summaryrefslogtreecommitdiffstats
path: root/examples
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:35:11 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:35:11 +0000
commitda76459dc21b5af2449af2d36eb95226cb186ce2 (patch)
tree542ebb3c1e796fac2742495b8437331727bbbfa0 /examples
parentInitial commit. (diff)
downloadhaproxy-da76459dc21b5af2449af2d36eb95226cb186ce2.tar.xz
haproxy-da76459dc21b5af2449af2d36eb95226cb186ce2.zip
Adding upstream version 2.6.12.upstream/2.6.12upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--examples/basic-config-edge.cfg124
-rw-r--r--examples/content-sw-sample.cfg65
-rw-r--r--examples/errorfiles/400.http9
-rw-r--r--examples/errorfiles/403.http9
-rw-r--r--examples/errorfiles/408.http9
-rw-r--r--examples/errorfiles/500.http9
-rw-r--r--examples/errorfiles/502.http9
-rw-r--r--examples/errorfiles/503.http9
-rw-r--r--examples/errorfiles/504.http9
-rw-r--r--examples/errorfiles/README9
-rw-r--r--examples/haproxy.init137
-rw-r--r--examples/option-http_proxy.cfg54
-rw-r--r--examples/quick-test.cfg29
-rw-r--r--examples/socks4.cfg55
-rw-r--r--examples/transparent_proxy.cfg55
-rw-r--r--examples/wurfl-example.cfg41
16 files changed, 632 insertions, 0 deletions
diff --git a/examples/basic-config-edge.cfg b/examples/basic-config-edge.cfg
new file mode 100644
index 0000000..26aee68
--- /dev/null
+++ b/examples/basic-config-edge.cfg
@@ -0,0 +1,124 @@
+# This configuration creates a classical reverse-proxy and load balancer for
+# public services. It presents ports 80 and 443 (with 80 redirecting to 443),
+# enables caching up to one hour, and load-balances the service on a farm of
+# 4 servers on private IP addresses which are checked using HTTP checks and
+# by maintaining stickiness via session cookies. It offloads TLS processing
+# and enables HTTP compression. It uses HAProxy 2.4.
+
+# The global section deals with process-wide settings (security, resource usage)
+global
+ # all file names are relative to the directory containing this config
+ # file by default
+ default-path config
+
+ # refuse to start if any warning is emitted at boot (keep configs clean)
+ zero-warning
+
+ # Security hardening: isolate and drop privileges
+ chroot /var/empty
+ user haproxy
+ group haproxy
+
+ # daemonize
+ daemon
+ pidfile /var/run/haproxy-svc1.pid
+
+ # do not keep old processes longer than that after a reload
+ hard-stop-after 5m
+
+ # The command-line-interface (CLI) used by the admin, by provisionning
+ # tools, and to transfer sockets during reloads
+ stats socket /var/run/haproxy-svc1.sock level admin mode 600 user haproxy expose-fd listeners
+ stats timeout 1h
+
+ # send logs to stderr for logging via the service manager
+ log stderr local0 info
+
+ # intermediate security for SSL, from https://ssl-config.mozilla.org/
+ ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+ ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
+
+# default settings common to all HTTP proxies below
+defaults http
+ mode http
+ option httplog
+ log global
+ timeout client 1m
+ timeout server 1m
+ timeout connect 10s
+ timeout http-keep-alive 2m
+ timeout queue 15s
+ timeout tunnel 4h # for websocket
+
+# provide a stats page on port 8181
+frontend stats
+ bind :8181
+ # provide advanced stats (ssl, h2, ...)
+ stats uri /
+ stats show-modules
+ # some users may want to protect the access to their stats and/or to
+ # enable admin mode on the page from local networks
+ # stats auth admin:mystats
+ # stats admin if { src 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.0/8 }
+
+# First incoming public service. Supports HTTP/1.x and HTTP/2, using HSTS,
+# redirects clear to TLS. Uses a dedicated host name for the stats page.
