Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Browse Source

Update the default relayd.conf with the new filtering grammar. 

OK benno@
OPENBSD_5_6
reyk 10 years ago
parent
ebec654dde
commit
7c7cb59da8
1 changed files with 19 additions and 15 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +19
    -15
      src/etc/relayd.conf

+ 19
- 15
src/etc/relayd.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: relayd.conf,v 1.14 2011/04/07 13:33:52 reyk Exp $
# $OpenBSD: relayd.conf,v 1.15 2014/07/09 16:43:30 reyk Exp $
#
# Macros
#
@ -27,7 +27,7 @@ redirect www {
listen on $ext_addr port http interface trunk0
# tag every packet that goes thru the rdr rule with RELAYD
tag RELAYD
pftag RELAYD
forward to <webhosts> check http "/" code 200
forward to <fallback> check icmp
@ -37,9 +37,10 @@ redirect www {
# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
#
http protocol httpssl {
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Connection" to "close"
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match request header set "Connection" value "close"
# Various TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
@ -83,20 +84,23 @@ http protocol httpfilter {
return error
# Block disallowed sites
label "URL filtered!"
request url filter "www.example.com/"
match request label "URL filtered!"
block request quick url "www.example.com/" value "*"
# Block disallowed browsers
label "Please try a <em>different Browser</em>"
header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent"
match request label "Please try a <em>different Browser</em>"
block request quick header "User-Agent" \
value "Mozilla/4.0 (compatible; MSIE *"
# Block some well-known Instant Messengers
label "Instant messenger disallowed!"
response header filter "application/x-msn-messenger" from "Content-Type"
response header filter "app/x-hotbar-xip20" from "Content-Type"
response header filter "application/x-icq" from "Content-Type"
response header filter "AIM/HTTP" from "Content-Type"
response header filter "application/x-comet-log" from "Content-Type"
match request label "Instant messenger disallowed!"
block response quick header "Content-Type" \
value "application/x-msn-messenger"
block response quick header "Content-Type" value "app/x-hotbar-xip20"
block response quick header "Content-Type" value "application/x-icq"
block response quick header "Content-Type" value "AIM/HTTP"
block response quick header "Content-Type" \
value "application/x-comet-log"
}
relay httpproxy {


Write Preview
Loading…
Cancel
Save