+++ /dev/null
-#
-# test tproxy
-
-#
-# ip a a 2.0.0.1/16 dev eth0
-# ip a a 1.0.0.1/16 dev eth1
-# ip li set eth1 up
-#
-# sudo rmmod -r iptable_tproxy
-# modprobe ip_conntrack hashsize=65536
-# modprobe iptable_tproxy hashsize=65536
-
-
-# or :
-# sudo insmod net/ipv4/netfilter/ip_conntrack.o hashsize=65536;sudo insmod net/ipv4/netfilter/iptable_nat.o;sudo insmod net/ipv4/netfilter/iptable_tproxy.o hashsize=65536
-
-
-# This is a test configuration.
-# It must load-balance across active servers. Check local apache logs to
-# verify :
-#
-# tail /var/log/apache/access_log
-
-
-global
- maxconn 10000
-
-listen sample1
- mode http
- option httplog
- option dontlognull
- retries 1
- redispatch
- contimeout 5000
- clitimeout 5000
- srvtimeout 5000
- maxconn 40000
- bind 1.0.0.1:8081
- balance roundrobin
- server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1 usesrc 1.0.0.3
- #server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1 usesrc client
- #server srv1 10.0.3.2:80 cookie s0 source 127.0.0.1 usesrc clientip
- #server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1 usesrc client check inter 1000
- option httpclose
- #errorloc 503 /503
-
-listen sample1
- mode http
- option httplog
- option dontlognull
- retries 1
- redispatch
- contimeout 5000
- clitimeout 5000
- srvtimeout 5000
- maxconn 40000
- bind 1.0.0.1:8082
- balance roundrobin
- server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1
- #server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1 usesrc client check inter 1000
- option httpclose
- #errorloc 503 /503
-
+++ /dev/null
-global
- log 127.0.0.1 local0
-# log 127.0.0.1 local1
- maxconn 4000
- ulimit-n 8000
- uid 0
- gid 0
-# chroot /tmp
-# nbproc 2
-# daemon
-# debug
-# quiet
-
-listen proxy1 0.0.0.0:8000
- mode http
-# source 127.0.0.2:0
-# log 127.0.0.1 local0
-# log 127.0.0.1 local1
- log global
- #mode tcp
- cookie SERVERID insert indirect
- balance roundrobin
- #dispatch 127.0.0.1:3130
- #dispatch 127.0.0.1:31300
- #dispatch 127.0.0.1:80
- #dispatch 127.0.0.1:22
- option httpchk
- server test 10.1.1.2:80 cookie cookie1 check inter 300
-# server nc 127.0.0.1:8080 cookie cookie1 check inter 300
-# server tuxlocal0 10.101.23.9:80 cookie cookie1 check
-# server tuxlocal1 127.0.0.1:80 cookie cookie1 check
-# server tuxlocal2 127.0.0.1:80 cookie cookie2 check
-# server tuxlocal3 127.0.0.1:80 cookie cookie3 check
-# server tuxlocal4 127.0.0.1:80 cookie cookie4 check
-# server vax 10.101.14.1:80 cookie cookie1 check
- #server tuxceleron 10.101.0.1:80 cookie cookie2 check
- #server telnet 127.0.0.1:23
- #server ssh 127.0.0.1:22
- #server local 127.0.0.1:3130 cookie cookie3 check
- #server ko 127.0.0.1:0 cookie cookie3 check
- #server local 127.0.0.1:8001 cookie cookie3 check
- #server local 127.0.0.1:3130
- #server celeron 10.101.0.1:80 cookie srv1
- #server celeron 10.101.0.1:31300
- #server local 10.101.23.9:31300
- contimeout 3000
- clitimeout 150000
- srvtimeout 150000
- maxconn 60000
- redispatch
- retries 3
- grace 3000
- #rsprep ^Server.* Server:\ IIS
- #rspdel ^Server.*
- #rspadd Set-Cookie:\ mycookie=0;\ path=/
- #rsprep ^(Date:\ )([^,]*)(,\ )(.*) LaDate\ est:\ \4\ (\2)
- # force connection:close
- #reqidel ^Connection:
- #rspidel ^Connection:
- #reqadd Connection:\ close
- #rspadd Connection:\ close
- # processing options
- #option keepalive
- option forwardfor
- option httplog
- option dontlognull
