Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
config:filter_files [2010/03/08 01:56] – created digitalmanconfig:filter_files [2023/12/18 19:51] (current) – [Filter Files] Note about file must end in LF digital man
Line 3: Line 3:
 Filter configuration (''[[dir:ctrl]]/*.cfg'') and trash can (''[[dir:text]]/*.can'') files allow the sysop to specify words (or any sequence of characters) that will be used to disallow clients, users, or their content. Filter configuration (''[[dir:ctrl]]/*.cfg'') and trash can (''[[dir:text]]/*.can'') files allow the sysop to specify words (or any sequence of characters) that will be used to disallow clients, users, or their content.
  
-Each line in a filter file may contain a comparison sequence.  Blank lines and lines beginning with a semicolon are ignored+Each line in a filter file may contain a comparison pattern.  Blank lines and lines beginning with a semicolon character ('';''are ignored. Lines may contain up to 1000 characters.
  
-===== Comparison Sequences ===== +A tab (ASCII 9) character or a new-line (CR or CRLF) sequence will terminate (signify the end of) each comparison pattern. All characters between the first tab character and the new-line sequence may be considered metadata for the comparison pattern. 
-  * Sequences of alphabetic letters are treated case-insensitively + 
-  * Sequences //beginning// with an exclamation mark (''!'') negate the match logic for that sequence +To support the correct auto-addition of filters, it's important that **all comparison patterns end in a new-line sequence** (i.e. a non-empty file must end with an LF character). 
-  * Sequences //beginning// with an asterisk (''*'') match only if the characters following the ''*'' are found at the end of the comparison string +===== Comparison Patterns ===== 
-  * Sequences //ending// with an asterisk (''*'') or caret (''^'') match only if the characters preceding are found at the beginning of the comparison string +  * Leading white-space characters are ignored 
-  * Sequences //ending// with a tilde (''~'') match only if the preceding characters are found anywhere within comparison string +  * Alphabetic character are compared case-insensitively 
-  * All other sequences are "exact match" string comparisons+  * C-style string-literal backslash (''\'') [[wp>C_syntax#Strings|escape sequences]] are supported in patterns (as of v3.17c) 
 +  * Patterns //beginning// with an exclamation mark (''!'') negate the match logic for that pattern 
 +  * Patterns //ending// with a caret (''^'') match only if the preceding (left most) characters are found at the beginning of the comparison string ((The caret is a legacy pattern matching character made obsolete/redundant by the asterisk)) 
 +  * Patterns //ending// with a tilde (''~'') match when the preceding string of characters are found //anywhere// within the comparison string 
 +  * Patterns //including// an asterisk (''*'') will match when both the left and right string fragments (on either/both sides of the ''*'') match the comparison string (as of v3.19a) ((Additional (more than one) asterisks in a comparison pattern are not treated specially)) 
 +  * All other patterns are "exact match" string comparisons 
 + 
 +**Note:**\\ 
 +There's no effective difference between the patterns "word^" and "word*".
    
-Examples:+==== Examples ====  
 +  * ''sysop'' in the ''name.can'' file would mean new users could not use the name "sysop"
 +  * ''sysop*'' would mean new users could not use names //beginning// with the word "sysop", like "sysop the" or "sysops"
 +  * ''sysop~'' would mean new users could not use names that have the word "sysop" //anywhere// in them, like "imthesysop" or "Joe Sysop".
  
-  * ''sysop'' in the ''name.can'' file would mean users could not use the name "sysop"+=== Match strings with the character sequence "viagraanywhere within === 
-  * ''sysop*'' would mean users could not use names beginning with the word "sysop", like "sysopa" or "sysops" etc. +  viagra~
-  * ''sysop~'' would mean users could not use names that have the word "sysop" anywhere in them, like "imthesysop" or "mesysophere".+
      
