Both sides previous revisionPrevious revisionNext revision | Previous revision |
config:filter_files [2019/02/07 19:22] – Mention that C-style escapes are now supported. More examples. digital man | config:filter_files [2023/12/18 19:51] (current) – [Filter Files] Note about file must end in LF digital man |
---|
Filter configuration (''[[dir:ctrl]]/*.cfg'') and trash can (''[[dir:text]]/*.can'') files allow the sysop to specify words (or any sequence of characters) that will be used to disallow clients, users, or their content. | Filter configuration (''[[dir:ctrl]]/*.cfg'') and trash can (''[[dir:text]]/*.can'') files allow the sysop to specify words (or any sequence of characters) that will be used to disallow clients, users, or their content. |
| |
Each line in a filter file may contain a comparison sequence. Blank lines and lines beginning with a semicolon are ignored. | Each line in a filter file may contain a comparison pattern. Blank lines and lines beginning with a semicolon character ('';'') are ignored. Lines may contain up to 1000 characters. |
| |
===== Comparison Sequences ===== | A tab (ASCII 9) character or a new-line (CR or CRLF) sequence will terminate (signify the end of) each comparison pattern. All characters between the first tab character and the new-line sequence may be considered metadata for the comparison pattern. |
| |
| To support the correct auto-addition of filters, it's important that **all comparison patterns end in a new-line sequence** (i.e. a non-empty file must end with an LF character). |
| ===== Comparison Patterns ===== |
* Leading white-space characters are ignored | * Leading white-space characters are ignored |
* Sequences of alphabetic letters are treated case-insensitively | * Alphabetic character are compared case-insensitively |
* C-style string-literal backslash (''\'') [[wp>C_syntax#Strings|escape sequences]] are supported (as of v3.17c) | * C-style string-literal backslash (''\'') [[wp>C_syntax#Strings|escape sequences]] are supported in patterns (as of v3.17c) |
* Sequences //beginning// with an exclamation mark (''!'') negate the match logic for that sequence | * Patterns //beginning// with an exclamation mark (''!'') negate the match logic for that pattern |
* Sequences //beginning// with an asterisk (''*'') match only if the characters following the ''*'' are found at the end of the comparison string | * Patterns //ending// with a caret (''^'') match only if the preceding (left most) characters are found at the beginning of the comparison string ((The caret is a legacy pattern matching character made obsolete/redundant by the asterisk)) |
* Sequences //ending// with an asterisk (''*'') or caret (''^'') match only if the characters preceding are found at the beginning of the comparison string | * Patterns //ending// with a tilde (''~'') match when the preceding string of characters are found //anywhere// within the comparison string |
* Sequences //ending// with a tilde (''~'') match when the preceding string of characters are found //anywhere// within the comparison string | * Patterns //including// an asterisk (''*'') will match when both the left and right string fragments (on either/both sides of the ''*'') match the comparison string (as of v3.19a) ((Additional (more than one) asterisks in a comparison pattern are not treated specially)) |
* All other sequences are "exact match" string comparisons | * All other patterns are "exact match" string comparisons |
| |
| **Note:**\\ |
| There's no effective difference between the patterns "word^" and "word*". |
| |
==== Examples ==== | ==== Examples ==== |
* ''sysop'' in the ''name.can'' file would mean users could not use the name "sysop". | * ''sysop'' in the ''name.can'' file would mean new users could not use the name "sysop". |
* ''sysop*'' would mean users could not use names //beginning// with the word "sysop", like "sysop the" or "sysops". | * ''sysop*'' would mean new users could not use names //beginning// with the word "sysop", like "sysop the" or "sysops". |
* ''sysop~'' would mean users could not use names that have the word "sysop" //anywhere// in them, like "imthesysop" or "Joe Sysop". | * ''sysop~'' would mean new users could not use names that have the word "sysop" //anywhere// in them, like "imthesysop" or "Joe Sysop". |
| |
=== Match strings with the character sequence "viagra" anywhere within === | === Match strings with the character sequence "viagra" anywhere within === |
| |
^Filename / Page ^Default Contents^Rejection Message((Rejection message files are only used/displayed by the terminal server))^Description^ | ^Filename / Page ^Default Contents^Rejection Message((Rejection message files are only used/displayed by the terminal server))^Description^ |
|''[[email.can]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/email.can|email.can]]|''[[bademail.msg]]''|Disallowed (source or destination) e-mail addresses (see also ''[[twitlist.cfg]]'')| | |''[[email.can]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/email.can|email.can]]|''[[bademail.msg]]''|Disallowed (source or destination) e-mail addresses (see also ''[[twitlist.cfg]]'')| |
|''[[file.can]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/file.can|file.can]]|''[[badfile.msg]]''|Disallowed filenames for upload| | |''[[file.can]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/file.can|file.can]]|''[[badfile.msg]]''|Disallowed filenames for upload| |
|''[[host.can]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/host.can|host.can]]|''[[badhost.msg]]''|Disallowed hostnames for inbound connections (when hostname lookups are enabled)| | |''[[host.can]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/host.can|host.can]]|''[[badhost.msg]]''|Disallowed hostnames for inbound connections (when hostname lookups are enabled) and content| |
