Hello Aaron,
On 14 Jun 2017, at 6:58, Aaron Sinclair wrote:
Hi All.. Hope someone can give a pointer to get me moving forward.
I have a RPZ file loaded, and would like to allow certain users to
bypass the RPZ default policy.
This is working and the correct answer is given, however it's stored
in cache and any subsequent request get the answer directly from the
packet cache. This means if a client that is not in the exlusion list
queries the domain shortly after then they will get the cached
response.
Yes, the packet cache does not automatically distinguish between
clients.
allowBlockAccess = newCAS()
allowBlockAccess:add(dofile("allowBlockIPs"))
function prerpz(dq)
if allowBlockAccess:check(dq.remoteaddr) then
dq:discardPolicy('blocklist')
end
return false
end
Add ‘dq.variable = true’ right before ‘return false’ (but AFTER
‘end’), to disable the packet cache, or disable the packet cache
completely via recursor.conf.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users
