cow/doc/sample-config/rc-en

# Lines starting with "#" are comments.
#
# Listen address of the proxy server, repeat to specify multiple ones.
# Syntax:
#
#   listen = protocol://[optional@]server_address:server_port
#
# Supported protocols:
#
# HTTP (provides http proxy):
#   listen = http://127.0.0.1:7777
#
#   The generated PAC url in the above example is http://127.0.0.1:7777/pac
#
# cow (need two cow servers to use this protocol):
#   listen = cow://encrypt_method:password@1.2.3.4:5678
#
# 	Suppose 1.2.3.4:5678 is outside your country and the network is not
#   disturbed, then COW running in your own country should configure it
#   as parent proxy. The two COW servers will use encrypted connection to
# 	pass data. The encryption method used is the same as shadowsocks.
#
# Note:
# - If server_address is 0.0.0.0, listen all IP addresses on the system.
# - The following syntax can specify the proxy address in the generated PAC.
#	(Use this if you are using port forwarding to provide COW to external network.)
#
#       listen = http://127.0.0.1:7777 1.2.3.4:5678
#
listen = http://127.0.0.1:7777

# Log file path, defaults to stdout
#logFile =

# By default, COW only uses parent proxy if the site is blocked.
# If the following option is true, COW will use parent proxy for all sites.
#alwaysProxy = false

# With multiple parent proxies, COW can employ one of the load balancing
# strategies:
#
#   backup:  default policy, use the first prarent proxy in config,
#            the others are just backup
#   hash:    hash to a specific parent proxy according to host name
#   latency: use the parent proxy with lowest connection latency
#
# When one parent proxy fails to connect, COW will try other parent proxies
# in order.
# Failed parent proxy will be tried with some probability, so they will be
# used again after recovery.
#loadBalance = backup

#############################
# Specify parent proxy
#############################

# Parent proxies are specified with a generic syntax (following RFC 3986):
#
#   proxy = protocol://[authinfo@]server:port
#
# Repeat to specify multiple parent proxies. Backup load balancing will use
# them in order if one fails to connect.
#
# Supported parent proxies and config example:
#
# SOCKS5:
#   proxy = socks5://127.0.0.1:1080
#
# HTTP:
#   proxy = http://127.0.0.1:8080
#   proxy = http://user:password@127.0.0.1:8080
#
# 	authinfo is optional
#
# shadowsocks:
#   proxy = ss://encrypt_method:password@1.2.3.4:8388
#
#   authinfo specifies encryption method and password.
#   Here are the supported encryption methods:
#
#     aes-128-cfb, aes-192-cfb, aes-256-cfb,
#     bf-cfb, cast5-cfb, des-cfb, rc4-md5,
#     chacha20, salsa20, rc4, table
#
#   aes-128-cfb is recommended.
#
# cow:
#   proxy = cow://method:passwd@1.2.3.4:4321
#
#   authinfo is the same as shadowsocks parent proxy


#############################
# Run ssh command to create SOCKS5 parent proxy
#############################

# Note: shadowsocks is better, use it if you can.

# The following option lets COW execute ssh command to create local
# SOCKS5 proxy and automatically re-execute if ssh connection is closed.
# The created SOCKS5 proxy will be used as a parent proxy.
# The option can be repeated to create multiple SOCKS5 proxies.
#
# Note: requires ssh command and must use ssh public key authentication.
#
# COW will execute the following command if the option is given:
#
#     ssh -n -N -D <local_socks_port> -p <server_ssh_port> <user@server>
#
# server_ssh_port defaults to 22
# Please modify ~/.ssh/config to specify other ssh options
#sshServer = user@server:local_socks_port[:server_ssh_port]

#############################
# Authentication
#############################

# Specify allowed IP address (IPv4 and IPv6) or sub-network (only IPv4).
# Don't forget to specify 127.0.0.1 with this option.
#allowedClient = 127.0.0.1, 192.168.1.0/24, 10.0.0.0/8

# Require username and password authentication. COW always check IP in
# allowedClient first, then ask for username authentication.
#userPasswd = username:password

# To specify multiple username and password, list all those in a file with
# content like this:
#
#   username:password[:port]
#
# port is optional, user can only connect from the specific port if specified.
# COW will report error and exit if there's duplicated user.
#userPasswdFile = /path/to/file

# Time interval to keep authentication information.
# Syntax: 2h3m4s means 2 hours 3 minutes 4 seconds
#authTimeout = 2h

#############################
# Advanced options
#############################

# Take a specific HTTP error code as blocked and use parent proxy to retry.
#httpErrorCode =

# Maximum CPU core to use.
#core = 2

# cow uses this site to estimate timeout, better to use a fast website.
#estimateTarget = example.com

# Ports allowed to create tunnel (HTTP CONNECT method), comma separated list
# or repeat to append more ports.
# Ports for the following service are allowed by default:
#
#     ssh, http, https, rsync, imap, pop, jabber, cvs, git, svn
#
# Limiting ports for tunneling prevents exposing internal services to outside.
#tunnelAllowedPort = 80, 443

# GFW may timeout DNS query, or return wrong server address which can connect
# but blocks on read forever.
# Decrease the following timeout values can speed up detecting blocked sites,
# but may mistake normal sites as blocked.

# DNS and connection timeout (same syntax with authTimeout).
#dialTimeout = 5s
# Read from server timeout.
#readTimeout = 5s

# Detect SSL error based on client close connection speed, only effective for
# Chrome.
# This detection is no reliable, may mistaken normal sites as blocked.
# Only consider this option when GFW is making middle man attack.
#detectSSLErr = false

# Change the stat/blocked/direct file position, defaults to files under directory
# containing rc file.
# The cow user must write access to directory containing the stat file in order
# to update stat.
#statFile = <dir to rc file>/stat
#blockedFile = <dir to rc file>/blocked
#directFile = <dir to rc file>/direct