digitaldemocratic/dd-sso/docker/haproxy/haproxy.cnf.parts/tail-waf.cnf

32 lines
673 B
Plaintext

#
# BEGIN: waf-tail.cnf
#
# Internal network
acl network_allowed src 172.16.0.0/12
# Internal traffic
use_backend bk_web if network_allowed
default_backend bk_waf
# WAF farm where users' traffic is routed first
backend bk_waf
mode http
server modsecurity dd-waf-apache:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none
# Internal traffic passes through this backend
backend bk_web
mode http
server bk_web dd-sso-haproxy:81 resolvers mydns init-addr 127.0.0.1
# Traffic secured by the WAF arrives here
frontend ft_web
bind :81 name http
log global
option httplog
timeout client 25s
maxconn 1000
#
# END: waf-tail.cnf
#