# | |
# demo config for Proxy mode | |
# | |
global | |
maxconn 20000 | |
ulimit-n 16384 | |
log 127.0.0.1 local0 | |
uid 200 | |
gid 200 | |
chroot /var/empty | |
nbproc 4 | |
daemon | |
frontend test-proxy | |
bind 192.168.200.10:8080 | |
mode http | |
log global | |
option httplog | |
option dontlognull | |
option httpclose | |
option nolinger | |
option http_proxy | |
maxconn 8000 | |
clitimeout 30000 | |
# layer3: Valid users | |
acl allow_host src 192.168.200.150/32 | |
block if !allow_host | |
# layer7: prevent private network relaying | |
acl forbidden_dst url_ip 192.168.0.0/24 | |
acl forbidden_dst url_ip 172.16.0.0/12 | |
acl forbidden_dst url_ip 10.0.0.0/8 | |
block if forbidden_dst | |
default_backend test-proxy-srv | |
backend test-proxy-srv | |
mode http | |
contimeout 5000 | |
srvtimeout 5000 | |
retries 2 | |
option nolinger | |
option http_proxy | |
# layer7: Only GET method is valid | |
acl valid_method method GET | |
block if !valid_method | |
# layer7: protect bad reply | |
rspdeny ^Content-Type:[\ ]*audio/mp3 |