-
Notifications
You must be signed in to change notification settings - Fork 109
/
userver.cfg.default
616 lines (538 loc) · 29 KB
/
userver.cfg.default
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
# ----------------------------------------------------------------------------------------------------------------------------------------
# S E R V E R P A R A M E T E R S
# ----------------------------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------------------------
# userver - configuration parameters
# ----------------------------------------------------------------------------------------------------------------------------------------
# ENABLE_IPV6 flag to indicate use of ipv6
# SERVER host name or ip address for the listening socket
# PORT port number for the listening socket
# SOCKET_NAME file name for the listening socket
# IP_ADDRESS ip address of host for the interface connected to the Internet (autodetected if not specified)
#
# ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK])
# ALLOWED_IP_PRIVATE list of comma separated client private address for IP-based access control (IPADDR[/MASK]) for public server
# ENABLE_RFC1918_FILTER reject request from private IP to public server address
# MIN_SIZE_FOR_SENDFILE for major size it is better to use sendfile() to serve static content
#
# LISTEN_BACKLOG max number of ready to be delivered connections to accept()
# SET_REALTIME_PRIORITY flag indicating that the preforked processes will be scheduled under the real-time policies SCHED_FIFO
#
# CLIENT_THRESHOLD min number of clients to active polling
# CLIENT_FOR_PARALLELIZATION min number of clients to active parallelization
#
# PID_FILE write pid on file indicated
# WELCOME_MSG message of welcome to send initially to client
# RUN_AS_USER downgrade privileges to that user account
# DOCUMENT_ROOT The directory out of which you will serve your documents
#
# LOG_FILE locations for file log
# LOG_FILE_SZ memory size for file log
# LOG_MSG_SIZE limit length of print network message to LOG_MSG_SIZE chars (default 128)
#
# PLUGIN list of plugins to load, a flexible way to add specific functionality to the server
# PLUGIN_DIR directory where there are plugins to load
#
# ORM_DRIVER list of ORM drivers to load, a flexible way to add specific functionality to the ORM
# ORM_DRIVER_DIR directory where there are ORM drivers to load
#
# REQ_TIMEOUT timeout for request from client
# TCP_KEEP_ALIVE Specifies to active the TCP keepalive implementation in the linux kernel
# TCP_LINGER_SET Specifies how the TCP initiated the close
# MAX_KEEP_ALIVE Specifies the maximum number of requests that can be served through a Keep-Alive (Persistent) session. (Value <= 0 will disable Keep-Alive)
#
# DH_FILE [Diffie-Hellman Key Agreement protocol](http://www.rsa.com/rsalabs/node.asp?id=2248) cmd: openssl dhparam -out dh.pem 1024
# CERT_FILE certificate of server
# KEY_FILE private key of server
# PASSWORD password for private key of server
# CA_FILE locations of trusted CA certificates used in the verification
# CA_PATH locations of trusted CA certificates used in the verification
# VERIFY_MODE mode of verification (SSL_VERIFY_NONE=0, SSL_VERIFY_PEER=1, SSL_VERIFY_FAIL_IF_NO_PEER_CERT=2, SSL_VERIFY_CLIENT_ONCE=4)
# CIPHER_SUITE cipher suite model (Intermediate=0, Modern=1, Old=2)
#
# ----------------------------------------------------------------------------------------------------------------------------------------
