mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-11 14:05:12 +00:00
d4359fd98b
These are a collection of test files for a variety of features (old or more recent). 2 or 3 files were found lying there non-committed and were moved at the same time. A few deprecated or obsolete keywords were updated to their recent equivalent. Many of these configurations are made to trigger different parsing errors so it is normal that plenty of them fail. Now the tests directory is cleaner and easier to navigate through.
38 lines
1.2 KiB
INI
38 lines
1.2 KiB
INI
# This is a test configuration. It listens on port 8443, waits for an incoming
|
|
# connection, and applies the following rules :
|
|
# - if the address is in the white list, then accept it and forward the
|
|
# connection to the server (local port 443)
|
|
# - if the address is in the black list, then immediately drop it
|
|
# - otherwise, wait up to 3 seconds for valid SSL data to come in. If those
|
|
# data are identified as SSL, the connection is immediately accepted, and
|
|
# if they are definitely identified as non-SSL, the connection is rejected,
|
|
# which will happen upon timeout if they still don't match SSL.
|
|
|
|
listen block-non-ssl
|
|
log 127.0.0.1:514 local0
|
|
option tcplog
|
|
|
|
mode tcp
|
|
bind :8443
|
|
timeout client 6s
|
|
timeout server 6s
|
|
timeout connect 6s
|
|
|
|
tcp-request inspect-delay 4s
|
|
|
|
acl white_list src 127.0.0.2
|
|
acl black_list src 127.0.0.3
|
|
|
|
# note: SSLv2 is not used anymore, SSLv3.1 is TLSv1.
|
|
acl obsolete_ssl req_ssl_ver lt 3
|
|
acl correct_ssl req_ssl_ver 3.0-3.1
|
|
acl invalid_ssl req_ssl_ver gt 3.1
|
|
|
|
tcp-request content accept if white_list
|
|
tcp-request content reject if black_list
|
|
tcp-request content reject if !correct_ssl
|
|
|
|
balance roundrobin
|
|
server srv1 127.0.0.1:443
|
|
|