1# 2# This file contains the default settings for c-icap 3# 4# 5 6 7# TAG: PidFile 8# Format: PidFile pid_file 9# Description: 10# The file to store the pid of the main process of the c-icap server. 11# Default: 12# PidFile /var/run/c-icap/c-icap.pid 13PidFile /var/run/c-icap/c-icap.pid 14 15# TAG: CommandsSocket 16# Format: CommandsSocket socket_file 17# Description: 18# The path of file to use as control socket for c-icap 19# Default: 20# CommandsSocket /var/run/c-icap/c-icap.ctl 21CommandsSocket /var/run/c-icap/c-icap.ctl 22 23# TAG: Timeout 24# Format: Timeout seconds 25# Description: 26# The time in seconds after which a connection without activity 27# can be cancelled. 28# Default: 29# Timeout 300 30Timeout 300 31 32# TAG: MaxKeepAliveRequests 33# Format: MaxKeepAliveRequests number 34# Description: 35# The maximum number of requests can be served by one connection 36# Set it to -1 for no limit 37# Default: 38# MaxKeepAliveRequests 100 39MaxKeepAliveRequests 100 40 41# TAG: KeepAliveTimeout 42# Format: KeepAliveTimeout seconds 43# Description: 44# The maximum time in seconds waiting for a new requests before a 45# connection will be closed. 46# If the value is set to -1, there is no timeout. 47# Default: 48# KeepAliveTimeout 600 49KeepAliveTimeout 600 50 51# TAG: StartServers 52# Format: StartServers number 53# Description: 54# The initial number of server processes. Each server process 55# generates a number of threads, which serve the requests. 56# Default: 57# StartServers 3 58StartServers 3 59 60# TAG: MaxServers 61# Format: MaxServers number 62# Description: 63# The maximum allowed number of server processes. 64# Default: 65# MaxServers 10 66MaxServers 10 67 68# TAG: MinSpareThreads 69# Format: MinSpareThreads number 70# Description: 71# If the number of the available threads is less than number, 72# the c-icap server starts a new child. 73# Default: 74# MinSpareThreads 10 75MinSpareThreads 10 76 77# TAG: MaxSpareThreads 78# Format: MaxSpareThreads number 79# Description: 80# If the number of the available threads is more than number then 81# the c-icap server kills a child. 82# Default: 83# MaxSpareThreads 20 84MaxSpareThreads 20 85 86# TAG: ThreadsPerChild 87# Format: ThreadsPerChild number 88# Description: 89# The number of threads per child process. 90# Default: 91# ThreadsPerChild 10 92ThreadsPerChild 10 93 94# TAG: MaxRequestsPerChild 95# Format: MaxRequestsPerChild number 96# Description: 97# The maximum number of requests that a child process can serve. 98# After this number has been reached, process dies. The goal of this 99# parameter is to minimize the risk of memory leaks and increase the 100# stability of c-icap. It can be disabled by setting its value to 0. 101# Default: 102# MaxRequestsPerChild 0 103MaxRequestsPerChild 0 104 105# TAG: InterProcessSharedMemScheme 106# Format: InterProcessSharedMemScheme posix | mmap | sysv 107# Description: 108# The interprocess shared mem scheme to use. Available schemes: 109# posix Use posix shared memory (shm_open interface) 110# mmap Use anonymous mmaped files as shared memory 111# sysv use the sysv ipc shared memory 112# Default: 113# InterProcessSharedMemScheme posix 114 115# TAG: InterProcessLockingScheme 116# Format: InterProcessSharedMemScheme file | sysv | posix 117# Description: 118# The interprocess locking scheme to use. Available schemes: 119# file Use lock file 120# sysv Use the sysv ipc semaphores 121# posix Use posix semaphores: Use it with caution you may experienced 122# locking problems if one or more processes crashed. 123# Default: 124# InterProcessLockingScheme file 125 126# TAG: Port 127# Format: Port [address:]port 128# Description: 129# The port number that the c-icap server uses to listen to requests. 130# Example: 131# Port 192.168.1.1:1344 132# Port [::1]:1346 133# Default: 134# None 135Port 127.0.0.1:1344 136 137# TAG: TlsPort 138# Format: TlsPort [address:]port [tls-method=method] [cert=path_to_pem_cert] [key=path_to_pem_key] [client_ca=path_to_pem_file] [ciphers=ciph1:ciph2...] [tls_options=[!]Opt1|[!]Opt2|...] 