# how to verify peer certificates. The possible values of this setting are:
#
# SSL_VERIFY_NONE - do not verify anything
# SSL_VERIFY_PEER - verify the peer certificate, if one is presented
# SSL_VERIFY_FAIL_IF_NO_PEER_CERT - require a peer certificate, fail if one is not presented
#
# SSL/TLS servers will usually set VERIFY_MODE to SSL_VERIFY_NONE.
# SSL/TLS clients will usually set VERIFY_MODE to SSL_VERIFY_FAIL_IF_NO_PEER_CERT.
# ----------------------------------------------------------------------------------------------------------------------------------------
# PREFORK_CHILD number of child server processes created at startup: -1 - thread approach (experimental)
# 0 - serialize, no forking
# 1 - classic, forking after accept client
# >1 - pool of process serialize plus monitoring process
# (not defined) - the number of CPU in the system
# ----------------------------------------------------------------------------------------------------------------------------------------
userver {
# ENABLE_IPV6 no
# SERVER localhost
# PORT 80
# SOCKET_NAME tmp/socket
# IP_ADDRESS 10.30.1.131
# ALLOWED_IP 127.0.0.1,10.30.0.0/16
# ENABLE_RFC1918_FILTER yes
# ALLOWED_IP_PRIVATE 127.0.0.1,10.30.0.0/16
LISTEN_BACKLOG 1024
SET_REALTIME_PRIORITY yes
# PID_FILE /var/run/userver.pid
# WELCOME_MSG "220 david.unirel.intranet ULib WEB server (Version 1.1.0) ready.\n"
# RUN_AS_USER apache
DOCUMENT_ROOT /var/www/localhost/htdocs
# LOG_FILE /var/log/userver.log
# LOG_FILE_SZ 1M
# LOG_MSG_SIZE -1
# PLUGIN "tsa http"
# PLUGIN "rpc http"
# PLUGIN "soap http"
# PLUGIN "fcgi http"
# PLUGIN "scgi http"
# PLUGIN "proxy http"
# PLUGIN "geoip http"
# PLUGIN "stream http"
# PLUGIN "socket http"
# PLUGIN_DIR /usr/local/libexec/ulib
REQ_TIMEOUT 5
# MAX_KEEP_ALIVE 1000
# DH_FILE ../ulib/CA/param.dh
# CERT_FILE ../ulib/CA/server.crt
# KEY_FILE ../ulib/CA/server.key
# PASSWORD stefano
# CA_PATH ../ulib/CA/CApath
# CA_FILE ../ulib/CA/cacert.pem
# VERIFY_MODE 1
# PREFORK_CHILD 3
}
# ----------------------------------------------------------------------------------------------------------------------------------------------------
# P L U G I N P A R A M E T E R S
# ----------------------------------------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------------------------------------
# http - plugin parameters
# ----------------------------------------------------------------------------------------------------------------------------------------------------
# ALIAS vector of URI redirection (request -> alias)
# REWRITE_RULE_NF vector of URI rewrite rule applied after checks that files do not exist (regex1 -> uri1 ...)
# USP_AUTOMATIC_ALIASING USP page that is recognized automatically as alias of all uri request without suffix
#
# MAINTENANCE_MODE to switch the site to a maintenance page only
#
# APACHE_LIKE_LOG file to write NCSA extended/combined log format: "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
# LOG_FILE_SZ memory size for file apache like log
#
# ENABLE_INOTIFY enable automatic update of cached document root image with inotify
# CACHE_FILE_MASK mask (DOS regexp) of pathfile that content be cached in memory
# CACHE_AVOID_MASK mask (DOS regexp) of pathfile that presence NOT be cached in memory
# NOCACHE_FILE_MASK mask (DOS regexp) of pathfile that content NOT be cached in memory
# CACHE_FILE_STORE pathfile of memory cache stored on filesystem
#
# CGI_TIMEOUT timeout for cgi execution
# VIRTUAL_HOST flag to activate practice of maintaining more than one server on one machine, as differentiated by their apparent hostname
# DIGEST_AUTHENTICATION flag authentication method (yes = digest, no = basic)
#
# URI_PROTECTED_MASK mask (DOS regexp) of URI protected from prying eyes
# URI_PROTECTED_ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK
#
# SESSION_COOKIE_OPTION eventual params for session cookie (lifetime, path, domain, secure, HttpOnly)
# ENABLE_CACHING_BY_PROXY_SERVERS enable caching by proxy servers (add Cache control: public directive)
#
# URI_REQUEST_CERT_MASK mask (DOS regexp) of URI where client must comunicate a certificate in the SSL connection
# BANDWIDTH_THROTTLING_MASK lets you set maximum byte rates on URLs or URL groups (*.jpg|*.gif 50)
# URI_REQUEST_STRICT_TRANSPORT_SECURITY_MASK mask (DOS regexp) of URI where use HTTP Strict Transport Security to force client to use only SSL
# ----------------------------------------------------------------------------------------------------------------------------------------------------
# This directive gives greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks
# ----------------------------------------------------------------------------------------------------------------------------------------------------
# LIMIT_REQUEST_BODY restricts the total size of the HTTP request body sent from the client
# REQUEST_READ_TIMEOUT set timeout for receiving requests
# ------------------------------------------------------------------------------------------------------------------------------------------------
#
# ------------------------------------------------------------------------------------------------------------------------------------------------
# PHP
# ------------------------------------------------------------------------------------------------------------------------------------------------
# MOUNT_POINT mount point application (to adjust var SCRIPT_NAME)
# ------------------------------------------------------------------------------------------------------------------------------------------------
# RUBY
# ------------------------------------------------------------------------------------------------------------------------------------------------
# RUBY_LIBDIR directory to add to the ruby libdir search path
# ------------------------------------------------------------------------------------------------------------------------------------------------
# PYTHON
# ------------------------------------------------------------------------------------------------------------------------------------------------
# PY_PROJECT_APP full python name of WSGI entry point expected in form <module>.<app>
# PY_PROJECT_ROOT python module search root; relative to workdir
# PY_VIRTUALENV_PATH
# ----------------------------------------------------------------------------------------------------------------------------------------------------
