minor man update

man/3proxy.cfg.3

@@ -1,7 +1,7 @@
 .TH 3proxy.cfg "8" "January 2019" "3proxy 0.9" "Universal proxy server"
 .SH NAME
 .B 3proxy.cfg
-\- 3proxy configuration file
+3proxy configuration file
 .SH DESCRIPTION
  Common structure:
 .br
@@ -11,7 +11,7 @@ console. Sequence of commands is important. Configuration file as actually a
 script for 3proxy executable.
 Each line of the file is treated as a blank (space or tab) separated
 command line. Additional space characters are ignored. 
-Think about 3proxy as "application level router" with console interface.
+Think about 3proxy as \"application level router\" with console interface.
 
 .br
  Comments:
@@ -22,10 +22,10 @@ ignored. <LF>s are ignored. <CR> is end of command.
 .br
  Quotation:
 .br
- Quotation character is " (double quote). Quotation must be used to quote
+ Quotation character is \" (double quote). Quotation must be used to quote
 spaces or another special characters. To use quotation character inside
 quotation character must be dubbed (BASIC convention). For example to use
-HELLO "WORLD" as an argument you should use it as "HELLO ""WORLD"""\.
+HELLO \"WORLD\" as an argument you should use it as \"HELLO \"\"WORLD\"\"\".
 Good practice is to quote any argument you use.
 
 .br
@@ -33,7 +33,7 @@ Good practice is to quote any argument you use.
 .br
  You can include file by using $FILENAME macro (replace FILENAME with a path
 to file, for example $/usr/local/etc/3proxy/conf.incl or 
- $"c:\\Program Files\\3proxy\\include.cfg" Quotation is
+ $\"c:\\\\Program Files\\\\3proxy\\\\include.cfg\" Quotation is
 required in last example because path contains space character. 
 For included file <CR> (end of line characters) is treated as space character
 (arguments delimiter instead of end of command delimiter). 
@@ -44,95 +44,94 @@ Recursion is not allowed.
 
 .br
  Next commands start gateway services:
-.br
 
 .br
-.B   proxy
+.B proxy
 [options]
 .br
-.B   socks
+.B socks
 [options]
 .br
-.B   pop3p
+.B pop3p
 [options]
 .br
-.B   ftppr
+.B ftppr
 [options]
 .br
-.B   admin
+.B admin
 [options]
 .br
-.B   dnspr
+.B dnspr
 [options]
 .br
-.B   tcppm
+.B tcppm
 [options]
 <SRCPORT> <DSTADDR> <DSTPORT>
 .br
-.B   udppm
+.B udppm
 [options]
 <SRCPORT> <DSTADDR> <DSTPORT>
 .br
  Descriptions:
 .br
 .B proxy
-\- HTTP/HTTPS proxy (default port 3128)
+HTTP/HTTPS proxy (default port 3128)
 .br
 .B socks
-\- SOCKS 4/4.5/5 proxy (default port 1080)
+SOCKS 4/4.5/5 proxy (default port 1080)
 .br
 .B pop3p
-\- POP3 proxy (default port 110)
+POP3 proxy (default port 110)
 .br
 .B ftppr
-\- FTP proxy (default port 21)
+FTP proxy (default port 21)
 .br
 .B admin
-\- Web interface (default port 80)
+Web interface (default port 80)
 .br
 .B dnspr
-\- caching DNS proxy (default port 53)
+caching DNS proxy (default port 53)
 .br
 .B tcppm
-\- TCP portmapper
+TCP portmapper
 .br
 .B udppm
-\- UDP portmapper
-.br
+UDP portmapper
 
