1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
body common control
{
bundlesequence => { "access_rules" };
inputs => { "../../default.cf.sub" };
}
#########################################################
# Server config
#########################################################
body server control
{
port => "9876";
allowconnects => { "127.0.0.1" , "::1" };
allowallconnects => { "127.0.0.1" , "::1" };
trustkeysfrom => { "127.0.0.1" , "::1" };
allowlegacyconnects => { "127.0.0.1" , "::1" };
}
#########################################################
bundle server access_rules()
{
access:
"$(G.testdir)/source_file"
admit => { "127.0.0.1", "::1" },
shortcut => "simple_source";
"$(G.testdir)/$(connection.ip).txt"
admit_ips => { "$(connection.ip)" },
shortcut => "expand_ip_source";
# Directory existing only in connection time (not in daemon init
# time), after special variables have been expanded. So we need to
# specify recursive access by appending trailing slash or slashdot.
# Trailing slash
"$(G.testdir)/$(connection.ip)_DIR1/"
admit_ips => { "$(connection.ip)" };
# Trailing slashdot, should be equivalent to trailing slash
"$(G.testdir)/$(connection.ip)_DIR2/."
admit_ips => { "$(connection.ip)" };
# Deny access to a file within a recursively admitted directory!
"$(G.testdir)/$(connection.ip)_DIR1/DENY_FILE"
deny_ips => { "$(connection.ip)" };
"$(G.testdir)/$(connection.ip)_DIR2/DENY_FILE"
deny_ips => { "$(connection.ip)" };
}
|
