update config for crawler-whitelist, cleanup a few things in the example

haproxy/haproxy.cfg

@@ -18,6 +18,14 @@ defaults
 	timeout client 50000ms
 	timeout server 50000ms
 	timeout tarpit 5000ms
+	http-error status 400 content-type "text/html; charset=utf-8" lf-file /etc/haproxy/errors/400.http
+	http-error status 403 content-type "text/html; charset=utf-8" lf-file /etc/haproxy/errors/403.http
+	http-error status 408 content-type "text/html; charset=utf-8" lf-file /etc/haproxy/errors/408.http
+	http-error status 429 content-type "text/html; charset=utf-8" lf-file /etc/haproxy/errors/429.http
+	http-error status 500 content-type "text/html; charset=utf-8" lf-file /etc/haproxy/errors/500.http
+	http-error status 502 content-type "text/html; charset=utf-8" lf-file /etc/haproxy/errors/502.http
+	http-error status 503 content-type "text/html; charset=utf-8" lf-file /etc/haproxy/errors/503.http
+	http-error status 504 content-type "text/html; charset=utf-8" lf-file /etc/haproxy/errors/504.http
 
 program api
 	command dataplaneapi -f /etc/haproxy/dataplaneapi.hcl --update-map-files
@@ -68,6 +76,7 @@ frontend http-in
 
 	# acl for lua check whitelisted IPs/subnets and some excluded paths
 	acl is_excluded src,map_ip(/etc/haproxy/map/whitelist.map) -m found
+	acl is_excluded src -m found -f /etc/haproxy/map/crawler-whitelist.map
 	acl is_excluded path /favicon.ico /.basedflare/pow-icon #add more
 
 	# acl ORs for when ddos_mode_enabled
@@ -83,7 +92,7 @@ frontend http-in
 
 	# acl for domains in maintenance mode to return maintenance page (after challenge page htp-request return rules, for the footerlogo)
 	acl maintenance_mode hdr(host),lower,map_str(/etc/haproxy/map/maintenance.map) -m found
-	http-request lua.set-lang-json if maintenance_mode
+	http-request lua.set-lang-json
 	http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "Cache-Control" "private, max-age=30" if maintenance_mode
 
 	# rewrite specific domain+path to domain or domain+path
@@ -119,23 +128,17 @@ frontend http-in
 	# optional alt-svc header (done after cache so not set in cached responses
 	http-response set-header Alt-Svc %[var(txn.xcn),map(/etc/haproxy/map/alt-svc.map)]
 
-	acl c0 res.hdr(Cache-Control,0) -m sub max-age=0
-	acl c0 res.hdr(Cache-Control,1) -m sub max-age=0
-	acl c0 res.hdr(Cache-Control,2) -m sub max-age=0
-	acl cf0 res.fhdr(Cache-Control,0) -m sub max-age=0
-	acl cf0 res.fhdr(Cache-Control,1) -m sub max-age=0
-	acl cf0 res.fhdr(Cache-Control,2) -m sub max-age=0
-	http-response set-header X-c0 true if c0
-	http-response set-header X-cf0 true if cf0
-	http-response set-header X-res-hdr0-Cache-Control %[res.hdr(Cache-Control,0)]
-	http-response set-header X-res-hdr1-Cache-Control %[res.hdr(Cache-Control,1)]
-	http-response set-header X-res-hdr2-Cache-Control %[res.hdr(Cache-Control,2)]
-	http-response set-header X-res-fhdr0-Cache-Control %[res.fhdr(Cache-Control,0)]
-	http-response set-header X-res-fhdr1-Cache-Control %[res.fhdr(Cache-Control,1)]
-	http-response set-header X-res-fhdr2-Cache-Control %[res.fhdr(Cache-Control,2)]
+	# header checks for no caching
+	# acl auth_cookie_set res.hdr(Set-Cookie),lower -m found
+	# acl cache_control_max_age_0 res.fhdr(Cache-Control,0) -m sub "max-age=0"
+	# acl cache_control_max_age_0 res.fhdr(Cache-Control,1) -m sub "max-age=0"
+	# acl cache_control_max_age_0 res.fhdr(Cache-Control,2) -m sub "max-age=0"
+
+	# basic caching
+	# http-response set-header Cache-Control no-cache if auth_cookie_set
+	# http-response cache-store basic_cache if !auth_cookie_set !cache_control_max_age_0
+	# http-request cache-use basic_cache
 	
-	http-request cache-use basic_cache
-	http-response cache-store basic_cache
 	default_backend servers
 
 cache basic_cache