+frontend pub1
+ bind :80 name clear
+ bind :443 name secure ssl crt pub1.pem alpn h2,http/1.1
+ option socket-stats # provide per-bind line stats
+
+ # set HSTS for one year after all responses
+ http-after-response set-header Strict-Transport-Security "max-age=31536000"
+ http-request redirect scheme https code 301 if !{ ssl_fc }
+
+ # silently ignore connect probes and pre-connect without request
+ option http-ignore-probes
+
+ # pass client's IP address to the server and prevent against attempts
+ # to inject bad contents
+ http-request del-header x-forwarded-for
+ option forwardfor
+
+ # enable HTTP compression of text contents
+ compression algo deflate gzip
+ compression type text/ application/javascript application/xhtml+xml image/x-icon
+
+ # enable HTTP caching of any cacheable content
+ http-request cache-use cache
+ http-response cache-store cache
+
+ default_backend app1
+
+# The cache instance used by the frontend (200MB, 10MB max object, 1 hour max)
+# May be consulted using "show cache" on the CLI socket
+cache cache
+ total-max-size 200 # RAM cache size in megabytes
+ max-object-size 10485760 # max cacheable object size in bytes
+ max-age 3600 # max cache duration in seconds
+ process-vary on # handle the Vary header (otherwise don't cache)
+
+# First application
+backend app1
+ # Algorithm:
+ # - roundrobin is usually better for short requests,
+ # - leastconn is better for mixed slow ones, and long transfers,
+ # - random is generally good when using multiple load balancers
+ balance random
+
+ # abort if the client clicks on stop.
+ option abortonclose
+
+ # insert a session cookie for user stickiness
+ cookie app1 insert indirect nocache
+
+ # check the servers' health using HTTP requests
+ option httpchk
+ http-check send meth GET uri / ver HTTP/1.1 hdr host svc1.example.com
+
+ # do not overload the servers (100 concurrent conns max each)
+ server srv1 192.0.2.1:80 cookie s1 maxconn 100 check inter 1s
+ server srv2 192.0.2.2:80 cookie s2 maxconn 100 check inter 1s
+ server srv3 192.0.2.3:80 cookie s3 maxconn 100 check inter 1s
+ server srv4 192.0.2.4:80 cookie s4 maxconn 100 check inter 1s
diff --git a/examples/content-sw-sample.cfg b/examples/content-sw-sample.cfg
new file mode 100644
index 0000000..e54f976
--- /dev/null
+++ b/examples/content-sw-sample.cfg
@@ -0,0 +1,65 @@
+#
+# This is a sample configuration. It illustrates how to separate static objects
+# traffic from dynamic traffic, and how to dynamically regulate the server load.
+#
+# It listens on 192.168.1.10:80, and directs all requests for Host 'img' or
+# URIs starting with /img or /css to a dedicated group of servers. URIs
+# starting with /admin/stats deliver the stats page.
+#
+
+global
+ maxconn 10000
+ stats socket /var/run/haproxy.stat mode 600 level admin
+ log 127.0.0.1 local0
+ uid 200
+ gid 200
+ chroot /var/empty
+ daemon
+
+# The public 'www' address in the DMZ
+frontend public
+ bind 192.168.1.10:80 name clear
+ #bind 192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
+ mode http
+ log global
+ option httplog
+ option dontlognull
+ monitor-uri /monitoruri
+ maxconn 8000
+ timeout client 30s
+
+ stats uri /admin/stats
+ use_backend static if { hdr_beg(host) -i img }
+ use_backend static if { path_beg /img /css }
+ default_backend dynamic
+
+# The static backend backend for 'Host: img', /img and /css.
