forked from poppyred/1.6.x
/
exec.zipproxy.php
executable file
·1502 lines (1395 loc) · 67.5 KB
/
exec.zipproxy.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?php
if(is_file("/etc/artica-postfix/FROM_ISO")){
if(is_file("/etc/init.d/artica-cd")){
print "Starting......: ".date("H:i:s")." artica-". basename(__FILE__)
." Waiting Artica-CD to finish\n";die();
}
}
if(posix_getuid()<>0){die("Cannot be used in web server mode\n\n");}
if(preg_match("#--verbose#",implode(" ",$argv))){
$GLOBALS["VERBOSE"]=true;
$GLOBALS["OUTPUT"]=true;
$GLOBALS["debug"]=true;
ini_set('display_errors', 1);
ini_set('error_reporting', E_ALL);
ini_set('error_prepend_string',null);
ini_set('error_append_string',null);
}
$GLOBALS["FORCE"]=false;
$GLOBALS["RECONFIGURE"]=false;
$GLOBALS["SWAPSTATE"]=false;
$GLOBALS["SERVICE_NAME"]="Proxy compressor";
$GLOBALS["SCHEDULE_ID"]=0;
$GLOBALS["DEBUG_INCLUDES"]=false;
$GLOBALS["ARGVS"]=implode(" ",$argv);
$GLOBALS["BY_SCHEDULE"]=false;
if(preg_match("#schedule-id=([0-9]+)#",implode(" ",$argv),$re)){$GLOBALS["SCHEDULE_ID"]=$re[1];}
if(preg_match("#--byschedule#",implode(" ",$argv))){$GLOBALS["BY_SCHEDULE"]=true;}
if(preg_match("#--output#",implode(" ",$argv))){$GLOBALS["OUTPUT"]=true;}
if(preg_match("#schedule-id=([0-9]+)#",implode(" ",$argv),$re)){$GLOBALS["SCHEDULE_ID"]=$re[1];}
if(preg_match("#--force#",implode(" ",$argv),$re)){$GLOBALS["FORCE"]=true;}
if(preg_match("#--reconfigure#",implode(" ",$argv),$re)){$GLOBALS["RECONFIGURE"]=true;}
$GLOBALS["AS_ROOT"]=true;
include_once(dirname(__FILE__).'/framework/class.unix.inc');
include_once(dirname(__FILE__).'/framework/frame.class.inc');
include_once(dirname(__FILE__).'/framework/class.settings.inc');
include_once(dirname(__FILE__).'/ressources/class.squid.inc');
$GLOBALS["ARGVS"]=implode(" ",$argv);
if($argv[1]=="--stop"){$GLOBALS["OUTPUT"]=true;stop();die();}
if($argv[1]=="--start"){$GLOBALS["OUTPUT"]=true;start();die();}
if($argv[1]=="--restart"){$GLOBALS["OUTPUT"]=true;restart();die();}
if($argv[1]=="--reload"){$GLOBALS["OUTPUT"]=true;reload();die();}
if($argv[1]=="--build"){$GLOBALS["OUTPUT"]=true;build();die();}
if($argv[1]=="--rotate"){$GLOBALS["OUTPUT"]=true;zipproxy_rotate();die();}
if($argv[1]=="--global"){$GLOBALS["OUTPUT"]=true;zipproxy_global();die();}
if($argv[1]=="--access"){$GLOBALS["OUTPUT"]=true;zipproxy_access();die();}
function restart($nopid=false){
$unix=new unix();
$pidfile="/etc/artica-postfix/pids/".basename(__FILE__).".".__FUNCTION__.".pid";
if(!$nopid){
$pid=$unix->get_pid_from_file($pidfile);
if($unix->process_exists($pid,basename(__FILE__))){
$time=$unix->PROCCESS_TIME_MIN($pid);
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Already Artica task running PID $pid since {$time}mn\n";}
return;
}
}
@file_put_contents($pidfile, getmypid());
if($GLOBALS["OUTPUT"]){echo "Restarting....: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Stopping service\n";}
stop(true);
if($GLOBALS["OUTPUT"]){echo "Restarting....: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Building configuration\n";}
build();
if($GLOBALS["OUTPUT"]){echo "Restarting....: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Starting service\n";}
start(true);
}
function reload($nopid=false){
$unix=new unix();
$pidfile="/etc/artica-postfix/pids/".basename(__FILE__).".".__FUNCTION__.".pid";
if(!$nopid){
$pid=$unix->get_pid_from_file($pidfile);
if($unix->process_exists($pid,basename(__FILE__))){
$time=$unix->PROCCESS_TIME_MIN($pid);
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: Already Artica task running PID $pid since {$time}mn\n";}
return;
}
}
@file_put_contents($pidfile, getmypid());
$sock=new sockets();
$EnableProxyCompressor=intval($sock->GET_INFO("EnableProxyCompressor"));
if($EnableProxyCompressor==0){
if($GLOBALS["OUTPUT"]){echo "Reload........: [INIT]: {$GLOBALS["SERVICE_NAME"]} Disabled ( see EnableProxyCompressor )...\n";}
return;
}
build();
$masterbin=$unix->find_program("ziproxy");
if(!is_file($masterbin)){
if($GLOBALS["OUTPUT"]){echo "Reload........: [INIT]: {$GLOBALS["SERVICE_NAME"]} not installed\n";}
return;
}
$pid=zipproxy_pid();
$kill=$unix->find_program("kill");
if($unix->process_exists($pid)){
$time=$unix->PROCCESS_TIME_MIN($pid);
if($GLOBALS["OUTPUT"]){echo "Reload........: [INIT]: {$GLOBALS["SERVICE_NAME"]} Service PID $pid running since {$time}Mn...\n";}
unix_system_HUP($pid);
return;
}
start(true);
}
function NETWORK_ALL_INTERFACES(){
if(isset($GLOBALS["NETWORK_ALL_INTERFACES"])){return $GLOBALS["NETWORK_ALL_INTERFACES"];}
$unix=new unix();
$GLOBALS["NETWORK_ALL_INTERFACES"]=$unix->NETWORK_ALL_INTERFACES(true);
unset($GLOBALS["NETWORK_ALL_INTERFACES"]["127.0.0.1"]);
}
function start($nopid=false){
$unix=new unix();
$sock=new sockets();
$unix=new unix();
$pidfile="/etc/artica-postfix/pids/".basename(__FILE__).".".__FUNCTION__.".pid";
if(!$nopid){
$pid=$unix->get_pid_from_file($pidfile);
if($unix->process_exists($pid,basename(__FILE__))){
$time=$unix->PROCCESS_TIME_MIN($pid);
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Already Artica task running PID $pid since {$time}mn\n";}
return;
}
}
$pid=zipproxy_pid();
if($unix->process_exists($pid)){
$time=$unix->PROCCESS_TIME_MIN($pid);
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Already running since {$time}Mn...\n";}
return;
}
$EnableProxyCompressor=intval($sock->GET_INFO("EnableProxyCompressor"));
if($EnableProxyCompressor==0){
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Disabled ( see EnableProxyCompressor )...\n";}
return;
}
$SquidAsMasterPeer=intval($sock->GET_INFO("SquidAsMasterPeer"));
if($SquidAsMasterPeer==0){