-# reqirep ^(Test:\ ) \0_toto_\1_toto
-# reqidel ^X-Forwarded-for:
-# reqirep ^(GET|POST)\ .* \0
-# reqirep ^(Host:|Connection:|User-agent:|Cookie:)\ .* \0
-# reqideny ^
-
-listen proxy1 0.0.0.0:8001
- mode http
- #mode tcp
- dispatch 127.0.0.1:80
- #dispatch 127.0.0.1:31300
- #dispatch 127.0.0.1:80
- #dispatch 127.0.0.1:22
- #server tuxlocal 127.0.0.1:80 cookie cookie1 check
- #server tuxceleron 10.101.0.1:80 cookie cookie2 check
- #server telnet 127.0.0.1:23
- #server ssh 127.0.0.1:22
- #server local 127.0.0.1:3130 cookie cookie3 check
- #server local 127.0.0.1:3130
- #server celeron 10.101.0.1:80 cookie srv1
- #server celeron 10.101.0.1:31300
- #server local 10.101.23.9:31300
- contimeout 3000
- clitimeout 150000
- srvtimeout 150000
- maxconn 60000
- redispatch
- retries 3
- grace 3000
- #rsprep ^Server.* Server:\ IIS
- #rspdel ^Server.*
- rspadd Set-Cookie:\ SERVERID=12345678;\ path=/
- #rsprep ^(Date:\ )([^,]*)(,\ )(.*) LaDate\ est:\ \4\ (\2)
-
-listen proxy1 0.0.0.0:3128
- disabled
- mode http
- cookie SERVERID insert indirect
- #dispatch 127.0.0.1:8080
- server srv1 127.0.0.1:8080
- #server srv2 192.168.12.3:8080
- contimeout 3000
- clitimeout 450000
- srvtimeout 450000
- maxconn 60000
- redispatch
- retries 3
- grace 3000
- rspdel ^Via:.*
- monitor-net 192.168.12.252/30
-
-
-listen proxy2 0.0.0.0:3129
- disabled
- mode http
- transparent
-# dispatch 127.0.0.1:80
- contimeout 3000
- clitimeout 150000
- srvtimeout 150000
- maxconn 60000
- retries 3
- grace 3000
-
-# log 10.101.11.1 local1
-# log 10.101.11.1 local2
-
-# cliexp ^(.*ASPSESSIONID.*=)(.*) \1FENICGGCBECLFFEEOAEAIFGF
-# cliexp ^(GET.*)(.free.fr)(.*) \1.online.fr\3
-# cliexp ^(POST.*)(.free.fr)(.*) \1.online.fr\3
-# cliexp ^Proxy-Connection:.* Proxy-Connection:\ close
-# srvexp ^(Location:\ )([^:]*://[^/]*)(.*) \1\3
-
-listen health 0.0.0.0:3130
- mode health
- clitimeout 1500
- srvtimeout 1500
- maxconn 6000
- grace 0
-
-
-listen health 0.0.0.0:31300
- mode health
- option httpchk
- clitimeout 1500
- srvtimeout 1500
- maxconn 6000
- grace 0
+++ /dev/null
-# this config needs haproxy-1.1.28 or haproxy-1.2.1
-
-global
- log 127.0.0.1 local0
- log 127.0.0.1 local1 notice
- #log loghost local0 info
- maxconn 4096
- chroot /usr/share/haproxy
- uid 99
- gid 99
- daemon
- #debug
- #quiet
-
-defaults
- log global
- mode http
- option httplog
- option dontlognull
- retries 3
- redispatch
- maxconn 2000
- contimeout 5000
- clitimeout 50000
- srvtimeout 50000
-
-listen appli1-rewrite 0.0.0.0:10001
- cookie SERVERID rewrite
- balance roundrobin
- server app1_1 192.168.34.23:8080 cookie app1inst1 check inter 2000 rise 2 fall 5
- server app1_2 192.168.34.32:8080 cookie app1inst2 check inter 2000 rise 2 fall 5
- server app1_3 192.168.34.27:8080 cookie app1inst3 check inter 2000 rise 2 fall 5
- server app1_4 192.168.34.42:8080 cookie app1inst4 check inter 2000 rise 2 fall 5
-
-listen appli2-insert 0.0.0.0:10002
- option httpchk
- balance roundrobin
- cookie SERVERID insert indirect nocache
- server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3
- server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
- capture cookie vgnvisitor= len 32
-
- option httpclose # disable keep-alive
- rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address
-
-listen appli3-relais 0.0.0.0:10003
- dispatch 192.168.135.17:80
-
-listen appli4-backup 0.0.0.0:10004
- option httpchk /index.html
- option persist
