gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f8016cb12e
secubox-openwrt/package/secubox/secubox-app-mitmproxy/files/etc/config/mitmproxy
CyberMind-FR 92f73fc3d2 feat(mitmproxy): Add HAProxy backend inspection and token auth 
- Add HAProxy → mitmproxy → Backend inspection chain for filtering
  all vhost traffic through mitmproxy with threat detection
- Add haproxy_router.py addon for Host-based request routing
- Add mitmproxyctl commands: sync-routes, haproxy-enable, haproxy-disable
- Add auth token to status response for Web UI auto-authentication
- Add HAProxy Backend Inspection section to LuCI status page with
  enable/disable/sync controls
- Add HAProxy Router settings section to LuCI settings page
- LXC container now supports dual-port mode (8888 + 8889 for HAProxy)
- Token displayed with copy button in dashboard

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-31 15:49:05 +01:00

79 lines
2.3 KiB
Plaintext
Raw Blame History

config mitmproxy 'main'
option enabled '0'
option runtime 'lxc'
option proxy_port '8888'
option web_port '8081'
option web_host '0.0.0.0'
option data_path '/srv/mitmproxy'
option memory_limit '256M'
option mode 'regular'
# mode: regular, transparent, upstream, reverse
# option upstream_proxy 'http://proxy:8080'
# option reverse_target 'http://localhost:80'
option ssl_insecure '0'
option anticache '0'
option anticomp '0'
option flow_detail '1'
# Transparent mode settings
config transparent 'transparent'
option enabled '0'
# Interface to intercept traffic from (e.g., br-lan)
option interface 'br-lan'
# Redirect HTTP traffic (port 80)
option redirect_http '1'
# Redirect HTTPS traffic (port 443)
option redirect_https '1'
# Custom HTTP port (default 80)
option http_port '80'
# Custom HTTPS port (default 443)
option https_port '443'
# Whitelist/bypass - IPs and domains that bypass the proxy
config whitelist 'whitelist'
option enabled '1'
# Bypass local networks by default
list bypass_ip '10.0.0.0/8'
list bypass_ip '172.16.0.0/12'
list bypass_ip '192.168.0.0/16'
list bypass_ip '127.0.0.0/8'
# Bypass sensitive domains (banking, medical, etc.)
list bypass_domain 'banking'
list bypass_domain 'paypal.com'
list bypass_domain 'stripe.com'
# Add custom bypasses here
# list bypass_ip 'x.x.x.x'
# list bypass_domain 'example.com'
# HAProxy backend inspection mode
config haproxy_router 'haproxy_router'
option enabled '0'
# Port HAProxy sends traffic to
option listen_port '8889'
# Enable threat detection on HAProxy traffic
option threat_detection '1'
# Routes file (auto-generated from HAProxy UCI)
option routes_file '/srv/mitmproxy/haproxy-routes.json'
# CDN/MediaFlow filtering addon
config filtering 'filtering'
option enabled '0'
# Log all requests to JSON file
option log_requests '1'
# Filter CDN traffic (e.g., cloudflare, akamai, fastly)
option filter_cdn '0'
# Filter streaming media
option filter_media '0'
# Block ads and trackers
option block_ads '0'
# Custom filter script path
option addon_script '/data/addons/secubox_analytics.py'
# Capture settings
config capture 'capture'
option save_flows '0'
option capture_request_headers '1'
option capture_response_headers '1'
option capture_request_body '0'
option capture_response_body '0'
Reference in New Issue View Git Blame Copy Permalink