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Disabled ( see SquidAsMasterPeer )...\n";}
return;
}
$masterbin=$unix->find_program("ziproxy");
if(!is_file($masterbin)){
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Not installed...\n";}
return;
}
CheckFilesAndSecurity();
if(!is_file("/etc/squid3/ziproxy.conf")){build();}
$zipproxy_version=zipproxy_version();
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Starting service v$zipproxy_version\n";}
$cmd="$masterbin -d -c /etc/squid3/ziproxy.conf";
@unlink("/var/run/squid/ziproxy.pid");
shell_exec($cmd);
$c=1;
for($i=0;$i<10;$i++){
sleep(1);
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Starting service waiting $c/10\n";}
$pid=zipproxy_pid();
if($unix->process_exists($pid)){
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Success PID $pid\n";}
break;
}
$c++;
}
$pid=zipproxy_pid();
if(!$unix->process_exists($pid)){
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Failed\n";}
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} $cmd\n";}
}
}
function CheckFilesAndSecurity(){
$unix=new unix();
$f[]="/etc/ziproxy";
while (list ($num, $val) = each ($f)){
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} checking \"$val\"\n";}
if(!is_dir($val)){@mkdir($val,0755,true);}
$unix->chown_func("squid","squid","$val/*");
}
}
function stop(){
$unix=new unix();
$sock=new sockets();
$masterbin=$unix->find_program("ziproxy");
$pid=zipproxy_pid();
if(!is_file($masterbin)){
if($GLOBALS["OUTPUT"]){echo "Stopping......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Not installed\n";}
return;
}
if(!$unix->process_exists($pid)){
if($GLOBALS["OUTPUT"]){echo "Stopping......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Already stopped...\n";}
return;
}
$nohup=$unix->find_program("nohup");
$php5=$unix->LOCATE_PHP5_BIN();
$kill=$unix->find_program("kill");
if($GLOBALS["OUTPUT"]){echo "Stopping......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} Shutdown pid $pid...\n";}
shell_exec("$masterbin -c /etc/squid3/ziproxy.conf -k");
for($i=0;$i<5;$i++){
$pid=zipproxy_pid();
if(!$unix->process_exists($pid)){break;}
shell_exec("$masterbin -c /etc/squid3/ziproxy.conf -k");
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} waiting pid:$pid $i/5...\n";}
sleep(1);
}
$pid=zipproxy_pid();
if(!$unix->process_exists($pid)){
if($GLOBALS["OUTPUT"]){echo "Stopping......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} success...\n";}
return;
}
if($GLOBALS["OUTPUT"]){echo "Stopping......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} shutdown - force - pid $pid...\n";}
unix_system_kill_force($pid);
for($i=0;$i<5;$i++){
$pid=zipproxy_pid();
if(!$unix->process_exists($pid)){break;}
if($GLOBALS["OUTPUT"]){echo "Starting......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} waiting pid:$pid $i/5...\n";}
unix_system_kill_force($pid);
sleep(1);
}
if(!$unix->process_exists($pid)){
if($GLOBALS["OUTPUT"]){echo "Stopping......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} success stopped...\n";}
@unlink("/var/run/squid/ziproxy.pid");
return;
}else{
if($GLOBALS["OUTPUT"]){echo "Stopping......: ".date("H:i:s")." [INIT]: {$GLOBALS["SERVICE_NAME"]} failed...\n";}
}
}
function zipproxy_version(){
$unix=new unix();
if(isset($GLOBALS["zipproxy_version"])){return $GLOBALS["zipproxy_version"];}
$squidbin=$unix->find_program("ziproxy");
if(!is_file($squidbin)){return "0.0.0";}
exec("$squidbin -h 2>&1",$results);
while (list ($num, $val) = each ($results)){
if(preg_match("#Ziproxy\s+([0-9\.]+)#", $val,$re)){
$GLOBALS["zipproxy_version"]=trim($re[1]);
return $GLOBALS["zipproxy_version"];
}
}
}
function zipproxy_pid(){
$unix=new unix();
$masterbin=$unix->find_program("ziproxy");
$pid=$unix->get_pid_from_file('/var/run/squid/ziproxy.pid');
if($unix->process_exists($pid)){return $pid;}
return $unix->PIDOF($masterbin);
}
function build(){
$sock=new sockets();
$unix=new unix();
$ini=new Bs_IniHandler();
$squid=new squidbee();
$IPADDRSSL=array();
$IPADDRSSL2=array();
$ArticaSquidParameters=$sock->GET_INFO('ArticaSquidParameters');
$SquidAsMasterPeer=intval($sock->GET_INFO("SquidAsMasterPeer"));
$SquidAsMasterPeerPort=intval($sock->GET_INFO("SquidAsMasterPeerPort"));
$SquidAsMasterPeerPortSSL=intval($sock->GET_INFO("SquidAsMasterPeerPortSSL"));
$SquidAsMasterPeerIPAddr=$sock->GET_INFO("SquidAsMasterPeerIPAddr");
$visible_hostname=$ini->_params["NETWORK"]["visible_hostname"];
if($visible_hostname==null){$visible_hostname=$unix->hostname_g();}
$SquidBinIpaddr=$sock->GET_INFO("SquidBinIpaddr");
$AllowAllNetworksInSquid=$sock->GET_INFO("AllowAllNetworksInSquid");
if(!is_numeric($AllowAllNetworksInSquid)){$AllowAllNetworksInSquid=1;}
$ini->loadString($ArticaSquidParameters);
$ZipProxyListenIpAdress=$sock->GET_INFO("ZipProxyListenIpAdress");
$zipproxy_port=intval($sock->GET_INFO("zipproxy_port"));
if($zipproxy_port==0){$zipproxy_port=5561;}
$zipproxy_MaxSize=intval($sock->GET_INFO("zipproxy_MaxSize"));
if($zipproxy_MaxSize==0){$zipproxy_MaxSize=1048576;}
$ZipProxyUnrestricted=intval($sock->GET_INFO("ZipProxyUnrestricted"));
$ConvertToGrayscale=intval($sock->GET_INFO("ConvertToGrayscale"));
$zipproxy_ProcessHTML=intval($sock->GET_INFO("zipproxy_ProcessHTML"));
$zipproxy_ProcessCSS=intval($sock->GET_INFO("zipproxy_ProcessCSS"));
$zipproxy_ProcessJS=intval($sock->GET_INFO("zipproxy_ProcessJS"));
NETWORK_ALL_INTERFACES();
if($ZipProxyListenIpAdress<>null){
if(!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$ZipProxyListenIpAdress])){
$f[]="# $ZipProxyListenIpAdress Interface Hardware error";
}
}
$dns_nameservers=$squid->dns_nameservers(true);
$hostname=$unix->hostname_g();
