On Mon, Mar 29, 2010 at 04:55:19PM +0200, Steve wrote: > > You if/endif suggestion for the prefix is interesting. > > > > For added safety, the individual rules should be anchored with ^ and the > > bracketed atom plussed, no? > > > > /^[^:]+:.+ > > > Yes. You are right. But to be honest this should be enough (just an example): > 001) if > /^Received|X\-((Origin(ating)?|Client|MDRemote|Sender)\-?IP|(Client|Remote_)Addr|PHP\-Script):/ > 002) /\b(127\.0.\d+\.\d+)\b/ REJECT aviso.ci junk 2 > 003) endif > > > * Rule 001 will match a specific header. > * Rule 002 will match 127.0.xxx.xxx > * 127.0.xxx.xxx could be anchored with ^ but the rule/if-condition in > 001 is already taking care of that 127.0.xxx.xxx is not part of the > header name. So you can shorten the regexp to just "/\b(<ip you > check/rule>)/b REJECT blah-blah-blah"
Indeed, on second thought the anchoring is useless in individual rules, making it much more readable/managable. Thanks for taking to time to de-parse my giga-rule into its component parts!