http {
# Allows you to tell clients about documents that used to exist in your server's namespace, but do not anymore.
# The client will make a request for the document at its new location
# ALIAS "[ \
# /login /RA/cgi-bin/login.sh \
# /admin /RA/admin/cgi-bin/card-generation.sh \
# ]"
# vector of URI rewrite rule applied after checks that files do not exist (regex1 -> uri1 ...)
# REWRITE_RULE_NF "[ \
# ^/.*\.[A-Za-z0-9]+.*?$ $0 \
# ^/(.*?)(\?|$)(.*) /sapphire/main.php?url=$1&$3 \
# ]"
# USP_AUTOMATIC_ALIASING servlet/example
# MAINTENANCE_MODE /ErrorDocument/down.html
# APACHE_LIKE_LOG /var/log/httpd/access_log
# LOG_FILE_SZ 1M
# ENABLE_INOTIFY yes
# CGI_TIMEOUT 60
# VIRTUAL_HOST yes
# MOUNT_POINT /phpldapadmin/htdocs
# DIGEST_AUTHENTICATION yes
# ENABLE_CACHING_BY_PROXY_SERVERS yes
# URI_PROTECTED_MASK /RA/admin/cgi-bin/*
# URI_PROTECTED_ALLOWED_IP 127.0.0.1,10.30.0.0/16
# URI_REQUEST_CERT_MASK /wi-auth/cgi-bin/cpe.sh
# URI_REQUEST_STRICT_TRANSPORT_SECURITY_MASK /admin/*
# SESSION_COOKIE_OPTION "[\"\" 24 / www.example.com yes yes]"
# ---------------------------------------------------------------------------
# This directive gives greater control over abnormal client request behavior,
# which may be useful for avoiding some forms of denial-of-service attacks
# ---------------------------------------------------------------------------
# LIMIT_REQUEST_BODY 100K
# REQUEST_READ_TIMEOUT 30
# ---------------------------------------------------------------------------
}
# ------------------------------------------------------------------------------------------------------
# ssi - plugin parameters
# ------------------------------------------------------------------------------------------------------
# ENVIRONMENT path of file configuration environment for SSI
#
# SSI_AUTOMATIC_ALIASING special SSI HTML file that is recognized automatically as alias of all
# uri request without suffix (generally cause navigation directory not working)
# ------------------------------------------------------------------------------------------------------
# ssi {
#
# ENVIRONMENT ~/etc/environment.conf
#
# SSI_AUTOMATIC_ALIASING /index.shtml
# }
# -----------------------------------------------------------------------------------------------
# fcgi - plugin parameters
# -----------------------------------------------------------------------------------------------
# FCGI_URI_MASK mask (DOS regexp) of uri type that send request via FCGI (*.php)
#
# SOCKET_NAME name file for the listening socket
#
# SERVER host name or ip address for server
# PORT port number for the server
#
# RES_TIMEOUT timeout for response from server FCGI
# FCGI_KEEP_CONN If not zero, the server FCGI does not close the connection after
# responding to request; the plugin retains responsibility for the connection
#
# LOG_FILE location for file log (use server log if same value)
# -----------------------------------------------------------------------------------------------
#
# fcgi {
#
# FCGI_URI_MASK *.php
#
# SOCKET_NAME tmp/fcgi.socket
#
# SERVER 127.0.0.1
# PORT 8080
#
# RES_TIMEOUT 20
# FCGI_KEEP_CONN yes
#
# LOG_FILE /var/log/userver.log
# }
# -----------------------------------------------------------------------------------------------
# scgi - plugin parameters
# -----------------------------------------------------------------------------------------------
# SCGI_URI_MASK mask (DOS regexp) of uri type that send request via SCGI (*.py)
#
# SOCKET_NAME name file for the listening socket
#
# SERVER host name or ip address for server
# PORT port number for the server
