SSLproxy/extra/testproxy/sslproxy.conf

# TestProxy test configuration for sslproxy v0.6.0

# Global options
#User _sslproxy
#Group _sslproxy
#Chroot /var/run/sslproxy
PidFile /var/run/sslproxy.pid
#Daemon yes
Debug yes
DebugLevel 4
#OpenFilesLimit 1024
#LeafCerts /etc/sslproxy/leaf.key
#LeafKeyRSABits 1024
#OpenSSLEngine cloudhsm
#TargetCertDir /etc/sslproxy/target
#WriteGenCertsDir /var/log/sslproxy
#WriteAllCertsDir /var/log/sslproxy
#ConnectLog /var/log/sslproxy/connect.log
#ContentLog /var/log/sslproxy/content.log
#ContentLogDir /var/log/sslproxy/content
#ContentLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.log
#LogProcInfo yes
#PcapLog /var/log/sslproxy/content.pcap
#PcapLogDir /var/log/sslproxy/pcap
#PcapLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.pcap
#MirrorIf lo
#MirrorTarget 192.0.2.1
#MasterKeyLog /var/log/sslproxy/masterkeys.log
LogStats yes
StatsPeriod 1
ConnIdleTimeout 120
ExpiredConnCheckPeriod 10
SSLShutdownRetryDelay 100
#UserDBPath /var/db/users.db

# Default ProxySpec options (cloned to each proxyspec)
CACert ca.crt
CAKey ca.key
#ClientCert /etc/sslproxy/client.crt
#ClientKey /etc/sslproxy/client.key
#CAChain /etc/sslproxy/chain.crt
#CRL http://example.com/example.crl
#DenyOCSP yes
#Passthrough yes
#DHGroupParams /etc/sslproxy/dh.pem
#ECDHCurve prime256v1
#SSLCompression no
#ForceSSLProto tls12
#DisableSSLProto tls10
#Ciphers MEDIUM:HIGH
#NATEngine netfilter
#RemoveHTTPAcceptEncoding no
#RemoveHTTPReferer yes
VerifyPeer no
#AllowWrongHost no
#UserAuth no
#UserTimeout 300
#UserAuthURL https://192.168.0.1/userdblogin.php
#ValidateProto no
#MaxHTTPHeaderSize 8192
#PassSite example.com
#PassSite example.com 192.168.0.1
#PassSite example.com soner
#PassSite *.google.com * android

# Tests for tcp connection over ssl proxyspec
ProxySpec https 127.0.0.1 8441 up:8080 127.0.0.1 9441
ProxySpec {
	Proto https
	Addr 127.0.0.1
	Port 8442
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9442
	ValidateProto yes
}

# Tests for ssl connection on tcp proxyspec
ProxySpec {
	Proto http
	Addr 127.0.0.1
	Port 8183
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9183
	ValidateProto yes
}

# Tests for HTTP GET method validation
ProxySpec {
	Proto http
	Addr 127.0.0.1
	Port 8184
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9184
	ValidateProto yes
}
ProxySpec {
	Proto https
	Addr 127.0.0.1
	Port 8444
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9444
	ValidateProto yes
}

# Tests for HTTP POST method validation
ProxySpec {
	Proto http
	Addr 127.0.0.1
	Port 8185
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9185
	ValidateProto yes
}
ProxySpec {
	Proto https
	Addr 127.0.0.1
	Port 8445
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9445
	ValidateProto yes
}

# Tests for SSL configuration
ProxySpec https 127.0.0.1 8443 up:8080 127.0.0.1 9443
# Tests for SSL configuration: tls10 only
ProxySpec {
	Proto https
	Addr 127.0.0.1
	Port 8449
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9449
	ForceSSLProto tls10
}
# Tests for SSL configuration: tls11 only
ProxySpec {
	Proto https
	Addr 127.0.0.1
	Port 8450
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9450
	ForceSSLProto tls11
}
# Tests for SSL configuration: tls12 only
ProxySpec {
	Proto https
	Addr 127.0.0.1
	Port 8451
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9451
	ForceSSLProto tls12
}
# Tests for SSL configuration: Rejects unsupported SSL/TLS proto
ProxySpec {
	Proto https
	Addr 127.0.0.1
	Port 8452
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9452
	ForceSSLProto tls10
}
ProxySpec {
	Proto https
	Addr 127.0.0.1
	Port 8453
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9453
	ForceSSLProto tls12
}

# Tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer
ProxySpec http 127.0.0.1 8180 up:8080 127.0.0.1 9180
ProxySpec https 127.0.0.1 8446 up:8080 127.0.0.1 9446

# Tests for HTTP response headers: Public-Key-Pins, Public-Key-Pins-Report-Only, Strict-Transport-Security, Expect-CT, Alternate-Protocol, Upgrade, OCSP request
ProxySpec http 127.0.0.1 8181 up:8080 127.0.0.1 9181
ProxySpec https 127.0.0.1 8447 up:8080 127.0.0.1 9447

# Tests for HTTP response headers: Deny OCSP request, remove Accept-Encoding, and do not remove Referer
ProxySpec {
	Proto http
	Addr 127.0.0.1
	Port 8186
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9186
	DenyOCSP yes
	RemoveHTTPAcceptEncoding yes
	RemoveHTTPReferer no
}
ProxySpec {
	Proto https
	Addr 127.0.0.1
	Port 8448
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9448
	DenyOCSP yes
	RemoveHTTPAcceptEncoding yes
	RemoveHTTPReferer no
}

# Tests for Passthrough
ProxySpec {
	Proto https
	Addr 127.0.0.1
	Port 8454
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9454
	Passthrough yes
	VerifyPeer yes
}

# Tests for VerifyPeer
ProxySpec https 127.0.0.1 8455 up:8080 127.0.0.1 9455
ProxySpec {
	Proto https
	Addr 127.0.0.1
	Port 8456
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9456
	VerifyPeer yes
}

# Tests for CACert/CAKey
ProxySpec https 127.0.0.1 8457 up:8080 127.0.0.1 9457
ProxySpec {
	Proto https
	Addr 127.0.0.1
	Port 8458
	DivertPort 8080
	TargetAddr 127.0.0.1
	TargetPort 9458
	CACert ca2.crt
	CAKey ca2.key
}
Add lp listening program and testproxy tests under extra 2019-07-18 08:48:15 +00:00			`# TestProxy test configuration for sslproxy v0.6.0`

			`# Global options`
			`#User _sslproxy`
			`#Group _sslproxy`
			`#Chroot /var/run/sslproxy`
			`PidFile /var/run/sslproxy.pid`
			`#Daemon yes`
			`Debug yes`
			`DebugLevel 4`
			`#OpenFilesLimit 1024`
			`#LeafCerts /etc/sslproxy/leaf.key`
			`#LeafKeyRSABits 1024`
			`#OpenSSLEngine cloudhsm`
			`#TargetCertDir /etc/sslproxy/target`
			`#WriteGenCertsDir /var/log/sslproxy`
			`#WriteAllCertsDir /var/log/sslproxy`
			`#ConnectLog /var/log/sslproxy/connect.log`
			`#ContentLog /var/log/sslproxy/content.log`
			`#ContentLogDir /var/log/sslproxy/content`
			`#ContentLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.log`
			`#LogProcInfo yes`
			`#PcapLog /var/log/sslproxy/content.pcap`
			`#PcapLogDir /var/log/sslproxy/pcap`
			`#PcapLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.pcap`
			`#MirrorIf lo`
			`#MirrorTarget 192.0.2.1`
			`#MasterKeyLog /var/log/sslproxy/masterkeys.log`
			`LogStats yes`
			`StatsPeriod 1`
			`ConnIdleTimeout 120`
			`ExpiredConnCheckPeriod 10`
			`SSLShutdownRetryDelay 100`
			`#UserDBPath /var/db/users.db`

			`# Default ProxySpec options (cloned to each proxyspec)`
			`CACert ca.crt`
			`CAKey ca.key`
			`#ClientCert /etc/sslproxy/client.crt`
			`#ClientKey /etc/sslproxy/client.key`
			`#CAChain /etc/sslproxy/chain.crt`
			`#CRL http://example.com/example.crl`
			`#DenyOCSP yes`
			`#Passthrough yes`
			`#DHGroupParams /etc/sslproxy/dh.pem`
			`#ECDHCurve prime256v1`
			`#SSLCompression no`
			`#ForceSSLProto tls12`
			`#DisableSSLProto tls10`
			`#Ciphers MEDIUM:HIGH`
			`#NATEngine netfilter`
			`#RemoveHTTPAcceptEncoding no`
			`#RemoveHTTPReferer yes`
			`VerifyPeer no`
			`#AllowWrongHost no`
			`#UserAuth no`
			`#UserTimeout 300`
			`#UserAuthURL https://192.168.0.1/userdblogin.php`
			`#ValidateProto no`
			`#MaxHTTPHeaderSize 8192`
			`#PassSite example.com`
			`#PassSite example.com 192.168.0.1`
			`#PassSite example.com soner`
			`#PassSite .google.com android`

