; 26 Aug 2020 [Proxy] RxBuffSize=65536 MaxClients=999 ; not used yet ServerHeader=ICS-Proxy ; can be 0.0.0.0 unless large server LocalAddr=0.0.0.0 ; CA root bundle to validate remote targer certificates and local chains RootCA=c:\certificates\RootCaCertsBundle.pem ; needed for DH and DHE ciphers DHParams=c:\certificates\dhparams2048.pem ; Logging: DebugNone, DebugConn, DebugSsl, DebugHttpHdr, DebugHttpBody, DebugChunks, DebugAll DebugLevel=DebugSsl ; Target SSL security level: sslSecLevelAny, sslSecLevel80bits, sslSecLevel112bits (RSA/DH keys=>2048), sslSecLevel128bits (RSA/DH keys=>3072) TarSecLevel=sslSecLevel112bits ; Target SSL certificate trusted root check: CertVerNone=0, CertVerBundle=1, CertVerWinStore=2 CertVerTar=CertVerBundle ; with CertVerTar=CertVerWinStore should revoke be checked, slow SslRevocation=False ; report target SSL certificates on first connection SslReportChain=True ; with Keep-Alive, try and keep connections open anyway HttpIgnoreClose=False ; should responses to source client be compressed HttpSrcCompress=True ; is remote target allowed to compress responses HttpTarCompress=False ; should be try and stop upgrades to HTTP/2 and SSL HttpStripUpgrade=True ; force server to send responses by removing If-Modified-Since: header HttpStopCached=False ; maximum size of body to buffer and check for URLs HttpMaxBody=2000000 ; should browser send certificate: sslCliCertNone, sslCliCertOptional, sslCliCertRequire SslCliCertMethod=sslCliCertNone ; should server automatically order and install SSL certificates, also needs CertSupplierProto specified ; also needs a Certificate Supplier Account to be created first SslCertAutoOrder=True ; how many days before expiry of SSL certificates should warnings and AutoOrder start CertExpireDays=30 ; X509 certificate ordering proxy X509ProxyURL= ; check server certificates not revoked and staple OCSP response to handshake OcspSrvStapling=True ; file to cache server OCSP responses OcspSrvCacheFile=ocsppxysrvcache.recs ; file to cache client OCSP responses OcspTarCacheFile=ocsppxytarcache.recs [Source1] Hosts=mypc HostTag=SMTP-MAGSYS Descr=SMTP > 25:465 BindIpAddr=0.0.0.0 BindNonPort=25 BindSslPort= Enabled=True Proto=SMTP [Target1] HostTag=SMTP-MAGSYS Descr=SMTP > 25:465 TarHost=mail.magsys.co.uk TarPort=465 TarSsl=True IdleTimeout=60 HostEnabled=True [Source2] Hosts=mypc HostTag=POP3-MAGSYS Descr=POP3 > 110:995 BindIpAddr=0.0.0.0 BindNonPort=110 BindSslPort= Enabled=True Proto=POP3 [Target2] HostTag=POP3-MAGSYS Descr=POP3 > 110:995 TarHost=mail.magsys.co.uk TarPort=995 TarSsl=True IdleTimeout=60 HostEnabled=True [Source3] Hosts=mypc HostTag=TELNET-CIX Descr=Telnet > 23:992 BindIpAddr=0.0.0.0 BindNonPort=23 BindSslPort= Enabled=True Proto=TELNET [Target3] HostTag=TELNET-CIX Descr=Telnet > 23:992 TarHost=cix.co.uk TarPort=992 TarSsl=True IdleTimeout=60 HostEnabled=True [Source4] Hosts=mypc HostTag=NNTP-EMB Descr=NTTP > 119:563 BindIpAddr=0.0.0.0 BindNonPort=119 BindSslPort= Enabled=True Proto=NNTP [Target4] HostTag=NNTP-EMB Descr=NTTP > 119:563 TarHost=forums.embarcadero.com TarPort=563 TarSsl=True IdleTimeout=60 HostEnabled=True [Source5] Hosts=mypc HostTag=HTTP-FORWARD Descr=Http ForwardProxy 81:80 BindIpAddr=0.0.0.0 BindNonPort=81 BindSslPort= Enabled=True ForwardProxy=True Proto=HTTP [Source6] Hosts=mypc HostTag=HTTP-TELECOM Descr=Http > 80/443 BindIpAddr=0.0.0.0 BindIpAddr2= BindNonPort=80 BindSslPort=443 Enabled=True SslCert=c:\certificates\mypc-bundle.pem SslPassword=password SslInters=c:\certificates\inters.pem SslSecLevel=sslSrvSecInterFS WellKnownPath=c:\websites\well-known Proto=HTTP [Target6] HostTag=HTTP-TELECOM Descr=Http > 80/443 TarHost=www.telecom-tariffs.co.uk TarPort=80 TarSsl=False IdleTimeout=60 HostEnabled=True UpdateHttp=True UpdateHtml=True [Source7] Hosts=mypcold HostTag=HTTP-REDIRECT Descr=Redirect mypcold BindIpAddr=0.0.0.0 BindIpAddr2= BindNonPort=80 BindSslPort=443 Enabled=True SslCert=c:\certificates\mypcold-bundle.pem SslPassword=password SslInters=c:\certificates\inters.pem SslSecLevel=sslSrvSecInterFS WellKnownPath=c:\websites\well-known WebRedirectURL=https://www.telecom-tariffs.co.uk/ WebRedirectStat=301 Proto=HTTP [Source8] Hosts=test7.ftptest.org,test7.ftptest.org.uk,test7.ftptest.co.uk HostTag=HTTP-FTPTEST Desc=test6-LetsEncrypt BindIpAddr=192.168.1.123 BindNonPort=80 BindSslPort=443 Enabled=False SslSecLevel=sslSrvSecInterFS WellKnownPath=c:\websites\well-known\proxy SslCert=c:\certificates\local\test7_ftptest_org.pfx SslPassword=password CertSupplierProto=SuppProtoAcmeV2 CertProduct=Let's Encrypt CertDirWork=c:\weblogs\acme-certs\ CertChallenge=ChallFileUNC CertPKeyType=PrivKeyRsa2048 CertSignDigest=Digest_sha256 [Target8] HostTag=HTTP-FTPTEST Descr=HttpFtpTest > Magsys TarHost=www.magsys.co.uk TarPort=443 TarSsl=True IdleTimeout=60 HostEnabled=False UpdateHttp=True UpdateHtml=True