Adding upstream version 2.9.5.upstream/2.9.5

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 54 insertions, 0 deletions

diff --git a/examples/option-http_proxy.cfg b/examples/option-http_proxy.cfg
new file mode 100644
index 0000000..8b28f67
--- /dev/null
+++ b/examples/option-http_proxy.cfg
@@ -0,0 +1,54 @@
+#
+# demo config for Proxy mode
+# 
+
+global
+        maxconn         20000
+	ulimit-n	16384
+        log             127.0.0.1 local0
+        uid             200
+        gid             200
+        chroot          /var/empty
+        daemon
+
+frontend test-proxy
+	bind		192.168.200.10:8080
+        mode            http
+        log             global
+        option          httplog
+        option          dontlognull
+        maxconn         8000
+        timeout client  30s
+
+	# layer3: Valid users
+	acl allow_host src 192.168.200.150/32
+	http-request deny if !allow_host
+
+	# layer7: prevent private network relaying
+	acl forbidden_dst url_ip 192.168.0.0/24
+	acl forbidden_dst url_ip 172.16.0.0/12
+	acl forbidden_dst url_ip 10.0.0.0/8
+	http-request deny if forbidden_dst
+
+	default_backend test-proxy-srv
+
+
+backend test-proxy-srv
+	mode            http
+	timeout connect 5s
+	timeout server  5s
+	retries         2
+
+	# layer7: Only GET method is valid
+	acl valid_method        method GET
+	http-request deny if !valid_method
+
+	# take IP address from URL's authority
+	# and drop scheme+authority from URI
+	http-request set-dst url_ip
+	http-request set-dst-port url_port
+	http-request set-uri %[pathq]
+	server next-hop 0.0.0.0
+
+	# layer7: protect bad reply
+	http-response deny if { res.hdr(content-type) audio/mp3 }