# HG changeset patch # User Matthew Wild # Date 1600166709 -3600 # Node ID 68ceb7e0cfe6d0458110399ca065f0d9869debfd # Parent 24404c2890148ac2a5b3dc5f3d58eb23825d5522 mod_firewall: Add docs for list types and parameters diff -r 24404c289014 -r 68ceb7e0cfe6 mod_firewall/README.markdown --- a/mod_firewall/README.markdown Mon Sep 14 18:16:31 2020 +0100 +++ b/mod_firewall/README.markdown Tue Sep 15 11:45:09 2020 +0100 @@ -121,6 +121,44 @@ file %LIST spammers: file:/etc/spammers.txt http %LIST spammers: http://example.com/spammers.txt +#### List types +##### memory + +``` +%LIST name: memory (limit: number) +``` + +A memory-only list, with an optional limit. Supports addition and removal of items by scripts. + +If a limit is provided, the oldest item will be discarded to make room for a new item if the +list is full. The limit is useful to prevent infinite memory growth on busy servers. + +##### file + +``` +%LIST name: file:/path/to/file (missing: string) +``` + +Reads a list from a file. The list can be added to and removed from by scripts, but +these changes do not persist between restarts. + +If the file is missing, an error will be raised. The optional 'missing' parameter can be set +to 'ignore' (e.g. `(missing: ignore)`) to ignore a missing file. + +##### http + +``` +%LIST name: http://example.com/ (ttl: number, pattern: pat, hash: sha1, checkcerts: when-sni) +``` + +Fetches a list from a HTTP or HTTPS URL. The following options are accepted: + + Option Description + ------- ----------- + ttl Seconds to cache the list for. After expiry, it will be refetched. Default 3600 (1 hour). + pattern Optional pattern used to extract list entries from the response. Default is to treat each line as a single item. + hash Optional hash to be applied to items before looking them up in the list, e.g. sha1 or sha256. + #### CHECK LIST Checks whether a simple expression is found in a given list.