+backend static
+ mode http
+ balance roundrobin
+ option prefer-last-server
+ retries 2
+ option redispatch
+ timeout connect 5s
+ timeout server 5s
+ option httpchk HEAD /favicon.ico
+ server statsrv1 192.168.1.8:80 check inter 1000
+ server statsrv2 192.168.1.9:80 check inter 1000
+
+# the application servers go here
+backend dynamic
+ mode http
+ balance roundrobin
+ retries 2
+ option redispatch
+ timeout connect 5s
+ timeout server 30s
+ timeout queue 30s
+ option httpchk HEAD /login.php
+ cookie DYNSRV insert indirect nocache
+ fullconn 4000 # the servers will be used at full load above this number of connections
+ server dynsrv1 192.168.1.1:80 minconn 50 maxconn 500 cookie s1 check inter 1000
+ server dynsrv2 192.168.1.2:80 minconn 50 maxconn 500 cookie s2 check inter 1000
+ server dynsrv3 192.168.1.3:80 minconn 50 maxconn 500 cookie s3 check inter 1000
+ server dynsrv4 192.168.1.4:80 minconn 50 maxconn 500 cookie s4 check inter 1000
+
diff --git a/examples/errorfiles/400.http b/examples/errorfiles/400.http
new file mode 100644
index 0000000..e223e38
--- /dev/null
+++ b/examples/errorfiles/400.http
@@ -0,0 +1,9 @@
+HTTP/1.0 400 Bad request
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>400 Bad request</h1>
+Your browser sent an invalid request.
+</body></html>
+
diff --git a/examples/errorfiles/403.http b/examples/errorfiles/403.http
new file mode 100644
index 0000000..a67e807
--- /dev/null
+++ b/examples/errorfiles/403.http
@@ -0,0 +1,9 @@
+HTTP/1.0 403 Forbidden
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>403 Forbidden</h1>
+Request forbidden by administrative rules.
+</body></html>
+
diff --git a/examples/errorfiles/408.http b/examples/errorfiles/408.http
new file mode 100644
index 0000000..aafb130
--- /dev/null
+++ b/examples/errorfiles/408.http
@@ -0,0 +1,9 @@
+HTTP/1.0 408 Request Time-out
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>408 Request Time-out</h1>
+Your browser didn't send a complete request in time.
+</body></html>
+
diff --git a/examples/errorfiles/500.http b/examples/errorfiles/500.http
new file mode 100644
index 0000000..9c3be96
--- /dev/null
+++ b/examples/errorfiles/500.http
@@ -0,0 +1,9 @@
+HTTP/1.0 500 Internal Server Error
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>500 Internal Server Error</h1>
+An internal server error occurred.
+</body></html>
+
diff --git a/examples/errorfiles/502.http b/examples/errorfiles/502.http
new file mode 100644
index 0000000..94b35d4
--- /dev/null
+++ b/examples/errorfiles/502.http
@@ -0,0 +1,9 @@
+HTTP/1.0 502 Bad Gateway
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>502 Bad Gateway</h1>
+The server returned an invalid or incomplete response.
+</body></html>
+
diff --git a/examples/errorfiles/503.http b/examples/errorfiles/503.http
new file mode 100644
index 0000000..48fde58
--- /dev/null
+++ b/examples/errorfiles/503.http
@@ -0,0 +1,9 @@
+HTTP/1.0 503 Service Unavailable
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>503 Service Unavailable</h1>
+No server is available to handle this request.
+</body></html>
+
diff --git a/examples/errorfiles/504.http b/examples/errorfiles/504.http
new file mode 100644
index 0000000..f925184
--- /dev/null
+++ b/examples/errorfiles/504.http
@@ -0,0 +1,9 @@
+HTTP/1.0 504 Gateway Time-out
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<html><body><h1>504 Gateway Time-out</h1>
+The server didn't respond in time.
+</body></html>
+
diff --git a/examples/errorfiles/README b/examples/errorfiles/README
new file mode 100644
index 0000000..a882632
--- /dev/null
+++ b/examples/errorfiles/README
@@ -0,0 +1,9 @@
+These files are default error files that can be customized
+if necessary. They are complete HTTP responses, so that
+everything is possible, including using redirects or setting
+special headers.
+
+They can be used with the 'errorfile' keyword like this :
+
+ errorfile 503 /etc/haproxy/errors/503.http
+
diff --git a/examples/haproxy.init b/examples/haproxy.init
new file mode 100644
index 0000000..cc120d8
--- /dev/null
+++ b/examples/haproxy.init
@@ -0,0 +1,137 @@
+#!/bin/sh
+#
+# chkconfig: - 85 15
+# description: HAProxy is a TCP/HTTP reverse proxy which is particularly suited \
+# for high availability environments.