139# Description: 140# The port number that the c-icap server uses to listen for TLS/SSL 141# requests. Options: 142# tls-method 143# Set the SSL method to use. Available methods are: 144# SSLv23 TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2 145# Deprecated, please do not use. 146# cert 147# Set the certificate to use by the icap server. The certificate 148# should be in pem format. 149# key 150# The key of the configured certificate in pem format. If none 151# set then the c-icap searches for the key inside cert file. 152# client_ca 153# File containing all CA that we accept client certs from. If it 154# is set then c-icap enables client certificates verification. 155# cafile 156# PEM file containing CA certificates to use when verifying client 157# certificates. If not configured the root.pem file will be used. 158# capath 159# Directory containing additional CA certificates to use when 160# verifying client certificates. 161# ciphers 162# Collon separated lists of the ciphers to accept. Please check 163# openSSL manual for supported ciphers. 164# tls-options 165# Sets various options: 166# SSL_OP_NO_SSLv3 disable the use of SSLv3 167# SSL_OP_NO_TLSv1 disable the use of TLSv1 168# SSL_OP_NO_TLSv1_3 disable the use of TLSv1.3 169# SSL_OP_NO_TLSv1_2 disable the use of TLSv1.2 170# SSL_OP_NO_TLSv1_1 disable the use of TLSv1.1 171# SSL_OP_NO_TICKET disable the use of RFC5077 session tickets 172# SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 173# When performing renegotiation as a server, always start a 174# new session. 175# SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 176# Allow legacy insecure renegotiation between OpenSSL and 177# unpatched clients or servers. 178# 179# For more options please see the SSL_set_options documentation. 180# 181# By default the SSL_OP_ALL flag is set which enables all of the 182# important bug workarrounds. To reset this flag use the 183# "!SSL_OP_ALL" as first flag: 184# tls-options=!SSL_OP_ALL:SSL_OP_NO_TICKET 185# 186# Default: 187# None 188 189# TAG: TlsPassphrase 190# Format: TlsPassphrase /path/to/script 191# Description: 192# Path to the script to run to get the passphrases of TLS certificates 193# keys. The c-icap will pass as arguments the IP address and port number 194# to the script. 195# Default: 196# No value 197# Example: 198# TlsPassphrase /use/local/c-icap/scripts/cert-passphrase.sh 199 200# TAG: User 201# Format: User username 202# Description: 203# The user owning c-icap's processes. By default, the owner is the 204# user who runs the program. 205# Default: 206# No value 207# Example: 208# User wwwrun 209 210# TAG: Group 211# Format: Group groupname 212# Description: 213# The group of users owning c-icap's processes, which, by default 214# is the group of the current user. 215# Default: 216# No value 217# Example: 218# Group nogroup 219 220# TAG: ServerAdmin 221# Format: ServerAdmin admin_mail 222# Description: 223# The Administrator of this server. Used when displaying information 224# about this server (logs, info service, etc) 225# Default: 226# No value 227ServerAdmin you@your.address 228 229# TAG: ServerName 230# Format: ServerName aServerName 231# Description: 232# A name for this server. Used when displaying information about this 233# server (logs, info service, etc) 234# Default: 235# No value 236ServerName YourServerName 237 238# TAG: TmpDir 239# Format: TmpDir dir 240# Description: 241# dir is the location of temporary files. 242# Default: 243# TmpDir /var/tmp 244TmpDir /var/tmp 245 246# TAG: MaxMemObject 247# Format: MaxMemObject bytes 248# Description: 249# The maximum memory size in bytes taken by an object which 250# is processed by c-icap . If the size of an object's body is 251# larger than the maximum size a temporary file is used. 252# Default: 253# MaxMemObject 131072 254MaxMemObject 131072 255 256# TAG: DebugLevel 257# Format: DebugLevel level 258# Description: 259# The level of debugging information to be logged. 260# The acceptable range of levels is between 0 and 10. 