3proxy/doc/html/man3/3proxy.cfg.3.html

<HTML><HEAD><TITLE>Manpage of 3proxy.cfg</TITLE>
</HEAD><BODY>
<H1>3proxy.cfg</H1>
Section: Universal proxy server
 (3)<BR>Updated: July 2009<BR><A HREF="#index">Index</A>
<A HREF="../index.html">Return to Main Contents</A><HR>

<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>

<B>3proxy.cfg</B>

- 3proxy configuration file
<A NAME="lbAC">&nbsp;</A>
<H2>DESCRIPTION</H2>

<BR>&nbsp;Common&nbsp;structure:
<BR>

Configuration file is a text file 3proxy reads configuration from. Each line
of the file is a command executed immediately, as it was given from
console. Sequence of commands is important. Configuration file as actually a
script for 3proxy executable.
Each line of the file is treated as a blank (space or tab) separated
command line. Additional space characters are ignored. 
Think about 3proxy as &quot;application level router&quot; with console interface.
<BR>

<BR>&nbsp;Comments:
<BR>

Any string beginning with space character or '#' character is comment. It's
ignored. &lt;LF&gt;s are ignored. &lt;CR&gt; is end of command.

<BR>

<BR>&nbsp;Quotation:
<BR>

Quotation character is &quot; (double quote). Quotation must be used to quote
spaces or another special characters. To use quotation character inside
quotation character must be dubbed (BASIC convention). For example to use
HELLO &quot;WORLD&quot; as an argument you should use it as &quot;HELLO &quot;&quot;WORLD&quot;&quot;&quot;.
Good practice is to quote any argument you use.
<BR>

<BR>&nbsp;File&nbsp;inclusion:
<BR>

You can include file by using $FILENAME macro (replace FILENAME with a path
to file, for example $/usr/local/etc/3proxy/conf.incl or 
<BR>&nbsp;$&quot;c:\Program&nbsp;Files\3proxy\include.cfg&quot;&nbsp;Quotation&nbsp;is
required in last example because path contains space character. 
For included file &lt;CR&gt; (end of line characters) is treated as space character
(arguments delimiter instead of end of command delimiter). 
Thus, include files are only useful to store long signle-line commands
(like userlist, network lists, etc).
To use dollar sign somewhere in argument it must be quoted. 
Recursion is not allowed.
<BR>

<BR>&nbsp;Next&nbsp;commands&nbsp;start&nbsp;gateway&nbsp;services:
<BR>

<B>proxy</B>

[options]
<BR>

<B>socks</B>

[options]
<BR>

<B>pop3p</B>

[options]
<BR>

<B>ftppr</B>

[options]
<BR>

<B>admin</B>

[options]
<BR>

<B>dnspr</B>

[options]
<BR>

<B>tcppm</B>

[options]
&lt;SRCPORT&gt; &lt;DSTADDR&gt; &lt;DSTPORT&gt;
<BR>

<B>udppm</B>

[options]
&lt;SRCPORT&gt; &lt;DSTADDR&gt; &lt;DSTPORT&gt;
<BR>

<BR>&nbsp;Descriptions:
<BR>

<B>proxy</B>

- HTTP/HTTPS proxy (default port 3128)
<BR>

<B>socks</B>

- SOCKS 4/4.5/5 proxy (default port 1080)
<BR>

<B>pop3p</B>

- POP3 proxy (default port 110)
<BR>

<B>ftppr</B>

- FTP proxy (default port 21)
<BR>

<B>admin</B>

- Web interface (default port 80)
<BR>

<B>dnspr</B>

- caching DNS proxy (default port 53)
<BR>

<B>tcppm</B>

- TCP portmapper
<BR>

<B>udppm</B>

- UDP portmapper
<BR>


<BR>&nbsp;Options:
<BR>

<B>-pNUMBER</B>

change default server port to NUMBER
<BR>

<B>-n</B>

disable NTLM authentication (required if passwords are stored in Unix crypt format.
<BR>

<B>-s</B>

(for admin) - allow only secure operations (currently only traffic counters
view without ability to reset).
<BR>

<B>-a</B>

(for proxy) - anonymous proxy (no information about client reported)
<BR>

<B>-a1</B>

(for proxy) - anonymous proxy (random client information reported)
<BR>

<BR>&nbsp;Also,&nbsp;all&nbsp;options&nbsp;mentioned&nbsp;for&nbsp;
<B><A HREF="../man8/proxy.8.html">proxy</A></B>(8)

<B><A HREF="../man8/socks.8.html">socks</A></B>(8)

<B><A HREF="../man8/pop3p.8.html">pop3p</A></B>(8)

<B><A HREF="../man8/tcppm.8.html">tcppm</A></B>(8)

<B><A HREF="../man8/udppm.8.html">udppm</A></B>(8)

<B><A HREF="../man8/ftppr.8.html">ftppr</A></B>(8)

<BR>&nbsp;are&nbsp;also&nbsp;supported.
<BR>

<BR>&nbsp;Portmapping&nbsp;services&nbsp;listen&nbsp;at&nbsp;SRCPORT&nbsp;and&nbsp;connect&nbsp;to&nbsp;DSTADDR:DSTPORT
HTTP and SOCKS proxies are standard. 
<BR>

<BR>&nbsp;POP3&nbsp;proxy&nbsp;must&nbsp;be&nbsp;configured&nbsp;as&nbsp;POP3&nbsp;server&nbsp;and&nbsp;requires&nbsp;username&nbsp;in&nbsp;the&nbsp;form&nbsp;of:
<A HREF="mailto:pop3username@pop3server">pop3username@pop3server</A>. If POP3 proxy access must be authenticated, you can
specify username as proxy_username:proxy_password:<A HREF="mailto:POP3_username@pop3server">POP3_username@pop3server</A>
<BR>

<BR>&nbsp;DNS&nbsp;proxy&nbsp;resolves&nbsp;any&nbsp;types&nbsp;of&nbsp;records&nbsp;but&nbsp;only&nbsp;hostnames&nbsp;are&nbsp;cached.&nbsp;It
requires nserver/nscache to be configured.
<BR>