+# processname: haproxy
+# config: /etc/haproxy/haproxy.cfg
+# pidfile: /var/run/haproxy.pid
+
+# Script Author: Simon Matter <simon.matter@invoca.ch>
+# Version: 2004060600
+
+# Source function library.
+if [ -f /etc/init.d/functions ]; then
+ . /etc/init.d/functions
+elif [ -f /etc/rc.d/init.d/functions ] ; then
+ . /etc/rc.d/init.d/functions
+else
+ exit 0
+fi
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Check that networking is up.
+[ ${NETWORKING} = "no" ] && exit 0
+
+# This is our service name
+BASENAME=`basename $0`
+if [ -L $0 ]; then
+ BASENAME=`find $0 -name $BASENAME -printf %l`
+ BASENAME=`basename $BASENAME`
+fi
+
+BIN=/usr/sbin/$BASENAME
+
+CFG=/etc/$BASENAME/$BASENAME.cfg
+[ -f $CFG ] || exit 1
+
+PIDFILE=/var/run/$BASENAME.pid
+LOCKFILE=/var/lock/subsys/$BASENAME
+
+RETVAL=0
+
+start() {
+ quiet_check
+ if [ $? -ne 0 ]; then
+ echo "Errors found in configuration file, check it with '$BASENAME check'."
+ return 1
+ fi
+
+ echo -n "Starting $BASENAME: "
+ daemon $BIN -D -f $CFG -p $PIDFILE
+ RETVAL=$?
+ echo
+ [ $RETVAL -eq 0 ] && touch $LOCKFILE
+ return $RETVAL
+}
+
+stop() {
+ echo -n "Shutting down $BASENAME: "
+ killproc $BASENAME -USR1
+ RETVAL=$?
+ echo
+ [ $RETVAL -eq 0 ] && rm -f $LOCKFILE
+ [ $RETVAL -eq 0 ] && rm -f $PIDFILE
+ return $RETVAL
+}
+
+restart() {
+ quiet_check
+ if [ $? -ne 0 ]; then
+ echo "Errors found in configuration file, check it with '$BASENAME check'."
+ return 1
+ fi
+ stop
+ start
+}
+
+reload() {
+ if ! [ -s $PIDFILE ]; then
+ return 0
+ fi
+
+ quiet_check
+ if [ $? -ne 0 ]; then
+ echo "Errors found in configuration file, check it with '$BASENAME check'."
+ return 1
+ fi
+ $BIN -D -f $CFG -p $PIDFILE -sf $(cat $PIDFILE)
+}
+
+check() {
+ $BIN -c -q -V -f $CFG
+}
+
+quiet_check() {
+ $BIN -c -q -f $CFG
+}
+
+rhstatus() {
+ status $BASENAME
+}
+
+condrestart() {
+ [ -e $LOCKFILE ] && restart || :
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ restart
+ ;;
+ reload)
+ reload
+ ;;
+ condrestart)
+ condrestart
+ ;;
+ status)
+ rhstatus
+ ;;
+ check)
+ check
+ ;;
+ *)
+ echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"
+ exit 1
+esac
+
+exit $?
