DOC: add layer 4 links/cross reference to "block" keyword.

Idea from Aleksandar Lazic: add explanation/links about layer4 tcp-request connection or content reject to "block" keyword. Add http-request cross ref. to "tcp-request content".
2025-09-22 22:31:28 +02:00 · 2017-04-06 13:59:14 +03:00 · 2017-04-06 13:59:14 +03:00 · 95b012bb91
commit 95b012bb91
parent cb4502e3aa
1 changed files with 8 additions and 5 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -2509,7 +2509,9 @@ block { if | unless } <condition> (deprecated)
  is blocked. The condition has to reference ACLs (see section 7). This is
  typically used to deny access to certain sensitive resources if some
  conditions are met or not met. There is no fixed limit to the number of
-  "block" statements per instance.
+  "block" statements per instance. To block connections at layer 4 (without
+  sending a 403 error) see "tcp-request connection reject" and
+  "tcp-request content reject" rules.

  This form is deprecated, do not use it in any new configuration, use the new
  "http-request deny" instead.
@ -2522,8 +2524,9 @@ block { if | unless } <condition> (deprecated)
        #block if invalid_src || local_dst
        http-request deny if invalid_src || local_dst

-  See section 7 about ACL usage.
-
+  See also : section 7 about ACL usage, "http-request deny",
+            "http-response deny", "tcp-request connection reject" and
+            "tcp-request content reject".

 capture cookie <name> len <length>
  Capture and log a cookie in the request and in the response.
@ -9297,8 +9300,8 @@ tcp-request content <action> [{if | unless} <condition>]

  See section 7 about ACL usage.

-  See also : "tcp-request connection", "tcp-request session", and
-             "tcp-request inspect-delay"
+  See also : "tcp-request connection", "tcp-request session",
+             "tcp-request inspect-delay", and "http-request".


 tcp-request inspect-delay <timeout>