<BR>&nbsp;FTP&nbsp;proxy&nbsp;can&nbsp;be&nbsp;used&nbsp;as&nbsp;FTP&nbsp;server&nbsp;in&nbsp;any&nbsp;FTP&nbsp;client&nbsp;or&nbsp;configured&nbsp;as&nbsp;FTP
proxy on a client with FTP proxy support. Username format is one of
<BR>

<BR>&nbsp;<A HREF="mailto:FTPuser@FTPServer">FTPuser@FTPServer</A>
<BR>

<BR>&nbsp;FTPuser:<A HREF="mailto:FTPpassword@FTPserver">FTPpassword@FTPserver</A>
<BR>

<BR>&nbsp;proxyuser:proxypassword:FTPuser:<A HREF="mailto:FTPpassword@FTPserver">FTPpassword@FTPserver</A>
<BR>

<BR>&nbsp;Please&nbsp;note,&nbsp;if&nbsp;you&nbsp;use&nbsp;FTP&nbsp;client&nbsp;interface&nbsp;for&nbsp;FTP&nbsp;proxy
do not add FTPpassword and FTPServer to username, because
FTP client does it for you. That is, if you use 3proxy with
authentication use
proxyuser:proxypassword:FTPuser
as FTP username, otherwise do not change original FTP user name<TT>&nbsp;</TT><BR>

<B>include</B>

&lt;path&gt;
<BR>

Include config file

<BR>

<B>config</B>

&lt;path&gt;
<BR>

Path to configuration file to use on 3proxy restart or to save configuration.

<BR>

<B>writable</B>

<BR>

ReOpens configuration file for write access via Web interface,
and re-reads it. Usually should be first command on config file
but in combination with &quot;config&quot; it can be used anywhere to open
alternate config file. Think twice before using it.

<BR>

<B>end</B>

<BR>

End of configuration

<BR>

<B>log</B>

[[@|&amp;]logfile] [&lt;LOGTYPE&gt;]
<BR>

sets logfile for all gateways
<BR>

<BR>&nbsp;@&nbsp;-&nbsp;(for&nbsp;Unix)&nbsp;use&nbsp;syslog,&nbsp;filename&nbsp;is&nbsp;used&nbsp;as&nbsp;ident&nbsp;name
<BR>

<BR>&nbsp;&amp;&nbsp;-&nbsp;use&nbsp;ODBC,&nbsp;filename&nbsp;consists&nbsp;of&nbsp;comma-delimited&nbsp;datasource,username,password&nbsp;(username&nbsp;and&nbsp;password&nbsp;are&nbsp;optional)
<BR>

<BR>&nbsp;LOGTYPE&nbsp;is&nbsp;one&nbsp;of:
<BR>

<BR>&nbsp;&nbsp;M&nbsp;-&nbsp;Monthly
<BR>

<BR>&nbsp;&nbsp;W&nbsp;-&nbsp;Weekly&nbsp;(starting&nbsp;from&nbsp;Sunday)
<BR>

<BR>&nbsp;&nbsp;D&nbsp;-&nbsp;Daily
<BR>

<BR>&nbsp;&nbsp;H&nbsp;-&nbsp;Hourly
<BR>

if logfile is not specified logging goes to stdout. You can specify individual logging options for gateway by using
-l option in gateway configuration.
<BR>

&quot;log&quot; command supports same format specifications for filename template
as &quot;logformat&quot; (if filename contains '%' sign it's believed to be template).
As with &quot;logformat&quot; filename must begin with 'L' or 'G' to specify Local or
Grinwitch time zone for all time-based format specificators.

<BR>

<B>rotate</B>

&lt;n&gt;
how many archived log files to keep

<BR>

<B>logformat</B>

&lt;format&gt;

Format for log record. First symbol in format must be L (local time)
or G (absolute Grinwitch time). 
It can be preceeded with -XXX+Y where XXX is list of characters to be
filtered in user input (any non-printable characters are filtered too
in this case) and Y is replacement character. For example, &quot;-,%+ L&quot; in
the beginning of logformat means comma and percent are replaced
with space and all time based elemnts are in local time zone.
<BR>

You can use:

<BR>

<BR>&nbsp;%y&nbsp;-&nbsp;Year&nbsp;in&nbsp;2&nbsp;digit&nbsp;format
<BR>

<BR>&nbsp;%Y&nbsp;-&nbsp;Year&nbsp;in&nbsp;4&nbsp;digit&nbsp;format
<BR>

<BR>&nbsp;%m&nbsp;-&nbsp;Month&nbsp;number
<BR>

<BR>&nbsp;%o&nbsp;-&nbsp;Month&nbsp;abbriviature
<BR>

<BR>&nbsp;%d&nbsp;-&nbsp;Day
<BR>

<BR>&nbsp;%H&nbsp;-&nbsp;Hour
<BR>

<BR>&nbsp;%M&nbsp;-&nbsp;Minute
<BR>

<BR>&nbsp;%S&nbsp;-&nbsp;Second
<BR>

<BR>&nbsp;%t&nbsp;-&nbsp;Timstamp&nbsp;(in&nbsp;seconds&nbsp;since&nbsp;01-Jan-1970)
<BR>

<BR>&nbsp;%.&nbsp;-&nbsp;milliseconds
<BR>

<BR>&nbsp;%z&nbsp;-&nbsp;timeZone&nbsp;(from&nbsp;Grinvitch)
<BR>

<BR>&nbsp;%D&nbsp;-&nbsp;request&nbsp;duration&nbsp;(in&nbsp;milliseconds)
<BR>

<BR>&nbsp;%b&nbsp;-&nbsp;average&nbsp;send&nbsp;rate&nbsp;per&nbsp;request&nbsp;(in&nbsp;Bytes&nbsp;per&nbsp;second)&nbsp;this&nbsp;speed&nbsp;is&nbsp;typically&nbsp;below&nbsp;connection&nbsp;speed&nbsp;shown&nbsp;by&nbsp;download&nbsp;manager.
<BR>

<BR>&nbsp;%B&nbsp;-&nbsp;average&nbsp;receive&nbsp;rate&nbsp;per&nbsp;request&nbsp;(in&nbsp;Bytes&nbsp;per&nbsp;second)&nbsp;this&nbsp;speed&nbsp;is&nbsp;typically&nbsp;below&nbsp;connection&nbsp;speed&nbsp;shown&nbsp;by&nbsp;download&nbsp;manager.
<BR>