261# Default: 262# DebugLevel 1 263DebugLevel 1 264 265# TAG: Pipelining 266# Format: Pipelining on|off 267# Description: 268# Enable or disable ICAP requests pipelining 269# Default: 270# Pipelining on 271Pipelining on 272 273# TAG: SupportBuggyClients 274# FORMAT: SupportBuggyClients on|off 275# Description: 276# Try to handle requests from buggy clients, for example ICAP requests 277# missing "\r\n" sequences 278# Default: 279# SupportBuggyClients off 280SupportBuggyClients off 281 282# TAG: Allow204As200okZeroEncaps 283# Format: Allow204As200okZeroEncaps 284# Description: 285# When used the c-icap instead of allow 204 return "200 OK" responses 286# with zero encapsulated entities. 287# Default: 288# No set 289 290# TAG: FakeAllow204 291# Format: FakeAllow204 on|off 292# Description: 293# Support 204 responses from services preview handler to the clients 294# which does not support preview. Requires early responses support 295# from clients. 296# If disabled the c-icap will return 500 response in these cases 297# Default: 298# FakeAllow204 on 299 300# TAG: ModulesDir 301# Format: ModulesDir dir 302# Description: 303# The location of modules 304# Default: 305# ModulesDir @PKGLIBDIR@ 306ModulesDir @PKGLIBDIR@ 307 308# TAG: ServicesDir 309# Format: ServicesDir dir 310# Description: 311# The location of services 312# Default: 313# ServicesDir @PKGLIBDIR@ 314ServicesDir @PKGLIBDIR@ 315 316# TAG: TemplateDir 317# Format: TemplateDir dir 318# Description: 319# The location of the text templates used by c-icap and its services, 320# categorized by language and services/modules 321# Default: 322# No value 323# Example: 324TemplateDir @PKGDATADIR@/templates/ 325 326# TAG: TemplateDefaultLanguage 327# Format: TemplateDefaultLanguage lang 328# Description: 329# Sets the default language to use for text templates 330# Default: 331# TemplateDefaultLanguage en 332TemplateDefaultLanguage en 333 334#TemplateReloadTime 360 335#TemplateCacheSize 20 336#TemplateMemBufSize 8192 337 338# TAG: LoadMagicFile 339# Format: LoadMagicFile path 340# Description: 341# Load a c-icap magic file. A magic file contains various 342# data type definitions. Look inside default c-icap.magic file 343# for more informations. 344# It can be used more than once to use multiple magic files. 345# Default: 346# LoadMagicFile @SYSCONFDIR@/c-icap.magic 347LoadMagicFile @SYSCONFDIR@/c-icap.magic 348 349# TAG: RemoteProxyUsers 350# Format: RemoteProxyUsers onoff 351# Description: 352# Set it to on if you want to use username provided by the proxy server. 353# This is the recomended way to use users in c-icap. 354# If the RemoteProxyUsers is off and c-icap configured to use users or 355# groups the internal authentication mechanism will be used. 356# Default: 357# RemoteProxyUsers off 358RemoteProxyUsers off 359 360# TAG: RemoteProxyUserHeader 361# Format: RemoteProxyUserHeader Header 362# Description: 363# Used to specify the icap header used by the proxy server to send 364# the authenticated client username to c-icap server 365# Default: 366# RemoteProxyUserHeader X-Authenticated-User 367RemoteProxyUserHeader X-Authenticated-User 368 369# TAG: RemoteProxyUserHeaderEncoded 370# Format: RemoteProxyUserHeaderEncoded onoff 371# Description: 372# Set it to off if the RemoteProxyUserHeader is not base64 encoded 373# Default: 374# RemoteProxyUserHeaderEncoded on 375RemoteProxyUserHeaderEncoded on 376 377# TAG: AuthMethod 378# Format: AuthMethod Method Authenticator 379# Description: 380# Used to define the internal authentication mechanism to use. This 381# feature is not well tested and may cause problems. It is better to use 382# RemoteProxyUser configuration. 383# Method is the authentication method to use (basic, digest, etc). 