From: Willy Tarreau <w@1wt.eu>
Date: Mon, 30 May 2022 16:14:24 +0000 (+0200)
Subject: EXAMPLES: remove completely outdated acl-content-sw.cfg
X-Git-Tag: v2.6.0~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc01730d26a970cbabf4087ac54fb5c7843a89ea;p=thirdparty%2Fhaproxy.git

EXAMPLES: remove completely outdated acl-content-sw.cfg

This config probably last worked on 1.3, maybe 1.4, but it uses too
many obsolete statements and it silently errors because of the "quiet"
directive, which adds to the confusion. Let's remove it.
---

diff --git a/examples/acl-content-sw.cfg b/examples/acl-content-sw.cfg
deleted file mode 100644
index 1872789ac2..0000000000
--- a/examples/acl-content-sw.cfg
+++ /dev/null
@@ -1,130 +0,0 @@
-# This sample configuration makes extensive use of the ACLs. It requires
-# HAProxy version 1.3.12 minimum.
-
-global
-	log	   loghost   local0
-	log	   localhost local0 err
-	maxconn	   250
-	uid	   71
-	gid	   71
-	chroot	   /var/empty
-	pidfile	   /var/run/haproxy.pid
-	daemon
-	quiet
-
-frontend http-in
-	bind       :80
-	mode       http
-	log        global
-	clitimeout 30000
-	option     httplog
-	option     dontlognull
-	#option    logasap
-	option     httpclose
-	maxconn    100
-
-	capture request  header Host           len 20
-	capture request  header User-Agent     len 16
-	capture request  header Content-Length len 10
-	capture request  header Referer        len 20
-	capture response header Content-Length len 10
-
-	# block any unwanted source IP addresses or networks
-	acl forbidden_src src      0.0.0.0/7 224.0.0.0/3
-	acl forbidden_src src_port 0:1023
-	block if forbidden_src
-
-	# block requests beginning with http:// on wrong domains
-	acl dangerous_pfx  url_beg -i  http://
-	acl valid_pfx      url_reg -i ^http://[^/]*1wt\.eu/
-	block if dangerous_pfx !valid_pfx
-
-	# block apache chunk exploit, ...
-	acl forbidden_hdrs hdr_sub(transfer-encoding) -i chunked
-	acl forbidden_hdrs hdr_beg(host)              -i apache- localhost
-
-	# ... some HTTP content smugling and other various things
-	acl forbidden_hdrs hdr_cnt(host) gt 1
-	acl forbidden_hdrs hdr_cnt(content-length) gt 1
-	acl forbidden_hdrs hdr_val(content-length) lt 0
-	acl forbidden_hdrs hdr_cnt(proxy-authorization) gt 0
-	block if forbidden_hdrs
-
-	# block annoying worms that fill the logs...
-	acl forbidden_uris url_reg -i .*(\.|%2e)(\.|%2e)(%2f|%5c|/|\\\\)
-	acl forbidden_uris url_sub -i %00 <script xmlrpc.php
-	acl forbidden_uris path_end -i /root.exe /cmd.exe /default.ida /awstats.pl .asp .dll
-
-	# block other common attacks (awstats, manual discovery...)
-	acl forbidden_uris path_dir -i chat main.php read_dump.php viewtopic.php phpbb sumthin horde _vti_bin MSOffice
-	acl forbidden_uris url_reg -i (\.php\?temppath=|\.php\?setmodules=|[=:]http://)
-	block if forbidden_uris
-
-	# we rewrite the "options" request so that it only tries '*', and we
-	# only report GET, HEAD, POST and OPTIONS as valid methods
-	reqirep		^OPTIONS\ /.*HTTP/1\.[01]$ OPTIONS\ \\*\ HTTP/1.0
-	rspirep		^Allow:\ .* Allow:\ GET,\ HEAD,\ POST,\ OPTIONS
-
-	acl host_demo   hdr_beg(host) -i demo.
-	acl host_www2   hdr_beg(host) -i www2.
-
-	use_backend	demo   if host_demo
-	use_backend	www2   if host_www2
-	default_backend	www
-
-backend www
-	mode	http
-	source	192.168.21.2:0
-	balance roundrobin
-	cookie SERVERID
-	server www1 192.168.12.2:80 check inter 30000 rise 2 fall 3 maxconn 10
-	server back 192.168.11.2:80 check inter 30000 rise 2 fall 5 backup cookie back maxconn 8
-
-	# long timeout to support connection queueing
-	contimeout	20000
-	srvtimeout	20000
-	fullconn 100
-	redispatch
-	retries	3
-
-	option httpchk HEAD /
-	option forwardfor
-	option checkcache
-	option httpclose
-
-	# allow other syntactically valid requests, and block any other method
-        acl valid_method method GET HEAD POST OPTIONS
-        block if !valid_method
-        block if HTTP_URL_STAR !METH_OPTIONS
-        block if !HTTP_URL_SLASH !HTTP_URL_STAR !HTTP_URL_ABS
-
-	# remove unnecessary precisions on the server version. Let's say
-	# it's an apache under Unix on the Formilux Distro.
-	rspidel		^Server:\ 
-	rspadd		Server:\ Apache\ (Unix;\ Formilux/0.1.8)
-
-defaults non_standard_bck
-	mode	http
-	source	192.168.21.2:0
-	option forwardfor
-	option httpclose
-	balance roundrobin
-	fullconn 100
-	contimeout	20000
-	srvtimeout	20000
-	retries	2
-
-backend www2
-	server www2 192.168.22.2:80 maxconn 10
-
-# end of defaults
-defaults none
-
-backend demo
-	mode http
-	balance roundrobin
-	stats enable
-	stats uri /
-	stats scope http-in
-	stats scope www
-	stats scope demo