+.br
  Options:
 .br
 .B -pNUMBER
 change default server port to NUMBER
 .br
 .B -n
-disable NTLM authentication (required if passwords are stored in Unix crypt format.
+disable NTLM authentication (required if passwords are stored in Unix crypt format).
 .br
 .B -n1
 enable NTLMv1 authentication.
 .br
 .B -s
-(for admin) - secure, allow only secure operations (currently only traffic counters
-view without ability to reset).
+ (for admin) secure, allow only secure operations, currently only traffic counters
+view without ability to reset.
 .br
-(for dnspr) - simple, do not use 'resolver' and 3proxy cache, always use external DNS server.
+ (for dnspr) simple, do not use resolver and 3proxy cache, always use external DNS server.
 .br
-(for udppm) - singlepacket, expect only one packet from both client and server
+ (for udppm) singlepacket, expect only one packet from both client and server
 .br
 .B -u
 Never ask for username/password
 .br
 .B -u2
-(socks) require username/password in authentication methods
+(for socks) require username/password in authentication methods
 .br
 .B -a
-(for proxy) - anonymous proxy (no information about client reported)
+(for proxy) anonymous proxy (no information about client reported)
 .br
 .B -a1
-(for proxy) - anonymous proxy (random client information reported)
+(for proxy) anonymous proxy (random client information reported)
 .br
 .B -a2
-(for proxy) - generate Via: and X-Forwared-For: instead of Forwarded:
+(for proxy) generate Via: and X-Forwared-For: instead of Forwarded:
 .br
 .B -6
 Only resolve IPv6 addresses. IPv4 addresses are packed in IPv6 in IPV6_V6ONLY compatible way.
@@ -207,8 +206,9 @@ proxy on a client with FTP proxy support. Username format is one of
 .B writable
 .br
  ReOpens configuration file for write access via Web interface,
-and re-reads it. Usually should be first command on config file
-but in combination with "config" it can be used anywhere to open
+and rereads it. Usually should be first command on config file
+but in combination with config
+it can be used anywhere to open
 alternate config file. Think twice before using it.
 
 .br
@@ -222,26 +222,26 @@ alternate config file. Think twice before using it.
 .br
  sets logfile for all gateways
 .br
- @ - (for Unix) use syslog, filename is used as ident name
+ @ (for Unix) use syslog, filename is used as ident name
 .br
- & - use ODBC, filename consists of comma-delimited datasource,username,password (username and password are optional)
+ & use ODBC, filename consists of comma-delimited datasource,username,password (username and password are optional)
 .br
  LOGTYPE is one of:
 .br
-  M - Monthly
+  M Monthly
 .br
-  W - Weekly (starting from Sunday)
+  W Weekly (starting from Sunday)
 .br
-  D - Daily
+  D Daily
 .br
-  H - Hourly
+  H Hourly
 .br
- if logfile is not specified logging goes to stdout. You can specify individual logging options for gateway by using
--l option in gateway configuration.
+ if logfile is not specified logging goes to stdout. You can specify individual logging options for gateway by using -l
+option in gateway configuration.
 .br
- "log" command supports same format specifications for filename template
-as "logformat" (if filename contains '%' sign it's believed to be template).
-As with "logformat" filename must begin with 'L' or 'G' to specify Local or
+ log command supports same format specifications for filename template
+as \"logformat\" (if filename contains \'%\' sign it\'s believed to be template).
+As with \"logformat\" filename must begin with \'L\' or \'G\' to specify Local or
 Grinwitch time zone for all time-based format specificators.
 
 .br
@@ -257,80 +257,80 @@ Grinwitch time zone for all time-based format specificators.
 or G (absolute Grinwitch time). 
 It can be preceeded with -XXX+Y where XXX is list of characters to be
 filtered in user input (any non-printable characters are filtered too
-in this case) and Y is replacement character. For example, "-,%+ L" in
+in this case) and Y is replacement character. For example, \"-,%+ L\" in
 the beginning of logformat means comma and percent are replaced
 with space and all time based elemnts are in local time zone.
 .br
  You can use:
 
