2022-11-23 20:10:13 +01:00
|
|
|
#
|
|
|
|
# BEGIN: waf-tail.cnf
|
|
|
|
#
|
2022-12-01 11:49:56 +01:00
|
|
|
# Internal network
|
|
|
|
acl network_allowed src 172.16.0.0/12
|
|
|
|
|
2022-11-23 20:10:13 +01:00
|
|
|
# Internal traffic
|
2022-12-01 11:49:56 +01:00
|
|
|
use_backend bk_web if network_allowed
|
2022-11-23 20:10:13 +01:00
|
|
|
|
|
|
|
default_backend bk_waf
|
|
|
|
|
|
|
|
# WAF farm where users' traffic is routed first
|
|
|
|
backend bk_waf
|
|
|
|
mode http
|
|
|
|
server modsecurity dd-waf-apache:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none
|
|
|
|
|
|
|
|
# Internal traffic passes through this backend
|
|
|
|
backend bk_web
|
|
|
|
mode http
|
|
|
|
server bk_web dd-sso-haproxy:81 resolvers mydns init-addr 127.0.0.1
|
|
|
|
|
|
|
|
# Traffic secured by the WAF arrives here
|
|
|
|
frontend ft_web
|
|
|
|
bind :81 name http
|
|
|
|
log global
|
|
|
|
option httplog
|
|
|
|
timeout client 25s
|
|
|
|
maxconn 1000
|
|
|
|
#
|
|
|
|
# END: waf-tail.cnf
|
|
|
|
#
|