Audit

All audit value types are described here.

icap service config

type: map | str

Config ICAP service.

For str value, the value will be treated as url as described following.

For map value, the keys are:

  • url

    required, type: url str

    Set the ICAP service url. The scheme should be either ‘icap’ or ‘icaps’. A default tls client config will be used if the scheme is ‘icaps’.

  • use_unix_socket

    optional, type: absolute path

    Set a UNIX domain socket address to use before try via TCP.

    If the path can’t be connected the TCP address in the url will be used as a fallback.

    default: not set

    Added in version 1.12.0.

  • tls_client

    optional, type: rustls client config

    Enable tls and set the config. TLS will be enabled even if the url scheme is ‘icap’.

    default: not set for ‘icap://’ url, default one for ‘icaps://’ url

    Added in version 1.9.9.

  • tls_name

    optional, type: tls name

    Set the tls server name to verify peer certificate.

    default: same as the host port in url

    Added in version 1.9.9.

  • tcp_keepalive

    optional, type: tcp keepalive

    Set the keep-alive config for the tcp connection to ICAP server.

    default: enabled with default value

  • icap_connection_pool

    optional, type: connection pool

    Set the connection pool config.

    default: set with default value

  • icap_max_header_size

    optional, type: humanize usize

    Set the max header size when parsing response from the ICAP server.

    default: 8KiB

  • no_preview

    optional, type: bool

    Set to true to disable ICAP preview.

    default: false

    Added in version 1.11.6.

  • preview_data_read_timeout

    optional, type: humanize duration

    Set the timeout value for the read of preview data. If timeout, preview will not be used in the request send to the ICAP server.

    default: 4s

  • respond_shared_names

    optional, type: http header name or seq of this

    Set the headers returned by ICAP server in REQMOD response that we should send in the following RESPMOD request.

    This config option now only apply to REQMOD service.

    default: not set

  • bypass

    optional, type: bool

    Set if we should bypass if we can’t connect to the ICAP server.

    default: false

stream detour service config

type: map | str | int

Config the Stream Detour service.

For str value, the value will be treated as peer as described following.

For map value, the keys are:

  • peer

    optional, type: upstream str

    Set the peer address.

    default: 127.0.0.1:2888

  • tls_client

    optional, type: rustls client config

    Enable tls and set the config.

    default: not set

  • tls_name

    optional, type: tls name

    Set the tls server name to verify peer certificate.

    default: not set

  • connection_pool

    optional, type: connection pool

    Set the connection pool config.

    default: set with default value

  • connection_reuse_limit

    optional, type: nonzero usize

    Set how many times a single QUIC connection will be reused. The max allowed streams on this QUIC connection should be double of this value.

    default: 16

  • quic_transport

    optional, type: quinn transport

    Set the transport config for quinn.

    default: set with default value

    Added in version 1.9.9.

  • stream_open_timeout

    optional, type: humanize duration

    Set the timeout to open QUIC streams to the detour server.

    default: 30s

  • request_timeout

    optional, type: humanize duration

    Set the timeout to get detour action response from the detour server after open the streams.

    default: 60s

  • socket_buffer

    optional, type: socket buffer config

    Set the socket buffer config for the socket to peer.

    default: not set

Added in version 1.9.8.