 .br
-  %y - Year in 2 digit format
+  %y Year in 2 digit format
 .br
-  %Y - Year in 4 digit format
+  %Y Year in 4 digit format
 .br
-  %m - Month number
+  %m Month number
 .br
-  %o - Month abbriviature
+  %o Month abbriviature
 .br
-  %d - Day
+  %d Day
 .br
-  %H - Hour
+  %H Hour
 .br
-  %M - Minute
+  %M Minute
 .br
-  %S - Second
+  %S Second
 .br
-  %t - Timstamp (in seconds since 01-Jan-1970)
+  %t Timstamp (in seconds since 01-Jan-1970)
 .br
-  %. - milliseconds
+  %. milliseconds
 .br
-  %z - timeZone (from Grinvitch)
+  %z timeZone (from Grinvitch)
 .br
-  %D - request duration (in milliseconds)
+  %D request duration (in milliseconds)
 .br
-  %b - average send rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
+  %b average send rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
 .br
-  %B - average receive rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
+  %B average receive rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
 .br
-  %U - Username
+  %U Username
 .br
-  %N - service Name
+  %N service Name
 .br
-  %p - service Port
+  %p service Port
 .br
-  %E - Error code
+  %E Error code
 .br
-  %C - Client IP
+  %C Client IP
 .br
-  %c - Client port
+  %c Client port
 .br
-  %R - Remote IP
+  %R Remote IP
 .br
-  %r - Remote port
+  %r Remote port
 .br
-  %i - Internal IP used to accept client connection
+  %i Internal IP used to accept client connection
 .br
-  %e - External IP used to establish connection
+  %e External IP used to establish connection
 .br
-  %Q - Requested IP
+  %Q Requested IP
 .br
-  %q - Requested port
+  %q Requested port
 .br
-  %n - requested hostname
+  %n requested hostname
 .br
-  %I - bytes In
+  %I bytes In
 .br
-  %O - bytes Out
+  %O bytes Out
 .br
-  %h - Hops (redirections) count
+  %h Hops (redirections) count
 .br
-  %T - service specific Text
+  %T service specific Text
 .br
-  %N1-N2T - (N1 and N2 are positive numbers) - log only fields from N1 thorugh N2 of service specific text
+  %N1-N2T (N1 and N2 are positive numbers) log only fields from N1 thorugh N2 of service specific text
 .br
- in case of ODBC logging logformat specifies SQL statement, for exmample:
+ in the case of ODBC logging logformat specifies SQL statement, for exmample:
 .br
-   logformat "-'+_Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values ('%d-%m-%Y %H:%M:%S', '%U', '%N', %I, %O, '%T')"
+ logformat \"-\'+_Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values (\'%d-%m-%Y %H:%M:%S\', \'%U\', \'%N\', %I, %O, \'%T\')\"
 
 .br
 .B logdump
@@ -355,30 +355,29 @@ can use %A as produced archive name and %F as filename.
 .br
  Sets timeout values, defaults 1, 5, 30, 60, 180, 1800, 15, 60, 15, 5.
 .br
-  BYTE_SHORT - short timeout for single byte, is usually used for receiving single byte from stream.
+ BYTE_SHORT short timeout for single byte, is usually used for receiving single byte from stream.
 .br
-  BYTE_LONG - long timeout for single byte, is usually used for receiving first byte in frame (for example first byte in socks request).
+ BYTE_LONG long timeout for single byte, is usually used for receiving first byte in frame (for example first byte in socks request).
 .br
-  STRING_SHORT - short timeout, for character string within stream (for example to wait between 2 HTTP headers)
+ STRING_SHORT short timeout, for character string within stream (for example to wait between 2 HTTP headers)
 .br
-  STRING_LONG - long timeout, for first string in stream (for example to wait for HTTP request).
+ STRING_LONG long timeout, for first string in stream (for example to wait for HTTP request).
 .br
-  CONNECTION_SHORT - inactivity timeout for short connections (HTTP, POP3, etc).
+ CONNECTION_SHORT inactivity timeout for short connections (HTTP, POP3, etc).
 .br
-  CONNECTION_LONG - inactivity timeout for long connection (SOCKS, portmappers, etc).
+ CONNECTION_LONG inactivity timeout for long connection (SOCKS, portmappers, etc).
 .br
-  DNS - timeout for DNS request before requesting next server
-.br
-  CHAIN - timeout for reading data from chained connection
+ DNS timeout for DNS request before requesting next server
 .br
+ CHAIN timeout for reading data from chained connection
 
 .br
 .B nserver
 <ipaddr>[:port][/tcp]
 .br
-Nameserver to use for name resolutions. If none specified 
+ Nameserver to use for name resolutions. If none specified 
 or name server fails system routines for name resolution will be
-used. It's better to specify nserver because gethostbyname() may
+used. It\'s better to specify nserver because gethostbyname() may
 be thread unsafe. Optional port number may be specified.
 If optional /tcp is added to IP address, name resolution will be
 performed over TCP.
@@ -413,7 +412,7 @@ redirected to parent proxy with http, socks4+, connect+ or socks5+.
 .B dialer
 <progname>
 .br
- Execute progname if external name can't be resolved.
+ Execute progname if external name can\'t be resolved.
 Hint: if you use nscache, dialer may not work, because names will
 be resolved through cache. In this case you can use something like
 http://dial.right.now/ from browser to set up connection.
@@ -432,8 +431,8 @@ gateways. Since 0.8 version, IPv6 address may be used.
 <ipaddr>
 .br
  sets ip address of external interface. This IP address will be source
-address for all connections made by proxy. Alternatively you can use
--e option to specify individual address for gateway. Since 0.8 version
+address for all connections made by proxy. Alternatively you can use -e
+option to specify individual address for gateway. Since 0.8 version
 External or -e can be given twice: once with IPv4 and once with IPv6 address.
    
