Software /
code /
prosody-modules
Comparison
mod_firewall/README.markdown @ 4127:e9e10ec1b91c
mod_firewall: Add checkcerts option for HTTP lists, cert verification disabled when SNI unsupported
This provides a balance between security and usability. SNI is supported in Prosody trunk
and in Prosody 0.11 from commit 30d3f6f85eb8 (scheduled for 0.11.7).
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Tue, 15 Sep 2020 11:49:55 +0100 |
parent | 4126:68ceb7e0cfe6 |
child | 4152:87daef9ed4e7 |
comparison
equal
deleted
inserted
replaced
4126:68ceb7e0cfe6 | 4127:e9e10ec1b91c |
---|---|
156 Option Description | 156 Option Description |
157 ------- ----------- | 157 ------- ----------- |
158 ttl Seconds to cache the list for. After expiry, it will be refetched. Default 3600 (1 hour). | 158 ttl Seconds to cache the list for. After expiry, it will be refetched. Default 3600 (1 hour). |
159 pattern Optional pattern used to extract list entries from the response. Default is to treat each line as a single item. | 159 pattern Optional pattern used to extract list entries from the response. Default is to treat each line as a single item. |
160 hash Optional hash to be applied to items before looking them up in the list, e.g. sha1 or sha256. | 160 hash Optional hash to be applied to items before looking them up in the list, e.g. sha1 or sha256. |
161 checkcert Whether to verify HTTPS certificates. May be "always", "never" or "when-sni". Default "when-sni". | |
162 | |
163 The "when-sni" default disables certificate verification when Prosody's HTTP client API doesn't support SNI, | |
164 as in Prosody 0.11.6 and earlier. | |
161 | 165 |
162 #### CHECK LIST | 166 #### CHECK LIST |
163 | 167 |
164 Checks whether a simple expression is found in a given list. | 168 Checks whether a simple expression is found in a given list. |
165 | 169 |