[sslproxy]
# Global configuration.
-recv_endpoint = "10.144.169.70:33333"
-target_endpoint = "10.144.169.70:11111"
+recv_endpoint = "0.0.0.0:443"
+target_endpoint = "208.77.188.166:80"
num_thread = 10
timeout_sec = 30
private_key_passwd_dir = "/etc/l7vs/sslproxy/"
private_key_passwd_file = "passwd.txt"
verify_options = "SSL_VERIFY_NONE"
-verify_options = "SSL_VERIFY_PEER"
-verify_options = "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"
+#verify_options = "SSL_VERIFY_PEER"
+#verify_options = "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"
#verify_options = "SSL_VERIFY_CLIENT_ONCE"
verify_cert_depth = 9
#ssl_options = "SSL_OP_MICROSOFT_SESS_ID_BUG"
#ssl_options = "SSL_OP_COOKIE_EXCHANGE"
#ssl_options = "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION"
#ssl_options = "SSL_OP_SINGLE_ECDH_USE"
-ssl_options = "SSL_OP_SINGLE_DH_USE"
+#ssl_options = "SSL_OP_SINGLE_DH_USE"
#ssl_options = "SSL_OP_EPHEMERAL_RSA"
#ssl_options = "SSL_OP_CIPHER_SERVER_PREFERENCE"
#ssl_options = "SSL_OP_TLS_ROLLBACK_BUG"
#ssl_options = "SSL_OP_PKCS1_CHECK_2"
#ssl_options = "SSL_OP_NETSCAPE_CA_DN_BUG"
#ssl_options = "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG"
-tmp_dh_dir = "/etc/l7vs/sslproxy/"
-tmp_dh_file = "dh512.pem"
+#tmp_dh_dir = "/etc/l7vs/sslproxy/"
+#tmp_dh_file = "dh512.pem"
cipher_list = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
# SSL session cache configuration.
session_cache_size = 20480
session_cache_timeout = 300
+# Packet edit configuration.
+# http_request_header: Edit HTTP client request header message.
+# http_response_header: Edit HTTP server response header message.
+# Format: "mode:header-field-name[:header-field-value[:replace-value]]
+# Mode: 'set', 'unset', 'add' or 'replace'
+# Macro: %{CLIENT_ADDR} -> client IP address
+# %{CLIENT_PORT} -> client port number
+# %{SERVER_ADDR} -> server IP address
+# %{SERVER_PORT} -> server port number
+# %{RECV_ADDR} -> sslproxy IP address
+# %{RECV_PORT} -> sslproxy port number
+# Example: Insert or overwrite "X-Forwarded-Proto: https"
+#http_request_header = "set:X-Forwarded-Proto:https"
+# Example: Change Host to real address
+#http_request_header = "set:Host:%{SERVER_ADDR}:%{SERVER_PORT}"
+# Example: Remove "Cookie" field
+#http_request_header = "unset:Cookie"
+# Example: Add "X-Forwarded-For: old-value,new-value"
+# or insert "X-Forwarded-For: new-value"
+#http_request_header = "add:X-Forwarded-For:%{CLIENT_ADDR}"
+# Example: Add or insert "Via"
+#http_request_header = "add:Via:HTTP/1.1 myserver (sslproxy/1.0)"
+# Example: Replace keep-alive to close
+#http_request_header = "replace:Connection:keep-alive:close"
+# Example: Replace MSIE User-Agent to Firefox (regex)
+#http_request_header = "replace:User-Agent:^.*MSIE.*$:Mozilla/5.0 (Windows; U; Windows NT 5.1) Firefox/3.0.0"
+# Example: Add "Set-Cookie"
+#http_response_header = "add:Set-Cookie:sslproxy=on; path=/; secure"
+# Example: Remove "Server"
+#http_response_header = "unset:Server"
+# Example: Change "Content-Type" text/html to text/plain
+#http_response_header = "replace:Content-Type:html:plain"
+
[logger]
## SSLProxy log configuration.
# sslproxy logfile base name
-sslproxy_log_filename = "/var/log/l7vs/sslproxy/sslproxy.target_1.log"
+sslproxy_log_filename = "/var/log/l7vs/sslproxy/sslproxy.target.log"
# sslproxy log rotate pattern
sslproxy_rotation = "size"
conn_log_flag = "on"
# connection logfile base name
-conn_log_filename = "/var/log/l7vs/sslproxy/sslproxy.target_1.conn_log"
+conn_log_filename = "/var/log/l7vs/sslproxy/sslproxy.target.conn_log"
# connection log rotate pattern
#conn_rotation = "size"
conn_rotation_timing_value = "1 0:01"
# Log categories level
-sslproxy_logger = "warn"
-sslproxy_parameter = "warn"
-sslproxy_common = "warn"
-sslproxy_server = "warn"
-sslproxy_session = "warn"
-sslproxy_connection = "info"
+sslproxy_logger = "warn"
+sslproxy_parameter = "warn"
+sslproxy_common = "warn"
+sslproxy_server = "warn"
+sslproxy_session = "warn"
+sslproxy_connection = "info"
+packet_edit = "info"
+packet_edit_http = "info"