.\" ftp-proxy/ftp-proxy.conf.5.  Generated from ftp-proxy.conf.5.in by configure.
.\"
.\" $Id: ftp-proxy.conf.5.in,v 1.8.2.3 2005/01/11 13:00:01 mt Exp $
.\"
.\" Manual Page for the ftp-proxy Configuration file
.\"
.\" Author(s): Jens-Gero Boehm <jens-gero.boehm@suse.de>
.\"            Pieter Hollants <pieter.hollants@suse.de>
.\"            Marius Tomaschewski <mt@suse.de>
.\"            Volker Wiegand <volker.wiegand@suse.de>
.\"
.\" This file is part of the SuSE Proxy Suite
.\"            See also  http://proxy-suite.suse.de/
.\"
.\" This program is free software; you can redistribute it and/or
.\" modify it under the terms of the GNU General Public License
.\" as published by the Free Software Foundation; either version
.\" 2 of the License, or (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program; if not, write to the
.\" Free Software Foundation, Inc., 59 Temple Place - Suite 330,
.\" Boston, MA 02111-1307, USA.
.\"
.\" A history log can be found at the end of this file.
.\"
.TH ftp-proxy.conf 5 "September 20th, 1999" "SuSE" "Proxy-Suite"
.SH NAME
ftp-proxy.conf \- configuration file for FTP-Proxy
.SH SYNOPSIS
/usr/local/etc/proxy-suite/ftp-proxy.conf
.SH DESCRIPTION
This manual page documents the configuration file format of the
.B ftp-proxy(8)
program.
FTP-Proxy is an application level gateway between FTP clients
and servers.  Its main purpose is to secure servers against
attacks based on the FTP protocol.
.PP
The FTP-Proxy configuration file consists of option lines and
comments.  A line starting with a '#' character is a comment.
The general format of a option line is
.PP
.B [WhiteSpace] Name WhiteSpace Value [WhiteSpace]
.PP
It is recommended to use up to 24 characters for the name and
no more than 1024 for the value, although theoretically both
can be up to 4096 in size.  Lines can be continued if the last
character is a backslash.  The whole file is not case sensitive.
.SS CONTEXT
Option lines always have a
.B context
which may be global or user specific.  A context is introduced
by a
.B [name]
line, where name is the FTP-login name or authuser if the
.B UserAuthMagic
feature is used. It is allowed to use '*' wildcard character
at the end of the context name
.B [name*]
i.e. [foo*] to match multiple usernames beginning with "foo".
The beginning of the file is implicitly the
.B [-Global-]
context (the dashes allow a user context named [global] without
conflict).  It is legal to include an option more than once;
the last one will be the one used.  Options in user contexts
usually take precedence over the equivalent global option.
.PP
Some of the options can be used in a user or the global context,
while others make sense only in one of them.  See below.
.SS VARIABLE SUBSTITUTION
Several options (see the individual discussion below for details)
support a limited set of variable substitution when evaluated.
The following replacements will be performed:
.sp
.nf
.DT
.ta .4i 1i
	\fB%b\fR	build date of the ftp-proxy(8) program
	\fB%d\fR	current system date in the form YYYY/MM/DD
	\fB%h\fR	host name from gethostname(2)
	\fB%n\fR	network name from getdomainname(2)
	\fB%t\fR	current system time in the form HH:MM:SS
	\fB%v\fR	version of the ftp-proxy(8) program
	\fB%%\fR	a single percent sign
.DT
.fi
.SH OPTIONS
.TP
.B ActiveMaxDataPort
Both user and global context.  Defines the maximum local port
number used when connecting to the client's data port.  The
latter is either the same as the client's control port or the
one given in the most recent
.B PORT
command.  If either minimum
or maximum value is not given, the program defaults to using
port 20, the
.B ftp-data
port as per
.B RFC 959,
for the local end of the socket if the proxy is running as root
(user ID 0) or to use a random port. See also
.B ActiveMinDataPort
and
.B User
options.
