#
# demo config for Proxy mode
# 

global
        maxconn         20000
	ulimit-n	16384
        log             127.0.0.1 local0
        uid             200
        gid             200
        chroot          /var/empty
	nbproc		4
        daemon

frontend test-proxy
	bind		192.168.200.10:8080
        mode            http
        log             global
        option          httplog
        option          dontlognull
        option          httpclose
        option          nolinger
        option          http_proxy
        maxconn         8000
        clitimeout      30000

	# layer3: Valid users
	acl allow_host src 192.168.200.150/32
	block if !allow_host

	# layer7: prevent private network relaying
	acl forbidden_dst url_ip 192.168.0.0/24
	acl forbidden_dst url_ip 172.16.0.0/12
	acl forbidden_dst url_ip 10.0.0.0/8
	block if forbidden_dst

	default_backend test-proxy-srv


backend test-proxy-srv
	mode            http
	contimeout      5000
	srvtimeout      5000
	retries         2
	option          nolinger
	option          http_proxy

	# layer7: Only GET method is valid
	acl valid_method        method GET
	block if !valid_method

	# layer7: protect bad reply
	rspdeny ^Content-Type:[\ ]*audio/mp3