{
    // where the html files are located
    "html_dir": "./html",

    // where the proxy should store its private signing key (directory)
    "data_dir": "./data",

    // what port the proxy should listen on
    "port": 3001,

    // what address should the proxy pass after successful verification. DO NOT add a / at the end or http(s)://.
    // this address should be local (127.0.0.1). Other configurations are not supported.
    "forward_address": "127.0.0.1:3000",

    // if you want to separate domains, you can set up proxy rules for Host -> dest
    // if none match, forward_address will be used.
    "proxy_rules": [
        {
            // If there is a port specified, it will have to match.
            // If there is no port specified, it's any port.
            "host": "myepic.domain.com:80",
            "destination": "127.0.0.1:8080"
        },
        {
            // Anything to myepic.domain.com that isn't myepic.domain.com:80 goes to 127.0.0.1:8081
            "host": "myepic.domain.com",
            "destination": "127.0.0.1:8081"
        }
    ],

    // max request size of 10MB
    "max_request_size": 10000000,

    // Timeout of 2 minutes for the proxy requests
    "proxy_timeout_sec": 120,

    // enables (a lot) more logging
    "trace_logging": false,

    // the default difficulty for the challenge. 4 takes less than a second on a powerful desktop, and up to 15s on a low-powered phone.
    // 5 is 16x slower.
    // NOT recommended to set to anything below 4 or above 5.
    "default_challenge_difficulty": 4,

    // specific rules. They are checked top to bottom, and the first one to match will determine the request's fate
    "rules": [
        {
            "action": "ALLOW",
            "ip_ranges": [
                "127.0.0.1/24",
                "::1/128"
            ]
        }, {
            "action": "DENY",
            "user_agent": ".*(bot).*"
        }, {
            "action": "DENY",
            "resource": "(/secret/).*"
        }, {
            "action": "CHALLENGE",
            "difficulty": 5, // quite damn hard!
            "resource": "(/hard/).*"
        }
    ],

    // If enabled, all requests to the proxy will create their own thread.
    // this can increase the throughput of the proxy, especially when there are a lot of requests made
    // all at once.
    "async_proxy": true,

    // If enabled, specific requests that look like git HTTP(s) clones will be let through.
    "git_host": false,

    // If enabled, fingerprinting is ignored and any IP will be able to use
    // the cached token as long as it is still valid.
    "ignore_fingerprinting": false,

    // Traffic logging to a .csv file
    "logging": {
        "log_traffic": false,

        // This is a sample schema with all supported fields
        // Please keep in mind your local legal regulations, as IPs under GDPR are considered personal data.
        "traffic_log_schema": "epoch,ip,domain,resource,useragent,action",

        // Where to save the logfile. Each run will continue appending to this file. It may grow HUGE! No automatic pruning / compression is done.
        "traffic_log_file": "./traffic.csv"
    },

    // how long the token (solved challenge) should be valid for before showing a new challenge, in seconds
    "token_valid_for": 3600 // 1 hour
}