 +=== Match strings beginning with the character sequence "[adv]" ===
 +  [adv]*
  
 +=== Match strings beginning with a space ===
 +  \ *
 +  
 +=== Match the string "administrator", exactly (but case-insensitively) ===
 +  administrator  
 +  
 +=== Match strings that do not begin with the character sequence: "the " ===
 +  !the *
 +
 +==== IPv4 CIDR Notation ====
 +
 +An additional comparison format was introduced in v3.17 (Feb-9-2017) specifically for partial (ranges of) IPv4 address matching following standard [[wp>Classless_Inter-Domain_Routing]] (CIDR) notation. For example, rather than using the comparison string "192.168.1.*" to match all IP addresses that begin with the first 3 octets of 192, 168, and 1, you could specify the same thing using CIDR notation:
 +  192.168.1.0/24
 +  
 +This enables the flexibility of filtering ranges of IP addresses based on sub-networks that are not multiples of 8-bits (e.g. "192.168.1.33/30") and the format is compatible with commonly available regional block lists.
 +
 +All 4 octets of the IPv4 address must be specified in the CIDR comparison string (i.e. "192.168.1/24" is **not** a valid CIDR comparison string).
 +
 +CIDR comparisons beginning with the negation prefix (''!'') **are** supported (reverses the IP address comparison logic).
 +
 +IPv6 CIDR notation is not supported at this time.
 + 
 ===== Trash Can Files ===== ===== Trash Can Files =====
  
-The following table lists the supported trash can files, a description of their use, and optional response message (''.msg'') files that may be displayed to users that are filtered. Trash can files and their respective optional response files are located in the ''[[dir:text]]'' directory:+The following table lists the supported trash can files, a description of their use, and optional rejection message (''.msg'') files that may be displayed to users that are (or have their content) filtered. Trash can files and their respective optional rejection message files are located in the ''[[dir:text]]'' directory:
  
-^Filename / Page     ^Default Contents^Description^ +^Filename / Page     ^Default Contents^Rejection Message((Rejection message files are only used/displayed by the terminal server))^Description^ 
-|''[[email.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/email.can|email.can]]|Disallowed (source or destination) e-mail addresses (see also ''[[twitlist.cfg]]'')+|''[[email.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/email.can|email.can]]|''[[bademail.msg]]''|Disallowed (source or destination) e-mail addresses (see also ''[[twitlist.cfg]]'')| 
-|''[[bademail.msg]]''||Optional message to display to users attempting to use a disallowed email address+|''[[file.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/file.can|file.can]]|''[[badfile.msg]]''|Disallowed filenames for upload| 
-|''[[file.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/file.can|file.can]]|Disallowed filenames for upload| +|''[[host.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/host.can|host.can]]|''[[badhost.msg]]''|Disallowed hostnames for inbound connections (when hostname lookups are enabled) and content
-|''[[badfile.msg]]''||Optional message to display to users who attempt to upload a disallowed filename+|''[[ip.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/ip.can|ip.can]]|''[[badip.msg]]''|Disallowed IP addresses for inbound connections and content (e.g. messages)
-|''[[host.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/host.can|host.can]]|Disallowed hostnames for connections| +|''[[ip-silent.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/ip-silent.can|ip-silent.can]]|Silently-ignored IP addresses for inbound connections| 
-|''[[badhost.msg]]''||Optional message to display to users who attempt to connect from a disallowed host+|''[[name.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/name.can|name.can]]|''[[badname.msg]]''|Disallowed user login name/alias (see also [[howto:block-hackers]])
-|''[[ip.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/ip.can|ip.can]]|Disallowed IP addresses for connections| +|''[[password.can]]''[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/password.can|password.can]]|''[[badpassword.msg]]''|Disallowed user passwords
-|''[[badip.msg]]''||Optional message to display to users who attempt to connect from a disallowed IP address+|''[[phone.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/phone.can|phone.can]]|''[[badphone.msg]]''|Disallowed phone numbers for new users
-|''[[ip-silent.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/ip-silent.can|ip-silent.can]]|Silently-ignored IP addresses for connections| +|''[[subject.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/subject.can|subject.can]]|''[[badsubject.msg]]''|Disallowed subjects in posted messages| 
-|''[[name.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/name.can|name.can]]|Disallowed user alias| + 
-|''[[badname.msg]]''||Optional message to display to users who attempt to use a disallowed alias+**New in Synchronet v3.20:**\\ 
-|''[[phone.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/phone.can|phone.can]]|Disallowed phone numbers for new users| +Comparison patterns in ''.can'' files may contain metadata as tab-delimited ''key=value'' pairs. The keys supported are: 
-|''[[badfile.msg]]''||Optional message to display to users who attempt to use a disallowed phone number+^ Key  ^ Description 
-|''[[subject.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/subject.can|subject.can]]|Disallowed message subjects| +|''t'' | Date/time stamp of filter addition (in ISO-8601 format) | 
-|''[[badsubject.msg]]''||Optional message to display to users who attempt to use a disallowed subject in posted message|+|''e'' | Expiration date/time (in ISO-8601 format) | 
 +|''p'' | Protocol used (informational only) | 
 +|''r'' | Reason for filtering (informational only) | 
 +|''u'' | User name/identification at time of filtering (informational only) | 
 +|''h'' | Host name of client (informational only) |
  
