Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '78ba1e075c'
${ noResults }
SSLproxy/extra/testproxy/sslproxy.conf

249 lines
5.0 KiB
Plaintext
Raw Blame History

# TestProxy test configuration for sslproxy v0.6.0
# Global options
#User _sslproxy
#Group _sslproxy
#Chroot /var/run/sslproxy
PidFile /var/run/sslproxy.pid
#Daemon yes
Debug yes
DebugLevel 4
#OpenFilesLimit 1024
#LeafCerts /etc/sslproxy/leaf.key
#LeafKeyRSABits 1024
#OpenSSLEngine cloudhsm
#TargetCertDir /etc/sslproxy/target
#WriteGenCertsDir /var/log/sslproxy
#WriteAllCertsDir /var/log/sslproxy
#ConnectLog /var/log/sslproxy/connect.log
#ContentLog /var/log/sslproxy/content.log
#ContentLogDir /var/log/sslproxy/content
#ContentLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.log
#LogProcInfo yes
#PcapLog /var/log/sslproxy/content.pcap
#PcapLogDir /var/log/sslproxy/pcap
#PcapLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.pcap
#MirrorIf lo
#MirrorTarget 192.0.2.1
#MasterKeyLog /var/log/sslproxy/masterkeys.log
LogStats yes
StatsPeriod 1
ConnIdleTimeout 120
ExpiredConnCheckPeriod 10
SSLShutdownRetryDelay 100
#UserDBPath /var/db/users.db
# Default ProxySpec options (cloned to each proxyspec)
CACert ca.crt
CAKey ca.key
#ClientCert /etc/sslproxy/client.crt
#ClientKey /etc/sslproxy/client.key
#CAChain /etc/sslproxy/chain.crt
#CRL http://example.com/example.crl
#DenyOCSP yes
#Passthrough yes
#DHGroupParams /etc/sslproxy/dh.pem
#ECDHCurve prime256v1
#SSLCompression no
#ForceSSLProto tls12
#DisableSSLProto tls10
#Ciphers MEDIUM:HIGH
#NATEngine netfilter
#RemoveHTTPAcceptEncoding no
#RemoveHTTPReferer yes
VerifyPeer no
#AllowWrongHost no
#UserAuth no
#UserTimeout 300
#UserAuthURL https://192.168.0.1/userdblogin.php
#ValidateProto no
#MaxHTTPHeaderSize 8192
#PassSite example.com
#PassSite example.com 192.168.0.1
#PassSite example.com soner
#PassSite *.google.com * android
# Tests for tcp connection over ssl proxyspec
ProxySpec https 127.0.0.1 8441 up:8080 127.0.0.1 9441
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8442
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9442
ValidateProto yes
}
# Tests for ssl connection on tcp proxyspec
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8183
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9183
ValidateProto yes
}
# Tests for HTTP GET method validation
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8184
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9184
ValidateProto yes
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8444
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9444
ValidateProto yes
}
# Tests for HTTP POST method validation
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8185
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9185
ValidateProto yes
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8445
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9445
ValidateProto yes
}
# Tests for SSL configuration
ProxySpec https 127.0.0.1 8443 up:8080 127.0.0.1 9443
# Tests for SSL configuration: tls10 only
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8449
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9449
ForceSSLProto tls10
}
# Tests for SSL configuration: tls11 only
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8450
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9450
ForceSSLProto tls11
}
# Tests for SSL configuration: tls12 only
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8451
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9451
ForceSSLProto tls12
}
# Tests for SSL configuration: Rejects unsupported SSL/TLS proto
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8452
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9452
ForceSSLProto tls10
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8453
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9453
ForceSSLProto tls12
}
# Tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer
ProxySpec http 127.0.0.1 8180 up:8080 127.0.0.1 9180
ProxySpec https 127.0.0.1 8446 up:8080 127.0.0.1 9446
# Tests for HTTP response headers: Public-Key-Pins, Public-Key-Pins-Report-Only, Strict-Transport-Security, Expect-CT, Alternate-Protocol, Upgrade, OCSP request
ProxySpec http 127.0.0.1 8181 up:8080 127.0.0.1 9181
ProxySpec https 127.0.0.1 8447 up:8080 127.0.0.1 9447
# Tests for HTTP response headers: Deny OCSP request, remove Accept-Encoding, and do not remove Referer
ProxySpec {
Proto http
Addr 127.0.0.1
Port 8186
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9186
DenyOCSP yes
RemoveHTTPAcceptEncoding yes
RemoveHTTPReferer no
}
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8448
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9448
DenyOCSP yes
RemoveHTTPAcceptEncoding yes
RemoveHTTPReferer no
}
# Tests for Passthrough
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8454
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9454
Passthrough yes
VerifyPeer yes
}
# Tests for VerifyPeer
ProxySpec https 127.0.0.1 8455 up:8080 127.0.0.1 9455
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8456
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9456
VerifyPeer yes
}
# Tests for CACert/CAKey
ProxySpec https 127.0.0.1 8457 up:8080 127.0.0.1 9457
ProxySpec {
Proto https
Addr 127.0.0.1
Port 8458
DivertPort 8080
TargetAddr 127.0.0.1
TargetPort 9458
CACert ca2.crt
CAKey ca2.key
}
Reference in New Issue View Git Blame Copy Permalink