This is an old revision of the document!


Filter Files

Filter configuration (ctrl/*.cfg) and trash can (text/*.can) files allow the sysop to specify words (or any sequence of characters) that will be used to disallow clients, users, or their content.

Each line in a filter file may contain a comparison sequence. Blank lines and lines beginning with a semicolon are ignored.

Comparison Sequences

  • Leading white-space characters are ignored
  • Sequences of alphabetic letters are treated case-insensitively
  • C-style string-literal backslash (\) escape sequences are supported (as of v3.17c)
  • Sequences beginning with an exclamation mark (!) negate the match logic for that sequence
  • Sequences beginning with an asterisk (*) match only if the characters following the * are found at the end of the comparison string
  • Sequences ending with an asterisk (*) or caret (^) match only if the characters preceding are found at the beginning of the comparison string
  • Sequences ending with a tilde (~) match when the preceding string of characters are found anywhere within the comparison string
  • All other sequences are “exact match” string comparisons

Examples

  • sysop in the name.can file would mean users could not use the name “sysop”.
  • sysop* would mean users could not use names beginning with the word “sysop”, like “sysop the” or “sysops”.
  • sysop~ would mean users could not use names that have the word “sysop” anywhere in them, like “imthesysop” or “Joe Sysop”.

Match strings with the character sequence "viagra" anywhere within

viagra~

Match strings beginning with the character sequence "[adv]"

[adv]*

Match strings beginning with a space

\ *

Match the string "administrator", exactly (but case-insensitively)

administrator  

Match strings that do not begin with the character sequence: "the "

!the *

IPv4 CIDR Notation

An additional comparison format was introduced in v3.17 (Feb-9-2017) specifically for partial (ranges of) IPv4 address matching following standard Classless_Inter-Domain_Routing (CIDR) notation. For example, rather than using the comparison string “192.168.1.*” to match all IP addresses that begin with the first 3 octets of 192, 168, and 1, you could specify the same thing using CIDR notation:

192.168.1.0/24

This enables the flexibility of filtering ranges of IP addresses based on sub-networks that are not multiples of 8-bits (e.g. “192.168.1.33/30”) and the format is compatible with commonly available regional block lists.

All 4 octets of the IPv4 address must be specified in the CIDR comparison string (i.e. “192.168.1/24” is not a valid CIDR comparison string).

CIDR comparisons beginning with the negation prefix (!) are supported (reverses the IP address comparison logic).

IPv6 CIDR notation is not supported at this time.

Trash Can Files

The following table lists the supported trash can files, a description of their use, and optional rejection message (.msg) files that may be displayed to users that are (or have their content) filtered. Trash can files and their respective optional rejection message files are located in the text directory:

Filename / Page Default ContentsRejection Message1)Description
email.can email.canbademail.msgDisallowed (source or destination) e-mail addresses (see also twitlist.cfg)
file.can file.canbadfile.msgDisallowed filenames for upload
host.can host.canbadhost.msgDisallowed hostnames for inbound connections (when hostname lookups are enabled)
ip.can ip.canbadip.msgDisallowed IP addresses for inbound connections
ip-silent.can ip-silent.can Silently-ignored IP addresses for inbound connections
name.can name.canbadname.msgDisallowed user login name/alias (see also block-hackers)
password.can password.canbadpassword.msgDisallowed user passwords
phone.can phone.canbadphone.msgDisallowed phone numbers for new users
subject.can subject.canbadsubject.msgDisallowed subjects in posted messages

Other Filter Files

The following table lists other supported filter files and a description of their use. These filter files are located in the ctrl directory and do not have a respective response message file:

Filename / Page Default ContentsDescription
spamblock.cfg spamblock.cfgHostnames and IP addresses blocked from sending e-mail to the Mail Server (see also spamblock_exempt.cfg)
twitlist.cfg twitlist.cfgDisallowed (source or destination) e-mail addresses (enclosed in <angle brackets>) or names (see also email.can)

Filter Exemption Files

The following table lists supported filter exemption files and a description of their use. These filter exemption files are located in the ctrl directory:

Filename / Page Default ContentsDescription
ipfilter_exempt.cfg ipfilter_exempt.cfg Hostnames and IP addresses that are considered exempt from temporary bans and permanent filtering (added Oct-17-2016)
dnsbl_exempt.cfg dnsbl_exempt.cfgHostnames and IP addresses and e-mail address (enclosed in <angle brackets>) which are to be exempt from positive DNS-based Blacklist results in the Mail Server (see also dns_blacklist.cfg)
spamblock_exempt.cfg spamblock_exempt.cfgHostnames and IP addresses which are not to be blocked from sending e-mail to the Mail Server (see also spamblock.cfg)

See Also

1)
Rejection message files are only used/displayed by the terminal server
config/filter_files.1549596135.txt · Last modified: 2019/02/07 19:22 by digital man
Back to top
CC Attribution 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0