# TestProxy test configuration for sslproxy v0.9.5 # Global options #User _sslproxy #Group _sslproxy #Chroot /var/run/sslproxy PidFile /var/run/sslproxy.pid #Daemon yes Debug yes DebugLevel 4 #OpenFilesLimit 1024 #LeafKey /etc/sslproxy/leaf.key #LeafKeyRSABits 2048 #LeafCertDir /etc/sslproxy/leaf.d #DefaultLeafCert /etc/sslproxy/leaf.pem #WriteGenCertsDir /var/log/sslproxy #WriteAllCertsDir /var/log/sslproxy #OpenSSLEngine cloudhsm #ConnectLog /var/log/sslproxy/connect.log #ContentLog /var/log/sslproxy/content.log #ContentLogDir /var/log/sslproxy/content #ContentLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.log #LogProcInfo yes #PcapLog /var/log/sslproxy/content.pcap #PcapLogDir /var/log/sslproxy/pcap #PcapLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.pcap #MirrorIf lo #MirrorTarget 192.0.2.1 #MasterKeyLog /var/log/sslproxy/masterkeys.log LogStats yes StatsPeriod 1 ConnIdleTimeout 120 ExpiredConnCheckPeriod 10 UserDBPath users.db # Default ProxySpec options (cloned to each proxyspec) CACert ca.crt CAKey ca.key #ClientCert /etc/sslproxy/client.crt #ClientKey /etc/sslproxy/client.key #CAChain /etc/sslproxy/chain.crt #LeafCRLURL http://example.com/example.crl #DenyOCSP yes #Passthrough yes #DHGroupParams /etc/sslproxy/dh.pem #ECDHCurve prime256v1 #SSLCompression no #ForceSSLProto tls12 #DisableSSLProto tls10 #EnableSSLProto tls10 #MinSSLProto tls10 #MaxSSLProto tls13 #Ciphers MEDIUM:HIGH #CipherSuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 #NATEngine netfilter #RemoveHTTPAcceptEncoding no #RemoveHTTPReferer yes VerifyPeer no #AllowWrongHost no #UserAuth no #UserTimeout 300 #UserAuthURL https://192.168.0.1/userdblogin.php #ValidateProto no #MaxHTTPHeaderSize 8192 #PassSite example.com #PassSite example.com 192.168.0.1 #PassSite example.com soner #PassSite *.google.com * android #Divert yes # Tests for tcp connection over ssl proxyspec ProxySpec https 127.0.0.1 8441 up:8080 127.0.0.1 9441 ProxySpec { Proto https Addr 127.0.0.1 Port 8442 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9442 ValidateProto yes } # Tests for ssl connection on tcp proxyspec ProxySpec { Proto http Addr 127.0.0.1 Port 8183 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9183 ValidateProto yes } # Tests for HTTP GET method validation ProxySpec { Proto http Addr 127.0.0.1 Port 8184 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9184 ValidateProto yes } ProxySpec { Proto https Addr 127.0.0.1 Port 8444 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9444 ValidateProto yes } # Tests for HTTP POST method validation ProxySpec { Proto http Addr 127.0.0.1 Port 8185 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9185 ValidateProto yes } ProxySpec { Proto https Addr 127.0.0.1 Port 8445 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9445 ValidateProto yes } # Tests for SSL configuration ProxySpec https 127.0.0.1 8443 up:8080 127.0.0.1 9443 # Tests for SSL configuration: tls10 only ProxySpec { Proto https Addr 127.0.0.1 Port 8449 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9449 ForceSSLProto tls10 } # Tests for SSL configuration: tls11 only ProxySpec { Proto https Addr 127.0.0.1 Port 8450 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9450 ForceSSLProto tls11 } # Tests for SSL configuration: tls12 only ProxySpec { Proto https Addr 127.0.0.1 Port 8451 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9451 ForceSSLProto tls12 } # Tests for SSL configuration: Rejects unsupported SSL/TLS proto ProxySpec { Proto https Addr 127.0.0.1 Port 8452 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9452 ForceSSLProto tls10 } ProxySpec { Proto https Addr 127.0.0.1 Port 8453 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9453 ForceSSLProto tls12 } # Tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer ProxySpec http 127.0.0.1 8180 up:8080 127.0.0.1 9180 ProxySpec https 127.0.0.1 8446 up:8080 127.0.0.1 9446 # Tests for HTTP response headers: Public-Key-Pins, Public-Key-Pins-Report-Only, Strict-Transport-Security, Expect-CT, Alternate-Protocol, Upgrade, OCSP request ProxySpec http 127.0.0.1 8181 up:8080 