.TP
.B ActiveMinDataPort
Both user and global context.  Defines the minimum local port
number used when connecting to the client's data port.
See also
.B ActiveMaxDataPort
and
.B User
options.
.TP
.B AllowMagicUser
Global context only.  Defines a flag that when set to
.B yes, true,
or
.B on
allows the USER name to be optionally interpreted as
.B "user[@host[:port]]"
where host overrides the
.B DestinationAddress
and port the
.B DestinationPort
directive below. It should only be activated with "trusted"
users, like in an outgoing FTP proxy scenario. See also the
.B UserMagicChar
and
.B ForceMagicUser
options.
.TP
.B AllowTransProxy
Global context only.  Defines a flag that when set to
.B yes, true,
or
.B on
allows to use the proxy as transparent proxy for outgoing ftp.
To get it working you also have to redirect client requests on
a gateway or firewall host (i.e. via ipchains) to the ftp-proxy.
It should only be activated with "trusted" users, like in an
outgoing FTP proxy scenario. You can combine this with the
.B AllowMagicUser
option.
.TP
.B DenyMessage
Global context only.  Defines the name of a file which prevents
any successful login if it exists, even if it is empty.  The
file contents will be sent to the client, each line prefixed
with
.B "'421-'"
and with variable substitution applied.  The whole file is
followed by a line starting with
.B "'421 '"
followed by the
.B DenyString
below.  After sending the connection is closed.  If no such file
exists, the deny mechanism is not triggered altogether.  See also
.B DenyString
option.
.TP
.B DenyString
Global context only.  Defines a string that will be displayed to
clients, prefixed with
.B "'421 '"
and variable substitution applied, if and only if a
.B DenyMessage
file exists.  The default is
.B "'Service not available'."
See also
.B DenyMessage
option.
.TP
.B DestinationAddress
Both user and global context.  Defines where to redirect incoming
FTP traffic.  Can be given as either dotted decimal IP address or
as DNS host name.  Please note that the global section must always
contain this option as a basic sanity check.
.TP
.B DestinationMaxPort
Both user and global context.  Defines the maximum local port
number to be used when opening a connection to the FTP server.
Valid both for control and for data connections.  Defaults to
not binding prior to connecting and listening, so that the system
selects an arbitrary ephemeral port.  See also
.B DestinationMinPort
option.
.TP
.B DestinationMinPort
Both user and global context.  Defines the minimum local port
number to be used when opening a connection to the FTP server.
See also
.B DestinationMaxPort
option.
.TP
.B DestinationPort
Both user and global context.  Defines the FTP server's control
port where the proxy itself will connect.  This option can either
be given as a numeric value or as the service name retrieved by
.B getservbyname(3)
and defaults to port 21, the
.B ftp
port as per
.B RFC 959.
.TP
.B DestinationTransferMode
Both user and global context.  Defines the FTP transfer mode to
be used from the proxy to the server.  Legal values are
.B active, passive,
or
.B client.
The latter means to follow the mode the client is using.  The
default value is
.B client.
.TP
.B FailResetsPasv
Global context only.  Defines the action that is taken when a
data transfer command is failed on the server side.
If the option is set to
.B yes, true,
or
.B on
the client data transfer socket will be closed and the transfer
mode set to the default (active-ftp).
.br
If this flag is set to
.B no, false,
or
.B off
(which is also the default) the socket can be reused for the
next data transfer command in passive mode. This options is
a workaround for Netscape (4.x) clients, that sends a second
data transfer command if the first is failed, while the user
clicks on a symbolic link pointing to a directory.
.br
Note, that this behavior may break the RFC definitions.
.TP
.B ForceMagicUser
Global context only. Same as AllowMagicUser, but makes the
host and port portion mandatory.
.TP
.B ForkLimit
Global context only. Limits the number of incoming client
connections per minute in daemon mode - it defaults to 40
connections per minute.
