Diff

mod_firewall/README.markdown @ 2545:9b46d24edf0d

mod_firewall: Add and document COUNT condition
author Matthew Wild <mwild1@gmail.com>
date Tue, 21 Feb 2017 22:41:58 +0000
parent 2540:d637bc0ac604
child 2559:99b32f77f00d
line wrap: on
line diff
--- a/mod_firewall/README.markdown	Tue Feb 21 22:41:40 2017 +0000
+++ b/mod_firewall/README.markdown	Tue Feb 21 22:41:58 2017 +0000
@@ -157,6 +157,21 @@
     SCAN: body for word in badwords
     BOUNCE=policy-violation (This word is not allowed!)
 
+#### COUNT
+
+COUNT is similar to SCAN, in that it uses a defined SEARCH and breaks it up according to a PATTERN. Then it
+counts the number of results.
+
+For example, to block every message with more than one URL:
+
+    # Define a search location called 'body' which fetches the text of the 'body' element
+    %SEARCH body: body#
+    # Define a pattern called 'url' which matches HTTP links
+    %PATTERN url: https?://%S+
+    
+    COUNT: url in body > 1
+    BOUNCE=policy-violation (Up to one HTTP URL is allowed in messages)
+
 ### Stanza matching
 
   Condition   Matches