version 1.14, 2011/04/07 13:33:52 |
version 1.15, 2014/07/09 16:43:30 |
|
|
listen on $ext_addr port http interface trunk0 |
listen on $ext_addr port http interface trunk0 |
|
|
# tag every packet that goes thru the rdr rule with RELAYD |
# tag every packet that goes thru the rdr rule with RELAYD |
tag RELAYD |
pftag RELAYD |
|
|
forward to <webhosts> check http "/" code 200 |
forward to <webhosts> check http "/" code 200 |
forward to <fallback> check icmp |
forward to <fallback> check icmp |
|
|
# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration |
# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration |
# |
# |
http protocol httpssl { |
http protocol httpssl { |
header append "$REMOTE_ADDR" to "X-Forwarded-For" |
match request header append "X-Forwarded-For" value "$REMOTE_ADDR" |
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" |
match request header append "X-Forwarded-By" \ |
header change "Connection" to "close" |
value "$SERVER_ADDR:$SERVER_PORT" |
|
match request header set "Connection" value "close" |
|
|
# Various TCP performance options |
# Various TCP performance options |
tcp { nodelay, sack, socket buffer 65536, backlog 128 } |
tcp { nodelay, sack, socket buffer 65536, backlog 128 } |
|
|
return error |
return error |
|
|
# Block disallowed sites |
# Block disallowed sites |
label "URL filtered!" |
match request label "URL filtered!" |
request url filter "www.example.com/" |
block request quick url "www.example.com/" value "*" |
|
|
# Block disallowed browsers |
# Block disallowed browsers |
label "Please try a <em>different Browser</em>" |
match request label "Please try a <em>different Browser</em>" |
header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent" |
block request quick header "User-Agent" \ |
|
value "Mozilla/4.0 (compatible; MSIE *" |
|
|
# Block some well-known Instant Messengers |
# Block some well-known Instant Messengers |
label "Instant messenger disallowed!" |
match request label "Instant messenger disallowed!" |
response header filter "application/x-msn-messenger" from "Content-Type" |
block response quick header "Content-Type" \ |
response header filter "app/x-hotbar-xip20" from "Content-Type" |
value "application/x-msn-messenger" |
response header filter "application/x-icq" from "Content-Type" |
block response quick header "Content-Type" value "app/x-hotbar-xip20" |
response header filter "AIM/HTTP" from "Content-Type" |
block response quick header "Content-Type" value "application/x-icq" |
response header filter "application/x-comet-log" from "Content-Type" |
block response quick header "Content-Type" value "AIM/HTTP" |
|
block response quick header "Content-Type" \ |
|
value "application/x-comet-log" |
} |
} |
|
|
relay httpproxy { |
relay httpproxy { |