.TP
.B Group
Global context only.  Defines the UNIX style group ID which is
set by the process before it serves clients.  Default is to
keep the current real group ID.
.TP
.B LDAPAuthDN
Global context only.  Defines a different base distinguished
name that is used when accessing an LDAP directory for user
authentication purposes. It defaults to the value of
.B LDAPBaseDN.
See also
.B LDAPAuthPWAttr, LDAPAuthPWType, LDAPAuthOKFlag,
.B UserAuthType, LDAPBindDN
options.
.TP
.B LDAPAuthOKFlag
Global context only.  Defines an attribute and its value as
.B attr=value
string, i.e. userEnabled=yes, that will be checked while user
authentication in the directory tree specified using
.B LDAPAuthDN
or
.B LDAPBaseDN.
Defaults to an empty string - no flag check used.
.TP
.B LDAPAuthPWAttr
Global context only.  Defines the LDAP password attribute name
used for user authentication.
.br
A common used attribute name is
.B userPassword.
Defaults to an empty string - password authentication disabled.
See also
.B LDAPAuthPWType
option.
.TP
.B LDAPAuthPWType
Global context only.  Defines the LDAP password type / format
and a minimal allowed password length expected as value for
attribute name specified using
.B LDAPAuthPWAttr.
.sp
Valid values are
.B plain, crypt, {crypt}
followed by one number
.B 0-9,
i.e.
.B {crypt}7, plain9
or
.B plain.
.sp
If no minimum length specified the default minimum length of 5
characters is used.
.sp
A password type {crypt} means, the password value in the LDAP
directory is prefixed by the {crypt} scheme specification. Other
password schemes, i.e. MD5, are not supported at the moment.
.br
Crypted passwords are only avaliable, if the proxy is compiled
with crypt support - see also
.B "--with-crypt"
compile time option in configure script.
.sp
If the password (without scheme prefix) stored in LDAP directory
is
.B "*"
or
.B "!"
the account is disabled and the authentication fails.
.sp
Defaults to
.B plain
(equivalent to plain5). See also the
.B LDAPAuthOKFlag.
.TP
.B LDAPBaseDN
Global context only.  Defines the base distinguished name that
is used when accessing an
.B LDAP
directory, i.e. the root of the tree containing the FTP-Proxy
entries. Defaults to an empty string. If
.B UserAuthMagic
is used, the authuser is used as user name for authentication
and user profiles, otherwise the normal ftp-user name.
See also
.B LDAPIdentifier, LDAPObjectClass, LDAPServer, UserAuthMagic
options.
.TP
.B LDAPBindDN
Defines the distinguished name that is used to (simple) bind
the directory service. Defaults to an empty string (anonymous
bind). It is allowed to include one %s in this string, that
will be replaced with the FTP username or authuser if
.B UserAuthMagic
is used.
See also
.B UserAuthMagic, LDAPAuthDN, LDAPBindPW
options.
.TP
.B LDAPBindPW
Defines the credential (password) that is used to (simple) bind
the directory service using distinguished name given in the
.B LDAPBindDN
option. Defaults to an empty string (anonymous bind).
.TP
.B LDAPIdentifier
Global context only.  Defines the identification attribute for
the access to the
.B LDAP
directory.  This can be thought of as the primary key and
defaults to the string
.B CN
which is short for "Common Name."  See also
.B LDAPBaseDN, LDAPObjectClass, LDAPServer
options.
.TP
.B LDAPObjectClass
Global context only.  Defines the
.B LDAP
object class which holds the entries for the FTP-Proxy access
control.  It is assumed that the possible user specific config
options exist as attributes within a record of this type.  There
is no default, but a value of
.B FTPProxyUser
is recommended.  See also
.B LDAPBaseDN, LDAPIdentifier, LDAPServer
options.