<BR>&nbsp;%U&nbsp;-&nbsp;Username
<BR>

<BR>&nbsp;%N&nbsp;-&nbsp;service&nbsp;Name
<BR>

<BR>&nbsp;%p&nbsp;-&nbsp;service&nbsp;Port
<BR>

<BR>&nbsp;%E&nbsp;-&nbsp;Error&nbsp;code
<BR>

<BR>&nbsp;%C&nbsp;-&nbsp;Client&nbsp;IP
<BR>

<BR>&nbsp;%c&nbsp;-&nbsp;Client&nbsp;port
<BR>

<BR>&nbsp;%R&nbsp;-&nbsp;Remote&nbsp;IP
<BR>

<BR>&nbsp;%r&nbsp;-&nbsp;Remote&nbsp;port
<BR>

<BR>&nbsp;%e&nbsp;-&nbsp;External&nbsp;IP&nbsp;used&nbsp;to&nbsp;establish&nbsp;connection
<BR>

<BR>&nbsp;%Q&nbsp;-&nbsp;Requested&nbsp;IP
<BR>

<BR>&nbsp;%q&nbsp;-&nbsp;Requested&nbsp;port
<BR>

<BR>&nbsp;%n&nbsp;-&nbsp;requested&nbsp;hostname
<BR>

<BR>&nbsp;%I&nbsp;-&nbsp;bytes&nbsp;In
<BR>

<BR>&nbsp;%O&nbsp;-&nbsp;bytes&nbsp;Out
<BR>

<BR>&nbsp;%h&nbsp;-&nbsp;Hops&nbsp;(redirections)&nbsp;count
<BR>

<BR>&nbsp;%T&nbsp;-&nbsp;service&nbsp;specific&nbsp;Text
<BR>

<BR>&nbsp;%N1-N2T&nbsp;-&nbsp;(N1&nbsp;and&nbsp;N2&nbsp;are&nbsp;positive&nbsp;numbers)&nbsp;-&nbsp;log&nbsp;only&nbsp;fields&nbsp;from&nbsp;N1&nbsp;thorugh&nbsp;N2&nbsp;of&nbsp;service&nbsp;specific&nbsp;text
<BR>

in case of ODBC logging logformat specifies SQL statement, for exmample:
<BR>

<BR>&nbsp;&nbsp;&nbsp;logformat&nbsp;&quot;-'+_Linsert&nbsp;into&nbsp;log&nbsp;(l_date,&nbsp;l_user,&nbsp;l_service,&nbsp;l_in,&nbsp;l_out,&nbsp;l_descr)&nbsp;values&nbsp;('%d-%m-%Y&nbsp;%H:%M:%S',&nbsp;'%U',&nbsp;'%N',&nbsp;%I,&nbsp;%O,&nbsp;'%T')&quot;

<BR>

<B>logdump</B>

&lt;in_traffic_limit&gt; &lt;out_traffic_limit&gt;
<BR>

Immediately creates additional log records if given amount of incoming/outgoing
traffic is achieved for connection, without waiting for connection to finish.
It may be useful to prevent information about long-lasting downloads on server
shutdown.

<BR>

<B>archiver</B>

&lt;ext&gt; &lt;commandline&gt;
<BR>

Archiver to use for log files. &lt;ext&gt; is file extension produced by
archiver. Filename will be last argument to archiver, optionally you
can use %A as produced archive name and %F as filename.

<BR>

<B>timeouts</B>

&lt;BYTE_SHORT&gt; &lt;BYTE_LONG&gt; &lt;STRING_SHORT&gt; &lt;STRING_LONG&gt; &lt;CONNECTION_SHORT&gt; &lt;CONNECTION_LONG&gt; &lt;DNS&gt; &lt;CHAIN&gt;
<BR>

Sets timeout values
<BR>

<BR>&nbsp;BYTE_SHORT&nbsp;-&nbsp;short&nbsp;timeout&nbsp;for&nbsp;single&nbsp;byte,&nbsp;is&nbsp;usually&nbsp;used&nbsp;for&nbsp;receiving&nbsp;single&nbsp;byte&nbsp;from&nbsp;stream.
<BR>

<BR>&nbsp;BYTE_LONG&nbsp;-&nbsp;long&nbsp;timeout&nbsp;for&nbsp;single&nbsp;byte,&nbsp;is&nbsp;usually&nbsp;used&nbsp;for&nbsp;receiving&nbsp;first&nbsp;byte&nbsp;in&nbsp;frame&nbsp;(for&nbsp;example&nbsp;first&nbsp;byte&nbsp;in&nbsp;socks&nbsp;request).
<BR>

<BR>&nbsp;STRING_SHORT&nbsp;-&nbsp;short&nbsp;timeout,&nbsp;for&nbsp;character&nbsp;string&nbsp;within&nbsp;stream&nbsp;(for&nbsp;example&nbsp;to&nbsp;wait&nbsp;between&nbsp;2&nbsp;HTTP&nbsp;headers)
<BR>

<BR>&nbsp;STRING_LONG&nbsp;-&nbsp;long&nbsp;timeout,&nbsp;for&nbsp;first&nbsp;string&nbsp;in&nbsp;stream&nbsp;(for&nbsp;example&nbsp;to&nbsp;wait&nbsp;for&nbsp;HTTP&nbsp;request).
<BR>

<BR>&nbsp;CONNECTION_SHORT&nbsp;-&nbsp;inactivity&nbsp;timeout&nbsp;for&nbsp;short&nbsp;connections&nbsp;(HTTP,&nbsp;POP3,&nbsp;etc).
<BR>

<BR>&nbsp;CONNECTION_LONG&nbsp;-&nbsp;inactivity&nbsp;timeout&nbsp;for&nbsp;long&nbsp;connection&nbsp;(SOCKS,&nbsp;portmappers,&nbsp;etc).
<BR>

<BR>&nbsp;DNS&nbsp;-&nbsp;timeout&nbsp;for&nbsp;DNS&nbsp;request&nbsp;before&nbsp;requesting&nbsp;next&nbsp;server
<BR>

<BR>&nbsp;CHAIN&nbsp;-&nbsp;timeout&nbsp;for&nbsp;reading&nbsp;data&nbsp;from&nbsp;chained&nbsp;connection
<BR>


<BR>

<B>nserver</B>

<BR>&nbsp;&lt;ipaddr&gt;
<BR>

Nameserver to use for name resolutions. If none spcified system
or name server fails system routines for name resolution will be
used. It's better to specify nserver because gethostbyname() may
be thread unsafe.