384# Currently only basic authentication method is implemented as build in 385# module 386# Authenticator currently can only be "basic_simple_db" 387# It can be considered as a user/password store and can be 388# implemented as external module. The basic_simple_db is implemented as 389# build it module 390# Default: 391# No set 392# Example: 393# AuthMethod basic basic_simple_db 394 395# TAG: basic.Realm 396# Format: basic.Realm ARealm 397# Description: 398# Specify the basic method realm 399# Default: 400# basic.Realm "Basic authentication" 401# Example: 402# basic.Realm "c-icap server authentication" 403 404# TAG: basic_simple_db.UsersDB 405# Format: basic_simple_db.UsersDB LookupTable 406# Description: 407# Specify the lookup table where the usernames/passwords pairs 408# are stored. The paswords must be unencrypted 409# For more information about c-icap lookup tables read c-icap server 410# manual page 411# Default: 412# No value 413# Example: 414# basic_simple_db.UsersDB hash:/usr/local/c-icap/etc/c-icap-users.txt 415 416# TAG: GroupSourceByGroup 417# Format: GroupSourceByGroup LookupTable 418# Description: 419# Defines a lookup table where the groups of users are stored indexed 420# by group. It can be used more than once. 421# For more information about c-icap lookup tables read c-icap server 422# manual page 423# Default: 424# No set 425# Example: 426# GroupSourceByGroup hash:/usr/local/c-icap/etc/c-icap-groups.txt 427 428# TAG: GroupSourceByUser 429# Format: GroupSourceByUser LookupTable 430# Description: 431# Defines a lookup table where the groups of users are stored indexed 432# by user. It can be used more than once. 433# For more information about c-icap lookup tables read c-icap server 434# manual page 435# Default: 436# No set 437# Example: 438# GroupSourceByUser hash:/usr/local/c-icap/etc/c-icap-user-groups.txt 439 440# TAG: acl 441# Format: acl name type[{param}] value1 [value2] [...] 442# Description: 443# Supported acl types are: 444# acl aclname service service1 ... 445# The servicename 446# acl aclname type OPTIONS|RESPMOD|REQMOD ... 447# The icap method 448# acl aclname port port1 ... 449# The icap server port 450# acl aclname src ip1/netmask1 ... 451# The client ip address 452# acl aclname srvip ip1/netmask1 ... 453# The c-icap server ip address 454# acl aclname icap_header{HeaderName} value1 ... 455# Matches the icap header HeaderName with value1 ... 456# The values are in regex form: /avalue/flags 457# acl aclname icap_resp_header{HeaderName} value1 ... 458# The icap response header 459# The values are in regex form: /avalue/flags 460# acl aclname http_req_header{HeaderName} value1 ... 461# The http request header 462# The values are in regex form: /avalue/flags 463# acl aclname http_resp_header{HeaderName} value1 ... 464# The http response header 465# The values are in regex form: /avalue/flags 466# acl aclname data_type type1 ... 467# The data type as recognized by the internal data type 468# recognizer. The types are defined in c-icap.magic file 469# acl aclname auth username|* ... 470# The authenticated users. Using * instead of username means 471# all users. 472# acl aclname group group1 ... 473# if the user of request belongs to given groups 474# acl content_length{>|<|=} value1 ... 475# The content length of body data if the related information 476# included in http headers. 477# The parameter can take the value <, > or = to specify that 478# the acl will match if content length is less, greater or 479# equal to acl values. 480# acl time value1 .... 481# It checks agains current time. The values format is: 482# [DAY[,DAY,[..]]][/][HH:MM-HH:MM] 483# The DAY can be one of the following: 484# S - Sunday 485# M - Monday 486# T - Tuesday 487# W - Wednesday 488# H - Thursday 489# F - Friday 490# A - Saturday 491# acl http_client_ip ip1[/netmask1] ... 492# The HTTP client ip address, if it is available. 493# acl http_req_line value1 ... 494# The first line of HTTP request 495# The values are in regex form: /avalue/flags 496# acl http_resp_line value1 ... 497# The first line of HTTP response 498# The values are in regex form: /avalue/flags 499# acl http_req_url value1 ... 500# The HTTP request url without GET request arguments 501# The values are in regex form: /avalue/flags 502# acl http_req_method value1 ... 