.TP
.B LDAPServer
Global context only.  This is the main option for using an
.B LDAP
directory for retrieving user specific values.  If given, it
denotes the server (and possible port separated by a colon)
where FTP-Proxy will ask for the attributes.  The program will
bind as the anonymous user and try to retrieve the values from
the tree rooted at
.B LDAPBaseDN,
having an object class of
.B LDAPObjectClass
and identified by the
.B LDAPIdentifier.
If the server cannot be reached, the program aborts.  If the
user cannot be found, the program falls back to the configuration
file, but will query only the global values and not the user
specific ones.  See also
.B LDAPBaseDN, LDAPBindDN, LDAPIdentifier, LDAPObjectClass
options.
.TP
.B LDAPVersion
Global context only. Use this option to set the LDAP API version,
the proxy should set: 2 or 3. Use 0 to skip explicit version
setting and use library defaults.
Defaults is version 3 if supported by the library or 2 if not.
.br
Note: OpenLDAP 2.x library defaults to version 2 bind, but the
OpenLDAP server refuses LDAPv2 bind by default.
.TP
.B Listen
Global context only.  Defines the address where the proxy itself
opens the listening port.  The default is
.B 0.0.0.0
which instructs the server to bind to any address.  See also
.B Port
option.
.TP
.B LogDestination
Global context only.  Defines the destination of the logging
information the program wishes to emit.  If the value starts
with a slash (/) it will be interpreted as an absolute path.
This file will be created and kept open during the lifetime
of the process.  The signal
.B SIGUSR1
can be sent to the (daemon) process in order to rotate this
log file.
.sp
A second way to provide logging is via a pipe and is employed
when the first character of the option is a pipe symbol (|).
In this case the rest of the value is interpreted as the name
of a UNIX command which is invoked and receives logging
information on its standard input.
.sp
The third way is to use the
.B syslog(3)
service which is assumed for all other values.  The option value
is interpreted as the syslog facility while the severity is
defined by the various messages themselves.
.TP
.B LogLevel
Global context only. Defines the maximal level of logged messages.
The levels are, in order of decreasing importance:
.B FLT, ERR, WRN, INF, DBG
.br
The default level is
.B INF.
A
.B LogLevel
set to
.B WRN
causes, that only messages with levels
.B FLT, ERR, WRN
will be logged.
.TP
.B MaxClients
Global context only.  Defines the maximum number of clients
the proxy will allow concurrently.  The valid range for this
option is 1 to 512, with a default of 64.  See also
.B MaxClientsMessage, MaxClientsString
options.
.TP
.B MaxClientsMessage
Global context only.  Defines the name of a file that is displayed
to clients if their maximum number defined with
.B MaxClients
has been exceeded. If no such file exists only the
.B MaxClientsString
is displayed, else both the file and the string are transmitted.
After transmission the connection is terminated in any case.
When sending the file, each line is prefixed with
.B "'421-'"
and variable substitution is applied to it.  See also
.B MaxClients, MaxClientsString
options.
.TP
.B MaxClientsString
Global context only.  Defines a string that will be displayed to
clients, prefixed with
.B "'421 '"
and variable substitution applied, if the maximum client number
has been exceeded.  The default is
.B "'Service not available'".
See also
.B MaxClients, MaxClientsMessage
options.
.TP
.B MaxRecvBufSize
Global context only. Defines the maximum number of bytes read from
socket at once while data transfers. Default is to read all data as
reported by the kernel.
.br
It may be useful to set a limit (i.e. to 8192), if your proxy
machine uses two interfaces of different speed, i.e. the clients
are accessing the proxy via a high-speed interface (i.e. Fast-Ethernet)
and the proxy is accessing servers using a slower one (i.e. modem,
ISDN link) and your ftp-clients aborts the data transfers because
of a timeout.
.TP
.B PassiveMaxDataPort
Both user and global context.  Defines the maximum local port
number used when listening for the client's data connection.
This is the port number transmitted to the client in a
.B 227
response to the
.B PASV
command.
If either minimum or maximum value is not given, the program
defaults to let the system choose an arbitrary ephemeral
port.  See also
.B PassiveMinDataPort
option.
