Software /
code /
prosody-modules
Diff
mod_firewall/README.markdown @ 2108:573fe9825fba
mod_firewall: README: Document session marking
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Thu, 17 Mar 2016 11:33:57 +0000 |
parent | 2105:f2d5aa789646 |
child | 2110:c26b28c65d47 |
line wrap: on
line diff
--- a/mod_firewall/README.markdown Thu Mar 17 11:27:10 2016 +0000 +++ b/mod_firewall/README.markdown Thu Mar 17 11:33:57 2016 +0000 @@ -264,6 +264,27 @@ **Note:** Reloading mod\_firewall resets the current state of any limiters. +### Session marking + +It is possible to 'mark' sessions (see the MARK_ORIGIN action below). To match stanzas from marked sessions, use the +`ORIGIN_MARKED` condition. + + Condition Description + ------------------------------- --------------------------------------------------------------- + ORIGIN_MARKED: markname Matches if the origin has been marked with 'markname'. + ORIGIN_MARKED: markname (Xs) Matches if the origin has been marked with 'markname' within the past X seconds. + +Example usage: + + # This rule drops messages from sessions that have been marked as spammers in the past hour + ORIGIN_MARKED: spammer (3600s) + DROP. + + # This rule marks the origin session as a spammer if they send a message to a honeypot JID + KIND: message + TO: honeypot@example.com + MARK_ORIGIN=spammer + Actions ------- @@ -309,6 +330,15 @@ `STRIP=name namespace` Remove any child elements with the given name and the given namespace `INJECT=xml` Inject the given XML into the stanza as a child element +### Sessions + +It is possible to mark sessions, and then use these marks to match rules later on. + + Action Description + ------------------------ -------------------------------------------------------------------------- + `MARK_ORIGIN=mark` Marks the originating session with the given flag. + `UNMARK_ORIGIN=mark` Removes the given mark from the origin session (if it is set). + ### Informational Action Description