can save on disk) # drop objects (without attempt to save on disk). ## mem_max 64m ## # Hint, how much cached objects keep in memory. # When total amount become larger then this limit - start # swaping cachable objects to disk ## lo_mark 32m ## # start random early drop when number of clients reach some level. # this can protect you against attacks and against situation when # oops cant handle too much connections. By default - 0 (or no limits). ## #start_red 0 ## # refuse any connection when number of already connected clients reach some # level. By default - 0 (or no limits). ## #refuse_at 0 ## # if document contain no Expires: then expire after (in days) # ftp-expire-value - expire time for ftp (in days) ## default-expire-value 7 ftp-expire-value 7 ## # While connecting to public FTP resource, use this string as password ## #anon_ftp_passw [EMAIL PROTECTED] ## # if you want expirestart and run only at some time intervals, # then use next instruction ## #expiretime Sun:Sat 0100:0700 ## # Maximum expite time - doc will not keep in cache more then # this number of days (except if defaiult-expire-value used for this documeny) ## max-expire-value 30 ## # in which proportion time passed since last document modification # will accounted in expire time. For example, if last-modified-factor=5 # and there was passed 10 days since document modification, then expiration # will be setted to 2 days in future (but no nore then max-expire-value) ## last-modified-factor 5 ## # If you want not cache replies without Last-Modified: # uncomment next line. ## #dont_cache_without_last_modified # run expire every ( in hours ) ## default-expire-interval 1 ## # negative_cache - how long cache 404 answer from server ## #negative_cache 0 ## # icp_timeout - how long to wait icp reply from peer (in ms, e.g 1000 = 1sec) ## icp_timeout 1000 ## # start disk cache cleanup when free space will be (in %%) # As on the very large storages 1% is large space (1% from 9G is # 90M), then on such storages you can set both disk-low-free and # disk-ok-free to 0. Oops will start cleanup if it have less then 256 # free blocks(1M), and stop when it reach 512 bree blocks(2M). ## disk-low-free 3 ## # stop disk cache cleanup when free space will be (in %%) ## disk-ok-free 5 ## # Force_http11 - turn on http/1.1 for each request to document server # This option required if module 'vary' used. ## force_http11 ## # Always check document freshness, even it is not stale or expired # This force Oops behave like squid - first check cached doc, then send ## #always_check_freshness ## # If user-requestor aborted connection to proxy, but there was received more # then some percent ot the document - then continue. # default value - 75% ## force_completion 75 ## # maximum size of the object we will cache ## maxresident 1m ## # minimum size of the object we will cache ## #minresident 0 insert_x_forwarded_for yes insert_via yes ## # Load documents as fast as we can, or as fast as client can download # First method will save number of opened sockets # Second - save your bandwidth and memory. # Use "yes". ## fetch_with_client_speed yes ## # If host have several interfaces or aliases, use exactly # this name when connecting to server: ## #connect-from proxy.paco.net ## # ACLs - currently: urlregex, urlpath, usercharset # port, dstdom, dstdom_regex, src_ip, time # each acl can be loaded from file. ## #acl CACHEABLECGI urlregex http://www\.topping\.com\.ua/cgi-bin/pingstat\.cgi\?072199131826 #acl WWWPACO urlregex www\.paco\.net #acl NO_RLH urlregex zipper #acl REWRITEPORTS urlregex (www.job.ru|www.sale.ru) #acl REWRITEHOSTS urlregex (www.asm.ru|zipper\.paco) #acl WINUSER usercharset windows-1251 #acl DOSUSER usercharset ibm866 #acl UNIXUSER usercharset koi8-r #acl RUS dstdom ru su #acl UKR dstdom ua #acl BADPORTS port [0:79],110,138,139,513,[6000:6010] #acl BADDOMAIN dstdom baddomain1.com baddomain2.com #acl BADDOMREGEX dstdom_regex baddomain\.((com)|(org)) #acl LOCAL_NETWORKS src_ip include:/usr/local/oops/oops/acl_local_networks #acl BADNETWORKS src_ip 192.168.10/24 ## WARNING: acl dst_ip is applyed to destination hostname BEFORE ## any redirection used. #acl LOCALDST dst_ip 192.168.10/24 ## #acl WORKTIME time Mon,Tue:Fri 0900:1800 #acl HTMLS content_type text/html #acl USERS username joe acl MSIE header_substr user-agent MSIE acl ADMINS src_ip 127.0.0.1 acl PURGE method PURGE acl CONNECT method CONNECT acl SSLPORT port 443 acl OVERRIDE urlregex https://beastie\.wananchi\.com/override ## # acl_deny [!]ACL [!]ACL ... # deny access for combined acl ## acl_deny PURGE !ADMINS acl_deny CONNECT !SSLPORT ## # Never cache objects with URL, containing next strings in path ## stop_cache ? stop_cache cgi-bin # # Groups # group override { networks_acl OVERRIDE; auth_mods passwd_file; http { allow dstdomain *; } } group wol { networks 127.0.0.0/8; networks 62.8.64.0/19; http { allow dstdomain *; } } group world { networks 0/0; badports [0:79],110,138,139,513,[6000:6010]; http { deny dstdomain * ; } icp { deny dstdomain * ; } } ## # Storage section # Change this for your own situation. Oops can work without # storages (using only