.TP
.B PassiveMinDataPort
Both user and global context.  Defines the minimum local port
number used when listening for the client's data connection.
See also
.B PassiveMaxDataPort
option.
.TP
.B PidFile
Global context only.  Defines the name of a process ID file where
FTP-Proxy will store its process ID if running as daemon.  The
file contents will be an ASCII string with a trailing newline.
On many operating systems such PID files will be located in the
.B "/var/run"
directory.
.TP
.B Port
Global context only.  Defines the listening port where the
FTP-Proxy offers its service.  The port can be given as a
number or as a string suitable for retrieval by the
.B getservbyname(3)
function.  It defaults to port 21, the
.B ftp
port as per
.B RFC 959.
See also
.B Listen
option.
.TP
.B PortResetsPasv
Global context only.  Defines the action that is taken when a
.B PORT
command is received while a passive port is open for listening.
If the option is set to
.B yes, true,
or
.B on,
(which is also the default) the socket will be closed and the
passive mode will be terminated (set to active-ftp). Setting
the option to
.B no, false,
or
.B off
does not cancel the listen.  This flag seems necessary because
the RFC is not really clear enough about the correct handling.
.TP
.B SameAddress
Both user and global context.  Defines a boolean value which
determines if the proxy is allowed to be included in so-called
third party server to server transfers.  In this situation
the client first sends a
.B PASV
command to one server, then a
.B PORT
command with the response code to the second server, and then
initiates the transfer with mutual transfer commands on the
two servers.  Specifying this option as
.B no, false,
or
.B off
allows FTP-Proxy to take part in such a transfer, while saying
.B yes, true, 
or
.B on
(the default) will enforce that transfers can only take place
to/from the client itself.
.TP
.B ServerRoot
Defines the directory into which the FTP-Proxy performs a
.B chroot(2)
in order to increase its security level. See also the
.B User
and
.B Group
options.
.sp
Note, that you have to copy needed libraries, configuration files,
etc into this directory first!
.TP
.B ServerType
Global context only.  Defines the mode in which the FTP-Proxy
is running if no command line switch
.B "(-d/-i)"
has been provided.  The option value can either be
.B inetd
in which case the proxy expects the client to be available at
standard input and output, or it can be
.B standalone
which means the process will become a daemon, open the listening
port and fork child processes for all future connections.  The
child processes themselves will behave exactly as if they were
started from inetd.
.TP
.B SockBindRand
Global context only.  Defines a flag that when set to
.B yes, true,
or
.B on
, causes the proxy to use a random port in the specified range
via DestinationMinPort/MaxPort, ActiveMinPort/MaxDataPort,
PassiveMinDataPort/MaxDataPort instead of increment the port
number inside of this range. See also
.B DestinationMinPort, DestinationMaxPort, PassiveMinDataPort,
.B PassiveMaxDataPort, ActiveMinPort, ActiveMaxPort
options.
.TP
.B TCPWrapper
Global context only.  Defines a boolean value which is evaluated
by the FTP-Proxy running as a standalone daemon only.  Saying
.B yes, true, 
or
.B on
activate the
.B TCP Wrapper
library, whereas
.B no, false,
or
.B off
(the default) disable the function. See also
.B TCPWrapperName
option.
.TP
.B TCPWrapperName
Global context only.  Use given
.B name
for TCP-Wrapper checks instead of the program name (argv[0]).
See also
.B TCPWrapper
option.
.TP
.B TimeOut
Both user and global context.  Defines the time in seconds after
which a client is assumed to be disconnected.  If no activity
is detected from the client after this time, the connection is
closed and the process terminates.  Default value is 900 seconds.
.TP
.B TranslatedAddress
Global context only.  Defines an IP address the server will use
in
.B 227
replies to
.B PASV
commands instead of its own address.  Usually the address where
the client connected to is taken, but this may not be appropriate
in situations where an NAT (Network Address Translation) device
is located in the way from the client to the proxy.  In this
situation the response can be changed to include the input address
of the NAT device.