<BR>

<B>nscache</B>

&lt;cachesize&gt;
<BR>


Cache &lt;cachesize&gt; records for name resolution. Cachesize usually
should be large enougth (for example 65536).

<BR>

<B>nsrecord</B>

&lt;hostname&gt; &lt;hostaddr&gt;
<B></B>

Adds static record to nscache. nscache must be enabled. If 0.0.0.0
is used as a hostaddr host will never resolve, it can be used to
blacklist something or together with 
<B>dialer</B>

command to set up UDL for dialing.

<BR>

<B>fakeresolve</B>

<B></B>

All names are resolved to 127.0.0.2 address. Usefull if all requests are
redirected to parent proxy with http, socks4+, connect+ or socks5+.

<BR>

<B>dialer</B>

&lt;progname&gt;
<BR>

Execute progname if external name can't be resolved.
Hint: if you use nscache, dialer may not work, because names will
be resolved through cache. In this case you can use something like
<A HREF="http://dial.right.now/">http://dial.right.now/</A> from browser to set up connection.


<BR>

<B>internal</B>

&lt;ipaddr&gt;
<BR>

sets ip address of internal interface. This IP address will be used
to bind gateways. Alternatively you can use -i option for individual
gateways

<BR>

<B>external</B>

&lt;ipaddr&gt;
<BR>

sets ip address of external interface. This IP address will be source
address for all connections made by proxy. Alternatively you can use
-e option to specify individual address for gateway.
<BR>&nbsp;&nbsp;&nbsp;
<BR>

<B>maxconn</B>

&lt;number&gt;
<BR>

sets maximum number of simulationeous connections to each services
started after this command. Default is 100.

<BR>

<B>service</B>

<BR>

(depricated). Indicates 3proxy to behave as Windows 95/98/NT/2000/XP
service, no effect for Unix. Not required for 3proxy 0.6 and above. If
you upgraded from previous version of 3proxy use --remove and --install
to reinstall service.

<BR>

<B>daemon</B>

<BR>

Should be specified to close console. Do not use 'daemon' with 'service'.
At least under FreeBSD 'daemon' should preceed any proxy service
and log commands to avoid sockets problem. Always place it in the beginning
of the configuration file.

<BR>

<B>auth</B>

&lt;authtype&gt; [...]
<BR>

Type of user authorization. Currently supported:
<BR>

<BR>&nbsp;none&nbsp;-&nbsp;no&nbsp;authentication&nbsp;or&nbsp;authorization&nbsp;required.
<BR>&nbsp;Note:&nbsp;is&nbsp;auth&nbsp;is&nbsp;none&nbsp;any&nbsp;ip&nbsp;based&nbsp;limitation,&nbsp;redirection,&nbsp;etc&nbsp;will&nbsp;not&nbsp;work.&nbsp;
<BR>&nbsp;This&nbsp;is&nbsp;default&nbsp;authentication&nbsp;type
<BR>

<BR>&nbsp;iponly&nbsp;-&nbsp;authentication&nbsp;by&nbsp;access&nbsp;control&nbsp;list&nbsp;with&nbsp;username&nbsp;ignored.
<BR>&nbsp;Appropriate&nbsp;for&nbsp;most&nbsp;cases
<BR>

<BR>&nbsp;useronly&nbsp;-&nbsp;authentication&nbsp;by&nbsp;username&nbsp;without&nbsp;checking&nbsp;for&nbsp;any&nbsp;password&nbsp;with
authorization by ACLs. Useful for e.g. SOCKSv4 proxy and icqpr (icqpr set UIN /
AOL screen name as a username)
<BR>

<BR>&nbsp;dnsname&nbsp;-&nbsp;authentication&nbsp;by&nbsp;DNS&nbsp;hostnname&nbsp;with&nbsp;authorization&nbsp;by&nbsp;ACLs.
DNS hostname is resolved via PTR (reverse) record and validated (resolved
name must resolve to same IP address). It's recommended to use authcache by
ip for this authentication.
NB: there is no any password check, name may be spoofed.
<BR>

<BR>&nbsp;nbname&nbsp;-&nbsp;authentication&nbsp;by&nbsp;NetBIOS&nbsp;name&nbsp;with&nbsp;authorization&nbsp;by&nbsp;ACLs.
Messanger service should be started on user's machine. Note, that
Windows 95/98 hosts do not have messanger service by default,
WinPopup program need to be started. It's recommended to use authcache by
ip for this authentication.
NB: there is no any password check, name may be spoofed.
<BR>

<BR>&nbsp;strong&nbsp;-&nbsp;username/password&nbsp;authentication&nbsp;required.&nbsp;It&nbsp;will&nbsp;work&nbsp;with
SOCKSv5, FTP, POP3 and HTTP proxy. 
<BR>

<BR>&nbsp;cache&nbsp;-&nbsp;cached&nbsp;authentication,&nbsp;may&nbsp;be&nbsp;used&nbsp;with&nbsp;'authcache'.
<BR>

Plugins may add additional authentication types.
<BR>


<BR>&nbsp;It's&nbsp;possible&nbsp;to&nbsp;use&nbsp;few&nbsp;authentication&nbsp;types&nbsp;in&nbsp;the&nbsp;same&nbsp;commands.&nbsp;E.g.
<BR>

auth iponly strong
<BR>

In this case 'strong' authentication will be used only in case resource
access can not be performed with 'iponly' authentication, that is username is
required in ACL. It's usefull to protect access to some resources with
password allowing passwordless access to another resources, or to use
IP-based authentication for dedicated laptops and request username/password for
shared ones.
<BR>