503# The HTTP request method 504 505# Default: 506# None set 507# Examples: 508# acl OPTIONS type OPTIONS 509# acl RESPMOD type RESPMOD 510# acl REQMOD type REQMOD 511# acl ALLREQUESTS type OPTIONS RESPMOD REQMOD 512# acl XHEAD icap_header{X-Test} /value/ 513# acl ECHO service echo 514# acl localnet src 192.168.1.0/255.255.255.0 515# acl localhost src 127.0.0.1/255.255.255.255 516# acl all src 0.0.0.0/0.0.0.0 517# acl BigObjects content_length{>} 5000000 518# acl WorkingHours time M,T,W,H,F/8:00-18:00 519# acl FreeHour time Sunday,Saturday/8:00-23:59 M,T,W,H,F/18:01-23:59 M,T,W,H,F/0:00-7.59 520 521# TAG: icap_access 522# Format: icap_access allow|deny [!]acl1 ... 523# Description: 524# Allowing or denying ICAP access based on defined access lists 525# Default: 526# None set 527# Example: 528# icap_access deny XHEAD 529# #Allow OPTIONS method for all: 530# icap_access allow localnet OPTIONS 531# #Require authentication for all users from local network: 532# icap_access allow AUTH localnet 533# icap_access deny all 534 535# TAG: client_access 536# Format: client_access allow|deny acl1 [acl2] [...] 537# Description: 538# Allowing or denying connections on c-icap based on 539# defined access lists. Only the acl types src, srvip and port 540# can be used. 541# Default: 542# None set 543# Example: 544# client_access allow all 545 546# TAG: LogFormat 547# Format: LogFormat Name Format 548# Description: 549# Name is a name for this log format. 550# Format is a string with embedded % format codes. % format codes 551# has the following form: 552# % [-] [width] [{argument}] formatcode 553# if - is specified then the output is left aligned 554# if width specified then the field is exactly width size 555# some formatcodes support arguments given as {argument} 556# 557# Format codes: 558# %a: Remote IP-Address 559# %la: Local IP Address 560# %lp: Local port 561# %>a: Http Client IP Address. Only supported if the proxy 562# client supports the "X-Client-IP" header 563# %<A: Http Server IP Address. Only supported if the proxy 564# client supports the "X-Server-IP" header 565# %ts: Seconds since epoch 566# %tl: Local time. Supports optional strftime format argument 567# %tg: GMT time. Supports optional strftime format argument 568# %>ho: Modified Http request header. Supports header name 569# as argument. If no argument given the first line returned 570# %huo: Modified Http request url 571# %<ho: Modified Http reply header. Supports header name 572# as argument. If no argument given the first line returned 573# %iu: Icap request url 574# %im: Icap method 575# %is: Icap status code 576# %>ih: Icap request header. Supports header name 577# as argument. If no argument given the first line returned 578# %<ih: Icap response header. Supports header name 579# as argument. If no argument given the first line returned 580# %Ih: Http bytes received 581# %Oh: Http bytes sent 582# %Ib: Http body bytes received 583# %Ob: Http body bytes sent 584# %I: Bytes received 585# %O: Bytes sent 586# %bph: The first 5 bytes of the body preview data. Non 587# printable characters printed in hex form. 588# Supports the number of bytes to output as argument. 589# %un: Username 590# %Sl: Service log string 591# %Sa: Attribute value set by service. The attribute name must 592# given as argument. 593# Default: 594# None set 595# Example: 596# LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph" 597 598# TAG: ServerLog 599# Format: ServerLog LogFile 600# Description: 601# the file used by the build-in logger file_logger to 602# store debugging information, errors and other 603# information about the c-icap server. 604# Default: 605# ServerLog /var/log/c-icap/server.log 606ServerLog /var/log/c-icap/server.log 607 608# TAG: AccessLog 609# Format: AccessLog LogFile [LogFormat] [[!]acl1] [[!]acl2] [...] 610# Description: 611# LogFile is a file where to log access information. 612# LogFormat is the log format to use. If ommited c-icap uses: 613# "%tl, %la %a %im %iu %is" 614# Also acls can be used to select certain requests to be logged. 