127.0.0.1 9181 ProxySpec https 127.0.0.1 8447 up:8080 127.0.0.1 9447 # Tests for HTTP response headers: Deny OCSP request, remove Accept-Encoding, and do not remove Referer ProxySpec { Proto http Addr 127.0.0.1 Port 8186 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9186 DenyOCSP yes RemoveHTTPAcceptEncoding yes RemoveHTTPReferer no } ProxySpec { Proto https Addr 127.0.0.1 Port 8448 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9448 DenyOCSP yes RemoveHTTPAcceptEncoding yes RemoveHTTPReferer no } # Tests for Passthrough ProxySpec { Proto https Addr 127.0.0.1 Port 8454 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9454 Passthrough yes VerifyPeer yes } # Tests for VerifyPeer ProxySpec https 127.0.0.1 8455 up:8080 127.0.0.1 9455 ProxySpec { Proto https Addr 127.0.0.1 Port 8456 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9456 VerifyPeer yes } # Tests for CACert/CAKey ProxySpec https 127.0.0.1 8457 up:8080 127.0.0.1 9457 ProxySpec { Proto https Addr 127.0.0.1 Port 8458 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9458 CACert ca2.crt CAKey ca2.key } # Tests for UserAuth ProxySpec { Proto http Addr 127.0.0.1 Port 8187 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9187 UserAuth yes } ProxySpec { Proto https Addr 127.0.0.1 Port 8459 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9459 UserAuth yes } # Tests for POP3 ProxySpec { Proto pop3 Addr 127.0.0.1 Port 8188 DivertPort 8110 TargetAddr 127.0.0.1 TargetPort 9188 ValidateProto yes } ProxySpec { Proto pop3s Addr 127.0.0.1 Port 8460 DivertPort 8110 TargetAddr 127.0.0.1 TargetPort 9460 ValidateProto yes } # Tests for SMTP ProxySpec { Proto smtp Addr 127.0.0.1 Port 8189 DivertPort 9199 TargetAddr 127.0.0.1 TargetPort 9189 ValidateProto yes } ProxySpec { Proto smtps Addr 127.0.0.1 Port 8461 DivertPort 9199 TargetAddr 127.0.0.1 TargetPort 9461 ValidateProto yes } # SSLsplit mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer ProxySpec http 127.0.0.1 8190 127.0.0.1 9190 ProxySpec https 127.0.0.1 8463 127.0.0.1 9463 # Tests for Divert filtering rules ProxySpec { Proto http Addr 127.0.0.1 Port 8191 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9191 Divert no Match from ip 127.0.0.1 to ip 127.0.0.1 Divert from ip 127.0.0.1 to ip 127.0.0.1 Match from ip 127.0.0.1 to ip 127.0.0.1 } ProxySpec { Proto https Addr 127.0.0.1 Port 8192 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9192 Divert no Match from ip 127.0.0.1 to ip 127.0.0.1 Divert from ip 127.0.0.1 to ip 127.0.0.1 Match from ip 127.0.0.1 to ip 127.0.0.1 } # Tests for Split filtering rules ProxySpec { Proto http Addr 127.0.0.1 Port 8193 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9193 Divert yes Match from ip 127.0.0.1 to ip 127.0.0.1 Split from ip 127.0.0.1 to ip 127.0.0.1 Match from ip 127.0.0.1 to ip 127.0.0.1 } ProxySpec { Proto https Addr 127.0.0.1 Port 8194 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9194 Divert yes Match from ip 127.0.0.1 to ip 127.0.0.1 Split from ip 127.0.0.1 to ip 127.0.0.1 Match from ip 127.0.0.1 to ip 127.0.0.1 } # Tests for Pass filtering rules ProxySpec { Proto http Addr 127.0.0.1 Port 8195 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9195 Divert yes Match from ip 127.0.0.1 to ip 127.0.0.1 Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect Match from ip 127.0.0.1 to ip 127.0.0.1 } ProxySpec { Proto https Addr 127.0.0.1 Port 8196 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9196 Divert yes Match from ip 127.0.0.1 to ip 127.0.0.1 Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect Match from ip 127.0.0.1 to ip 127.0.0.1 } # Tests for Block filtering rules ProxySpec { Proto http Addr 127.0.0.1 Port 8197 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9197 Divert yes Match from ip 127.0.0.1 to ip 127.0.0.1 Block from ip 127.0.0.1 to ip 127.0.0.1 Match from ip 127.0.0.1 to ip 127.0.0.1 } ProxySpec { Proto https Addr 127.0.0.1 Port 8198 DivertPort 8080 TargetAddr 127.0.0.1 TargetPort 9198 Divert yes Match from ip 127.0.0.1 to ip 127.0.0.1 Block from ip 127.0.0.1 to ip 127.0.0.1 Match from ip 127.0.0.1 to ip 127.0.0.1 }