diff --git a/examples/option-http_proxy.cfg b/examples/option-http_proxy.cfg
new file mode 100644
index 0000000..8b28f67
--- /dev/null
+++ b/examples/option-http_proxy.cfg
@@ -0,0 +1,54 @@
+#
+# demo config for Proxy mode
+#
+
+global
+ maxconn 20000
+ ulimit-n 16384
+ log 127.0.0.1 local0
+ uid 200
+ gid 200
+ chroot /var/empty
+ daemon
+
+frontend test-proxy
+ bind 192.168.200.10:8080
+ mode http
+ log global
+ option httplog
+ option dontlognull
+ maxconn 8000
+ timeout client 30s
+
+ # layer3: Valid users
+ acl allow_host src 192.168.200.150/32
+ http-request deny if !allow_host
+
+ # layer7: prevent private network relaying
+ acl forbidden_dst url_ip 192.168.0.0/24
+ acl forbidden_dst url_ip 172.16.0.0/12
+ acl forbidden_dst url_ip 10.0.0.0/8
+ http-request deny if forbidden_dst
+
+ default_backend test-proxy-srv
+
+
+backend test-proxy-srv
+ mode http
+ timeout connect 5s
+ timeout server 5s
+ retries 2
+
+ # layer7: Only GET method is valid
+ acl valid_method method GET
+ http-request deny if !valid_method
+
+ # take IP address from URL's authority
+ # and drop scheme+authority from URI
+ http-request set-dst url_ip
+ http-request set-dst-port url_port
+ http-request set-uri %[pathq]
+ server next-hop 0.0.0.0
+
+ # layer7: protect bad reply
+ http-response deny if { res.hdr(content-type) audio/mp3 }
diff --git a/examples/quick-test.cfg b/examples/quick-test.cfg
new file mode 100644
index 0000000..f27eeff
--- /dev/null
+++ b/examples/quick-test.cfg
@@ -0,0 +1,29 @@
+# Basic config mapping a listening IP:port to another host's IP:port with
+# support for HTTP/1 and 2.
+
+global
+ strict-limits # refuse to start if insufficient FDs/memory
+ # add some process-wide tuning here if required
+
+ # A stats socket may be added to check live metrics if the load generators
+ # do not report them.
+ # stats socket /tmp/haproxy.sock level admin
+ # stats timeout 1h
+
+defaults
+ mode http
+ balance random # power-of-two-choices
+ timeout client 60s
+ timeout server 60s
+ timeout connect 1s
+
+listen p
+ # this is the address and port we'll listen to, the ones to aim the
+ # load generators at
+ bind :8000
+
+ # create a certificate and uncomment this for SSL
+ # bind :8443 ssl crt my-cert.pem alpn h2,http/1.1
+
+ # Put the server's IP address and port below
+ server s1 172.31.32.33:8000
diff --git a/examples/socks4.cfg b/examples/socks4.cfg
new file mode 100644
index 0000000..2cbd417
--- /dev/null
+++ b/examples/socks4.cfg
@@ -0,0 +1,55 @@
+global
+ log /dev/log local0
+ log /dev/log local1 notice
+ stats timeout 30s
+
+defaults
+ log global
+ mode http
+ option httplog
+ option dontlognull
+ timeout connect 5000
+ timeout client 50000
+ timeout server 50000
+
+listen SMTP-20025
+ bind 0.0.0.0:20025
+ mode tcp
+ option tcplog
+ maxconn 2000
+ timeout connect 5000
+ timeout client 50000
+ timeout server 50000
+ option tcp-check
+ server SMTPS1 192.0.2.1:25 check inter 30000 fastinter 1000
+ server SMTPS2_Via_SocksProxy1 192.0.2.2:25 socks4 127.0.0.1:1080 check-via-socks4 check inter 30000 fastinter 1000 backup
+
+listen SSL-20080
+ bind 0.0.0.0:20080
+ mode tcp
+ option tcplog
+ maxconn 2000
+ timeout connect 5000
+ timeout client 50000
+ timeout server 50000
+ option tcp-check
+ server HTTPS1_Via_SocksProxy1 192.0.2.1:443 ssl verify none socks4 127.0.0.1:1080 check inter 30000 fastinter 1000
+ server HTTPS2 192.0.2.2:443 ssl verify none check inter 30000 fastinter 1000 backup
+
+# HAProxy web ui
+listen stats
+ bind 0.0.0.0:20936
+ mode http
+ log global
+
+ maxconn 10
+ timeout client 100s
+ timeout server 100s
+ timeout connect 100s
+ timeout queue 100s
+
+ stats enable
+ stats uri /haproxy?stats
+ stats realm HAProxy\ Statistics
+ stats admin if TRUE
+ stats show-node
diff --git a/examples/transparent_proxy.cfg b/examples/transparent_proxy.cfg
new file mode 100644
index 0000000..a8cf6d9
--- /dev/null
+++ b/examples/transparent_proxy.cfg
@@ -0,0 +1,55 @@
+#
+# This is an example of how to configure HAProxy to be used as a 'full transparent proxy' for a single backend server.
