You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
53 lines
1.2 KiB
53 lines
1.2 KiB
5 months ago
|
#
|
||
|
# demo config for Proxy mode
|
||
|
#
|
||
|
|
||
|
global
|
||
|
maxconn 20000
|
||
|
ulimit-n 16384
|
||
|
log 127.0.0.1 local0
|
||
|
uid 200
|
||
|
gid 200
|
||
|
chroot /var/empty
|
||
|
nbproc 4
|
||
|
daemon
|
||
|
|
||
|
frontend test-proxy
|
||
|
bind 192.168.200.10:8080
|
||
|
mode http
|
||
|
log global
|
||
|
option httplog
|
||
|
option dontlognull
|
||
|
option nolinger
|
||
|
option http_proxy
|
||
|
maxconn 8000
|
||
|
timeout client 30s
|
||
|
|
||
|
# layer3: Valid users
|
||
|
acl allow_host src 192.168.200.150/32
|
||
|
http-request deny if !allow_host
|
||
|
|
||
|
# layer7: prevent private network relaying
|
||
|
acl forbidden_dst url_ip 192.168.0.0/24
|
||
|
acl forbidden_dst url_ip 172.16.0.0/12
|
||
|
acl forbidden_dst url_ip 10.0.0.0/8
|
||
|
http-request deny if forbidden_dst
|
||
|
|
||
|
default_backend test-proxy-srv
|
||
|
|
||
|
|
||
|
backend test-proxy-srv
|
||
|
mode http
|
||
|
timeout connect 5s
|
||
|
timeout server 5s
|
||
|
retries 2
|
||
|
option nolinger
|
||
|
option http_proxy
|
||
|
|
||
|
# layer7: Only GET method is valid
|
||
|
acl valid_method method GET
|
||
|
http-request deny if !valid_method
|
||
|
|
||
|
# layer7: protect bad reply
|
||
|
http-response deny if { res.hdr(content-type) audio/mp3 }
|