#
# BEGIN: web-head.cnf
#
  mode http

  # http-request directives must happen here

  http-request del-header ssl_client_cert unless { ssl_fc_has_crt }
  http-request set-header ssl_client_cert -----BEGIN\ CERTIFICATE-----\ %[ssl_c_der,base64]\ -----END\ CERTIFICATE-----\  if { ssl_fc_has_crt }
  acl is_upgrade hdr(Connection) -i upgrade
  acl is_websocket hdr(Upgrade) -i websocket

  acl is_nextcloud hdr_beg(host) nextcloud.
  acl is_moodle hdr_beg(host) moodle. !path_beg -i /local/tresipuntimportgc/
  acl is_moodle_long hdr_beg(host) moodle.  path_beg -i /local/tresipuntimportgc/
  acl is_oof hdr_beg(host) oof.
  acl is_wp hdr_sub(host) .wp.
  acl is_wp hdr_beg(host) wp.
  acl is_pad hdr_beg(host) pad.
  acl is_sso hdr_beg(host) sso.
  acl is_api hdr_beg(host) api.
  acl is_admin hdr_beg(host) admin.

  acl is_root path -i /
  http-request deny if is_pad is_root

  http-request redirect code 301 location https://moodle."${DOMAIN}" if { hdr(host) -i "${DOMAIN}" }

#
# END: web-head.cnf
#