blob: 5857464ecd3f7f7fd11c474cb20feca6e862056e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
interval 30
timeout 10000
prefork 5
log updates
EXT_IF = 83.150.2.48
table <euroweb> { euroweb.lan }
table <euroserver> { euroserver.lan }
http protocol "http_protocol" {
return error
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
match request header set "Connection" value "close"
match request header set "Keep-Alive" value "$TIMEOUT"
match response header set "Server" value "None of your business"
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
match request tag disallowed_host
match request quick header "Host" value "www.maschezuoz.ch" \
forward to <euroweb> no tag
match request quick header "Host" value "www-joomla.maschezuoz.ch" \
forward to <euroweb> no tag
match request quick header "Host" value "maschezuoz.ch" \
forward to <euroweb> no tag
match request quick header "Host" value "www.andreasbaumann.cc" \
forward to <euroweb> no tag
match request quick header "Host" value "andreasbaumann.cc" \
forward to <euroweb> no tag
match request quick header "Host" value "git.andreasbaumann.cc" \
forward to <euroweb> no tag
match request quick header "Host" value "webmail.andreasbaumann.cc" \
forward to <euroweb> no tag
match request quick header "Host" value "blog.andreasbaumann.cc" \
forward to <euroweb> no tag
match request quick header "Host" value "cloud.andreasbaumann.cc" \
forward to <euroweb> no tag
match request quick header "Host" value "mon.andreasbaumann.cc" \
forward to <euroserver> no tag
block request tagged disallowed_host label "BAD host"
}
http protocol "https_protocol" {
return error
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
match request header set "Connection" value "close"
match request header set "Keep-Alive" value "$TIMEOUT"
match response header set "Server" value "None of your business"
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
# tls ca key "/etc/ssl/private/webmail.andreasbaumann.cc.key" password ""
# tls ca cert "/etc/ssl/webmail.andreasbaumann.cc.crt"
# tls ca file "/etc/ssl/webmail.andreasbaumann.cc.intermediate.crt"
}
relay http_relay {
listen on $EXT_IF port 80
protocol http_protocol
forward to <euroweb> port 80
forward to <euroserver> port 80
}
relay https_relay {
listen on $EXT_IF port 443 tls
protocol https_protocol
forward with tls to <euroweb> port 443
}
|