88 lines
3.1 KiB
JSON
88 lines
3.1 KiB
JSON
{
|
|
// where the html files are located
|
|
"html_dir": "./html",
|
|
|
|
// where the proxy should store its private signing key (directory)
|
|
"data_dir": "./data",
|
|
|
|
// what port the proxy should listen on
|
|
"port": 3001,
|
|
|
|
// what address should the proxy pass after successful verification. DO NOT add a / at the end or http(s)://.
|
|
// this address should be local (127.0.0.1). Other configurations are not supported.
|
|
"forward_address": "127.0.0.1:3000",
|
|
|
|
// if you want to separate domains, you can set up proxy rules for Host -> dest
|
|
// if none match, forward_address will be used.
|
|
"proxy_rules": [
|
|
{
|
|
// If there is a port specified, it will have to match.
|
|
// If there is no port specified, it's any port.
|
|
"host": "myepic.domain.com:80",
|
|
"destination": "127.0.0.1:8080"
|
|
},
|
|
{
|
|
// Anything to myepic.domain.com that isn't myepic.domain.com:80 goes to 127.0.0.1:8081
|
|
"host": "myepic.domain.com",
|
|
"destination": "127.0.0.1:8081"
|
|
}
|
|
],
|
|
|
|
// max request size of 10MB
|
|
"max_request_size": 10000000,
|
|
|
|
// Timeout of 2 minutes for the proxy requests
|
|
"proxy_timeout_sec": 120,
|
|
|
|
// enables (a lot) more logging
|
|
"trace_logging": false,
|
|
|
|
// the default difficulty for the challenge. 4 takes less than a second on a powerful desktop, and up to 15s on a low-powered phone.
|
|
// 5 is 16x slower.
|
|
// NOT recommended to set to anything below 4 or above 5.
|
|
"default_challenge_difficulty": 4,
|
|
|
|
// specific rules. They are checked top to bottom, and the first one to match will determine the request's fate
|
|
"rules": [
|
|
{
|
|
"action": "ALLOW",
|
|
"ip_ranges": [
|
|
"127.0.0.1/24",
|
|
"::1/128"
|
|
]
|
|
}, {
|
|
"action": "DENY",
|
|
"user_agent": ".*(bot).*"
|
|
}, {
|
|
"action": "DENY",
|
|
"resource": "(/secret/).*"
|
|
}, {
|
|
"action": "CHALLENGE",
|
|
"difficulty": 5, // quite damn hard!
|
|
"resource": "(/hard/).*"
|
|
}
|
|
],
|
|
|
|
// If enabled, all requests to the proxy will create their own thread.
|
|
// this can increase the throughput of the proxy, especially when there are a lot of requests made
|
|
// all at once.
|
|
"async_proxy": true,
|
|
|
|
// If enabled, specific requests that look like git HTTP(s) clones will be let through.
|
|
"git_host": false,
|
|
|
|
// Traffic logging to a .csv file
|
|
"logging": {
|
|
"log_traffic": false,
|
|
|
|
// This is a sample schema with all supported fields
|
|
// Please keep in mind your local legal regulations, as IPs under GDPR are considered personal data.
|
|
"traffic_log_schema": "epoch,ip,domain,resource,useragent,action",
|
|
|
|
// Where to save the logfile. Each run will continue appending to this file. It may grow HUGE! No automatic pruning / compression is done.
|
|
"traffic_log_file": "./traffic.csv"
|
|
},
|
|
|
|
// how long the token (solved challenge) should be valid for before showing a new challenge, in seconds
|
|
"token_valid_for": 3600 // 1 hour
|
|
} |