[EXAMPLES] add auth.cfg
diff --git a/examples/auth.cfg b/examples/auth.cfg
new file mode 100644
index 0000000..08d0034
--- /dev/null
+++ b/examples/auth.cfg
@@ -0,0 +1,134 @@
+global
+# chroot /var/empty/
+# uid 451
+# gid 451
+ log 192.168.131.214:8514 local4 debug
+ maxconn 8192
+
+defaults
+ timeout connect 3500
+ timeout queue 11000
+ timeout tarpit 12000
+ timeout client 30000
+ timeout http-request 40000
+ timeout http-keep-alive 5000
+ timeout server 40000
+ timeout check 7000
+
+ option contstats
+ option log-health-checks
+
+################################
+userlist customer1
+ group adm users tiger,xdb
+ group dev users scott,tiger
+ group uat users boss,xdb,tiger
+ user scott insecure-password cat
+ user tiger insecure-password dog
+ user xdb insecure-password hello
+ user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91
+
+userlist customer1alt
+ group adm
+ group dev
+ group uat
+ user scott insecure-password cat groups dev
+ user tiger insecure-password dog groups adm,dev,uat
+ user xdb insecure-password hello groups adm,uat
+ user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91 groups uat
+
+# Both customer1 and customer1alt userlist are functionally identical
+
+frontend c1
+ bind 127.101.128.1:8080
+ log global
+ mode http
+
+ acl host_stats hdr_beg(host) -i stats.local
+ acl host_dev hdr_beg(host) -i dev.local
+ acl host_uat hdr_beg(host) -i uat.local
+
+ acl auth_uat http_auth_group(customer1) uat
+
+ # auth for host_uat checked in frontend, use realm "uat"
+ http-request auth realm uat if host_uat !auth_uat
+
+ use_backend c1stats if host_stats
+ use_backend c1dev if host_dev
+ use_backend c1uat if host_uat
+
+backend c1uat
+ mode http
+ log global
+
+ server s6 192.168.152.206:80
+ server s7 192.168.152.207:80
+
+backend c1dev
+ mode http
+ log global
+
+ # require users from customer1 assigned to group dev
+ acl auth_ok http_auth_group(customer1) dev
+
+ # auth checked in backend, use default realm (c1dev)
+ http-request auth if !auth_ok
+
+ server s6 192.168.152.206:80
+ server s7 192.168.152.207:80
+
+backend c1stats
+ mode http
+ log global
+
+ # stats auth checked in backend, use default realm (Stats)
+ acl nagios src 192.168.126.31
+ acl guests src 192.168.162.0/24
+ acl auth_ok http_auth_group(customer1) adm
+
+ stats enable
+ stats refresh 60
+ stats uri /
+ stats scope c1
+ stats scope c1stats
+
+ # unconditionally deny guests, without checking auth or asking for a username/password
+ stats http-request deny if guests
+
+ # allow nagios without password, allow authenticated users
+ stats http-request allow if nagios
+ stats http-request allow if auth_ok
+
+ # ask for a username/password
+ stats http-request auth realm Stats
+
+
+################################
+userlist customer2
+ user peter insecure-password peter
+ user monica insecure-password monica
+
+frontend c2
+ bind 127.201.128.1:8080
+ log global
+ mode http
+
+ acl auth_ok http_auth(customer2)
+ acl host_b1 hdr(host) -i b1.local
+
+ http-request auth unless auth_ok
+
+ use_backend c2b1 if host_b1
+ default_backend c2b0
+
+backend c2b1
+ mode http
+ log global
+
+ server s1 192.168.152.201:80
+
+backend c2b0
+ mode http
+ log global
+
+ server s1 192.168.152.201:80