			`# Tests for tcp connection over ssl proxyspec`
			`ProxySpec https 127.0.0.1 8441 up:8080 127.0.0.1 9441`
			`ProxySpec {`
			`Proto https`
			`Addr 127.0.0.1`
			`Port 8442`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9442`
			`ValidateProto yes`
			`}`

			`# Tests for ssl connection on tcp proxyspec`
			`ProxySpec {`
			`Proto http`
			`Addr 127.0.0.1`
			`Port 8183`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9183`
			`ValidateProto yes`
			`}`

			`# Tests for HTTP GET method validation`
			`ProxySpec {`
			`Proto http`
			`Addr 127.0.0.1`
			`Port 8184`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9184`
			`ValidateProto yes`
			`}`
			`ProxySpec {`
			`Proto https`
			`Addr 127.0.0.1`
			`Port 8444`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9444`
			`ValidateProto yes`
			`}`

			`# Tests for HTTP POST method validation`
			`ProxySpec {`
			`Proto http`
			`Addr 127.0.0.1`
			`Port 8185`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9185`
			`ValidateProto yes`
			`}`
			`ProxySpec {`
			`Proto https`
			`Addr 127.0.0.1`
			`Port 8445`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9445`
			`ValidateProto yes`
			`}`

			`# Tests for SSL configuration`
			`ProxySpec https 127.0.0.1 8443 up:8080 127.0.0.1 9443`
			`# Tests for SSL configuration: tls10 only`
			`ProxySpec {`
			`Proto https`
			`Addr 127.0.0.1`
			`Port 8449`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9449`
			`ForceSSLProto tls10`
			`}`
			`# Tests for SSL configuration: tls11 only`
			`ProxySpec {`
			`Proto https`
			`Addr 127.0.0.1`
			`Port 8450`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9450`
			`ForceSSLProto tls11`
			`}`
			`# Tests for SSL configuration: tls12 only`
			`ProxySpec {`
			`Proto https`
			`Addr 127.0.0.1`
			`Port 8451`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9451`
			`ForceSSLProto tls12`
			`}`
			`# Tests for SSL configuration: Rejects unsupported SSL/TLS proto`
			`ProxySpec {`
			`Proto https`
			`Addr 127.0.0.1`
			`Port 8452`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9452`
			`ForceSSLProto tls10`
			`}`
			`ProxySpec {`
			`Proto https`
			`Addr 127.0.0.1`
			`Port 8453`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9453`
			`ForceSSLProto tls12`
			`}`

			`# Tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer`
			`ProxySpec http 127.0.0.1 8180 up:8080 127.0.0.1 9180`
			`ProxySpec https 127.0.0.1 8446 up:8080 127.0.0.1 9446`

			`# Tests for HTTP response headers: Public-Key-Pins, Public-Key-Pins-Report-Only, Strict-Transport-Security, Expect-CT, Alternate-Protocol, Upgrade, OCSP request`
			`ProxySpec http 127.0.0.1 8181 up:8080 127.0.0.1 9181`
			`ProxySpec https 127.0.0.1 8447 up:8080 127.0.0.1 9447`

			`# Tests for HTTP response headers: Deny OCSP request, remove Accept-Encoding, and do not remove Referer`
			`ProxySpec {`
			`Proto http`
			`Addr 127.0.0.1`
			`Port 8186`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9186`
			`DenyOCSP yes`
			`RemoveHTTPAcceptEncoding yes`
			`RemoveHTTPReferer no`
			`}`
			`ProxySpec {`
			`Proto https`
			`Addr 127.0.0.1`
			`Port 8448`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9448`
			`DenyOCSP yes`
			`RemoveHTTPAcceptEncoding yes`
			`RemoveHTTPReferer no`
			`}`

			`# Tests for Passthrough`
			`ProxySpec {`
			`Proto https`
			`Addr 127.0.0.1`
			`Port 8454`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9454`
			`Passthrough yes`
			`VerifyPeer yes`
			`}`

			`# Tests for VerifyPeer`
			`ProxySpec https 127.0.0.1 8455 up:8080 127.0.0.1 9455`
			`ProxySpec {`
			`Proto https`
			`Addr 127.0.0.1`
			`Port 8456`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9456`
			`VerifyPeer yes`
			`}`

			`# Tests for CACert/CAKey`
			`ProxySpec https 127.0.0.1 8457 up:8080 127.0.0.1 9457`
			`ProxySpec {`
			`Proto https`
			`Addr 127.0.0.1`
			`Port 8458`
			`DivertPort 8080`
			`TargetAddr 127.0.0.1`
			`TargetPort 9458`
			`CACert ca2.crt`
			`CAKey ca2.key`
			`}`