comparison mod_firewall/README.markdown @ 2108:573fe9825fba

mod_firewall: README: Document session marking
author Matthew Wild <mwild1@gmail.com>
date Thu, 17 Mar 2016 11:33:57 +0000
parents f2d5aa789646
children c26b28c65d47
comparison
equal deleted inserted replaced
2107:f445f43b9ba1 2108:573fe9825fba
261 ----------- -------------------------------------------------------------------------------------------------- 261 ----------- --------------------------------------------------------------------------------------------------
262 `LIMIT` When the named limit is 'used up'. Using this condition automatically counts against that limit. 262 `LIMIT` When the named limit is 'used up'. Using this condition automatically counts against that limit.
263 263
264 **Note:** Reloading mod\_firewall resets the current state of any 264 **Note:** Reloading mod\_firewall resets the current state of any
265 limiters. 265 limiters.
266
267 ### Session marking
268
269 It is possible to 'mark' sessions (see the MARK_ORIGIN action below). To match stanzas from marked sessions, use the
270 `ORIGIN_MARKED` condition.
271
272 Condition Description
273 ------------------------------- ---------------------------------------------------------------
274 ORIGIN_MARKED: markname Matches if the origin has been marked with 'markname'.
275 ORIGIN_MARKED: markname (Xs) Matches if the origin has been marked with 'markname' within the past X seconds.
276
277 Example usage:
278
279 # This rule drops messages from sessions that have been marked as spammers in the past hour
280 ORIGIN_MARKED: spammer (3600s)
281 DROP.
282
283 # This rule marks the origin session as a spammer if they send a message to a honeypot JID
284 KIND: message
285 TO: honeypot@example.com
286 MARK_ORIGIN=spammer
266 287
267 Actions 288 Actions
268 ------- 289 -------
269 290
270 Actions come after all conditions in a rule block. There must be at 291 Actions come after all conditions in a rule block. There must be at
307 ------------------------ ------------------------------------------------------------------------ 328 ------------------------ ------------------------------------------------------------------------
308 `STRIP=name` Remove any child elements with the given name in the default namespace 329 `STRIP=name` Remove any child elements with the given name in the default namespace
309 `STRIP=name namespace` Remove any child elements with the given name and the given namespace 330 `STRIP=name namespace` Remove any child elements with the given name and the given namespace
310 `INJECT=xml` Inject the given XML into the stanza as a child element 331 `INJECT=xml` Inject the given XML into the stanza as a child element
311 332
333 ### Sessions
334
335 It is possible to mark sessions, and then use these marks to match rules later on.
336
337 Action Description
338 ------------------------ --------------------------------------------------------------------------
339 `MARK_ORIGIN=mark` Marks the originating session with the given flag.
340 `UNMARK_ORIGIN=mark` Removes the given mark from the origin session (if it is set).
341
312 ### Informational 342 ### Informational
313 343
314 Action Description 344 Action Description
315 --------------- ------------------------------------------------------------------------------------------------------------------------ 345 --------------- ------------------------------------------------------------------------------------------------------------------------
316 `LOG=message` Logs the given message to Prosody's log file. Optionally prefix it with a log level in square brackets, e.g. `[debug]` 346 `LOG=message` Logs the given message to Prosody's log file. Optionally prefix it with a log level in square brackets, e.g. `[debug]`