if($SquidAsMasterPeerIPAddr=="0.0.0.0"){$SquidAsMasterPeerIPAddr=null;}
if($SquidAsMasterPeerIPAddr==null){$SquidAsMasterPeerIPAddr="127.0.0.1";}
if($GLOBALS["OUTPUT"]){echo "Configuring...: ".date("H:i:s")." [INIT]: Listen......: $ZipProxyListenIpAdress:$zipproxy_port\n";}
if($GLOBALS["OUTPUT"]){echo "Configuring...: ".date("H:i:s")." [INIT]: Unrestricted: $ZipProxyUnrestricted\n";}
if($GLOBALS["OUTPUT"]){echo "Configuring...: ".date("H:i:s")." [INIT]: Master......: $SquidAsMasterPeerIPAddr:$SquidAsMasterPeerPort\n";}
if($GLOBALS["OUTPUT"]){echo "Configuring...: ".date("H:i:s")." [INIT]: Convert to g: $ConvertToGrayscale\n";}
if($GLOBALS["OUTPUT"]){echo "Configuring...: ".date("H:i:s")." [INIT]: Process JS..: $zipproxy_ProcessJS\n";}
if($GLOBALS["OUTPUT"]){echo "Configuring...: ".date("H:i:s")." [INIT]: Process CSS.: $zipproxy_ProcessCSS\n";}
if($GLOBALS["OUTPUT"]){echo "Configuring...: ".date("H:i:s")." [INIT]: Process HTML: $zipproxy_ProcessHTML\n";}
$f[]="############################";
$f[]="# daemon mode-only options #";
$f[]="############################";
$f[]="";
$f[]="## Port to listen for proxy connections";
$f[]="## default: 8080";
$f[]="Port = $zipproxy_port";
$f[]="";
$f[]="## Local address to listen for proxy connections";
$f[]="## If you have more than one network interface,";
$f[]="## it's useful for restricting to which interface you want to bind to.";
$f[]="## By default Ziproxy binds to all interfaces.";
if($ZipProxyListenIpAdress<>null){
$f[]="Address = \"$ZipProxyListenIpAdress\"";
}
$f[]="";
$f[]="## Accepts conections only from that address.";
$f[]="## WARNING: Remember to restrict the access to Ziproxy";
$f[]="## if your machine is directly connected to the Internet.";
if($ZipProxyUnrestricted==0){
$backends=$squid->backends_list();
$f[]="OnlyFrom = \"".@implode(" ", $backends)."\"";
}
$f[]="";
$f[]="## Limits the number of simultaneous active user connections.";
$f[]="## This does not affect the connection queue (see: SOMAXCONN).";
$f[]="##";
$f[]="## This also (indirectly) limits the number of processes Ziproxy will run";
$f[]="## at once. Formula for the worst-case scenario:";
$f[]="## MaxZiproxyProcesses = 1 + MaxActiveUserConnections";
$f[]="## OR if PreemptNameRes is enabled (worst-case scenario):";
$f[]="## MaxZiproxyProcesses = 1 + MaxActiveUserConnections * (1 + PreemptNameResMax)";
$f[]="##";
$f[]="## Valid values: 0 (no limit), >0 (max ative connections).";
$f[]="##";
$f[]="## default: 0 (no limit -- relies on OS limit instead)";
$f[]="# MaxActiveUserConnections = 20";
$f[]="PIDFile = \"/var/run/squid/ziproxy.pid\"";
$f[]="RunAsUser = \"squid\"";
$f[]="RunAsGroup = \"squid\"";
$f[]="";
$f[]="";
$f[]="";
$f[]="##################################";
$f[]="# TOS marking (daemon mode-only) #";
$f[]="##################################";
$f[]="";
$f[]="## TOS marking";
$f[]="## Enable this if you want to specify the (IP-level) TOS certain types";
$f[]="## of traffic from ziproxy -> user.";
$f[]="##";
$f[]="## This feature is useful if one wants to do application-level QoS.";
$f[]="## Setting TOS does not provide QoS alone. You must be either using";
$f[]="## a network with routers priorizing traffic according to their TOS,";
$f[]="## or set your own QoS/traffic-shaper system and treat the packets";
$f[]="## with certain TOS accordingly.";
$f[]="##";
$f[]="## Ziproxy is RFC-agnostic regarding TOS bit meanings,";
$f[]="## though there may be limitations imposed by the host OS.";
$f[]="## See: RFC 791, RFC 1122, RFC 1349, RFC 2474 and RFC 3168.";
$f[]="##";
$f[]="## If disabled, all other TOS options won't have effect.";
$f[]="## Disabled by default.";
$f[]="# TOSMarking = false";
$f[]="";
$f[]="## TOS to set by default";
$f[]="## This is a decimal value between 0-255.";
$f[]="##";
$f[]="## If unset, will use the OS default (which usually is 0).";
$f[]="## If you want to make sure it is set to 0, then set";
$f[]="## this option accordingly.";
$f[]="##";
$f[]="## Your OS may put restrictions on which bits you may set";
$f[]="## (so certain bits will remain unchanged regardless).";
$f[]="## Your OS may also restrict which bits and/or value ranges";
$f[]="## you may set if you're not running as root.";
$f[]="## Other (non-unixish) OSes may be unable to set TOS at all.";
$f[]="##";
$f[]="## Default: unset.";
$f[]="# TOSFlagsDefault = 0";
$f[]="";
$f[]="## TOS to set when the traffic is considered \"differentiated\",";
$f[]="## according to TOSMarkAsDiffURL, TOSMarkAsDiffCT or TOSMarkAsDiffSizeBT.";
$f[]="## This is a decimal value between 0-255.";
$f[]="##";
$f[]="## If unset, there will be no differentiated traffic at all.";
$f[]="##";
$f[]="## Your OS may put restrictions on which bits you may set";
$f[]="## (so certain bits will remain unchanged regardless).";
$f[]="## Your OS may also restrict which bits and/or value ranges";
$f[]="## you may set if you're not running as root.";
$f[]="## Other (non-unixish) OSes may be unable to set TOS at all.";
$f[]="##";
$f[]="## Default: unset.";
$f[]="# TOSFlagsDiff = 16";
$f[]="";
$f[]="## This is the file containing a list of URLs which should";
$f[]="## have their traffic \"differentiated\"";
$f[]="## (that is, to have their TOS changed to TOSFlagsDiff).";
$f[]="##";
$f[]="## Inside the file, the URLs may also contain pattern-matching asterisks.";
$f[]="## Comments may be present if prefixed by '#' (shell-alike).";
$f[]="## In order to match a whole site: \"http://www.examplehost.xyz/*\"";
$f[]="##";
$f[]="## Default: none";
$f[]="# TOSMarkAsDiffURL = \"/etc/ziproxy/change_tos.list\"";
$f[]="";
$f[]="## This is the content-type list of data that should";
