Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / b2f06ccdd507620b91c5fa5451ccf4d8a71451ac / . / examples / option-http_proxy.cfg
blob: ddc409b93bd6a548c6eaa4d3e848a277219d79cd [file] [log] [blame]
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]1#
2# demo config for Proxy mode
3#
4
5global
6 maxconn 20000
7 ulimit-n 16384
8 log 127.0.0.1 local0
9 uid 200
10 gid 200
11 chroot /var/empty
12 nbproc 4
13 daemon
14
15frontend test-proxy
16 bind 192.168.200.10:8080
17 mode http
18 log global
19 option httplog
20 option dontlognull
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]21 option nolinger
22 option http_proxy
23 maxconn 8000
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]24 timeout client 30s
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]25
26 # layer3: Valid users
27 acl allow_host src 192.168.200.150/32
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]28 http-request deny if !allow_host
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]29
30 # layer7: prevent private network relaying
31 acl forbidden_dst url_ip 192.168.0.0/24
32 acl forbidden_dst url_ip 172.16.0.0/12
33 acl forbidden_dst url_ip 10.0.0.0/8
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]34 http-request deny if forbidden_dst
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]35
36 default_backend test-proxy-srv
37
38
39backend test-proxy-srv
40 mode http
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]41 timeout connect 5s
42 timeout server 5s
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]43 retries 2
44 option nolinger
45 option http_proxy
46
47 # layer7: Only GET method is valid
48 acl valid_method method GET
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]49 http-request deny if !valid_method
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]50
51 # layer7: protect bad reply
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]52 http-response deny if { res.hdr(content-type) audio/mp3 }