81806796ca
Introduce proxy service, which allow only http(s) traffic to yum repos. The filter rules are based on URL regexp, so it isn't full-featured content inspection and can be easy bypassed, but should be enough to prevent some erroneus user actions (like clicking on invalid link). It is set up to intercept connections to 10.137.255.254:8082, so VM can connect to this IP regardless of VM in which proxy is running. By default it is started in every NetVM, but this can be changed using qvm-service or qubes-manager (as always).
31 lines
546 B
Plaintext
31 lines
546 B
Plaintext
User tinyproxy
|
|
Group tinyproxy
|
|
Port 8082
|
|
Timeout 60
|
|
DefaultErrorFile "/usr/share/tinyproxy/default.html"
|
|
|
|
#StatHost "tinyproxy.stats"
|
|
StatFile "/usr/share/tinyproxy/stats.html"
|
|
Syslog On
|
|
LogLevel Notice
|
|
PidFile "/var/run/tinyproxy/tinyproxy-qubes-yum.pid"
|
|
|
|
MaxClients 50
|
|
MinSpareServers 2
|
|
MaxSpareServers 10
|
|
StartServers 2
|
|
MaxRequestsPerChild 0
|
|
ViaProxyName "tinyproxy"
|
|
|
|
Allow 127.0.0.1
|
|
Allow 10.137.0.0/16
|
|
|
|
|
|
Filter "/etc/tinyproxy/filter-qubes-yum"
|
|
FilterURLs On
|
|
#FilterExtended On
|
|
#FilterCaseSensitive On
|
|
FilterDefaultDeny Yes
|
|
ConnectPort 443
|
|
|