mod_block
Introduction
mod_block blocks incoming connections/requests based on defined rules.
Module Configuration
Description
conf/mod_block/mod_block.conf
Config Item | Description |
---|---|
Basic.ProductRulePath | Path of product rule configuration |
Basic.IPBlocklistPath | Path of ip blocklist file |
Example
[Basic]
# product rule config file path
ProductRulePath = mod_block/block_rules.data
# global ip blocklist file path
IPBlocklistPath = mod_block/ip_blocklist.data
Format of IPBlocklistPath file
192.168.1.253 192.168.1.254
192.168.1.250
Rule Configuration
Description
conf/mod_block/block_rules.data
Config Item | Description |
---|---|
Version | String Version of config file |
Config | Struct Block rules for each product |
Config{k} | String Product name |
Config{v} | Object A list of rules |
Config{v}[] | Object A block rule |
Config{v}[].Cond | String Condition expression, See Condition |
Config{v}[].Name | String Name of rule |
Config{v}[].Action | Object Action of rule |
Config{v}[].Action.Cmd | String Name of action |
Config{v}[].Action.Params | Object A list of action parameters |
Config{v}[].Action.Params[] | String A action parameter |
Actions
Action | Description |
---|---|
CLOSE | Close the connection |
ALLOW | Accept the request |
Example
{
"Version": "20190101000000",
"Config": {
"global": [
{
"action": {
"cmd": "ALLOW",
"params": []
},
"cond": "req_host_in(\"n.example.org\") && req_path_prefix_in(\"/index/\", false) && req_query_key_in(\"space\")",
"name": "example whiterule"
}
],
"example_product": [
{
"action": {
"cmd": "CLOSE",
"params": []
},
"name": "example rule",
"cond": "req_path_in(\"/limit\", false)"
}
]
}
}
Metrics
Metric | Description |
---|---|
CONN_ACCEPT | Counter for connection accepted |
CONN_REFUSE | Counter for connection refused |
CONN_TOTAL | Counter for all connnetion checked |
REQ_ACCEPT | Counter for request accepted |
REQ_REFUSE | Counter for request refused |
REQ_TOTAL | Counter for all request in |
REQ_TO_CHECK | Counter for request to check |
WRONG_COMMAND | Counter for request with condition satisfied, but wrong command |