#
# RES_TIMEOUT timeout for response from server SCGI
# SCGI_KEEP_CONN If not zero, the server SCGI does not close the connection after
# responding to request; the plugin retains responsibility for the connection
#
# LOG_FILE location for file log (use server log if same value)
# -----------------------------------------------------------------------------------------------
#
# scgi {
#
# SCGI_URI_MASK *.py
#
# SOCKET_NAME tmp/scgi.socket
#
# SERVER 127.0.0.1
# PORT 8080
#
# RES_TIMEOUT 20
# SCGI_KEEP_CONN yes
#
# LOG_FILE /var/log/userver.log
# }
# -----------------------------------------------------------------------------------------------
# tsa - plugin parameters
# -----------------------------------------------------------------------------------------------
# COMMAND command to execute
# ENVIRONMENT environment for command to execute
# -----------------------------------------------------------------------------------------------
# tsa {
# ENV[HOME] = Base directory for op
# ENV[OPENSSL] = Openssl path
# ENV[OPENSSL_CNF] = Openssl configuration
# ENV[ENGINE] = Openssl Engine to use
# ENV[PASSWORD] = Password for key decryption
# ENV[TSA_CACERT] = TSA CA chain certificate
# ENV[TSA_CERT] = TSA certificate
# ENV[TSA_KEY] = TSA private key
# ENV[FILE_LOG] = Log file for command
# ENV[MSG_LOG] = Log separator
# ENV[TMPDIR] = Temporary directory
# ENV[DEBUG] = Enable debugging
# ENVIRONMENT "HOME=TSA \
# OPENSSL=bin/openssl \
# OPENSSL_CNF=CA/openssl.cnf \
# TSA_CACERT=CA/cacert.pem \
# TSA_CERT=CA/server.crt \
# TSA_KEY=CA/server.key"
# ARGV[1] = TSA REQUEST
# ARGV[2] = TOKEN
# ARGV[3] = SEC
# ARGV[3] = POLICY
# COMMAND TSA/TSA_command/tsa_REPLY_BIN.sh
# }
# ------------------------------------------------------------------------------------------------------------------------------------------------
# stream - plugin parameters
# ------------------------------------------------------------------------------------------------------------------------------------------------
# COMMAND command to execute
# ENVIRONMENT environment for command to execute
#
# URI_PATH specifies the local part of the URL path at which you would like the content to appear (Ex. /my/video.ogv)
# METADATA specifies the needs to have setup headers prepended for each codec stream (Ex. /my/audio.ogg)
# CONTENT_TYPE specifies the Internet media type of the stream, which will appear in the Content-Type HTTP response header
# ------------------------------------------------------------------------------------------------------------------------------------------------
# stream {
# ENVIRONMENT "UTRACE=0 5M 0"
# COMMAND my_stream.sh
# URI_PATH /my/stream
# METADATA /tmp/metadata
# CONTENT_TYPE text/plain
# CONTENT_TYPE "multipart/x-mixed-replace; boundary=++++++++"
# }
# ------------------------------------------------------------------------------------------------------------------------------------------------
# socket - plugin parameters
# ------------------------------------------------------------------------------------------------------------------------------------------------
# COMMAND command (alternative to USP websocket) to execute
# ENVIRONMENT environment for command (alternative to USP websocket) to execute
#
# MAX_MESSAGE_SIZE Maximum size (in bytes) of a message to accept; default is approximately 4GB
# ------------------------------------------------------------------------------------------------------------------------------------------------
#
# socket {
#
# ENVIRONMENT "UTRACE=0 5M 0"
# COMMAND my_websocket.sh
#
# MAX_MESSAGE_SIZE 