615# This directive can be used more than once to specify more than 616# one access log files 617# Default: 618# AccessLog /var/log/c-icap/access.log 619# Example: 620# AccessLog /var/log/c-icap/access.log MyFormat all 621AccessLog /var/log/c-icap/access.log 622 623# TAG: Logger 624# Format: Logger LoggerName 625# Description: 626# Specify wich logger to use. By default uses the build in "file_logger" which 627# uses files for access and server logging. 628# Default: 629# Logger file_logger 630# Example: 631# Logger sys_logger 632 633# TAG: Module 634# Format: Module Type ModuleFile [forceUnload=off] 635# Description: 636# Load an external module/plugin to c-icap. 637# ModuleFile is the filename of the module. If no full path given then 638# the c-icap uses the path defined by the ModulesDir configuration 639# parameter. 640# Type is the type of the external module and can be one of the following: 641# "logger" for modules implement a logger 642# "common" for general purpose modules 643# forceUnload=off 644# Forces c-icap to not unload services/modules loaded as external 645# dynamic libraries on shutdown or reconfigure. 646# This option may required when the services/modules are using 647# c++, or they are linked with c++ libraries. 648# Default: 649# 650# Example: 651# Module logger sys_logger.so 652 653# TAG: Service 654# Format: Service aName ServiceFile [forceUnload=off] 655# Description: 656# It loads the service ServiceFile. The argument aName used 657# as alias name for the service 658# forceUnload=off 659# Forces c-icap to not unload services/modules loaded as external 660# dynamic libraries on shutdown or reconfigure. 661# This option may required when the services/modules are using 662# c++, or they are linked with c++ libraries. 663 664# Default: 665# 666# Example: 667# Service echo_service srv_echo.so 668 669# TAG: ServiceAlias 670# Format: ServiceAlias AliasName ServiceName[?param1=value1¶m2=value2...] 671# Description: 672# Used to define an alias name for a service. 673# Default: 674# 675# Example: 676# ServiceAlias avscan srv_clamav?allow204=on&sizelimit=off&mode=simple 677 678 679# 680# TAG: General configuration parameters for all services 681# Description: 682# PreviewSize: The preview data size to advertise to the icap client 683# MaxConnections: The client should not use more than MaxConnections 684# for this service. 685# TransferPreview: The list of file extensions, seperated by commas, 686# for which the client should send preview data. 687# TransferIgnore: The list of file extensions that should not be sent 688# to the icap server 689# TransferComplete: The list of file extensions that should be sent 690# in their entirety, without preview, to the icap server 691# OptionsTTL: The options ttl for the service. The "sec[s]", "min" or 692# "hour[s]" can be used to secify that the time is in seconds 693# minutes or hours respectively. If no time-units given 694# seconds are assumed. 695# Allow206 on|off: Enable/disable advertise of 206 responses. 696# 697# Example: 698# echo.PreviewSize 512 699# echo.TransferIgnore gif, jpeg 700# echo.OptionsTTL 3 min 701 702 703###################################################### 704# External modules comming with core c-icap server 705# 706# Module: echo 707# Description: 708# Simple test service 709# Example: 710# Service echo srv_echo.so 711Service echo srv_echo.so 712 713# Module: sys_logger 714# Description: 715# Add support for logging access and server events to syslog server 716# Use "Module" configuration parameter to load this module and "Logger" 717# to make it default logger for the c-icap. 718# Example: 719# Module logger sys_logger.so 720# Logger sys_logger 721 722 723# TAG: sys_logger.Prefix 724# Format: sys_logger.Prefix string 725# Description: 726# string is be presented in every syslog message. 727# Default: 728# sys_logger.Prefix "C-ICAP:" 729 730# TAG: sys_logger.Facility 731# Format: sys_logger.Facility daemon|user|local1|local2|local3|local4|local5|local6|local7 732# Description: 733# specifies the facility type of syslog. 