<B>authcache</B>

&lt;cachtype&gt; &lt;cachtime&gt;
<BR>

Cache authentication information to given amount of time (cachetime) in seconds.
Cahtype is one of:
<BR>

<BR>&nbsp;ip&nbsp;-&nbsp;after&nbsp;successful&nbsp;authentication&nbsp;all&nbsp;connections&nbsp;during&nbsp;caching&nbsp;time
from same IP are assigned to the same user, username is not requested.
<BR>

<BR>&nbsp;ip,user&nbsp;username&nbsp;is&nbsp;requested&nbsp;and&nbsp;all&nbsp;connections&nbsp;from&nbsp;the&nbsp;same&nbsp;IP&nbsp;are
assigned to the same user without actual authentication.
<BR>

<BR>&nbsp;user&nbsp;-&nbsp;same&nbsp;as&nbsp;above,&nbsp;but&nbsp;IP&nbsp;is&nbsp;not&nbsp;checked.&nbsp;
<BR>

<BR>&nbsp;user,password&nbsp;-&nbsp;both&nbsp;username&nbsp;and&nbsp;password&nbsp;are&nbsp;checked&nbsp;against&nbsp;cached&nbsp;ones.
<BR>

Use auth type 'cache' for cached authentication
<BR>

<B>allow</B>

&lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
&lt;weekdayslist&gt; &lt;timeperiodslist&gt;
<BR>

<B>deny</B>

&lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
&lt;weekdayslist&gt; &lt;timeperiodslist&gt;
<BR>

Access control entries. All lists are comma-separated, no spaces are
allowed. Usernames are case sensitive (if used with authtype nbname
username must be in uppercase). Source and target lists may contain
IP addresses (W.X.Y.Z) or CIDRs (W.X.Y.Z/L). Since 0.6, targetlist may also
contain host names, instead of addresses. It's possible to use wildmask in
the begginning and in the the end of hostname, e.g. *badsite.com or
*badcontent*. Hostname is only checked if hostname presents in request.
Targetportlist may contain ports (X) or port ranges lists (X-Y). For any field
* sign means &quot;ANY&quot; If access list is empty it's assumed to be
<BR>

<BR>&nbsp;allow&nbsp;*
<BR>

<BR>&nbsp;If&nbsp;access&nbsp;list&nbsp;is&nbsp;not&nbsp;empty&nbsp;last&nbsp;item&nbsp;in&nbsp;access&nbsp;list&nbsp;is&nbsp;assumed&nbsp;to&nbsp;be
<BR>

<BR>&nbsp;deny&nbsp;*
<BR>

<BR>&nbsp;You&nbsp;may&nbsp;want&nbsp;explicitly&nbsp;add&nbsp;&quot;deny&nbsp;*&quot;&nbsp;to&nbsp;the&nbsp;end&nbsp;of&nbsp;access&nbsp;list&nbsp;to&nbsp;prevent
HTTP proxy from requesting user's password.
Access lists are checked after user have requested any resource.
If you want 3proxy to reject connections from specific addresses
immediately without any conditions you should either bind proxy
to appropriate interface only or to use ip filters.
<BR>


Operation is one of:
<BR>

<BR>&nbsp;CONNECT&nbsp;-&nbsp;establish&nbsp;outgoing&nbsp;TCP&nbsp;connection
<BR>

<BR>&nbsp;BIND&nbsp;-&nbsp;bind&nbsp;TCP&nbsp;port&nbsp;for&nbsp;listening
<BR>

<BR>&nbsp;UDPASSOC&nbsp;-&nbsp;make&nbsp;UDP&nbsp;association
<BR>

<BR>&nbsp;ICMPASSOC&nbsp;-&nbsp;make&nbsp;ICMP&nbsp;association&nbsp;(for&nbsp;future&nbsp;use)
<BR>

<BR>&nbsp;HTTP_GET&nbsp;-&nbsp;HTTP&nbsp;GET&nbsp;request
<BR>

<BR>&nbsp;HTTP_PUT&nbsp;-&nbsp;HTTP&nbsp;PUT&nbsp;request
<BR>

<BR>&nbsp;HTTP_POST&nbsp;-&nbsp;HTTP&nbsp;POST&nbsp;request
<BR>

<BR>&nbsp;HTTP_HEAD&nbsp;-&nbsp;HTTP&nbsp;HEAD&nbsp;request
<BR>

<BR>&nbsp;HTTP_CONNECT&nbsp;-&nbsp;HTTP&nbsp;CONNECT&nbsp;request
<BR>

<BR>&nbsp;HTTP_OTHER&nbsp;-&nbsp;over&nbsp;HTTP&nbsp;request
<BR>

<BR>&nbsp;HTTP&nbsp;-&nbsp;matches&nbsp;any&nbsp;HTTP&nbsp;request&nbsp;except&nbsp;HTTP_CONNECT
<BR>

<BR>&nbsp;HTTPS&nbsp;-&nbsp;same&nbsp;as&nbsp;HTTP_CONNECT
<BR>

<BR>&nbsp;FTP_GET&nbsp;-&nbsp;FTP&nbsp;get&nbsp;request
<BR>

<BR>&nbsp;FTP_PUT&nbsp;-&nbsp;FTP&nbsp;put&nbsp;request
<BR>

<BR>&nbsp;FTP_LIST&nbsp;-&nbsp;FTP&nbsp;list&nbsp;request
<BR>

<BR>&nbsp;FTP_DATA&nbsp;-&nbsp;FTP&nbsp;data&nbsp;connection.&nbsp;Note:&nbsp;FTP_DATA&nbsp;requires&nbsp;access&nbsp;to&nbsp;dynamic
<BR>&nbsp;non-ptivileged&nbsp;(1024-65535)&nbsp;ports&nbsp;on&nbsp;remote&nbsp;side.
<BR>

<BR>&nbsp;FTP&nbsp;-&nbsp;matches&nbsp;any&nbsp;FTP/FTP&nbsp;Data&nbsp;request
<BR>

<BR>&nbsp;ADMIN&nbsp;-&nbsp;access&nbsp;to&nbsp;administration&nbsp;interface
<BR>