 .br
@@ -454,8 +453,8 @@ to reinstall service.
 .br
 .B daemon
 .br
- Should be specified to close console. Do not use 'daemon' with 'service'.
-At least under FreeBSD 'daemon' should preceed any proxy service
+ Should be specified to close console. Do not use \'daemon\' with \'service\'.
+At least under FreeBSD \'daemon\' should preceed any proxy service
 and log commands to avoid sockets problem. Always place it in the beginning
 of the configuration file.
 
@@ -465,39 +464,39 @@ of the configuration file.
 .br
  Type of user authorization. Currently supported:
 .br
-  none - no authentication or authorization required.
+ none - no authentication or authorization required.
 .br
  Note: is auth is none any ip based limitation, redirection, etc will not work. 
 This is default authentication type
 .br
-  iponly - authentication by access control list with username ignored.
+ iponly - authentication by access control list with username ignored.
  Appropriate for most cases
 .br
-  useronly - authentication by username without checking for any password with
+ useronly - authentication by username without checking for any password with
 authorization by ACLs. Useful for e.g. SOCKSv4 proxy and icqpr (icqpr set UIN /
 AOL screen name as a username)
 .br
-  dnsname - authentication by DNS hostnname with authorization by ACLs.
+ dnsname - authentication by DNS hostnname with authorization by ACLs.
 DNS hostname is resolved via PTR (reverse) record and validated (resolved
-name must resolve to same IP address). It's recommended to use authcache by
+name must resolve to same IP address). It\'s recommended to use authcache by
 ip for this authentication.
 NB: there is no any password check, name may be spoofed.
 .br
-  strong - username/password authentication required. It will work with
+ strong - username/password authentication required. It will work with
 SOCKSv5, FTP, POP3 and HTTP proxy. 
 .br
-  cache - cached authentication, may be used with 'authcache'.
+ cache - cached authentication, may be used with \'authcache\'.
 .br
  Plugins may add additional authentication types.
-.br
 
- It's possible to use few authentication types in the same commands. E.g.
 .br
-auth iponly strong
+ It\'s possible to use few authentication types in the same commands. E.g.
+.br
+ auth iponly strong
 .br
- In this case 'strong' authentication will be used only in case resource
-access can not be performed with 'iponly' authentication, that is username is
-required in ACL. It's usefull to protect access to some resources with
+ In this case \'strong\' authentication will be used only in case resource
+access can not be performed with \'iponly\' authentication, that is username is
+required in ACL. It\'s usefull to protect access to some resources with
 password allowing passwordless access to another resources, or to use
 IP-based authentication for dedicated laptops and request username/password for
 shared ones.
@@ -509,17 +508,17 @@ shared ones.
  Cache authentication information to given amount of time (cachetime) in seconds.
 Cahtype is one of:
 .br
-  ip - after successful authentication all connections during caching time
+ ip - after successful authentication all connections during caching time
 from same IP are assigned to the same user, username is not requested.
 .br
-  ip,user username is requested and all connections from the same IP are
+ ip,user username is requested and all connections from the same IP are
 assigned to the same user without actual authentication.
 .br
-  user - same as above, but IP is not checked. 
+ user - same as above, but IP is not checked. 
 .br
-  user,password - both username and password are checked against cached ones.
+ user,password - both username and password are checked against cached ones.
 .br
-Use auth type 'cache' for cached authentication
+Use auth type \'cache\' for cached authentication
 
