Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / bda7c1decd9248ceee1d0b4096566107273b0ab9 / . / examples / option-http_proxy.cfg
blob: 117532f5120c01165fa1f8db03c9a3fbb3edab8a [file] [log] [blame]
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]1#
2# demo config for Proxy mode
3#
4
5global
6 maxconn 20000
7 ulimit-n 16384
8 log 127.0.0.1 local0
9 uid 200
10 gid 200
11 chroot /var/empty
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]12 daemon
13
14frontend test-proxy
15 bind 192.168.200.10:8080
16 mode http
17 log global
18 option httplog
19 option dontlognull
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]20 option nolinger
21 option http_proxy
22 maxconn 8000
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]23 timeout client 30s
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]24
25 # layer3: Valid users
26 acl allow_host src 192.168.200.150/32
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]27 http-request deny if !allow_host
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]28
29 # layer7: prevent private network relaying
30 acl forbidden_dst url_ip 192.168.0.0/24
31 acl forbidden_dst url_ip 172.16.0.0/12
32 acl forbidden_dst url_ip 10.0.0.0/8
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]33 http-request deny if forbidden_dst
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]34
35 default_backend test-proxy-srv
36
37
38backend test-proxy-srv
39 mode http
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]40 timeout connect 5s
41 timeout server 5s
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]42 retries 2
43 option nolinger
44 option http_proxy
45
46 # layer7: Only GET method is valid
47 acl valid_method method GET
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]48 http-request deny if !valid_method
Alexandre Cassen5eb1a902007-11-29 15:43:32 +0100[diff] [blame]49
50 # layer7: protect bad reply
Willy Tarreau05d50d02015-10-13 15:43:39 +0200[diff] [blame]51 http-response deny if { res.hdr(content-type) audio/mp3 }