digitaldemocratic/dd-sso/docker/haproxy/haproxy.cnf.parts/defaults-waf.cnf

#
# BEGIN: defaults-waf.cnf
#
defaults
  mode http
  option http-server-close
  option dontlognull
  option redispatch
  # Since ulimit -n (-H) is patched in container
  # HAProxy is supposed to adjust this value accordingly
  # maxconn 2000
  option tcpka  # For the backends
  option h1-case-adjust-bogus-client
  timeout connect 5s  # non-waf has 120s
  # Slowloris protection
  timeout http-request 15s
  # By setting timeout http-request these values are shadowed?
  # timeout client 120s
  # timeout client-fin 120s
  # timeout server 120s
  # timeout tunnel 2h
  timeout queue 30s
  timeout tarpit 1m  # tarpit hold time
  backlog 8192  # Less or equal power of 2 is used
#
# END: defaults-waf.cnf
#
[WAF] Consolidate proxies and documentation The environment / dd.conf variables: PROXY_PROTOCOL and DISABLE_WAF determine how DD and HAProxy will behave. - PROXY_PROTOCOL: whether or not the PROXY protocol will be accepted - DISABLE_WAF: whether or not WAF will be enabled This simplifies maintenance, as well as the overall architecture and operation. While at it, we now publish images for DD's HAProxy as well. 2022-11-23 20:10:13 +01:00			`#`
			`# BEGIN: defaults-waf.cnf`
			`#`
			`defaults`
			`mode http`
			`option http-server-close`
			`option dontlognull`
			`option redispatch`
			`# Since ulimit -n (-H) is patched in container`
			`# HAProxy is supposed to adjust this value accordingly`
			`# maxconn 2000`
			`option tcpka # For the backends`
			`option h1-case-adjust-bogus-client`
			`timeout connect 5s # non-waf has 120s`
			`# Slowloris protection`
			`timeout http-request 15s`
			`# By setting timeout http-request these values are shadowed?`
			`# timeout client 120s`
			`# timeout client-fin 120s`
			`# timeout server 120s`
			`# timeout tunnel 2h`
			`timeout queue 30s`
			`timeout tarpit 1m # tarpit hold time`
			`backlog 8192 # Less or equal power of 2 is used`
			`#`
			`# END: defaults-waf.cnf`
			`#`