Created
June 22, 2020 19:13
-
-
Save meineerde/67594afbaee3ed13234f485f5263f710 to your computer and use it in GitHub Desktop.
HAPROXY: Delay but fullfil a request if it was made with an outdated (but supported) cipher
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend http | |
| mode http | |
| bind :443 ssl crt /etc/haproxy/ssl | |
| acl outdated_cipher ssl_fc_cipher -i -m sub rc4 | |
| # define a maximum waiting period | |
| tcp-request inspect-delay 10s | |
| # accept the connection immediately if the client doesn't use an outdated cipher | |
| tcp-request content accept unless outdated_cipher | |
| # accept all other requests only once the inspect-delay has passed | |
| tcp-request content accept if WAIT_END | |
| use-backend my-servers | |
| backend my-servers | |
| server 127.0.09.1:8000 | |
| server 127.0.09.1:8001 | |
| # ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment