| Alexandre Cassen | 5eb1a90 | 2007-11-29 15:43:32 +0100 | [diff] [blame] | 1 | # |
| 2 | # demo config for Proxy mode |
| 3 | # |
| 4 | |
| 5 | global |
| 6 | maxconn 20000 |
| 7 | ulimit-n 16384 |
| 8 | log 127.0.0.1 local0 |
| 9 | uid 200 |
| 10 | gid 200 |
| 11 | chroot /var/empty |
| 12 | nbproc 4 |
| 13 | daemon |
| 14 | |
| 15 | frontend test-proxy |
| 16 | bind 192.168.200.10:8080 |
| 17 | mode http |
| 18 | log global |
| 19 | option httplog |
| 20 | option dontlognull |
| 21 | option httpclose |
| 22 | option nolinger |
| 23 | option http_proxy |
| 24 | maxconn 8000 |
| 25 | clitimeout 30000 |
| 26 | |
| 27 | # layer3: Valid users |
| 28 | acl allow_host src 192.168.200.150/32 |
| 29 | block if !allow_host |
| 30 | |
| 31 | # layer7: prevent private network relaying |
| 32 | acl forbidden_dst url_ip 192.168.0.0/24 |
| 33 | acl forbidden_dst url_ip 172.16.0.0/12 |
| 34 | acl forbidden_dst url_ip 10.0.0.0/8 |
| 35 | block if forbidden_dst |
| 36 | |
| 37 | default_backend test-proxy-srv |
| 38 | |
| 39 | |
| 40 | backend test-proxy-srv |
| 41 | mode http |
| 42 | contimeout 5000 |
| 43 | srvtimeout 5000 |
| 44 | retries 2 |
| 45 | option nolinger |
| 46 | option http_proxy |
| 47 | |
| 48 | # layer7: Only GET method is valid |
| 49 | acl valid_method method GET |
| 50 | block if !valid_method |
| 51 | |
| 52 | # layer7: protect bad reply |
| 53 | rspdeny ^Content-Type:[\ ]*audio/mp3 |