- balance roundrobin
- server inst1 192.168.114.56:80 check inter 2000 fall 3
- server inst2 192.168.114.56:81 check inter 2000 fall 3 backup
-
-listen ssl-relay 0.0.0.0:8443
- option ssl-hello-chk
- balance source
- server inst1 192.168.110.56:443 check inter 2000 fall 3
- server inst2 192.168.110.57:443 check inter 2000 fall 3
- server back1 192.168.120.58:443 backup
-
-listen appli5-backup 0.0.0.0:10005
- option httpchk *
- balance roundrobin
- cookie SERVERID insert indirect nocache
- server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3
- server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
- server inst3 192.168.114.57:80 backup check inter 2000 fall 3
- capture cookie ASPSESSION len 32
- srvtimeout 20000
-
- option httpclose # disable keep-alive
- option checkcache # block response if set-cookie & cacheable
-
- rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address
-
- errorloc 502 http://192.168.114.58/error502.html
- errorfile 503 /etc/haproxy/errors/503.http
-
+++ /dev/null
-# This configuration is an example of how to use connection tarpitting based
-# on invalid requests.
-
-global
- daemon
- log 127.0.0.1 local0
-
-listen frontend 0.0.0.0:80
- mode http
- option httplog
- log global
- maxconn 10000
-
- # do not log requests with no data
- option dontlognull
-
- # log as soon as the server starts to respond, an do not wait for the
- # end of the data transfer.
- option logasap
-
- # disable keep-alive
- option httpclose
-
- # load balancing mode set to round-robin
- balance roundrobin
-
- # the maxconn 150 below means 150 connections maximum will be used
- # on apache, the remaining ones will be queued.
- server apache1 127.0.0.1:80 maxconn 150
-
- # use short timeouts for client and server
- clitimeout 20000
- srvtimeout 20000
-
- # the connect timeout should be large because it will also be used
- # to define the queue timeout and the tarpit timeout. It generally
- # is a good idea to set it to the same value as both above, and it
- # will improve performance when dealing with thousands of connections.
- contimeout 20000
-
- # retry only once when a valid connection fails because the server
- # is overloaded.
- retries 1
-
- # You might want to enable this option if the attacks start
- # targetting valid URLs.
- # option abortonclose
-
- # not needed anymore.
- #capture request header X-Forwarded-For len 15
-
- # and add a new 'X-Forwarded-For: IP'
- option forwardfor
-
- # how to access the status reporting web interface
- stats uri /stat
- stats auth stat:stat
-
- # Request header and URI processing begins here.
-
- # rename the 'X-Forwarded-For:' header as 'X-Forwarded-For2:'
- reqirep ^(X-Forwarded-For:)(.*) X-Forwarded-For2:\2
-
- #### Now check the URI for requests we want to tarpit ###
- # We do not analyze headers, we just focus on the request
- reqpass ^[^:\ ]*:
-
- # Tarpit those URIs for any method
- reqtarpit ^[^:\ ]*\ /invalid_req1
- reqtarpit ^[^:\ ]*\ /cgi-bin/.*\.pl\?
- reqitarpit ^[^:\ ]*\ /.*\.(dll|exe|asp)
-
+++ /dev/null
-#
-# This configuration can be used as an example of how URL-switching may be
-# implemented with current haproxy versions.
-#
-# Right now (version 1.2), haproxy can only select a server based on the cookie
-# provided by the client. While this may sound limitated, it is yet possible to
-# combine this feature to rewrites to provide full URL-switching capabilities.