$f[]="## have their traffic \"differentiated\"";
$f[]="## (that is, to have their TOS changed to TOSFlagsDiff).";
$f[]="## This is the content-type as received by the remote HTTP server,";
$f[]="## if it is changed by Ziproxy later, it will not be taken into account.";
$f[]="##";
$f[]="## \"\" (empty string) will match empty content-types AND data which have";
$f[]="## no content-type specified.";
$f[]="##";
$f[]="## If no subtype is specified, all subtypes will match:";
$f[]="## \"aaaa\" will match \"aaaa\", \"aaaa/bbbb\", \"aaaa/cccc\" etc";
$f[]="##";
$f[]="## See also: TOSMarkAsDiffCTAlsoXST";
$f[]="## Default: none";
$f[]="# TOSMarkAsDiffCT = {\"video/flv\", \"video/x-msvideo\", \"audio/*\",";
$f[]="# \"application/x-shockwave-flash\", \"application/x-rpm\",";
$f[]="# \"application/x-msi\", \"application/x-tar\"}";
$f[]="";
$f[]="## When using TOSMarkAsDiffCT, this defines whether to also automatically add";
$f[]="## content-type entries with 'x-' prefix appended to subtypes";
$f[]="## (aaaa/bbbb also adding aaaa/x-bbbb).";
$f[]="## Usually it's convenient to do this way, that avoids worrying about";
$f[]="## having to create duplicated entries, or whether which variant is valid.";
$f[]="##";
$f[]="## You may want to disable this is you wish to have a precise control";
$f[]="## of what types of content-type you wish to include.";
$f[]="##";
$f[]="## See also: TOSMarkAsDiffCT";
$f[]="## Default: true";
$f[]="# TOSMarkAsDiffCTAlsoXST = true";
$f[]="";
$f[]="## This is the stream size threshold (in bytes) which, if reached,";
$f[]="## will make such traffic \"differentiated\"";
$f[]="## (that is, to have their TOS changed to TOSFlagsDiff).";
$f[]="## The stream size is the ziproxy -> user one (which may be";
$f[]="## bigger or smaller than the original one, sent by the HTTP server).";
$f[]="##";
$f[]="## There are two possible behaviors with this parameter:";
$f[]="## - The total stream size is known beforehand, so the data";
$f[]="## will be marked as differentiated from the beginning.";
$f[]="## - The total stream size is unknown, so the data will";
$f[]="## be marked as differentiated once it reaches that";
$f[]="## size.";
$f[]="##";
$f[]="## Current limitations (this may change in the future):";
$f[]="## - The maximum value to be specified here is signed int";
$f[]="## usually 32bit -> (2^31 - 1).";
$f[]="## - HTTP range requests are not taken into account so, if their effective";
$f[]="## streams do not reach this threshold, such data will not be";
$f[]="## marked as \"differentiated\", even if the HTTP range goes beyond that.";
$f[]="## - Usually the HTTP headers will not be taken into account (only the body";
$f[]="## size itself), except in cases such as CONNECT method";
$f[]="## and URLNoProcessing (cases when the data from server is treated like";
$f[]="## a \"black box\").";
$f[]="##";
$f[]="## Default: none";
$f[]="# TOSMarkAsDiffSizeBT = 4000000";
$f[]="";
$f[]="";
$f[]="";
$f[]="###################";
$f[]="# general options #";
$f[]="###################";
$f[]="";
$f[]="# DebugLog = \"/var/log/squid/zipproxy-debug.log\"";
$f[]="";
$f[]="## Error-like messages logging.";
$f[]="## This relates to error messages, warnings and such messages, including";
$f[]="## configuration errors and other.";
$f[]="## If undefined, defaults to stderr. In this case the (normally rare) errors";
$f[]="## occuring after the program successfully started will not be displayed,";
$f[]="## that to avoid the possibility of flooding the screen with error messages.";
$f[]="## If defined, all error-like messages will be dumped into the specified";
$f[]="## file. The exception are the errors occurring at the very early stages";
$f[]="## of Ziproxy initialization.";
$f[]="## WARNING: If you define a error log file and ziproxy initialization fails,";
$f[]="## ziproxy will fail and no error will be displayed on the console.";
$f[]="##";
$f[]="## Default: undefined (dumps to stderr).";
$f[]="ErrorLog = \"/var/log/squid/zipproxy-error.log\"";
$f[]="";
$f[]="## File to be used as access log.";
$f[]="## If undefined, there will be no access logging at all.";
$f[]="## Log format:";
$f[]="## TIME (unix time as seconds.msecs)";
$f[]="## PROCESS_TIME (ms)";
$f[]="## [USER@]ADDRESS (address with daemon mode only)";
$f[]="## FLAGS";
$f[]="## ORIGINAL_SIZE";
$f[]="## SIZE_AFTER_(RE)COMPRESSION";
$f[]="## METHOD";
$f[]="## URL";
$f[]="## where FLAGS may be:";
$f[]="## P (a request as proxy)";
$f[]="## T (a request as transparent proxy)";
$f[]="## S (CONNECT method, usually HTTPS data)";
$f[]="## Z (transfer timeoutted - see ConnTimeout)";
$f[]="## B (interrupted transfer - either by user or by remote http host)";
$f[]="## W (content type was supposed to load into memory, but it had no content-size and, in the end, it was bigger than MaxSize. so it was streamed instead)";
$f[]="## N (URL not processed. See: URLNoProcessing config option)";
$f[]="## R (data was replaced)";
$f[]="## Q (TOS was changed). See: URLReplaceData config option)";
$f[]="## K (image too expansive. See: MaxUncompressedImageRatio config option)";
$f[]="## G (stream gunzip too expansive. See: MinUncompressedGzipStreamEval, MaxUncompressedGzipRatio)";
$f[]="## 1 (SIGSEGV received)";
$f[]="## 2 (SIGFPE received)";
$f[]="## 3 (SIGILL received)";
$f[]="## 4 (SIGBUS received)";
$f[]="## 5 (SIGSYS received)";
$f[]="## X (SIGTERM received - also happens when interrupting the daemon while transferring)";
$f[]="## Disabled by default.";
$f[]="AccessLog = \"/var/log/squid/access-ziproxy.log\"";
$f[]="";
$f[]="## When enabled, Ziproxy will intercept signals indicative of";