Weeksdays are week days numbers or periods (0 or 7 means Sunday, 1 is Monday,
1-5 means Monday through Friday). Timeperiodlists is a list of time
periods in HH:MM:SS-HH:MM:SS format. For example, 
<BR>&nbsp;00:00:00-08:00:00,17:00:00-24:00:00
lists non-working hours.
<TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TT><BR>
<BR>

<B>parent</B>

&lt;weight&gt; &lt;type&gt; &lt;ip&gt; &lt;port&gt; &lt;username&gt; &lt;password&gt;
<BR>

this command must follow &quot;allow&quot; rule. It extends last allow rule to
build proxy chain. Proxies may be grouped. Proxy inside the
group is selected randomly. If few groups are specified one proxy
is randomly picked from each group and chain of proxies is created
(that is second proxy connected through first one and so on).
Weight is used to group proxies. Weigt is a number between 1 and 1000.
Weights are summed and proxies are grouped together untill weight of
group is 1000. That is:
<BR>

<BR>&nbsp;allow&nbsp;*
<BR>

<BR>&nbsp;parent&nbsp;500&nbsp;socks5&nbsp;192.168.10.1&nbsp;1080
<BR>

<BR>&nbsp;parent&nbsp;500&nbsp;connect&nbsp;192.168.10.1&nbsp;3128
<BR>

<BR>&nbsp;makes&nbsp;3proxy&nbsp;to&nbsp;randomly&nbsp;choose&nbsp;between&nbsp;2&nbsp;proxies&nbsp;for&nbsp;all&nbsp;outgoing
connections. These 2 proxies form 1 group (summarized weight is 1000).
<BR>

<BR>&nbsp;allow&nbsp;*&nbsp;*&nbsp;*&nbsp;80
<BR>

<BR>&nbsp;parent&nbsp;1000&nbsp;socks5&nbsp;192.168.10.1&nbsp;1080
<BR>

<BR>&nbsp;parent&nbsp;1000&nbsp;connect&nbsp;192.168.20.1&nbsp;3128
<BR>

<BR>&nbsp;parent&nbsp;300&nbsp;socks4&nbsp;192.168.30.1&nbsp;1080
<BR>

<BR>&nbsp;parent&nbsp;700&nbsp;socks5&nbsp;192.168.40.1&nbsp;1080
<BR>

<BR>&nbsp;creates&nbsp;chain&nbsp;of&nbsp;3&nbsp;proxies:&nbsp;192.168.10.1,&nbsp;192.168.20.1&nbsp;and&nbsp;third
is (192.168.30.1 with probability of 0.3 or 192.168.40.1
with probability of 0.7) for outgoing web connections.

<BR>

<BR>&nbsp;type&nbsp;is&nbsp;one&nbsp;of:
<BR>

<BR>&nbsp;tcp&nbsp;-&nbsp;simply&nbsp;redirect&nbsp;connection.&nbsp;TCP&nbsp;is&nbsp;always&nbsp;last&nbsp;in&nbsp;chain.
<BR>

<BR>&nbsp;http&nbsp;-&nbsp;redirect&nbsp;to&nbsp;HTTP&nbsp;proxy.&nbsp;HTTP&nbsp;is&nbsp;always&nbsp;last&nbsp;chain.
<BR>

<BR>&nbsp;pop3&nbsp;-&nbsp;redirect&nbsp;to&nbsp;POP3&nbsp;proxy&nbsp;(only&nbsp;local&nbsp;redirection&nbsp;is&nbsp;supported,&nbsp;can&nbsp;not&nbsp;be
used for chaining)
<BR>

<BR>&nbsp;ftp&nbsp;-&nbsp;redirect&nbsp;to&nbsp;FTP&nbsp;proxy&nbsp;(only&nbsp;local&nbsp;redirection&nbsp;is&nbsp;supported,&nbsp;can&nbsp;not&nbsp;be
used for chaining)
<BR>

<BR>&nbsp;connect&nbsp;-&nbsp;parent&nbsp;is&nbsp;HTTP&nbsp;CONNECT&nbsp;method&nbsp;proxy
<BR>

<BR>&nbsp;connect+&nbsp;-&nbsp;parent&nbsp;is&nbsp;HTTP&nbsp;CONNECT&nbsp;proxy&nbsp;with&nbsp;name&nbsp;resolution
<BR>

<BR>&nbsp;socks4&nbsp;-&nbsp;parent&nbsp;is&nbsp;SOCKSv4&nbsp;proxy
<BR>

<BR>&nbsp;socks4+&nbsp;-&nbsp;parent&nbsp;is&nbsp;SOCKSv4&nbsp;proxy&nbsp;with&nbsp;name&nbsp;resolution&nbsp;(SOCKSv4a)
<BR>

<BR>&nbsp;socks5&nbsp;-&nbsp;parent&nbsp;is&nbsp;SOCKSv5&nbsp;proxy
<BR>

<BR>&nbsp;socks5+&nbsp;-&nbsp;parent&nbsp;is&nbsp;SOCKSv5&nbsp;proxy&nbsp;with&nbsp;name&nbsp;resolution
<BR>

<BR>&nbsp;socks4b&nbsp;-&nbsp;parent&nbsp;is&nbsp;SOCKS4b&nbsp;(broken&nbsp;SOCKSv4&nbsp;implementation&nbsp;with&nbsp;shortened
server reply. I never saw this kind ofservers byt they say there are).
Normally you should not use this option. Do not mess this option with
SOCKSv4a (socks4+).
<BR>

<BR>&nbsp;socks5b&nbsp;-&nbsp;parent&nbsp;is&nbsp;SOCKS5b&nbsp;(broken&nbsp;SOCKSv5&nbsp;implementation&nbsp;with&nbsp;shortened
server reply. I think you will never find it useful). Never use this option
unless you know exactly you need it.
<BR>

<BR>&nbsp;admin&nbsp;-&nbsp;redirect&nbsp;request&nbsp;to&nbsp;local&nbsp;'admin'&nbsp;service&nbsp;(with&nbsp;-s&nbsp;parameter).
<BR>

<BR>&nbsp;Use&nbsp;&quot;+&quot;&nbsp;proxy&nbsp;only&nbsp;with&nbsp;&quot;fakeresolve&quot;&nbsp;option
<BR>