100K
# }
# ------------------------------------------------------------------------------------------------------
# rpc - plugin parameters
# ------------------------------------------------------------------------------------------------------
# METHOD_NAME name of method
# COMMAND command to execute
# ENVIRONMENT environment for command to execute
# RESPONSE_TYPE input/output type of the command ( success_or_failure |
# stdin_success_or_failure |
# standard_output |
# stdin_standard_output |
# standard_output_binary |
# stdin_standard_output_binary )
# ------------------------------------------------------------------------------------------------------
# rpc {
# SOAP or RPC services
# ------------------------------------------------------------------------------------------------------
# ENV[HOME] = Base directory for op
# ENV[FILE_LOG] = Log file for command
# ENV[MSG_LOG] = Log separator
# ENV[DEBUG] = Enable debugging
# ------------------------------------------------------------------------------------------------------
# Method_01 {
# activate a card and send back login/pwd via SMS
# SMS from client = stringa "From: xxxx\nTo: xxxxx..." input
# METHOD_NAME CARD
# ENV[LDAP_HOST] = LDAP Host
# ENV[LDAP_PASSWORD] = file contenente password for LDAP binding
# ENV[MAIL_TO] = Email Address for workflow
# ENV[MAIL_FROM] = Email Address for workflow
# ENVIRONMENT "HOME=WAGSM \
# DEBUG=1 \
# LDAP_HOST=rosso \
# LDAP_PASSWORD=unwired-portal_rootdn.pw \
# MAIL_TO=card-activation@auth.t-unwired.com \
# MAIL_FROM=gsmbox@auth.t-unwired.com"
# COMMAND WAGSM/WAGSM_command/card_activation.sh
# RESPONSE_TYPE standard_output
# }
# }
# ------------------------------------------------------------------------------------------------------
# soap - plugin parameters
# ------------------------------------------------------------------------------------------------------
# METHOD_NAME name of method
# COMMAND command to execute
# ENVIRONMENT environment for command to execute
# RESPONSE_TYPE input/output type of the command ( success_or_failure |
# stdin_success_or_failure |
# standard_output |
# stdin_standard_output |
# standard_output_binary |
# stdin_standard_output_binary )
# ------------------------------------------------------------------------------------------------------
# soap {
# SOAP or RPC services
# ------------------------------------------------------------------------------------------------------
# ENV[HOME] = Base directory for op
# ENV[FILE_LOG] = Log file for command
# ENV[MSG_LOG] = Log separator
# ENV[DEBUG] = Enable debugging
# ------------------------------------------------------------------------------------------------------
# Method_01 {
# activate a card and send back login/pwd via SMS
# SMS from client = stringa "From: xxxx\nTo: xxxxx..." input
# METHOD_NAME CARD
# ENV[LDAP_HOST] = LDAP Host
# ENV[LDAP_PASSWORD] = file contenente password for LDAP binding
# ENV[MAIL_TO] = Email Address for workflow
# ENV[MAIL_FROM] = Email Address for workflow
# ENVIRONMENT "HOME=WAGSM \
# DEBUG=1 \
# LDAP_HOST=rosso \
# LDAP_PASSWORD=unwired-portal_rootdn.pw \
# MAIL_TO=card-activation@auth.t-unwired.com \
# MAIL_FROM=gsmbox@auth.t-unwired.com"
# COMMAND WAGSM/WAGSM_command/card_activation.sh
# RESPONSE_TYPE standard_output
# }
# }
# ---------------------------------------------------------------------------------------------------------------------------------
# proxy - plugin parameters
# ---------------------------------------------------------------------------------------------------------------------------------
