Mercurial > prosody-modules
comparison mod_firewall/README.markdown @ 2108:573fe9825fba
mod_firewall: README: Document session marking
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Thu, 17 Mar 2016 11:33:57 +0000 |
parents | f2d5aa789646 |
children | c26b28c65d47 |
comparison
equal
deleted
inserted
replaced
2107:f445f43b9ba1 | 2108:573fe9825fba |
---|---|
261 ----------- -------------------------------------------------------------------------------------------------- | 261 ----------- -------------------------------------------------------------------------------------------------- |
262 `LIMIT` When the named limit is 'used up'. Using this condition automatically counts against that limit. | 262 `LIMIT` When the named limit is 'used up'. Using this condition automatically counts against that limit. |
263 | 263 |
264 **Note:** Reloading mod\_firewall resets the current state of any | 264 **Note:** Reloading mod\_firewall resets the current state of any |
265 limiters. | 265 limiters. |
266 | |
267 ### Session marking | |
268 | |
269 It is possible to 'mark' sessions (see the MARK_ORIGIN action below). To match stanzas from marked sessions, use the | |
270 `ORIGIN_MARKED` condition. | |
271 | |
272 Condition Description | |
273 ------------------------------- --------------------------------------------------------------- | |
274 ORIGIN_MARKED: markname Matches if the origin has been marked with 'markname'. | |
275 ORIGIN_MARKED: markname (Xs) Matches if the origin has been marked with 'markname' within the past X seconds. | |
276 | |
277 Example usage: | |
278 | |
279 # This rule drops messages from sessions that have been marked as spammers in the past hour | |
280 ORIGIN_MARKED: spammer (3600s) | |
281 DROP. | |
282 | |
283 # This rule marks the origin session as a spammer if they send a message to a honeypot JID | |
284 KIND: message | |
285 TO: honeypot@example.com | |
286 MARK_ORIGIN=spammer | |
266 | 287 |
267 Actions | 288 Actions |
268 ------- | 289 ------- |
269 | 290 |
270 Actions come after all conditions in a rule block. There must be at | 291 Actions come after all conditions in a rule block. There must be at |
307 ------------------------ ------------------------------------------------------------------------ | 328 ------------------------ ------------------------------------------------------------------------ |
308 `STRIP=name` Remove any child elements with the given name in the default namespace | 329 `STRIP=name` Remove any child elements with the given name in the default namespace |
309 `STRIP=name namespace` Remove any child elements with the given name and the given namespace | 330 `STRIP=name namespace` Remove any child elements with the given name and the given namespace |
310 `INJECT=xml` Inject the given XML into the stanza as a child element | 331 `INJECT=xml` Inject the given XML into the stanza as a child element |
311 | 332 |
333 ### Sessions | |
334 | |
335 It is possible to mark sessions, and then use these marks to match rules later on. | |
336 | |
337 Action Description | |
338 ------------------------ -------------------------------------------------------------------------- | |
339 `MARK_ORIGIN=mark` Marks the originating session with the given flag. | |
340 `UNMARK_ORIGIN=mark` Removes the given mark from the origin session (if it is set). | |
341 | |
312 ### Informational | 342 ### Informational |
313 | 343 |
314 Action Description | 344 Action Description |
315 --------------- ------------------------------------------------------------------------------------------------------------------------ | 345 --------------- ------------------------------------------------------------------------------------------------------------------------ |
316 `LOG=message` Logs the given message to Prosody's log file. Optionally prefix it with a log level in square brackets, e.g. `[debug]` | 346 `LOG=message` Logs the given message to Prosody's log file. Optionally prefix it with a log level in square brackets, e.g. `[debug]` |