$f[]="## software crash, flag the offending request in access log";
$f[]="## accordingly, then stop the offending process.";
$f[]="## This is useful for debugging purposes and it's not recommended";
$f[]="## to leave it enabled in normal use due to the risk of garbage";
$f[]="## being written to access log (due to a more severe crash).";
$f[]="## Once enabled, the intercepted signals are:";
$f[]="## SIGSEGV (segmentation fault)";
$f[]="## SIGFPE (FPU exception)";
$f[]="## SIGILL (illegal instruction)";
$f[]="## SIGBUS (bus error, alignment issues)";
$f[]="## SIGSYS (bad system call)";
$f[]="## Disabled by default (those signals not intercepted by Ziproxy)";
$f[]="# InterceptCrashes = false";
$f[]="";
$f[]="## Authentication mode to be used for proxy access:";
$f[]="## 0: none (no authentication required)";
$f[]="## 1: plain text file";
$f[]="## 2: SASL (auxprop, see /etc/ziproxy/sasl/ziproxy.conf)";
$f[]="##";
$f[]="## Notes:";
$f[]="## a) SASL support is optional (enabled during compilation time).";
$f[]="## b) SASL authentication does not require external SASL daemon";
$f[]="## configuration/invocation, just Ziproxy's SASL configuration.";
$f[]="##";
$f[]="## Default: 0 (no authentication required)";
$f[]="## See also: AuthPasswdFile, AuthSASLConfPath";
$f[]="AuthMode = 0";
$f[]="";
$f[]="## Plain text file containing authentication data.";
$f[]="## Should contain user:pass pairs, lines no longer than 128 chars.";
$f[]="## Password is unencrypted.";
$f[]="## Used only when AuthMode=1";
$f[]="##";
$f[]="## Default: (undefined)";
$f[]="## See also: AuthMode";
$f[]="# AuthPasswdFile = \"/etc/ziproxy/http.passwd\"";
$f[]="";
$f[]="## Path to Ziproxy's SASL configuration file, where";
$f[]="## a file named \"ziproxy.conf\" (not related to this one)";
$f[]="## must be present and properly configured.";
$f[]="## Used only when AuthMode=2";
$f[]="##";
$f[]="## Default: (default SASL setting, OS-dependent, may be /etc/sasl2/)";
$f[]="## See also: AuthMode";
$f[]="# AuthSASLConfPath = \"/etc/ziproxy/sasl/\"";
$f[]="";
$f[]="## Forward everything to another proxy server.";
$f[]="## Modifications/compression is still applied.";
$f[]="## Default: none (disabled)";
if($SquidAsMasterPeerIPAddr<>null){
$f[]="NextProxy=\"$SquidAsMasterPeerIPAddr\"";
$f[]="NextPort=$SquidAsMasterPeerPort";
}
$f[]="";
$f[]="## Use these DNS name servers to resolve hostnames";
$f[]="## instead of the ones configured in /etc/resolv.conf";
if(count($dns_nameservers)>0){
$dnscompiled=trim(@implode(",", $FDNS));
if($dnscompiled<>null){
while (list ($num, $dns) = each ($dns_nameservers) ){$FDNS[]="\"$dns\""; }
$f[]="Nameservers = { ".@implode(",", $FDNS)."}";
}
}
$f[]="";
$f[]="## Bind outgoing connections (to remote HTTP server) to the following (local) IPs";
$f[]="## It applies to the _outgoing_ connections, it has _no_ relation to the listener socket.";
$f[]="## When 2 or more IPs are specified, Ziproxy will rotate to each of those at each";
$f[]="## outgoing connection. All IPs have the same priority.";
$f[]="## You may use this option for either of the following reasons:";
$f[]="## 1. - To use only a specific IP when connecting to remote HTTP servers.";
$f[]="## 2. - Use 2 or more IPs for load balancing (a rather primitive one, since it's";
$f[]="## connection-based and does not take into account the bytes transferred).";
$f[]="## 3. - You have a huge intranet and certain sites (google.com, for example)";
$f[]="## are blocking your requests because there are so many coming from the same IP.";
$f[]="## So you may use 2 or more IPs here and make it appear that your requests";
$f[]="## come from several different machines.";
$f[]="## This option does _not_ spoof packets, it merely uses the host's local IPs.";
$f[]="## Note: While in (x)inetd mode, output may be bind-ed only to one IP.";
$f[]="## Disabled by default (binds to the default IP, the OS decides which one).";
$f[]="## See also: BindOutgoingExList";
$f[]="# BindOutgoing = { \"234.22.33.44\", \"4.3.2.1\", \"44.200.34.11\" }";
$f[]="";
$f[]="## Specifies a file containing a list of hosts which should not suffer";
$f[]="## IP rotation as specified by the option \"BindOutgoing\".";
$f[]="## The reason for this option is that certain services do not like";
$f[]="## the client IP changing in the same session.";
$f[]="## Certain webmail services fail or return authentication failure in this case.";
$f[]="## Example: www.bol.com.br";
$f[]="## This option has no effect if BindOutgoing is not used.";
$f[]="## Default: empty, no hosts are exempted.";
$f[]="## See also: BindOutgoingExAddr";
$f[]="# BindOutgoingExList=\"/etc/ziproxy/bo_exception.list\"";
$f[]="";
$f[]="## Defines a specific IP to be bound to for hosts specified in BindOutgoingExList.";
$f[]="## As with BindOutgoing, this IP must be a local IP from the server running Ziproxy.";
$f[]="## This IP may be one of those specified in BindOutgoing, but that's _not_";
$f[]="## a requirement and may be a different IP.";
$f[]="## This option has no effect if BindOutgoingExList is not being used.";
$f[]="## Default: empty, uses the first IP specified in BindOutgoing.";
$f[]="# BindOutgoingExAddr=\"98.7.65.43\"";
$f[]="";
$f[]="## Allow processing of requests as transparent proxy";
$f[]="## (will still accept normal proxy requests)";
$f[]="## In order to use Ziproxy as transparent proxy it's also needed";
$f[]="## to reroute the connections from x.x.x.x:80 to ziproxy.host:PROXY_PORT";
$f[]="## Disabled by default.";
$f[]="## See also: RestrictOutPortHTTP";
$f[]="# TransparentProxy = false";
$f[]="";
$f[]="## Whether to process normal proxy requests or not";
