Am 04-04-2017 15:05, schrieb Jarno Huuskonen:
Hi,
On Tue, Apr 04, Aleksandar Lazic wrote:
@Jarno: How about to add in the comment this information?
Maybe some other users also assume that bloack means L4+L7
How about something like this:
Great thanks ;-)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -2501,7 +2501,9 @@ block { if | unless } <condition> (deprecated)
is blocked. The condition has to reference ACLs (see section 7).
This is
typically used to deny access to certain sensitive resources if some
conditions are met or not met. There is no fixed limit to the number
of
- "block" statements per instance.
+ "block" statements per instance. To block connections at layer 4
(without
+ sending a 403 error) see "tcp-request connection reject" and
+ "tcp-request content reject" rules.
This form is deprecated, do not use it in any new configuration, use
the new
"http-request deny" instead.
@@ -2514,8 +2516,9 @@ block { if | unless } <condition> (deprecated)
#block if invalid_src || local_dst
http-request deny if invalid_src || local_dst
- See section 7 about ACL usage.
-
+ See also : section 7 about ACL usage, "http-request deny",
+ "http-response deny", "tcp-request connection reject" and
+ "tcp-request content reject".
capture cookie <name> len <length>
Capture and log a cookie in the request and in the response.
-Jarno
