summaryrefslogtreecommitdiffstats
path: root/examples/option-http_proxy.cfg
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:35:11 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:35:11 +0000
commitda76459dc21b5af2449af2d36eb95226cb186ce2 (patch)
tree542ebb3c1e796fac2742495b8437331727bbbfa0 /examples/option-http_proxy.cfg
parentInitial commit. (diff)
downloadhaproxy-da76459dc21b5af2449af2d36eb95226cb186ce2.tar.xz
haproxy-da76459dc21b5af2449af2d36eb95226cb186ce2.zip
Adding upstream version 2.6.12.upstream/2.6.12upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'examples/option-http_proxy.cfg')
-rw-r--r--examples/option-http_proxy.cfg54
1 files changed, 54 insertions, 0 deletions
diff --git a/examples/option-http_proxy.cfg b/examples/option-http_proxy.cfg
new file mode 100644
index 0000000..8b28f67
--- /dev/null
+++ b/examples/option-http_proxy.cfg
@@ -0,0 +1,54 @@
+#
+# demo config for Proxy mode
+#
+
+global
+ maxconn 20000
+ ulimit-n 16384
+ log 127.0.0.1 local0
+ uid 200
+ gid 200
+ chroot /var/empty
+ daemon
+
+frontend test-proxy
+ bind 192.168.200.10:8080
+ mode http
+ log global
+ option httplog
+ option dontlognull
+ maxconn 8000
+ timeout client 30s
+
+ # layer3: Valid users
+ acl allow_host src 192.168.200.150/32
+ http-request deny if !allow_host
+
+ # layer7: prevent private network relaying
+ acl forbidden_dst url_ip 192.168.0.0/24
+ acl forbidden_dst url_ip 172.16.0.0/12
+ acl forbidden_dst url_ip 10.0.0.0/8
+ http-request deny if forbidden_dst
+
+ default_backend test-proxy-srv
+
+
+backend test-proxy-srv
+ mode http
+ timeout connect 5s
+ timeout server 5s
+ retries 2
+
+ # layer7: Only GET method is valid
+ acl valid_method method GET
+ http-request deny if !valid_method
+
+ # take IP address from URL's authority
+ # and drop scheme+authority from URI
+ http-request set-dst url_ip
+ http-request set-dst-port url_port
+ http-request set-uri %[pathq]
+ server next-hop 0.0.0.0
+
+ # layer7: protect bad reply
+ http-response deny if { res.hdr(content-type) audio/mp3 }