Skip to content

mod_block

Introduction

mod_block blocks incoming connections/requests based on defined rules.

Module Configuration

Description

conf/mod_block/mod_block.conf

Config Item Description
Basic.ProductRulePath Path of product rule configuration
Basic.IPBlocklistPath Path of ip blocklist file

Example

[Basic]
# product rule config file path
ProductRulePath = mod_block/block_rules.data

# global ip blocklist file path
IPBlocklistPath = mod_block/ip_blocklist.data

Format of IPBlocklistPath file

192.168.1.253 192.168.1.254
192.168.1.250

Rule Configuration

Description

conf/mod_block/block_rules.data

Config Item Description
Version String
Verson of config file
Config Struct
Block rules for each product
Config{k} String
Product name
Config{v} Object
A list of rules
Config{v}[] Object
A block rule
Config{v}[].Cond String
Condition expression, See Condition
Config{v}[].Name String
Name of rule
Config{v}[].Action Object
Action of rule
Config{v}[].Action.Cmd String
Name of action
Config{v}[].Action.Params Object
A list of action parameters
Config{v}[].Action.Params[] String
A action parameter

Actions

Action Description
CLOSE Close the connection
ALLOW Accept the request

Example

{
  "Version": "20190101000000",
  "Config": {
      "global": [
          {
              "action": {
                  "cmd": "ALLOW",
                  "params": []
              },
              "cond": "req_host_in(\"n.example.org\") && req_path_prefix_in(\"/index/\", false) && req_query_key_in(\"space\")",
              "name": "example whiterule"
          }
        ],
      "example_product": [
          {
            "action": {
                  "cmd": "CLOSE",
                  "params": []
              },
              "name": "example rule",
              "cond": "req_path_in(\"/limit\", false)"            
          }
      ]
  }
}

Metrics

Metric Description
CONN_ACCEPT Counter for connection accepted
CONN_REFUSE Counter for connection refused
CONN_TOTAL Counter for all connnetion checked
REQ_ACCEPT Counter for request accepted
REQ_REFUSE Counter for request refused
REQ_TOTAL Counter for all request in
REQ_TO_CHECK Counter for request to check
WRONG_COMMAND Counter for request with condition satisfied, but wrong command