# # BEGIN: waf-tail.cnf # # Internal network acl network_allowed src 172.16.0.0/12 # Internal traffic use_backend bk_web if network_allowed default_backend bk_waf # WAF farm where users' traffic is routed first backend bk_waf mode http server modsecurity dd-waf-apache:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none # Internal traffic passes through this backend backend bk_web mode http server bk_web dd-sso-haproxy:81 resolvers mydns init-addr 127.0.0.1 # Traffic secured by the WAF arrives here frontend ft_web bind :81 name http log global option httplog timeout client 25s maxconn 1000 # # END: waf-tail.cnf #