# ERROR MESSAGE Allows you to tell clients about what type of error occurred
#
# URI uri trigger
# HOST name host client
# METHOD_NAME mask name of what type of HTTP method is permitted (GET|POST|...)
# CLIENT_CERTIFICATE yes if client must comunicate a certificate in the SSL connection
# REMOTE_ADDRESS_IP list of comma separated client address for IP-based control (IPADDR[/MASK]) for routing-like policy
# WEBSOCKET yes if the proxy act as a Reverse Proxy Web Sockets
#
#
# COMMAND command to execute
# ENVIRONMENT environment for command to execute
# RESPONSE_TYPE output type of the command (yes = response for client, no = request to server)
#
# PORT port of server for connection
# SERVER name of server for connection
#
# FOLLOW_REDIRECTS yes if manage to automatically follow redirects from server
# USER if manage to follow redirects, in response to a HTTP_UNAUTHORISED response from the HTTP server: user
# PASSWORD if manage to follow redirects, in response to a HTTP_UNAUTHORISED response from the HTTP server: password
# REPLACE_RESPONSE if NOT manage to follow redirects, vector of substitution string
# ---------------------------------------------------------------------------------------------------------------------------------
# proxy {
# ---------------------------------------------------------------------------
# Allows you to tell clients about what type of error occurred
# ---------------------------------------------------------------------------
# ERROR MESSAGE [
# @STRING "HTTP/1.1 400 Bad Request\r\n\
# Date: %D\r\n\
# Server: ULib/1.0\r\n\
# Connection: close\r\n\
# Content-Type: text/html; charset=iso-8859-1\r\n\
# Content-Length: 238\r\n\
# \r\n\
# <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n\
# <html><head>\r\n\
# <title>Accesso negato</title>\r\n\
# </head><body>\r\n\
# <h1>Bad Request</h1>\r\n\
# <p>Errore parsing header<br />\r\n\ </p>\r\n\
# <hr>\r\n\
# <address>ULib Server (proxy)</address>\r\n\
# </body></html>\r\n"
#
# @FILE error_msg/X509_REJECTED
# ]
# Service_WAYF {
# URI ^/(WAYF/?|SWITCHaai/images/.*\.gif$)
# HOST localhost:444
# METHOD_NAME GET|POST
# CLIENT_CERTIFICATE yes
# PORT 80
# SERVER localhost
# la redirect chiede di nuovo al proxy (444)...!!!
# FOLLOW_REDIRECTS no
# }
#
# Service_IDP {
# URI ^/shibboleth-idp/SSO
# HOST localhost:444
# METHOD_NAME GET
# PORT 80
# SERVER laptop
# FOLLOW_REDIRECTS yes
# In response to a HTTP_UNAUTHORISED response from the HTTP server,
# obtain a user and password for the scheme/realm returned from the HTTP server
# USER user01
# PASSWORD stefano1
# }
#
# Service_webmail {
# only if NOT manage to follow redirects
# REPLACE_RESPONSE [
# "^Location: http:" "Location: https:"
# ]
# URI /webmail
# HOST localhost
# METHOD_NAME GET|POST
# PORT 80
# SERVER ca.eraclito.unirel.test
# }
# }
# ------------------------------------------------------------------------------------------------------------------------------------------
# geoip - plugin parameters
# ------------------------------------------------------------------------------------------------------------------------------------------
# COUNTRY_FORBIDDEN_MASK mask (DOS regexp) of GEOIP country code that give forbidden access
# ------------------------------------------------------------------------------------------------------------------------------------------
# geoip {
# COUNTRY_FORBIDDEN_MASK CN|JP
# }
# -----------------------------------------------------------------------------------------------------------------------
# nocat - plugin parameters
# -----------------------------------------------------------------------------------------------------------------------
# FW_ENV environment for shell script to execute
# FW_CMD shell script to manage the firewall
# DECRYPT_KEY DES3 password stuff
# ALLOWED_MEMBERS file with list of allowed MAC/IP pairs or NETWORKS (default: /etc/nodog.allowed)
# LOCAL_NETWORK_LABEL access point localization tag to be used from portal
# LOGIN_TIMEOUT Number of seconds after a client last login/renewal to terminate their connection
# CHECK_TYPE mode of verification (U_CHECK_NONE=0, U_CHECK_ARP_CACHE=1, U_CHECK_ARP_PING=2, U_CHECK_TRAFFIC=4)
# CHECK_EXPIRE_INTERVAL Number of seconds to check if some client has terminate their connection
# NUM_PEERS_PREALLOCATE Size of memory block to preallocate for table of users
# -----------------------------------------------------------------------------------------------------------------------
# nocat {
# shell script to manage the firewall
# FW_CMD firewall/nodog.fw
# FW_ENV "FW_CONF=/etc/nodog_fw.conf \
# AuthServiceAddr=http://www.auth-firenze.com/login"
# DES3 password stuff
# DECRYPT_KEY PASSWORD
# access point localization tag to be used from portal
# LOCAL_NETWORK_LABEL "radio1 radio2"
# Number of seconds after a client last login/renewal to terminate their connection
# Probably do not want to set this to less than 60 or a lot of bandwidth is likely to get consumed by the client renewal attempts
# LOGIN_TIMEOUT 86400 # one notification per day
# Number of seconds to check if some client has terminate their connection
# CHECK_EXPIRE_INTERVAL 360
# }