Hi All.. Hope someone can give a pointer to get me moving forward.
I have a RPZ file loaded, and would like to allow certain users to bypass the
RPZ default policy.
This is working and the correct answer is given, however it's stored in cache
and any subsequent request get the answer directly from the packet cache. This
means if a client that is not in the exlusion list queries the domain shortly
after then they will get the cached response.
I'd like do something like check in prerpz() whether the domain is in the rpz
zone, and not cache it.
The problem is
1. I don't know how to check for/find a domain within a RPZ Policy
2. and more importantly, dq.variable doesn't seem to have any affect in prerpz()
Any help, pointers or hints would be GREATLY appreciated.
PowerDNS Recursor 4.0.5
------------------------------------------------------------------
lua-config-file=/etc/pdns-recursor/config.lua
------------------------------------------------------------------
rpzMaster("10.128.0.2", "somedrop.rpz.com",{defpol=Policy.Custom,
defcontent='block.mydomain.com', policyName='blocklist'})
=========================================
------------------------
luaRules.lau
------------------------
allowBlockAccess = newCAS()
allowBlockAccess:add(dofile("allowBlockIPs"))
function prerpz(dq)
if allowBlockAccess:check(dq.remoteaddr) then
dq:discardPolicy('blocklist')
end
return false
end
=========================================
_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users
