29 lines
617 B
Plaintext
29 lines
617 B
Plaintext
#
|
|
# BEGIN: waf-tail.cnf
|
|
#
|
|
# Internal traffic
|
|
use_backend bk_web if { src 172.16.0.0/12 }
|
|
|
|
default_backend bk_waf
|
|
|
|
# WAF farm where users' traffic is routed first
|
|
backend bk_waf
|
|
mode http
|
|
server modsecurity dd-waf-apache:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none
|
|
|
|
# Internal traffic passes through this backend
|
|
backend bk_web
|
|
mode http
|
|
server bk_web dd-sso-haproxy:81 resolvers mydns init-addr 127.0.0.1
|
|
|
|
# Traffic secured by the WAF arrives here
|
|
frontend ft_web
|
|
bind :81 name http
|
|
log global
|
|
option httplog
|
|
timeout client 25s
|
|
maxconn 1000
|
|
#
|
|
# END: waf-tail.cnf
|
|
#
|