From 56317a21799f3c8dcb96318133186520ef309a8f Mon Sep 17 00:00:00 2001
From: Krzysztof Piotr Oledzki <ole@ans.pl>
Date: Sun, 7 Feb 2010 16:50:08 +0100
Subject: [PATCH] [EXAMPLES] add auth.cfg

---
 examples/auth.cfg | 134 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 134 insertions(+)
 create mode 100644 examples/auth.cfg

diff --git a/examples/auth.cfg b/examples/auth.cfg
new file mode 100644
index 000000000..08d00342c
--- /dev/null
+++ b/examples/auth.cfg
@@ -0,0 +1,134 @@
+global
+#	chroot /var/empty/
+#	uid 451
+#	gid 451
+	log 192.168.131.214:8514 local4 debug
+	maxconn 8192
+
+defaults
+	timeout connect		3500
+	timeout queue		11000
+	timeout tarpit		12000
+	timeout client		30000
+	timeout http-request	40000
+	timeout http-keep-alive	5000
+	timeout server		40000
+	timeout check		7000
+
+	option	contstats
+	option	log-health-checks
+
+################################
+userlist customer1
+	group adm users tiger,xdb
+	group dev users scott,tiger
+	group uat users boss,xdb,tiger
+	user scott insecure-password cat
+	user tiger insecure-password dog
+	user xdb insecure-password hello
+	user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91
+
+userlist customer1alt
+	group adm
+	group dev
+	group uat
+	user scott insecure-password cat groups dev
+	user tiger insecure-password dog groups adm,dev,uat
+	user xdb insecure-password hello groups adm,uat
+	user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91 groups uat
+
+# Both customer1 and customer1alt userlist are functionally identical
+
+frontend c1
+	bind 127.101.128.1:8080
+	log global
+	mode http
+
+	acl host_stats	hdr_beg(host) -i stats.local
+	acl host_dev	hdr_beg(host) -i dev.local
+	acl host_uat	hdr_beg(host) -i uat.local
+
+	acl auth_uat	http_auth_group(customer1) uat
+
+	# auth for host_uat checked in frontend, use realm "uat"
+	http-request	auth realm uat if host_uat !auth_uat
+
+	use_backend	c1stats if host_stats
+	use_backend	c1dev	if host_dev
+	use_backend	c1uat	if host_uat
+
+backend c1uat
+	mode http
+	log global
+
+	server s6 192.168.152.206:80
+	server s7 192.168.152.207:80
+
+backend c1dev
+	mode http
+	log global
+
+	# require users from customer1 assigned to group dev
+	acl auth_ok	http_auth_group(customer1) dev
+
+	# auth checked in backend, use default realm (c1dev)
+	http-request auth if !auth_ok
+
+	server s6 192.168.152.206:80
+	server s7 192.168.152.207:80
+
+backend c1stats
+	mode http
+	log global
+
+	# stats auth checked in backend, use default realm (Stats)
+	acl nagios	src 192.168.126.31
+	acl guests	src 192.168.162.0/24
+	acl auth_ok	http_auth_group(customer1) adm
+
+	stats enable
+	stats refresh 60
+	stats uri /
+	stats scope c1
+	stats scope c1stats
+
+	# unconditionally deny guests, without checking auth or asking for a username/password
+	stats http-request deny if guests
+
+	# allow nagios without password, allow authenticated users
+	stats http-request allow if nagios
+	stats http-request allow if auth_ok
+
+	# ask for a username/password
+	stats http-request auth realm Stats
+
+
+################################
+userlist customer2
+	user peter insecure-password peter
+	user monica insecure-password monica
+
+frontend c2
+	bind 127.201.128.1:8080
+	log global
+	mode http
+
+	acl auth_ok http_auth(customer2)
+	acl host_b1 hdr(host) -i b1.local
+
+	http-request auth unless auth_ok
+
+	use_backend	c2b1 if host_b1
+	default_backend	c2b0
+
+backend c2b1
+	mode http
+	log global
+
+	server s1 192.168.152.201:80
+
+backend c2b0
+	mode http
+	log global
+
+	server s1 192.168.152.201:80