in-memory cache). ## ## # Storage description (can be several) # path - filename of storage. can be raw device (be carefull!) # size - size (of storage file). Can be smthng like 100k or 200m or 4g # Size used only durig format process (oops -z). ## storage { path /usr/local/oops/storages/oops_storage ; # Size of the storage. Can be in bytes or 'auto'. Auto is # usefull for pre-created storages or disk slices. # NOTE: 'size auto' won't work for Linux on disk slices. # To use large ( > 2G ) files run configure with --enable-large-files size 20m ; # You have to use 'offset' in the case your raw device (or slice) # require that. For example if you use entire disk as storage # under AIX and Soalris/Sparc - you have to skip first block # which contain disk label (that is storage will start from # next 512 sector. # offset 512; } #storage { # path /usr/local/oops/storages/oops_storage1 ; # size 600m ; #} module lang { default_charset utf-8 # Recode tables and other charset stuff CharsetRecodeTable windows-1251 /usr/local/etc/oops/tables/koi-win.tab CharsetRecodeTable ISO-8859-5 /usr/local/etc/oops/tables/koi-iso.tab CharsetRecodeTable ibm866 /usr/local/etc/oops/tables/koi-alt.tab CharsetAgent windows-1251 AIR_Mosaic IWENG/1 MSIE WinMosaic (Windows (WinNT; CharsetAgent windows-1251 (Win16; (Win95; (Win98; (16-bit) Opera/3.0 CharsetAgent ibm866 DosLynx Lynx2/OS/2 } module err { # error reporting module # template template /usr/local/etc/oops/err_template.html # Language to use when generate Error messages lang en } module passwd_file { # password proxy-authentication module # # default realm, scheme and passwd file # the only thing you really want to change is 'file' and 'template' # you don't have to reconfigure oops if you only # change content passwd file or template: oops authomatically # reload file realm oops scheme Basic file /usr/local/etc/oops/passwd template /usr/local/etc/oops/auth_template.html } module pam { realm oops scheme Basic service oops template /usr/local/etc/oops/auth_template.html } module passwd_pgsql { # proxy authentication using postgresql # "Ivan B. Yelnikov" <[EMAIL PROTECTED]> # # host - host where database live, # user,password - login and password for database access # database - database name # select - file with request body # template - file with html doc which user will receive # during authentication scheme Basic realm oops host <host address/name> user <database_user> password <user_password> database <database_name> select /usr/local/etc/oops/select.sql template /usr/local/etc/oops/auth_template.html } module passwd_mysql { # proxy authentication usin mysql # "Ivan B. Yelnikov" <[EMAIL PROTECTED]> # # look passwd_pgsql description # scheme Basic realm oops host <host address/name> user <database_user> password <user_password> database <database_name> select /usr/local/etc/oops/select.sql template /usr/local/etc/oops/auth_template.html } # You can several (up to 15) redir configs: # module redir/1 { # ... # } # module redir/2 { # ... # } # ... # # Such names (redir/N) can be used in redir_mods statements in group # description module redir { # file - regex rules. # each line consist of one or two fields (separated with white space) # 1. regular expression # 2. redirect-location # if requested (by client) url match regex then # if we have redirect-url then we send '302 Moved Temporary' to # redirect-location # if we have no redirect-location (i.e. we have no 2-nd field) # then we send template.html (%R will be substituted by rule) # or some default message if we have no template. # you don't have to reconfigure oops each time # you edit rules or template, they will be reloaded authomatically file /usr/local/etc/oops/redir_rules template /usr/local/etc/oops/redir_template.html ## mode control will redir rewrite url or send Location: header ## with new location. Values are 'rewrite' or 'bounce' # mode rewrite # myport can have next form: # myport [{hostname|ip_addr}:]port ... # myport 3128 # it configure redir module to process requests on # given port myport 3128 # This module can process requests which come on http_port # and/or on different port. For example, you wish oops # bind on two ports - 3128 and 3129, and all requests which come on # port 3129 must pass through filters, and requests which come on port # 3128 (common http_port) - not. Then you have to uncomment next line # myport 3129 # which means exactly: bind oops to additional port 3129 and process # requests which come on this port. # myport can be in the next form: # myport [{hostname|ip_addr}:]port } module oopsctl { # path to oopsctl unix socket socket_path /var/run/oops/oopsctl # time to auto-refresh page (seconds) html_refresh 300 } ## ## This module hadnle 'Vary' header - it was written to better support ## Russian Apache ## module vary { user-agent by_charset accept-charset ignore } ## ## WWW -accelerator. To use - add word accel to ## redir_mods line for ## the group 'world' description ## You will find more description of this module in supplied accel_maps file ## #module accel { # myport can have next form: # myport [{hostname|ip_addr}:]port ... # myport 80 ## # access can have next form: # access [{hostname|ip_addr}:]port ... # If this directive is set, then incoming packets will be checked # for module "accel", according to this directive, not "myports". # In this case "oops" will open sockets according to "myports" # as well as when rule "access" is missed. This is needed when destination # of incoming packet doesn't match "oops" bindings ,for example when we're # forwarding packets using firewall. # # This allows us to produce the following construction : # firewall: forward network 80-85 -> ip:80 # oops: myport ip:80 # oops: access 80 81 82 83 84 85 # (in this case "oops" will bind only to ip:80 according to rule "myports") ## # access 80 81 # ## # allow access to proxy through accel module. # Deny will stop proxy through accel completely, regardless # of any other access rules ## # proxy_requests deny # ## # File with maps and other config directives # Checked once per minute. No need to restart oops if maps changed ## # file /usr/local/etc/oops/accel_maps #} ## ## Transparent proxy. To use - add word 'transparent' into ## redir_mods line for your group. ## in the your local (or any other) group description ## #module transparent { # myport can have next form: # myport [{hostname|ip_addr}:]port ... # myport 3128 # broken_browsers MSIE #} ## ## %h - remote ip address ## %A - local ip address ## %d - ip address of source (peer or document server) ## %l - remote logname from identd (not suported now) ## %U - remote user (from 'Authorization' header) ## %u - remote user (from proxy-auth) ## %{format}t - time with optional {format} (for strftime) ## %t - time with standard format %d/%b/%Y:%T %Z ## %r - request line ## %s - status code ## %b - bytes received ## %{header}i - value of header in request ## %m - HIT/MISS ## %k - hierarchy (DIRECT/NONE/...) ## ## directive buffered can be followed by size of the buffer, ## like 'buffered 32000' ## #module customlog { # path /usr/local/oops/logs/access_custom1 # format "%h %l %u %t \"%r\" %>s %b" # squid httpd mode log emulation # format "%h %u %l %t \"%r\" %s %b %m:%k" # buffered # path /usr/local/oops/logs/access_custom2 # format "%h->%A %l %u [%t] \"%r\" %s %b \"%{User-Agent}i\"" #} module berkeley_db { ## # dbhome - directory where all DB indexes reside. Use full path # this directory must exist. # dbname - filename for index file. Use just filename (no full path) ## dbhome /usr/local/oops/DB dbname dburl ## # This parameter specifies internal cache size of BerkeleyDB. # Increase this parameter for best performance (if you have a lot of memory). # For example: db_cache_mem 64m # Default and minimum value: 4m # # This memory pool is not part of memory pool, specified by mem_max parameter. # WARNING: the amount of RAM used by oops will be increased by the value of # this parameter. ## #db_cache_mem 4m } #module gigabase_db { # This module enable GigaBASE as database engine. # You can use berkeley_db or gigabase_db, not both. # Also, important notice - indexes created with different modules # are not compatible. # ## # # dbhome - directory where all DB indexes reside. Use full path # # this directory must exist. # # dbname - filename for index file. Use just filename (no full path) # ## # # dbhome /usr/local/oops/DB # dbname gdburl # # ## # # This parameter specifies internal cache size of BerkeleyDB. # # Increase this parameter for best performance (if you have a lot of memory). # # For example: db_cache_mem 64m # # Default and minimum value: 4m # # # # This memory pool is not part of memory pool, specified by mem_max parameter. # # WARNING: the amount of RAM used by oops will be increased by the value of # # this parameter. # ## # #db_cache_mem 4m # #} #module wccp2 { # Cache identity. # Ip address under which your cache will be visible. # You should set it only in case oops can't determine it's IP in other other way # identity proxy.yourdomain.tld # # Service group. # Look Cisco documentation what service group is. # In two words - this is group of caches and routers which handle transparently # some kind of traffic. To intercept www requests from your users use # next 'service-group' definition # # service-group web-cache # # Routers for this service group. # Here you list ip-addresses of routers in service group. # To avoid problems list addresses from which cisco will reply - that is # address of interface which is directed to cache. You can describe several # (up to 32) routers. # # router 10.10.10.1 # #} #module netflow { # # This module exports netflow v5 records to flow collector(s) # Each record consists of source (document source, peer,...) address # destination address (client requested document), bytes transferred. # If you supply file with route prefix table and autonomouos system numbers, # then source and desctination ASNs will also present in flow records # # file - path to the tile with prefixes (see file INSTALL). # # file /usr/local/oops/prefix_table # # source - flow records source address and port. # # source 127.0.0.1:3333 # # collector - address and port of collector # you can have several lines(collectors). # # collector 127.0.0.1:6666 #}