+#
+# Note that to actually make this work extra firewall/nat rules are required.
+# Also HAProxy needs to be compiled with support for this, in HAProxy1.5-dev19 you can check if this is the case with "haproxy -vv".
+#
+
+global
+defaults
+ timeout client 30s
+ timeout server 30s
+ timeout connect 30s
+
+frontend MyFrontend
+ bind 192.168.1.22:80
+ default_backend TransparentBack_http
+
+backend TransparentBack_http
+ mode http
+ source 0.0.0.0 usesrc client
+ server MyWebServer 192.168.0.40:80
+
+#
+# To create the the nat rules perform the following:
+#
+# ### (FreeBSD 8) ###
+# --- Step 1 ---
+# ipfw is needed to get 'reply traffic' back to the HAProxy process, this can be achieved by configuring a rule like this:
+# fwd localhost tcp from 192.168.0.40 80 to any in recv em0
+#
+# The following would be even better but this did not seam to work on the pfSense2.1 distribution of FreeBSD 8.3:
+# fwd 127.0.0.1:80 tcp from any 80 to any in recv ${outside_iface} uid ${proxy_uid}
+#
+# If only 'pf' is currently used some additional steps are needed to load and configure ipfw:
+# You need to configure this to always run on startup:
+#
+# /sbin/kldload ipfw
+# /sbin/sysctl net.inet.ip.pfil.inbound="pf" net.inet6.ip6.pfil.inbound="pf" net.inet.ip.pfil.outbound="pf" net.inet6.ip6.pfil.outbound="pf"
+# /sbin/sysctl net.link.ether.ipfw=1
+# ipfw add 10 fwd localhost tcp from 192.168.0.40 80 to any in recv em0
+#
+# the above does the following:
+# - load the ipfw kernel module
+# - set pf as the outer firewall to keep control of routing packets for example to route them to a non-default gateway
+# - enable ipfw
+# - set a rule to catches reply traffic on em0 coming from the webserver
+#
+# --- Step 2 ---
+# To also make the client connection transparent its possible to redirect incoming requests to HAProxy with a pf rule:
+# rdr on em1 proto tcp from any to 192.168.0.40 port 80 -> 192.168.1.22
+# here em1 is the interface that faces the clients, and traffic that is originally send straight to the webserver is redirected to HAProxy
+#
+# ### (FreeBSD 9) (OpenBSD 4.4) ###
+# pf supports "divert-reply" which is probably better suited for the job above then ipfw..
+#
diff --git a/examples/wurfl-example.cfg b/examples/wurfl-example.cfg
new file mode 100644
index 0000000..52df68e
--- /dev/null
+++ b/examples/wurfl-example.cfg
@@ -0,0 +1,41 @@
+#
+# This is an example of how to configure HAProxy to be used with WURFL Device Detection module.
+#
+# HAProxy needs to be compiled with support for this. See README section 1.3
+#
+
+global
+
+ # The WURFL data file
+ wurfl-data-file /usr/share/wurfl/wurfl.zip
+
+ # WURFL patches definition (as much as needed, patches will be applied in the same order as specified in this conf file)
+ #wurfl-patch-file /path/to/patch1.xml;
+
+ #wurfl-cache-size 100000
+ ## no cache
+ #wurfl-cache-size 0
+
+ wurfl-information-list-separator |
+
+ # list of WURFL capabilities, virtual capabilities, property names planned to be used in injected headers
+ wurfl-information-list wurfl_id model_name
+
+defaults
+ mode http
+ timeout connect 30s
+ timeout client 30s
+ timeout server 30s
+
+frontend TheFrontend
+ bind 192.168.1.22:80
+ default_backend TheBackend
+
+ # inject a header called X-Wurfl-All with all the WURFL information listed in wurfl-information-list
+ http-request set-header X-Wurfl-All %[wurfl-get-all()]
+
+ # inject a header called X-WURFL-PROPERTIES with the "wurfl_id" information (should be listed in wurfl-information-list)
+ #http-request set-header X-WURFL-PROPERTIES %[wurfl-get(wurfl_id)]
+
+backend TheBackend
+ server TheWebServer 192.168.0.40:80