<BR>&nbsp;IP&nbsp;and&nbsp;port&nbsp;are&nbsp;ip&nbsp;addres&nbsp;and&nbsp;port&nbsp;of&nbsp;parent&nbsp;proxy&nbsp;server.
If IP is zero, ip is taken from original request, only port is changed.
If port is zero, it's taken from original request, only IP is changed.
If both IP and port are zero - it's a special case of local redirection,
it works only with
<B>socks</B>

proxy. In case of local redirection request is redirected to different service, 
<B>ftp</B>

locally redirects to
<B>ftppr</B>

<B>pop3</B>

locally redirects to
<B>pop3p</B>

<B>http</B>

locally redurects to
<B>proxy</B>

<B>admin</B>

locally redirects to admin -s service.
<BR>


<BR>&nbsp;Main&nbsp;purpose&nbsp;of&nbsp;local&nbsp;redirections&nbsp;is&nbsp;to&nbsp;have&nbsp;requested&nbsp;resource
(URL or POP3 username) logged and protocol-specific filters to be applied.
In case of local redirection ACLs are revied twice: first, by SOCKS proxy up to

redirected (HTTP, FTP or POP3) after 'parent' command. It means,
additional 'allow' command is required for redirected requests, for
example:
<BR>

<BR>&nbsp;allow&nbsp;*&nbsp;*&nbsp;*&nbsp;80
<BR>

<BR>&nbsp;parent&nbsp;1000&nbsp;http&nbsp;0.0.0.0&nbsp;0
<BR>

<BR>&nbsp;allow&nbsp;*&nbsp;*&nbsp;*&nbsp;80&nbsp;HTTP_GET,HTTP_POST
<BR>

<BR>&nbsp;socks
<BR>

redirects all SOCKS requests with target port 80 to local HTTP proxy,
local HTTP proxy parses requests and allows only GET and POST requests.
<BR>

<BR>&nbsp;parent&nbsp;1000&nbsp;http&nbsp;1.2.3.4&nbsp;0
<BR>

Changes external address for given connection to 1.2.3.4
(an equivalent to -e1.2.3.4)

<BR>&nbsp;Optional&nbsp;username&nbsp;and&nbsp;password&nbsp;are&nbsp;used&nbsp;to&nbsp;authenticate&nbsp;on&nbsp;parent
proxy. Username of '*' means username must be supplied by user.


<BR>

<B>nolog</B>

&lt;n&gt;
extends last allow or deny command to prevent logging, e.g.
<BR>

allow * * 192.168.1.1
<BR>

nolog


<BR>

<B>weight</B>

&lt;n&gt;
extends last allow or deny command to set weight for this request
<BR>

allow * * 192.168.1.1
<BR>

weight 100
<BR>

Weight may be used for different purposes.

<BR>

<B>bandlimin</B>

&lt;rate&gt; &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
<BR>

<B>nobandlimin</B>

&lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
<B>bandlimout</B>

&lt;rate&gt; &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
<BR>

<B>nobandlimout</B>

&lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
<BR>

<BR>&nbsp;bandlim&nbsp;sets&nbsp;bandwith&nbsp;limitation&nbsp;filter&nbsp;to&nbsp;&lt;rate&gt;&nbsp;bps&nbsp;(bits&nbsp;per&nbsp;second)
(if you want to specife bytes per second - multiply your value to 8).
bandlim rules act in a same manner as allow/deny rules except
one thing: bandwidth limiting is applied to all services, not to some
specific service. 
bandlimin and nobandlimin applies to incoming traffic
bandlimout and nobandlimout applies to outgoing traffic
If tou want to ratelimit your clients with ip's 192.168.10.16/30 (4
addresses) to 57600 bps you have to specify 4 rules like
<BR>

<BR>&nbsp;bandlimin&nbsp;57600&nbsp;*&nbsp;192.168.10.16
<BR>

<BR>&nbsp;bandlimin&nbsp;57600&nbsp;*&nbsp;192.168.10.17
<BR>

<BR>&nbsp;bandlimin&nbsp;57600&nbsp;*&nbsp;192.168.10.18
<BR>

<BR>&nbsp;bandlimin&nbsp;57600&nbsp;*&nbsp;192.168.10.19
<BR>

<BR>&nbsp;and&nbsp;every&nbsp;of&nbsp;you&nbsp;clients&nbsp;will&nbsp;have&nbsp;56K&nbsp;channel.<TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TT>if&nbsp;you&nbsp;specify<BR>
<BR>

<BR>&nbsp;bandlimin&nbsp;57600&nbsp;*&nbsp;192.168.10.16/30
<BR>

<BR>&nbsp;you&nbsp;will&nbsp;have&nbsp;56K&nbsp;channel&nbsp;shared&nbsp;between&nbsp;all&nbsp;clients.
if you want, for example, to limit all speed ecept access to POP3 you can use
<BR>

<BR>&nbsp;nobandlimin&nbsp;*&nbsp;*&nbsp;*&nbsp;110
<BR>

<BR>&nbsp;before&nbsp;the&nbsp;rest&nbsp;of&nbsp;bandlim&nbsp;rules.

<BR>

<B>counter</B>

&lt;filename&gt; &lt;reporttype&gt; &lt;repotname&gt;
<BR>

<B>countin</B>

&lt;number&gt; &lt;type&gt; &lt;limit&gt; &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
<BR>

<B>nocountin</B>

&lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
<BR>

<B>countout</B>

&lt;number&gt; &lt;type&gt; &lt;limit&gt; &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
<BR>

<B>nocountout</B>

&lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
<BR>


<BR>&nbsp;counter,&nbsp;countin,&nbsp;nocountin,&nbsp;countout,&nbsp;noucountout&nbsp;&nbsp;commands&nbsp;are&nbsp;
used to set traffic limit
in MB for period of time (day, week or month). Filename is a path
to a special file where traffic information is permanently stored.
number is sequential number of record in this file. If number is 0
no traffic information  on this counter is saved in file (that is
if proxy restarted all information is loosed) overwise it should be
unique sequential number.
Type specifies a type of counter. Type is one of:
<BR>