 .br
 .B allow
@@ -533,13 +532,13 @@ Use auth type 'cache' for cached authentication
  Access control entries. All lists are comma-separated, no spaces are
 allowed. Usernames are case sensitive (if used with authtype nbname
 username must be in uppercase). Source and target lists may contain
-IP addresses (W.X.Y.Z), ranges A.B.C.D - W.X.Y.Z (since 0.8) or CIDRs
-(W.X.Y.Z/L). Since 0.6, targetlist may also contain host names,
-instead of addresses. It's possible to use wildmask in
-the begginning and in the the end of hostname, e.g. *badsite.com or
-*badcontent*. Hostname is only checked if hostname presents in request.
-Targetportlist may contain ports (X) or port ranges lists (X-Y). For any field
-* sign means "ANY" If access list is empty it's assumed to be
+IP addresses (W.X.Y.Z), ranges A.B.C.D - W.X.Y.Z (since 0.8) or CIDRs (W.X.Y.Z/L). 
+Since 0.6, targetlist may also contain host names,
+instead of addresses. It\'s possible to use wildmask in
+the begginning and in the the end of hostname, e.g. *badsite.com or *badcontent*.
+Hostname is only checked if hostname presents in request.
+Targetportlist may contain ports (X) or port ranges lists (X-Y). For any field *
+sign means ANY. If access list is empty it\'s assumed to be
 .br
  allow *
 .br
@@ -547,61 +546,64 @@ Targetportlist may contain ports (X) or port ranges lists (X-Y). For any field
 .br
  deny *
 .br
- You may want explicitly add "deny *" to the end of access list to prevent
-HTTP proxy from requesting user's password.
+ You may want explicitly add deny * to the end of access list to prevent
+HTTP proxy from requesting user\'s password.
 Access lists are checked after user have requested any resource.
 If you want 3proxy to reject connections from specific addresses
 immediately without any conditions you should either bind proxy
 to appropriate interface only or to use ip filters.
-.br
 
-Operation is one of:
 .br
-  CONNECT - establish outgoing TCP connection
+ Operation is one of:
+.br
+ CONNECT establish outgoing TCP connection
 .br
-  BIND - bind TCP port for listening
+ BIND bind TCP port for listening
 .br
-  UDPASSOC - make UDP association
+ UDPASSOC make UDP association
 .br
-  ICMPASSOC - make ICMP association (for future use)
+ ICMPASSOC make ICMP association (for future use)
 .br
-  HTTP_GET - HTTP GET request
+ HTTP_GET HTTP GET request
 .br
-  HTTP_PUT - HTTP PUT request
+ HTTP_PUT HTTP PUT request
 .br
-  HTTP_POST - HTTP POST request
+ HTTP_POST HTTP POST request
 .br
-  HTTP_HEAD - HTTP HEAD request
+ HTTP_HEAD HTTP HEAD request
 .br
-  HTTP_CONNECT - HTTP CONNECT request
+ HTTP_CONNECT HTTP CONNECT request
 .br
-  HTTP_OTHER - over HTTP request
+ HTTP_OTHER over HTTP request
 .br
-  HTTP - matches any HTTP request except HTTP_CONNECT
+ HTTP matches any HTTP request except HTTP_CONNECT
 .br
-  HTTPS - same as HTTP_CONNECT
+ HTTPS same as HTTP_CONNECT
 .br
-  FTP_GET - FTP get request
+ FTP_GET FTP get request
 .br
-  FTP_PUT - FTP put request
+ FTP_PUT FTP put request
 .br
-  FTP_LIST - FTP list request
+ FTP_LIST FTP list request
 .br
-  FTP_DATA - FTP data connection. Note: FTP_DATA requires access to dynamic
+ FTP_DATA FTP data connection. Note: FTP_DATA requires access to dynamic
 non-ptivileged (1024-65535) ports on remote side.
 .br
-  FTP - matches any FTP/FTP Data request
+ FTP matches any FTP/FTP Data request
 .br
-  ADMIN - access to administration interface
+ ADMIN access to administration interface
+
 .br
- Weeksdays are week days numbers or periods, 0 or 7 means Sunday, 1 is Monday, 1-5 means Monday through Friday. Timeperiodlists is a list of time
+ Weeksdays are week days numbers or periods, 0 or 7 means Sunday, 1 is Monday, 1-5 means Monday through Friday.
+.br
+ Timeperiodlists is a list of time
 periods in HH:MM:SS-HH:MM:SS format. For example, 00:00:00-08:00:00,17:00:00-24:00:00 lists non-working hours.
-	
+
 .br
 .B parent
 <weight> <type> <ip> <port> <username> <password>
 .br
- this command must follow "allow" rule. It extends last allow rule to
+ this command must follow \"allow\" rule. It extends last allow rule to
 build proxy chain. Proxies may be grouped. Proxy inside the
 group is selected randomly. If few groups are specified one proxy
 is randomly picked from each group and chain of proxies is created
@@ -636,46 +638,46 @@ with probability of 0.7) for outgoing web connections.
 .br
  type is one of:
 .br
-  tcp - simply redirect connection. TCP is always last in chain.
+ tcp simply redirect connection. TCP is always last in chain.
 .br
-  http - redirect to HTTP proxy. HTTP is always last chain.
+ http redirect to HTTP proxy. HTTP is always last chain.
 .br
-  pop3 - redirect to POP3 proxy (only local redirection is supported, can not be
+ pop3 redirect to POP3 proxy (only local redirection is supported, can not be
 used for chaining)
 .br
-  ftp - redirect to FTP proxy (only local redirection is supported, can not be
+ ftp redirect to FTP proxy (only local redirection is supported, can not be
 used for chaining)
 .br
-  connect - parent is HTTP CONNECT method proxy
+ connect parent is HTTP CONNECT method proxy
 .br
-  connect+ - parent is HTTP CONNECT proxy with name resolution
+ connect+ parent is HTTP CONNECT proxy with name resolution
 .br
-  socks4 - parent is SOCKSv4 proxy
+ socks4 parent is SOCKSv4 proxy
 .br
-  socks4+ - parent is SOCKSv4 proxy with name resolution (SOCKSv4a)
+ socks4+ parent is SOCKSv4 proxy with name resolution (SOCKSv4a)
 .br
-  socks5 - parent is SOCKSv5 proxy
+ socks5 parent is SOCKSv5 proxy
 .br
-  socks5+ - parent is SOCKSv5 proxy with name resolution
+ socks5+ parent is SOCKSv5 proxy with name resolution
 .br
-  socks4b - parent is SOCKS4b (broken SOCKSv4 implementation with shortened
+ socks4b parent is SOCKS4b (broken SOCKSv4 implementation with shortened
 server reply. I never saw this kind ofservers byt they say there are).
 Normally you should not use this option. Do not mess this option with
 SOCKSv4a (socks4+).
 .br
-  socks5b - parent is SOCKS5b (broken SOCKSv5 implementation with shortened
+ socks5b parent is SOCKS5b (broken SOCKSv5 implementation with shortened
 server reply. I think you will never find it useful). Never use this option
 unless you know exactly you need it.
 .br
-  admin - redirect request to local 'admin' service (with -s parameter).
+ admin redirect request to local \'admin\' service (with -s parameter).
 .br
- Use "+" proxy only with "fakeresolve" option
+ Use \"+\" proxy only with \"fakeresolve\" option
 .br
 