.sp
The value for this option can be given as a DNS host name, as a
dotted decimal IP address, or as a file name.  The latter is
assumed when the name starts with a slash.  The file is opened
and scanned for the desired address.  Blank lines or lines starting
with '#' are ignored.  Reading the address from a file may be useful
for environments with masquerading and dynamic PPP connections.
.TP
.B User
Global context only.  Defines the UNIX style user ID which is
given to the process before it serves clients.  Default is to
keep the current real user ID.
.sp
If the proxy does not run as a privileged user (root, user ID 0),
it has no permission to bind a socket to port < 1024 or to preform
a
.B chroot(2)
call.
See also
.B ActiveMinDataPort, ActiveMaxDataPort, ServerRoot
options.
.br
.TP
.B UserMagicChar or UseMagicChar
Global context only. Defines the character to use as separator
between user and host[:port] in the target setting of
.B AllowMagicUser
Default is the '@' character. This allows you to use E-Mail
addresses as usernames for login to the ftp server
(i.e. me@mydomain%ftp.server:21 if you set it to %).
.TP
.B UserAuthMagic
Global context only. This is an authentication extension like
AllowMagicUser, allowing encoding of additional username and
password in the USER and PASS commands for authentication.
Valid values are
.B @auth
for ftpuser@authuser[@host:port] and ftppass@authpass or
.B auth@
for authuser@[ftpuser@host:port] and authpass@ftppass. See also
.B LDAPBindDN, LDAPAuthType
and
.B AllowMagicUser.
.TP
.B UserAuthType
Global context only. Defines the authentication mechanism
the proxy should use. Currently "ldap" is implemented to
support simple LDAP authentication using FTP username and
password from USER and PASS commands or the special
authuser and authpass encoded using
.B UserAuthMagic.
See also
.B LDAPBindDN, LDAPAuthDN,  LDAPAuthPWAttr, LDAPAuthPWType,
.B LDAPAuthOKFlag
and
.B UserAuthMagic
options.
.TP
.B UserNameRule
Global context only. Defines a regular expression rule for
validation of the user name (used for profile-setup and
authentication purposes). Defaults to:
.sp
.B "^[[:alnum:]]+([%20@/\\\\._-][[:alnum:]]+)*$"
.sp
It checks, if the first character is alphanumeric, optionally
followed by @/_-. or alphanumeric characters and ending with
an alphanumeric one.
.sp
This matches the usual cases inclusive E-Mail adresses and
"domain/user" names.
.sp
If regex support is not avaliable, above default rule is still
used and the option ignored. See also
.B ValidCommands
option for regex encoding description.
.TP
.B ValidCommands
Both user and global context.  Defines the list of allowed
FTP commands for the client.  If this option is not installed,
there will be no restriction on the allowed commands.  But if
it is given, then all commands not on this list will be denied.
The list is space separated and may consist of the following
commands:
.B USER, PASS, ACCT, CWD,  CDUP, SMNT, QUIT, REIN, PORT, PASV,
.B TYPE, STRU, MODE, RETR, STOR, STOU, APPE, ALLO, REST, RNFR,
.B RNTO, ABOR, DELE, RMD,  MKD,  PWD,  LIST, NLST, SITE, SYST,
.B STAT, HELP, NOOP, SIZE, MDTM, MLFL, MAIL, MSND, MSOM, MSAM,
.B MRSQ, MRCP, XCWD, XMKD, XRMD, XPWD, XCUP, AUTH, APSV, EPRT,
and
.B EPSV.
.sp
Each command can be followed by an optional equals sign and
.B POSIX 1003.2 Extended Regular Expression (RE)
that describes the valid argument(s) for the command.  If the
whole string is to be matched, the pattern has to start with a
caret (^) and end with a dollar ($).  If no pattern follows a
command, its arguments are not checked.  An example for a name
would be the pattern
.B "'^[a-zA-Z0-9]{1,512}$'"
for an argument that is mandatory and may consist of up to
512 letters or digits only.  A command that does not allow any
arguments can also easily be represented:
.B "'QUIT=^$'".