734# Default: 735# sys_logger.Facility daemon 736 737# TAG: sys_logger.access_priority 738# Format: sys_logger.access_priority alert|crit|debug|emerg|err|info|notice|warning 739# Description: 740# determines the importance of the access log message 741# Default: 742# sys_logger.access_priority info 743 744# TAG: sys_logger.server_priority 745# Format: sys_logger.server_priority alert|crit|debug|emerg|err|info|notice|warning 746# Description: 747# determines the importance of the server log message 748# Default: 749# sys_logger.server_priority crit 750 751# TAG: sys_logger.LogFormat 752# Format: sys_logger.LogFormat LOGFORMAT 753# Description: 754# The log format to use. If no log format defined then 755# the following will be used: 756# "%la %a %im %iu %is" 757# Default: 758# None set 759# Example: 760# Logformat BasicFormat "%la %a %im %iu %is" 761# sys_logger.LogFormat BasicFormat 762 763# TAG: sys_logger.access 764# Format: sys_logger.access [!]acl1 ... 765# Description: 766# Allow selecting ICAP requests to be logged using acls. 767# By default all requests will be logged. 768# Default: 769# None set 770# Example: 771# sys_logger.access all 772 773# End module: sys_logger 774 775# Module: bdb_tables 776# Description: 777# Add support for Berkeley DB based lookup tables. The format for 778# bdb path of the lookup table is: 779# bdb:/path/to/bdb[{param1=val, ...}] 780# bdb table parameters can be one or more of the followings: 781# cache-size=Size[K|M] 782# The cache size to use. Default is the berkeleyDB default value. 783# cache-num=num 784# The number of caches to create. The cache will be split across 785# num separate regions, where the region size is equal to the 786# initial cache size divided by ncache. 787# Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables 788# Example: 789# Module common bdb_tables.so 790 791# End module: bdb_tables 792 793# Module: dnsbl_tables 794# Description: 795# Add support for dns lookup tables. Can be used to access 796# dns block lists. The dnsbl lookup table path definition is: 797# dnsbl:domainname[{param1=val, ...}] 798# dnsbl table parameters can be one or more of the followings: 799# cache=no|cache_type 800# The cache type to use or 'no' for no cache. 801# cache-size=Size[K|M] 802# The cache size in RAM 803# cache-ttl=ttl 804# The cache ttl to use 805# 806# For example the lookup table for accessing the black.uribl.com 807# dns black list is: 808# dnsbl:black.uribl.com 809# Example: 810# Module common dnsbl_tables.so 811 812# End module: dnsbl_tables 813 814# Module: ldap_module 815# Description: 816# Add LDAP support to c-icap. The user can use LDAP based lookup tables 817# using the following lookup table paths: 818# ldap://[username:password@]ldapserver?base?attr1,attr2?filter[{[param=value, ...]}] 819# ldaps://... 820# ldapi://... 821# The filter can contain the "%s" formating code which will be replaced by 822# the search key. 823# ldap table parameters can be one or more of the followings: 824# name=aName 825# A unique name to use for this table 826# cache=no|cache_type 827# The cache type to use or no for no cache. 828# cache-size=Size[K|M] 829# The cache size in RAM 830# cache-ttl=ttl 831# The cache ttl to use 832# cache-item-size=ItemSize[K|M] 833# The maximum item size 834# 835# Examples of supported ldap urls: 836# ldap://ldap.chtsanti.net?o=chtsanti?cn,uid?uid=%s{cache=memcached} 837# ldap://cn=Directory Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s)) 838# 839# WARNING: is not enough tested it may contain bugs! 840# Example: 841# Module common ldap_module.so 842 843# End module: ldap_module 844 845# Module: memcached 846# Description: 847# Add support for memcached c-icap cache. 848# Example: 849# Module common memcached.so 850 851# TAG: memcached.servers 852# Format: memcached.servers hostname1 hostname2 ... 853# Description: 854# Set the memcached servers to use 855# Default: 856# memcached.servers 127.0.0.1 857 858# TAG: memcached.use_md5_keys 859# Format: memcached.use_md5_keys on|off 860# Description: 861# Whether to use or not md5 hash as key when the key exceeds the 862# MEMCACHED_MAX_KEY (normaly 251 bytes) 863# Default: 864# memcached.use_md5_keys on 865 866# End module: memcached 867