# HG changeset patch # User Matthew Wild # Date 1656430784 -3600 # Node ID 4ffd6551f4bbb351b158adafa896b126fb50f8b6 # Parent d7684aa81d8ffbc33ec984fbcbb98a07905179a6 mod_firewall: README: Clarify when storage access can occur with roster checks diff -r d7684aa81d8f -r 4ffd6551f4bb mod_firewall/README.markdown --- a/mod_firewall/README.markdown Tue Jun 28 16:28:44 2022 +0100 +++ b/mod_firewall/README.markdown Tue Jun 28 16:39:44 2022 +0100 @@ -360,12 +360,14 @@ ### Roster -These functions access the roster of the recipient (only). Therefore they cannot (currently) +These conditions access the roster of the recipient (only). Therefore they cannot (currently) be used in some [chains](#chains), such as for outgoing messages (the recipient may be on another server). -Performance note: this check can potentially cause storage access (especially if the recipient -is currently offline), so you may want to limit its use in high-traffic situations, and place -it below other checks (such as a rate limiter). +Performance note: these checks can potentially cause storage access (especially if the recipient +is currently offline), so you may want to limit its use in high-traffic situations, and place rules +containing a roster check below other rules (such as a rate limiter). The storage access is +performed unconditionally before the first rule that contains a roster-based condition, even if earlier +conditions in that rule do not match. #### IN ROSTER