.sp
Please note that the regular expression is "pre-processed".
This means that a pattern in the form %xx will be interpreted
as a hexadecimal constant and will be replaced by the value
of that constant.  This looks a bit like HTML and helps to
include characters that might not be handled as expected, like
%20 for space or %5c (equivalent to %5C) for backslash.  The
space is especially important because it is the separator for
the commands within the list itself.
.sp
Please note also that regular expression support must have been
enabled with the
.B "--with-regex"
switch during the
.B configure
compilation step of the whole package.
.TP
.B WelcomeMessage
Global context only.  Defines the name of a file that will be
displayed to all clients as the first action when they open the
control connection.  Each line is prefixed with
.B "'220-'"
and variable substitution is applied to it.  If no such file
exists it is silently ignored.  See also
.B WelcomeString
option.
.TP
.B WelcomeString
Global context only.  Defines the string that is sent to the
client in order to start login negotiation.  The string is
prefixed with
.B "'220 '"
and variable substitution is applied to it.  If this option is
not given it defaults to the following string:
.br
.B "'%h FTP server (%v - %b) ready'."
.br
See also
.B WelcomeMessage
option.
.SH FILES
/usr/local/etc/proxy-suite/ftp-proxy.conf
.br
/usr/local/sbin/ftp-proxy
.SH "SEE ALSO"
ftp-proxy(8)
.sp
The
.B SuSE Proxy-Suite
documentation included in the
.B doc
subdirectory of the package.
.SH AUTHORS
Jens-Gero Boehm <jens-gero.boehm@suse.de>
.br
Pieter Hollants <pieter.hollants@suse.de>
.br
Volker Wiegand <volker.wiegand@suse.de>
.br
Marius Tomaschewski <mt@suse.de>
.SH COPYRIGHT
The
.B SuSE Proxy-Suite
is released under the
.br
.B GNU General Public License (GPL).
.\" ###########################################################
.\" $Log: ftp-proxy.conf.5.in,v $
.\" Revision 1.8.2.3  2005/01/11 13:00:01  mt
.\" fixed default UserNameRule regexp rejecting user
.\" names where the 3. character is not alphanumeric
.\"
.\" Revision 1.8.2.2  2004/03/22 12:38:12  mt
.\" added UserNameRule option allowing a regex
.\" override of the builtin user name checks
.\"
.\" Revision 1.8.2.1  2003/05/07 11:08:24  mt
.\" added LDAPVersion and ForceMagicUser variables description
.\"
.\" Revision 1.8  2002/05/02 13:23:18  mt
.\" documented user auth related variables
.\"
.\" Revision 1.7  2002/01/14 19:17:30  mt
.\" actualized descriptions, added new LogLevel
.\" TCPWrapperName MaxRecvBufSize options
.\"
.\" Revision 1.6  2001/11/06 23:04:44  mt
.\" applied / merged with transparent proxy patches v8
.\" see ftp-proxy/NEWS for more detailed release news
.\"
.\" Revision 1.5  1999/09/30 09:48:57  wiegand
.\" added dynamic TranslatedAddress via file
.\"
.\" Revision 1.4  1999/09/24 17:08:58  wiegand
.\" very minor text corrections
.\"
.\" Revision 1.3  1999/09/24 06:39:43  wiegand
.\" added regular expressions for all commands
.\" removed character map and length of paths
.\" added flag to reset PASV on every PORT
.\" added "magic" user with built-in destination
.\" added some argument pointer fortification
.\"
.\" Revision 1.2  1999/09/21 07:15:15  wiegand
.\" corrected some minor mistakes
.\"
.\" Revision 1.1  1999/09/20 11:02:06  wiegand
.\" initial checkin
.\"
.\" ###########################################################