-#
-# For this, we have to chain 3 levels :
-# - front-end : will match the expected URIs and assign a cookie accordingly ;
-# it uses regexps and could match on anything else (Host:,
-# cookies, ...)
-# - switch : will select a back-end depending on the cookie above
-# - back-ends : will perform the load balancing between multiple servers for
-# the same group. Note that this level can be omitted if there
-# is only one server for each backend.
-#
-# Logging is performed at the lower level (back-ends) so that local server
-# problems can be identified quickly with the timers. The client's IP is
-# propagated in the X-Forwarded-For: header.
-#
-
-global
- daemon
- maxconn 6000 # warning: this has to be 3 times the expected value!
- log 192.168.0.1 local0
-
-defaults
- mode http
- balance roundrobin
- option dontlognull
- option httpclose
- retries 1
- redispatch
- maxconn 2000
- contimeout 5000
- clitimeout 50000
- srvtimeout 50000
-
-#
-# This is the instance the client connects to.
-#
-listen frontend 10.20.30.40:80
- option forwardfor # add 'X-Forwarded-For: IP'
-
- # remove an eventual 'backend' cookie the client might have sent
- reqidel ^Cookie:\ backend=
-
- # add cookie 'backend=2' for any HTTP method followed by
- # '/img' only or '/img/' followed by anything.
- reqirep ^[^:\ ]*\ /img[/\ ].* \0\nCookie:\ backend=2
-
- # add cookie 'backend=3' for any HTTP method followed by
- # '/home' only or '/home/' followed by anything.
- reqirep ^[^:\ ]*\ /home[/\ ].* \0\nCookie:\ backend=3
-
- # send everything to next stage
- server switch 127.0.0.2:8000
-
-
-#
-# This instance is only seen by the 'frontend' instance above. It receives all
-# of its traffic.
-#
-listen switch 127.0.0.2:8000
- # cookie name 'backend' inserted by the 'frontend' instance above
- cookie backend
-
- # default server 'backend1' gets the default traffic.
- server backend1 127.0.0.3:8001
-
- # those servers get traffic only if their cookie is present because
- # they are tagged 'backup'.
- server backend2 127.0.0.3:8002 cookie 2 backup
- server backend3 127.0.0.3:8003 cookie 3 backup
-
-#
-# Backend 1 for dynamic contents.
-# It is made of 4 apache servers which we can test thanks to a CGI script.
-#
-listen backend1 127.0.0.3:8001
- log global
- option httplog
- capture request header X-Forwarded-For len 15
- option httpchk /cgi-bin/testhost.pl
- server apache1 192.168.1.1:80 maxconn 100 check inter 2000 fall 3
- server apache2 192.168.1.2:80 maxconn 100 check inter 2000 fall 3
- server apache3 192.168.1.3:80 maxconn 100 check inter 2000 fall 3
- server apache4 192.168.1.4:80 maxconn 100 check inter 2000 fall 3
-
-#
-# backend 2 for images (/img).
-# It is made of 3 Tux servers which we test by requesting the /img/logo.png
-# file which should be present when file-systems are mounted.
-#
-listen backend2 127.0.0.3:8002
- log global
- option httplog
- capture request header X-Forwarded-For len 15
- option httpchk /img/logo.png
- server tux5 192.168.1.5:80 check inter 2000 fall 3
- server tux6 192.168.1.6:80 check inter 2000 fall 3
- server tux7 192.168.1.7:80 check inter 2000 fall 3
-
-#
-# backend 3 for home directories (/home). These are the same machines as for
-# dynamic content, except that a different server is bound to another port.
-# We test the service by checking that the file "/home/webmaster/started"
-# exists.
-#
-listen backend3 127.0.0.3:8003
- log global
- option httplog
- capture request header X-Forwarded-For len 15
- option httpchk /home/webmaster/started
- server light1 192.168.1.1:8080 check inter 2000 fall 3
- server light2 192.168.1.2:8080 check inter 2000 fall 3
- server light3 192.168.1.3:8080 check inter 2000 fall 3
- server light4 192.168.1.4:8080 check inter 2000 fall 3
-
projects / thirdparty / haproxy.git / commitdiff