$f[]="## Only makes sense when TransparentProxy is enabled.";
$f[]="## If transparent proxy is enabled, it's usually a good idea to disable";
$f[]="## conventional proxying since, depending on the layout of your network,";
$f[]="## it can be abused by ill-meant users to circumvent restrictions";
$f[]="## presented by another proxy placed between Ziproxy and the users.";
$f[]="## Enabled by default.";
$f[]="ConventionalProxy = true";
$f[]="";
$f[]="## Whether to allow the CONNECT method.";
$f[]="## This method is used by HTTPS, but may be used for other";
$f[]="## types of service (like instant messenging) which allow tunneling through http proxy.";
$f[]="## If you plan on serving only HTTP requests (no HTTPS nor anything else)";
$f[]="## you may want to disable this, in order to prevent potential";
$f[]="## abuse of the service.";
$f[]="## Enabled by default.";
$f[]="## See also: RestrictOutPortCONNECT";
$f[]="AllowMethodCONNECT = true";
$f[]="";
$f[]="## If defined, restricts the outgoing connections (except CONNECT methods - used by HTTPS)";
$f[]="## to the listed destination ports.";
$f[]="## If TransparentProxy is used, for security reasons it's recommended to restrict";
$f[]="## to the ports (typically port 80) which are being intercepted.";
$f[]="## Default: all ports are allowed.";
$f[]="## See also: RestrictOutPortCONNECT";
$f[]="# RestrictOutPortHTTP = {80, 8080}";
$f[]="";
$f[]="## If defined, restricts the outgoing connections using the CONNECT method (used by HTTPS)";
$f[]="## to the listed destination ports.";
$f[]="## If AllowMethodCONNECT=false, then no ports are allowed at all regardless this list.";
$f[]="## Default: all ports are allowed.";
$f[]="## See also: AllowMethodCONNECT, RestrictOutPortHTTP";
$f[]="# RestrictOutPortCONNECT = {443}";
$f[]="";
$f[]="## Whether to override the Accept-Encoding more to Ziproxy's liking.";
$f[]="## If disabled, Ziproxy will just forward Accept-Encoding received from the client";
$f[]="## (thus the data may or not come gzipped, depending on what the HTTP client says).";
$f[]="##";
$f[]="## Currently, this option is used to always advertise Gzip capability to";
$f[]="## the remote HTTP server.";
$f[]="## Enabling this does not neccessarily mean that the data will come compressed";
$f[]="## from the server. This option just advertises the capability at Ziproxy's side,";
$f[]="## the remote server must support that capability aswell.";
$f[]="##";
$f[]="## This has _no_ relation to the Gzip support between Ziproxy and the client, thus";
$f[]="## you may leave this enabled even if you have clients that do not support Gzip.";
$f[]="## Ziproxy will compress/decompress the data according to the client.";
$f[]="##";
$f[]="## Enabled by default.";
$f[]="OverrideAcceptEncoding = true";
$f[]="DecompressIncomingGzipData = true";
$f[]="";
$f[]="## Replaces the User-Agent data sent by the client with a custom string,";
$f[]="## OR defines User-Agent with that string if that entry was not defined.";
$f[]="## If disabled, Ziproxy will just forward the User-Agent sent by the client.";
$f[]="## Normally you will want to leave this option DISABLED (commented).";
$f[]="##";
$f[]="## It's useful if you, for some reason, want to identify all the clients as";
$f[]="## some specific browser/version/OS.";
$f[]="## Certain websites may appear broken if the client uses a different browser than";
$f[]="## the one specified here.";
$f[]="## Certain webservers may break completely when an unrecognized User-Agent is provided";
$f[]="## (for example: www.rzeczpospolita.pl).";
$f[]="##";
$f[]="## Undefined by default (leave User-Agent as defined by the client).";
$f[]="# RedefineUserAgent = \"Mozilla/5.0 (compatible; UltraBrowser/8.1; CP/M; console40x24; z80)\"";
$f[]="";
$f[]="## When Ziproxy receives Gzip data it will try to decompress in order to do";
$f[]="## further processing (HTMLopt, PreemptDNS etc).";
$f[]="## This makes Ziproxy vulnerable to 'gzip-bombs' (eg. like 10 GB of zeroes, compressed)";
$f[]="## which could be used to slow down or even crash the server.";
$f[]="## In order to avoid/minimise such problems, you can limit the max";
$f[]="## decompression proportion, related to the original file.";
$f[]="## If a Gzipped file exceedes that proportion while decompressing, its";
$f[]="## decompression is aborted.";
$f[]="## The user will receive an error page instead or (if already transferring)";
$f[]="## transfer will simply be aborted.";
$f[]="##";
$f[]="## You may disable this feature defining its value to '0'.";
$f[]="## default: 2000 (that's 2000% == 20 times the compressed size)";
$f[]="MaxUncompressedGzipRatio = 2000";
$f[]="";
$f[]="## When limiting decompression rate with MaxUncompressedGzipRatio";
$f[]="## _and_ gunzipping while streaming it's not possible to know the";
$f[]="## file size until the transfer is finished. So Ziproxy verifies this while";
$f[]="## decompressing.";
$f[]="## The problem by doing this is the possible false positives:";
$f[]="## certain files compress a lot at their beginning, but then not-so";
$f[]="## shortly after.";
$f[]="## In order to prevent/minimize such problems, we define the minimum";
$f[]="## output (the decompressed data) generated before starting to";
$f[]="## check the decompression rate.";
$f[]="## If defined as '0', it will check the rate immediately.";
$f[]="## A too large value will increase the rate-limit precision, at the cost of less";
$f[]="## protection.";
$f[]="## Streams with output less that this value won't have decompression";
$f[]="## rate checking at all.";