 ===== Other Filter Files ===== ===== Other Filter Files =====
Line 46: Line 84:
  
 ^Filename / Page     ^Default Contents^Description^ ^Filename / Page     ^Default Contents^Description^
-|''[[spamblock.cfg]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/spamblock.cfg|spamblock.cfg]]|Hostnames and IP addresses blocked from sending e-mail to the [[server:mail|Mail Server]] (see also ''spamblock_exempt.cfg'')| +|''[[spamblock.cfg]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/spamblock.cfg|spamblock.cfg]]|Hostnames and IP addresses blocked from sending e-mail to the [[server:mail|Mail Server]] (see also ''spamblock_exempt.cfg'')| 
-|''[[twitlist.cfg]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/twitlist.cfg|twitlist.cfg]]|Disallowed (source or destination) e-mail addresses (enclosed in <angle brackets>or names (see also ''[[email.can]]'')|+|''[[twitlist.cfg]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/twitlist.cfg|twitlist.cfg]]|Disallowed (source or destination) e-mail/netmail addresses or names (see also ''[[email.can]]'')|
  
 ===== Filter Exemption Files ===== ===== Filter Exemption Files =====
Line 53: Line 91:
  
 ^Filename / Page     ^Default Contents^Description^ ^Filename / Page     ^Default Contents^Description^
-|''[[dnsbl_exempt.cfg]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/dnsbl_exempt.cfg|dnsbl_exempt.cfg]]|Hostnames and IP addresses and e-mail address (enclosed in <angle brackets>) which are to be exempt from positive DNS-based Blacklist results in the [[server:mail|Mail Server]] (see also ''dns_blacklist.cfg'')| +|''[[ipfilter_exempt.cfg]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/ipfilter_exempt.cfg|ipfilter_exempt.cfg]]| Hostnames and IP addresses that are considered exempt from temporary bans and permanent filtering (added Oct-17-2016)| 
-|''[[spamblock_exempt.cfg]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/spamblock_exempt.cfg|spamblock_exempt.cfg]]|Hostnames and IP addresses which are not to be blocked from sending e-mail to the [[server:mail|Mail Server]] (see also ''spamblock.cfg'')|+|''[[dnsbl_exempt.cfg]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/dnsbl_exempt.cfg|dnsbl_exempt.cfg]]|Hostnames and IP addresses and e-mail address (enclosed in <angle brackets>) which are to be exempt from positive DNS-based Blacklist results in the [[server:mail|Mail Server]] (see also ''dns_blacklist.cfg'')| 
 +|''[[spamblock_exempt.cfg]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/spamblock_exempt.cfg|spamblock_exempt.cfg]]|Hostnames and IP addresses which are not to be blocked from sending e-mail to the [[server:mail|Mail Server]] (see also ''spamblock.cfg'')|
  
  
Line 60: Line 99:
   * [[:config:|Configuration]]   * [[:config:|Configuration]]
  
-{{tag>filter abuse}}+ 
 +{{tag>configuration security abuse spam cfg can}}
  
config/filter_files.1268042207.txt · Last modified: 2010/03/08 01:56 by digitalman
Back to top
CC Attribution 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0