| Building The Network You Need With PF, The OpenBSD Packet Filter: BSDCan 2016, Ottawa, Canada, June 8th 2016 | ||
|---|---|---|
| Prev | Next | |
load balances TLS services
http protocol "https" {
match header append "X-Forwarded-For" value "$REMOTE_ADDR"
match header append "X-Forwarded-By" value "$REMOTE_ADDR:$SERVER_PORT"
match header set "Keep-Alive" value "$TIMEOUT"
match query hash "sessid"
match hash "sessid"
pass
block path "/cgi-bin/index.cgi" value "*command=*"
tls { no tlsv1.0, ciphers "HIGH" }
}
relay "tlsaccel" {
listen on www.example.com port 443 tls
protocol "https"
forward to <phphosts> port 8080 mode loadbalance check tcp
}Pre-OpenBSD 5.7:
http protocol "httpssl" {
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Keep-Alive" to "$TIMEOUT"
query hash "sessid"
cookie hash "sessid"
path filter "*command=*" from "/cgi-bin/index.cgi"
ssl { sslv2, ciphers "MEDIUM:HIGH" }
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
}
relay wwwssl {
# Run as a SSL accelerator
listen on $webserver port 443 ssl
protocol "httpssl"
table <webhosts> loadbalance check ssl
}
Also see relayd-dsr