$f[]="## This feature is only active if MaxUncompressedGzipRatio is defined.";
$f[]="## This does not affect data wholly loaded to memory (for further processing).";
$f[]="## default: 10000000 (bytes)";
$f[]="## Note: The previous default (until version 2.7.9_BETA) was 250000";
$f[]="## See also: MaxUncompressedGzipRatio";
$f[]="MinUncompressedGzipStreamEval = 10000000";
$f[]="";
$f[]="## This is the maximum compression rate allowable for an incoming";
$f[]="## (before recompression) image file.";
$f[]="## If an image has a higher compression rate than this, it will not";
$f[]="## be unpacked and it will be forwarded to the client as is.";
$f[]="## This feature protects against (or mitigates) the problem with";
$f[]="## \"image bombs\" (gif bombs, etc) done with huge bitmaps with the same";
$f[]="## pixel color (thus very small once compressed).";
$f[]="## Since Ziproxy may try to recompress the image, if several of this";
$f[]="## kind are requested, the server may run out of memory, so this";
$f[]="## may be used as a DoS attack against Ziproxy.";
$f[]="## This feature will not protect the client, since it will receive";
$f[]="## the unmodified picture.";
$f[]="## There are rare legitimate cases matching such high compression rate,";
$f[]="## including poor website design. But in such cases is not really worth";
$f[]="## recompressing anyway (the processing costs are not worth the savings).";
$f[]="## Usually \"image bomb\" pictures have a >1000:1 compression ratio.";
$f[]="## Setting this to less than 100 risks not processing legitimate pictures.";
$f[]="## Setting 0 disables this feature.";
$f[]="## Default: 500 (500:1 ratio)";
$f[]="MaxUncompressedImageRatio = 0";
$f[]="";
$f[]="## If specified, ziproxy will send and check Via: header";
$f[]="## with given string as host identification.";
$f[]="## It is sometimes useful to avoid request loops. Default: not specified";
$f[]="ViaServer = \"zipproxy-$hostname\"";
$f[]="";
$f[]="## If processing of request exceeds specified time in seconds,";
$f[]="## or connection is idle beyond that time (stalled) it will abort.";
$f[]="## This avoids processes staying forever (or for a very long time)";
$f[]="## in case of a stalled connection or software bug.";
$f[]="## This will NOT necessarily abort the streaming of very big files,";
$f[]="## it will ONLY if the connection stalls or there's a software bug.";
$f[]="## If \"0\", no timeout.";
$f[]="## Default: 90 (seconds)";
$f[]="ConnTimeout = 90";
$f[]="";
$f[]="## Max file size to try to (re)compress, in bytes;";
$f[]="## If \"0\", means that this limitation won't apply.";
$f[]="## This regards to the file size as received from the remote HTTP server";
$f[]="## (which may arrive gzipped or not -- it doesn't matter).";
$f[]="## If a file is bigger than this limit, Ziproxy will simply stream it unmodified,";
$f[]="## unless the user also requested gzip compression (see below).";
$f[]="## Attention: If setting a very big size, the request answer latency will";
$f[]="## increase since Ziproxy needs to fetch the whole file before";
$f[]="## attempting to (re)compress it.";
$f[]="## A too low value will prevent data bigger that that to de processed";
$f[]="## (jpg/png/gif recompression, htmlopt, preemptdns..).";
$f[]="## Note that if:";
$f[]="## - Only gzipping is to be applied *OR*";
$f[]="## - Gzipping and other is to be applied, but data is > MaxSize";
$f[]="## Gzip compression (and only that) will be applied while streaming.";
$f[]="## Default: 1048576 (bytes)";
$f[]="## (default used to be \"0\" in ziproxy 2.3.0 and earlier)";
$f[]="MaxSize = $zipproxy_MaxSize";
$f[]="UseContentLength = false";
$f[]="";
$f[]="## Whether to try to apply lossless compression with gzip.";
$f[]="## This option concerns traffic between Ziproxy and the client only.";
$f[]="## This optimization is not limited by MaxSize.";
$f[]="##";
$f[]="## Gzip compression applies only to content-types specified with";
$f[]="## the parameter LosslessCompressCT.";
$f[]="##";
$f[]="## See also: LosslessCompressCT";
$f[]="## Default: true";
$f[]="Gzip = true";
$f[]="";
$f[]="## This parameter specifies what kind of content-type is to be";
$f[]="## considered lossless compressible (that is, data worth applying gzip).";
$f[]="##";
$f[]="## Images, movies etc, normally are NOT compressible such way and those";
$f[]="## content-types should not be added (such data would turn slightly bigger";
$f[]="## and CPU would be wasted).";
$f[]="##";
$f[]="## See also: LosslessCompressCTAlsoXST, Gzip";
$f[]="## Default: an internal list of the most common compressible content-types.";
$f[]="LosslessCompressCT = {";
$f[]=" \"text/*\", ";
$f[]=" \"application/asp\", ";
$f[]=" \"application/awk\", ";
$f[]=" \"application/cgi\", ";
$f[]=" \"application/class\", ";
$f[]=" \"application/css\", ";
$f[]=" \"application/dvi\", ";
$f[]=" \"application/executable\", ";
$f[]=" \"application/font\", ";
$f[]=" \"application/futuresplash\", ";
$f[]=" \"application/iso9660-image\", ";
$f[]=" \"application/java\", ";
$f[]=" \"application/javascript\", ";
$f[]=" \"application/json\", ";
$f[]=" \"application/msexcel\", ";
$f[]=" \"application/mspowerpoint\", ";
$f[]=" \"application/msword\", ";
$f[]=" \"application/pdf\", ";
$f[]=" \"application/perl\", ";
$f[]=" \"application/php\", ";
$f[]=" \"application/postscript\", ";
$f[]=" \"application/python\", ";
$f[]=" \"application/rtf\", ";
$f[]=" \"application/shellscript\", ";
$f[]=" \"application/shockwave\", ";
$f[]=" \"application/staroffice\", ";
$f[]=" \"application/tar\", ";
$f[]=" \"application/truetype-font\", ";
$f[]=" \"application/vnd.*\", ";