|''[[ip.can]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/ip.can|ip.can]]|''[[badip.msg]]''|Disallowed IP addresses for inbound connections| | |''[[ip.can]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/ip.can|ip.can]]|''[[badip.msg]]''|Disallowed IP addresses for inbound connections and content (e.g. messages)| |
|''[[ip-silent.can]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/ip-silent.can|ip-silent.can]]| |Silently-ignored IP addresses for inbound connections| | |''[[ip-silent.can]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/ip-silent.can|ip-silent.can]]| |Silently-ignored IP addresses for inbound connections| |
|''[[name.can]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/name.can|name.can]]|''[[badname.msg]]''|Disallowed user login name/alias (see also [[howto:block-hackers]])| | |''[[name.can]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/name.can|name.can]]|''[[badname.msg]]''|Disallowed user login name/alias (see also [[howto:block-hackers]])| |
|''[[password.can]]'' | [[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/password.can|password.can]]|''[[badpassword.msg]]''|Disallowed user passwords| | |''[[password.can]]'' | [[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/password.can|password.can]]|''[[badpassword.msg]]''|Disallowed user passwords| |
|''[[phone.can]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/phone.can|phone.can]]|''[[badphone.msg]]''|Disallowed phone numbers for new users| | |''[[phone.can]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/phone.can|phone.can]]|''[[badphone.msg]]''|Disallowed phone numbers for new users| |
|''[[subject.can]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/subject.can|subject.can]]|''[[badsubject.msg]]''|Disallowed subjects in posted messages| | |''[[subject.can]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/subject.can|subject.can]]|''[[badsubject.msg]]''|Disallowed subjects in posted messages| |
| |
| **New in Synchronet v3.20:**\\ |
| Comparison patterns in ''.can'' files may contain metadata as tab-delimited ''key=value'' pairs. The keys supported are: |
| ^ Key ^ Description ^ |
| |''t'' | Date/time stamp of filter addition (in ISO-8601 format) | |
| |''e'' | Expiration date/time (in ISO-8601 format) | |
| |''p'' | Protocol used (informational only) | |
| |''r'' | Reason for filtering (informational only) | |
| |''u'' | User name/identification at time of filtering (informational only) | |
| |''h'' | Host name of client (informational only) | |
| |
===== Other Filter Files ===== | ===== Other Filter Files ===== |
| |
^Filename / Page ^Default Contents^Description^ | ^Filename / Page ^Default Contents^Description^ |
|''[[spamblock.cfg]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/spamblock.cfg|spamblock.cfg]]|Hostnames and IP addresses blocked from sending e-mail to the [[server:mail|Mail Server]] (see also ''spamblock_exempt.cfg'')| | |''[[spamblock.cfg]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/spamblock.cfg|spamblock.cfg]]|Hostnames and IP addresses blocked from sending e-mail to the [[server:mail|Mail Server]] (see also ''spamblock_exempt.cfg'')| |
|''[[twitlist.cfg]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/twitlist.cfg|twitlist.cfg]]|Disallowed (source or destination) e-mail addresses (enclosed in <angle brackets>) or names (see also ''[[email.can]]'')| | |''[[twitlist.cfg]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/twitlist.cfg|twitlist.cfg]]|Disallowed (source or destination) e-mail/netmail addresses or names (see also ''[[email.can]]'')| |
| |
===== Filter Exemption Files ===== | ===== Filter Exemption Files ===== |
| |
^Filename / Page ^Default Contents^Description^ | ^Filename / Page ^Default Contents^Description^ |
|''[[ipfilter_exempt.cfg]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/ipfilter_exempt.cfg|ipfilter_exempt.cfg]]| Hostnames and IP addresses that are considered exempt from temporary bans and permanent filtering (added Oct-17-2016)| | |''[[ipfilter_exempt.cfg]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/ipfilter_exempt.cfg|ipfilter_exempt.cfg]]| Hostnames and IP addresses that are considered exempt from temporary bans and permanent filtering (added Oct-17-2016)| |
|''[[dnsbl_exempt.cfg]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/dnsbl_exempt.cfg|dnsbl_exempt.cfg]]|Hostnames and IP addresses and e-mail address (enclosed in <angle brackets>) which are to be exempt from positive DNS-based Blacklist results in the [[server:mail|Mail Server]] (see also ''dns_blacklist.cfg'')| | |''[[dnsbl_exempt.cfg]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/dnsbl_exempt.cfg|dnsbl_exempt.cfg]]|Hostnames and IP addresses and e-mail address (enclosed in <angle brackets>) which are to be exempt from positive DNS-based Blacklist results in the [[server:mail|Mail Server]] (see also ''dns_blacklist.cfg'')| |
|''[[spamblock_exempt.cfg]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/spamblock_exempt.cfg|spamblock_exempt.cfg]]|Hostnames and IP addresses which are not to be blocked from sending e-mail to the [[server:mail|Mail Server]] (see also ''spamblock.cfg'')| | |''[[spamblock_exempt.cfg]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/spamblock_exempt.cfg|spamblock_exempt.cfg]]|Hostnames and IP addresses which are not to be blocked from sending e-mail to the [[server:mail|Mail Server]] (see also ''spamblock.cfg'')| |
| |
| |
* [[:config:|Configuration]] | * [[:config:|Configuration]] |
| |
{{tag>filter abuse spam}} | |
| {{tag>configuration security abuse spam cfg can}} |
| |