Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 9ecee0fa362e84af30d9c6371c9810db9b0ffcb4 / . / examples / option-http_proxy.cfg
blob: 8b28f6760a41f7615ba34991413a42c141082d35 [file] [log] [blame]
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]1#
2# demo config for Proxy mode
3#
4
5global
6 maxconn 20000
7 ulimit-n 16384
8 log 127.0.0.1 local0
9 uid 200
10 gid 200
11 chroot /var/empty
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]12 daemon
13
14frontend test-proxy
15 bind 192.168.200.10:8080
16 mode http
17 log global
18 option httplog
19 option dontlognull
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]20 maxconn 8000
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]21 timeout client 30s
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]22
23 # layer3: Valid users
24 acl allow_host src 192.168.200.150/32
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]25 http-request deny if !allow_host
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]26
27 # layer7: prevent private network relaying
28 acl forbidden_dst url_ip 192.168.0.0/24
29 acl forbidden_dst url_ip 172.16.0.0/12
30 acl forbidden_dst url_ip 10.0.0.0/8
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]31 http-request deny if forbidden_dst
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]32
33 default_backend test-proxy-srv
34
35
36backend test-proxy-srv
37 mode http
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]38 timeout connect 5s
39 timeout server 5s
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]40 retries 2
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]41
42 # layer7: Only GET method is valid
43 acl valid_method method GET
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]44 http-request deny if !valid_method
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]45
Willy Tarreau25241232021-07-18 19:18:56 +0200[diff] [blame]46 # take IP address from URL's authority
47 # and drop scheme+authority from URI
48 http-request set-dst url_ip
49 http-request set-dst-port url_port
50 http-request set-uri %[pathq]
51 server next-hop 0.0.0.0
52
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]53 # layer7: protect bad reply
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]54 http-response deny if { res.hdr(content-type) audio/mp3 }