| # demo config for Proxy mode |
| acl allow_host src 192.168.200.150/32 |
| http-request deny if !allow_host |
| # layer7: prevent private network relaying |
| acl forbidden_dst url_ip 192.168.0.0/24 |
| acl forbidden_dst url_ip 172.16.0.0/12 |
| acl forbidden_dst url_ip 10.0.0.0/8 |
| http-request deny if forbidden_dst |
| default_backend test-proxy-srv |
| # layer7: Only GET method is valid |
| acl valid_method method GET |
| http-request deny if !valid_method |
| # layer7: protect bad reply |
| http-response deny if { res.hdr(content-type) audio/mp3 } |