  IP and port are ip addres and port of parent proxy server.
 If IP is zero, ip is taken from original request, only port is changed.
-If port is zero, it's taken from original request, only IP is changed.
-If both IP and port are zero - it's a special case of local redirection,
+If port is zero, it\'s taken from original request, only IP is changed.
+If both IP and port are zero - it\'s a special case of local redirection,
 it works only with
 .B socks
 proxy. In case of local redirection request is redirected to different service, 
@@ -690,14 +692,14 @@ locally redurects to
 .B proxy
 .B admin
 locally redirects to admin -s service.
-.br
 
+.br
  Main purpose of local redirections is to have requested resource
 (URL or POP3 username) logged and protocol-specific filters to be applied.
-In case of local redirection ACLs are revied twice: first, by SOCKS proxy up to
-'parent' command and then with gateway service connection is
-redirected (HTTP, FTP or POP3) after 'parent' command. It means,
-additional 'allow' command is required for redirected requests, for
+In case of local redirection ACLs are revied twice: first, by SOCKS proxy up to \'parent\'
+command and then with gateway service connection is
+redirected (HTTP, FTP or POP3) after \'parent\' command. It means,
+additional \'allow\' command is required for redirected requests, for
 example:
 .br
  allow * * * 80
@@ -713,11 +715,10 @@ local HTTP proxy parses requests and allows only GET and POST requests.
 .br
  parent 1000 http 1.2.3.4 0
 .br
- Changes external address for given connection to 1.2.3.4
-(an equivalent to -e1.2.3.4)
+ Changes external address for given connection to 1.2.3.4 (an equivalent to -e1.2.3.4)
 .br
  Optional username and password are used to authenticate on parent
-proxy. Username of '*' means username must be supplied by user.
+proxy. Username of \'*\' means username must be supplied by user.
 
