mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-30 16:42:03 +00:00
b6fb420c7e
The new "wait_end" acl delays evaluation of the rule (and the next ones) to the end of the analysis period. This is intented to be used with TCP content analysis. A rule referencing such an ACL will not match until the delay is over. An equivalent default ACL "WAIT_END" has been created.
45 lines
1.5 KiB
INI
45 lines
1.5 KiB
INI
# This is a test configuration. It listens on port 8025, waits for an incoming
|
|
# connection, and applies the following rules :
|
|
# - if the address is in the white list, then accept it and forward the
|
|
# connection to the server (local port 25)
|
|
# - if the address is in the black list, then immediately drop it
|
|
# - otherwise, wait up to 35 seconds. If the client talks during this time,
|
|
# drop the connection.
|
|
# - then accept the connection if it passes all the tests.
|
|
#
|
|
# Note that the rules are evaluated at every new chunk of data read, and at
|
|
# delay expiration. Rules which apply to incomplete data don't match as long
|
|
# as the timer has not expired.
|
|
|
|
listen block-fake-mailers
|
|
log 127.0.0.1:514 local0
|
|
option tcplog
|
|
|
|
mode tcp
|
|
bind :8025
|
|
timeout client 60s
|
|
timeout server 60s
|
|
timeout queue 60s
|
|
timeout connect 5s
|
|
|
|
tcp-request inspect-delay 35s
|
|
|
|
acl white_list src 127.0.0.2
|
|
acl black_fast src 127.0.0.3 # those ones are immediately rejected
|
|
acl black_slow src 127.0.0.4 # those ones are rejected after a delay
|
|
|
|
tcp-request content accept if white_list
|
|
tcp-request content reject if black_fast
|
|
tcp-request content reject if black_slow WAIT_END
|
|
tcp-request content reject if REQ_CONTENT
|
|
# note that it is possible to wait for the end of the analysis period
|
|
# before rejecting undesired contents
|
|
# tcp-request content reject if REQ_CONTENT WAIT_END
|
|
|
|
# on Linux+transparent proxy patch, it's useful to reuse the client'IP
|
|
# source 0.0.0.0 usesrc clientip
|
|
|
|
balance roundrobin
|
|
server mail 127.0.0.1:25
|
|
|