mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-15 07:54:33 +00:00
5eb1a9033a
Hello, You will find attached an updated release of previously submitted patch. It polish some part and extend ACL engine to match IP and PORT parsed in HTTP request. (and take care of comments made by Willy ! ;)) Best regards, Alexandre
54 lines
1.2 KiB
INI
54 lines
1.2 KiB
INI
#
|
|
# demo config for Proxy mode
|
|
#
|
|
|
|
global
|
|
maxconn 20000
|
|
ulimit-n 16384
|
|
log 127.0.0.1 local0
|
|
uid 200
|
|
gid 200
|
|
chroot /var/empty
|
|
nbproc 4
|
|
daemon
|
|
|
|
frontend test-proxy
|
|
bind 192.168.200.10:8080
|
|
mode http
|
|
log global
|
|
option httplog
|
|
option dontlognull
|
|
option httpclose
|
|
option nolinger
|
|
option http_proxy
|
|
maxconn 8000
|
|
clitimeout 30000
|
|
|
|
# layer3: Valid users
|
|
acl allow_host src 192.168.200.150/32
|
|
block if !allow_host
|
|
|
|
# layer7: prevent private network relaying
|
|
acl forbidden_dst url_ip 192.168.0.0/24
|
|
acl forbidden_dst url_ip 172.16.0.0/12
|
|
acl forbidden_dst url_ip 10.0.0.0/8
|
|
block if forbidden_dst
|
|
|
|
default_backend test-proxy-srv
|
|
|
|
|
|
backend test-proxy-srv
|
|
mode http
|
|
contimeout 5000
|
|
srvtimeout 5000
|
|
retries 2
|
|
option nolinger
|
|
option http_proxy
|
|
|
|
# layer7: Only GET method is valid
|
|
acl valid_method method GET
|
|
block if !valid_method
|
|
|
|
# layer7: protect bad reply
|
|
rspdeny ^Content-Type:[\ ]*audio/mp3
|