#
# config file for twhttpd
# example for oubound proxy
#

# working dir, default current dir
$work_dir = "/home/proxy";

# perform chroot after daemonized??
$chroot = "enable";

# cache dir, after chroot
# only effective if belows any server has enable caching
$cache_dir = ".cache" ;

# change uid and gid
$uid = "nobody";
$gid = "nobody";

# protected inbound http service
server ( $listen = 0.0.0.0:8080,              # Internal IP
         $forward = 0.0.0.0,                  # auto forward mode
         $access_log = "./access.log",        # note error log still goes to syslog
         $cache = "enable",                   # enable cache
         $safe_url = "disable",               # outbound proxy dont need safe_url
         $header_check = "response",          # enable response header check to protect client
         $https = "enable",                   # enable HTTPS
         # hidden your platform
         $browser_version = "[Anonymized browser]" ) 
{
    # note, if you want to access control https
    # you can ONLY check for $host, $client_ip, $port, $proxy_auth (not include $auth)
    # the client would not send me any path info, referer info, etc.
    # below is what the client would send to me
    # 
    # CONNECT https://www.secure_host.com:443 HTTP/1.0[return]
    # [return]
    #
    if ( $method == "CONNECT" )
    {
        if ( $host == "*sex*" )
        {
            return 400;
        }
        else
        {
            return 200;
        }
    }

    # normal web page
    else
    {

        # only these IP can go thru without any limits
        if ( $client_ip == 192.168.1.0/24 )
        {
            # OK
            return 200;
        }
        # net 192.168.2.0 has to login first before go out
        # they will also be forward to my ISP proxy
        elsif ( $client_ip == 192.168.2.0/24 )
        {
            # ./htpasswd is the password file
            if ( htpasswd($proxy_auth, "./htpasswd.txt") )
            {
                # OK
                # this is my ISP proxy IP, hostname doesn't works
                $forward = 202.1.2.3:8080;
                # use proxy server syntax
                $forward_proxy = "enable";
                return 200;
            }
            else
            {
                # note you should return 401, not_authorized, if you check for $auth
                # return 407, proxy_not_authorized, if you check for $proxy_auth
                return 407;
            }
        }
        # net 192.168.3.0 can only goto www.yahoo.com
        elsif ( $client_ip == 192.168.3.0/24 &&
                $host == "*.yahoo.com" )
        {
            # OK
            return 200;
        }
        else 
        {
            # Forbidden
            return 403;
        }
    }

    # again, you should not reach this
    # Internal Server Error
    return 500;
}

# that's all