 
 .br
@@ -752,7 +753,7 @@ nolog
  If force is specified for service, configuration reload will require all current
 sessions of this service to be re-authenticated. If ACL is changed or user account
 is removed, old connections which do not match current are closed.
- noforce allows to keep previously authenticated connections.
+noforce allows to keep previously authenticated connections.
 
 .br
 .B bandlimin
@@ -768,13 +769,13 @@ is removed, old connections which do not match current are closed.
 <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
 .br
  bandlim sets bandwith limitation filter to <rate> bps (bits per second)
-(if you want to specife bytes per second - multiply your value to 8).
+If you want to specife bytes per second - multiply your value to 8.
 bandlim rules act in a same manner as allow/deny rules except
 one thing: bandwidth limiting is applied to all services, not to some
 specific service. 
 bandlimin and nobandlimin applies to incoming traffic
 bandlimout and nobandlimout applies to outgoing traffic
-If tou want to ratelimit your clients with ip's 192.168.10.16/30 (4
+If tou want to ratelimit your clients with IPs 192.168.10.16/30 (4
 addresses) to 57600 bps you have to specify 4 rules like
 .br
  bandlimin 57600 * 192.168.10.16
@@ -803,19 +804,19 @@ if you want, for example, to limit all speed ecept access to POP3 you can use
 .B noconnlim
 <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
 .br
-connlim sets connections rate limit per time period for traffic
+ connlim sets connections rate limit per time period for traffic
 pattern controlled by ACL. Period is in seconds. If period is 0,
 connlim limits a number of parallel connections.
 .br
  connlim 100 60 * 127.0.0.1
 .br
-allows 100 connections per minute for 127.0.0.1.
+ allows 100 connections per minute for 127.0.0.1.
 .br
  connlim 20 0 * 127.0.0.1
 .br
-allows 20 simulationeous connections for 127.0.0.1.
+ allows 20 simulationeous connections for 127.0.0.1.
 .br
-Like with bandlimin, if individual limit is required per client, separate
+ Like with bandlimin, if individual limit is required per client, separate
 rule mustbe added for every client. Like with nobanlimin, noconnlim adds an
 exception.
 
@@ -871,17 +872,17 @@ username[:pwtype:password] ...
 .br
  pwtype is one of:
 .br
-  none (empty) - use system authentication
+ none (empty) - use system authentication
 .br
-  CL - password is cleartext
+ CL - password is cleartext
 .br
-  CR - password is crypt-style password
+ CR - password is crypt-style password
 .br
-  NT - password is NT password (in hex)
+ NT - password is NT password (in hex)
 .br
  example:
 .br
- users test1:CL:password1 "test2:CR:$1$lFDGlder$pLRb4cU2D7GAT58YQvY49."
+ users test1:CL:password1 \"test2:CR:$1$lFDGlder$pLRb4cU2D7GAT58YQvY49.\"
 .br
  users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
 .br
@@ -953,14 +954,15 @@ for all threads.
 <value_to_add_to_default_stack_size>
 .br
  Change default size for threads stack. May be required in some situation,
- e.g. with non-default plugins, on on some platforms (some FreeBSD version
- may require adjusting stack size due to invalid defined value in system
- header files, this value is also oftent reqruied to be changed for ODBC and
- PAM support on Linux. If you experience 3proxy
- crash on request processing, try to set some positive value. You may start with
- stacksize 65536 
- and then find the minimal value for service to work. If you experience
- memory shortage, you can try to experiment with negative values.
+e.g. with non-default plugins, on on some platforms (some FreeBSD version
+may require adjusting stack size due to invalid defined value in system
+header files, this value is also oftent reqruied to be changed for ODBC and
+PAM support on Linux. If you experience 3proxy
+crash on request processing, try to set some positive value. You may start with
+stacksize 65536 
+and then find the minimal value for service to work. If you experience
+memory shortage, you can try to experiment with negative values.
+
 .SH PLUGINS
 
 .br
@@ -988,7 +990,7 @@ Report all bugs to
 .SH SEE ALSO
 3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8), syslogd(8),
 .br
-https://3proxy.org/
+ https://3proxy.org/
 .SH TRIVIA
 3APA3A is pronounced as \`\`zaraza\'\'.
 .SH AUTHORS