$f[]=" \"application/*+xml\", ";
$f[]=" \"application/xml\", ";
$f[]=" \"application/xml-dtd\", ";
$f[]=" \"image/svg+xml\"";
$f[]=" }";
$f[]="";
$f[]="## When using LosslessCompressCT, this defines whether to also automatically add";
$f[]="## content-type entries with 'x-' prefix appended to subtypes";
$f[]="## (aaaa/bbbb also adding aaaa/x-bbbb).";
$f[]="## Usually it's convenient to do this way, that avoids worrying about";
$f[]="## having to create duplicated entries, or whether which variant is valid.";
$f[]="##";
$f[]="## Note: If LosslessCompressCT is undefined (thus the internal defaults";
$f[]="## are being used) this option has no effect.";
$f[]="##";
$f[]="## You may want to disable this is you wish to have a precise control";
$f[]="## of what types of content-type you wish to include.";
$f[]="##";
$f[]="## See also: LosslessCompressCT";
$f[]="## Default: true";
$f[]="LosslessCompressCTAlsoXST = true";
$f[]="";
$f[]="## Whether to try to (re)compress incoming data originally in";
$f[]="## the following formats (true) or not (false)";
$f[]="## default: true";
$f[]="ProcessJPG = true";
$f[]="ProcessPNG = true";
$f[]="ProcessGIF = true";
$f[]="";
$f[]="## Whether to try to optimize HTML, CSS and Javascript, thus reducing their size";
$f[]="## ProcessHTML: text/html";
$f[]="## ProcessCSS: text/css";
$f[]="## ProcessJS: application/[x-]javascript)";
$f[]="## Although such data may be Gzipped too, optimizing prior to Gzipping normally";
$f[]="## reduces the data size even further.";
$f[]="## The final size depends much on how unoptimal is the coding of such data;";
$f[]="## some sites already present HTML pre-optimized so, in such cases, there won't";
$f[]="## be much gain.";
$f[]="## Note: Due to the higher complexity of such optimization, there's some risk of a page";
$f[]="## being corrupted.";
$f[]="## ****** THESE OPTIONS ARE EXPERIMENTAL ******";
$f[]="##";
if($zipproxy_ProcessHTML==1){$zipproxy_ProcessHTML="true";}else{$zipproxy_ProcessHTML="false";}
if($zipproxy_ProcessCSS==1){$zipproxy_ProcessCSS="true";}else{$zipproxy_ProcessCSS="false";}
if($zipproxy_ProcessJS==1){$zipproxy_ProcessJS="true";}else{$zipproxy_ProcessJS="false";}
$f[]="ProcessHTML = $zipproxy_ProcessHTML";
$f[]="ProcessCSS = $zipproxy_ProcessCSS";
$f[]="ProcessJS = $zipproxy_ProcessJS";
$f[]="";
$f[]="## Options for fine-tuning text/html optimization.";
$f[]="## Only used when ProcessHTML=true";
$f[]="## Certain optimizations may be disabled as quick 'fix' when a text data";
$f[]="## gets currupted after being optimized.";
$f[]="## Note: CSS and JS switches apply _only_ to such data when embedded into HTML data,";
$f[]="## for JS, CSS-only data, see ProcessJS and ProcessCSS options.";
$f[]="##";
if($zipproxy_ProcessHTML==1){
$f[]="ProcessHTML_CSS = true";
$f[]="ProcessHTML_JS = true";
$f[]="ProcessHTML_tags = true";
$f[]="ProcessHTML_text = true";
$f[]="ProcessHTML_PRE = true";
$f[]="ProcessHTML_NoComments = true";
$f[]="ProcessHTML_TEXTAREA = true";
}
$f[]="";
$f[]="## If enabled, will discard PNG/GIF/JP2K transparency and de-animate";
$f[]="## GIF images if necessary for recompression, at the cost of some image";
$f[]="## distortion.";
$f[]="## Note: Images with useless transparency/alpha data (all pixels";
$f[]="## being opaque) do not require this option. In such cases Ziproxy";
$f[]="## will detect that and remove the useless data automatically.";
$f[]="## Disabled by default.";
$f[]="AllowLookChange = true";
$f[]="";
$f[]="## If enabled, convert images to grayscale before recompressing.";
$f[]="## This provides extra compression, at the cost of losing color data.";
$f[]="## Note: Not all images sent will be in grayscale, only the ones";
$f[]="## considered worth recompression that way.";
$f[]="## Disabled by default.";
if($ConvertToGrayscale==1){
$f[]="ConvertToGrayscale = true";
}
$f[]="## Preemptive Name Resolution";
$f[]="## If enabled, tries to resolve hostnames present in the processed HTML files";
$f[]="## for speeding up things (no delay for name resolution).";
$f[]="## One extra process + (max)PreemptNameResMax threads will run for each HTML request.";
$f[]="## PreemptNameResMax is the max hostnames it will try to resolve per HTML file.";
$f[]="## PreemptNameResBC \"bogus check\", ignore names whose domains are not .nnnn, .nnn or .nn";
$f[]="##";
$f[]="## WARNING: This option makes sense _only_ if you have a caching DNS or";
$f[]="## a name cache of some sort (like: PDNSD).";
$f[]="## == THIS OPTION WILL INCREASE BY MANY TIMES THE REQUESTS TO THE DNS ==";
$f[]="##";
$f[]="# PreemptNameRes = false";
$f[]="# PreemptNameResMax = 50";
$f[]="# PreemptNameResBC = true";
$f[]="";
$f[]="## Image quality for JPG (JPEG) compression.";
$f[]="## Image quality is specified in integers between 100 (best) and 0 (worst).";
$f[]="ImageQuality = {30,25,25,20}";
$f[]="";
$f[]="## Alpha channel (image transparency data) removal threshold";
$f[]="## Removes alpha channel from images with a minimum opacity";
$f[]="## of AlphaRemovalMinAvgOpacity";
$f[]="## (1000000: completely opaque, 0: completely transparent).";
$f[]="##";
$f[]="## This reduces data by removing unnecessary alpha channel from";
$f[]="## fully-opaque images; and from (subjectively) not-so-relevant transparency";
$f[]="## information.";
$f[]="## This also allows recompression to JPEG for PNG/JP2k images originally";
$f[]="## with alpha channel (which is not supported by JPEG image format).";
$f[]="## Note: Debug log reports the average alpha opacity for each";
$f[]="## image with alpha channel.";
$f[]="## Default: 1000000 (remove alpha only from fully-opaque images)";
$f[]="##";