# This is a test configuration. It listens on port 8443, waits for an incoming # connection, and applies the following rules : # - if the address is in the white list, then accept it and forward the # connection to the server (local port 443) # - if the address is in the black list, then immediately drop it # - otherwise, wait up to 3 seconds for valid SSL data to come in. If those # data are identified as SSL, the connection is immediately accepted, and # if they are definitely identified as non-SSL, the connection is rejected, # which will happen upon timeout if they still don't match SSL. listen block-non-ssl log 127.0.0.1:514 local0 option tcplog mode tcp bind :8443 timeout client 6s timeout server 6s timeout connect 6s tcp-request inspect-delay 4s acl white_list src 127.0.0.2 acl black_list src 127.0.0.3 # note: SSLv2 is not used anymore, SSLv3.1 is TLSv1. acl obsolete_ssl req_ssl_ver lt 3 acl correct_ssl req_ssl_ver 3.0-3.1 acl invalid_ssl req_ssl_ver gt 3.1 tcp-request content accept if white_list tcp-request content reject if black_list tcp-request content reject if !correct_ssl balance roundrobin server srv1 127.0.0.1:443