<BR>&nbsp;D&nbsp;-&nbsp;counter&nbsp;is&nbsp;resetted&nbsp;daily
<BR>

<BR>&nbsp;W&nbsp;-&nbsp;counter&nbsp;is&nbsp;resetted&nbsp;weekly
<BR>

<BR>&nbsp;M&nbsp;-&nbsp;counter&nbsp;is&nbsp;resetted&nbsp;monthely
<BR>

<BR>&nbsp;reporttype/repotname&nbsp;may&nbsp;be&nbsp;used&nbsp;to&nbsp;generate&nbsp;traffic&nbsp;reports.
Reporttype is one of D,W,M,H(hourly) and repotname specifies filename
template for reports. Report is text file with counter values in
format:
<BR>

<BR>&nbsp;&lt;COUNTERNUMBER&gt;&nbsp;&lt;TRAF*4GB&gt;&nbsp;&lt;TRAF&gt;
<BR>

<BR>&nbsp;The&nbsp;rest&nbsp;of&nbsp;parameters&nbsp;is&nbsp;identical&nbsp;to&nbsp;bandlim/nobandlim.

<BR>

<B>users</B>

username[:pwtype:password] ...
<BR>

pwtype is one of:
<BR>

<BR>&nbsp;none&nbsp;(empty)&nbsp;-&nbsp;use&nbsp;system&nbsp;authentication
<BR>

<BR>&nbsp;CL&nbsp;-&nbsp;password&nbsp;is&nbsp;cleartext
<BR>

<BR>&nbsp;CR&nbsp;-&nbsp;password&nbsp;is&nbsp;crypt-style&nbsp;password
<BR>

<BR>&nbsp;NT&nbsp;-&nbsp;password&nbsp;is&nbsp;NT&nbsp;password&nbsp;(in&nbsp;hex)
<BR>

example:
<BR>

<BR>&nbsp;users&nbsp;test1:CL:password1&nbsp;&quot;test2:CR:$1$lFDGlder$pLRb4cU2D7GAT58YQvY49.&quot;
<BR>

<BR>&nbsp;users&nbsp;test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
<BR>

(note: double quotes are requiered because password contains $ sign).<TT>&nbsp;&nbsp;</TT><BR>

<BR>

<B>flush</B>

<BR>

empty active access list. Access list must be flushed avery time you creating
new access list for new service. For example:
<BR>

<BR>&nbsp;allow&nbsp;*
<BR>

<BR>&nbsp;pop3p
<BR>

<BR>&nbsp;flush
<BR>

<BR>&nbsp;allow&nbsp;*&nbsp;192.168.1.0/24
<BR>

<BR>&nbsp;socks
<BR>

sets different ACLs for
<B>pop3p</B>

and
<B>socks</B>


<BR>

<B>system</B>

<BR>

execute system command

<BR>

<B>pidfile</B>

&lt;filename&gt;
<BR>

write pid of current process to file. It can be used to manipulate
3proxy with signals under Unix. Currently next signals are available:

<BR>

<B>monitor</B>

&lt;filename&gt;
<BR>

If file monitored changes in modification time or size, 3proxy reloads
configuration within one minute. Any number of files may be monitored.

<BR>

<B>setuid</B>

&lt;uid&gt;
<BR>

calls setuid(uid), uid must be numeric. Unix only. Warning: under some Linux
kernels setuid() works onle for current thread. It makes it impossible to suid
for all threads.

<BR>

<B>setgid</B>

&lt;gid&gt;
<BR>

calls setgid(gid), gid must be numeric. Unix only.

<BR>

<B>chroot</B>

&lt;path&gt;
<BR>

calls chroot(path). Unix only.
<A NAME="lbAD">&nbsp;</A>
<H2>PLUGINS</H2>


<BR>

<B>plugin</B>

&lt;path_to_shared_library&gt; &lt;function_to_call&gt; [&lt;arg1&gt; ...]
<BR>

Loads specified library and calls given export function with given arguments,
as 
<BR>

int functions_to_call(struct pluginlink * pl, int argc, char * argv[]);
<BR>

function_to_call must return 0 in case of success, value &gt; 0 to indicate error.

<BR>

<B>filtermaxsize</B>

&lt;max_size_of_data_to_filter&gt;
<BR>

If Content-length (or another data length) is greater than given value, no
data filtering will be performed thorugh filtering plugins to avoid data
corruption and/or Content-Length chaging. Default is 1MB (1048576).


<A NAME="lbAE">&nbsp;</A>
<H2>SEE ALSO</H2>

<A HREF="../man8/3proxy.8.html">3proxy</A>(8), <A HREF="../man8/proxy.8.html">proxy</A>(8), <A HREF="../man8/ftppr.8.html">ftppr</A>(8), <A HREF="../man8/socks.8.html">socks</A>(8), <A HREF="../man8/pop3p.8.html">pop3p</A>(8), <A HREF="../man8/tcppm.8.html">tcppm</A>(8), <A HREF="../man8/udppm.8.html">udppm</A>(8), <A HREF="../man8/syslogd.8.html">syslogd</A>(8),
<BR>

<A HREF="http://3proxy.ru/">http://3proxy.ru/</A>
<A NAME="lbAF">&nbsp;</A>
<H2>TRIVIA</H2>

3APA3A is pronounced as ``zaraza''.
<A NAME="lbAG">&nbsp;</A>
<H2>AUTHORS</H2>

3proxy is designed by 3APA3A
(<I><A HREF="mailto:3APA3A@security.nnov.ru">3APA3A@security.nnov.ru</A></I>),

Vladimir Dubrovin
(<I><A HREF="mailto:vlad@sandy.ru">vlad@sandy.ru</A></I>)

<P>

<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">DESCRIPTION</A><DD>
<DT><A HREF="#lbAD">PLUGINS</A><DD>
<DT><A HREF="#lbAE">SEE ALSO</A><DD>
<DT><A HREF="#lbAF">TRIVIA</A><DD>
<DT><A HREF="#lbAG">AUTHORS</A><DD>
</DL>
<HR>
This document was created by
using the manual pages.<BR>
Time: 21:23:57 GMT, April 07, 2014
</BODY>
</HTML>