From a5b4bc589c504226e87f1de1b5f47a58e2fe2c44 Mon Sep 17 00:00:00 2001 From: Alexander Ostapenko Date: Thu, 26 Oct 2017 17:49:07 +0700 Subject: [PATCH] Documentation update (PR#848). --- README.md | 46 -------------------------------------------- etc/tempesta_fw.conf | 33 +++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 46 deletions(-) diff --git a/README.md b/README.md index b466df654c..4025b8e728 100644 --- a/README.md +++ b/README.md @@ -76,37 +76,6 @@ See `tempesta_fw.conf` for the list of available configuration directives, options and their descriptions. -### Listening address - -Tempesta listens to incoming connections on specified address and port. -The syntax is as follows: -``` -listen | [:PORT] [proto=http|https]; -``` -`IPADDR` may be either IPv4 or IPv6 address. Host names are not allowed. -IPv6 address must be enclosed in square brackets (e.g. "[::0]" but not "::0"). -If only `PORT` is specified, then address 0.0.0.0 (but not [::1]) is used. -If only `IPADDR` is specified, then default HTTP port 80 is used. - -Tempesta opens one socket for each `listen` directive. Multiple `listen` -directives may be defined to listen on multiple addresses/ports. -If `listen` directive is not defined in the configuration file, -then by default Tempesta listens on IPv4 address 0.0.0.0 and port 80, -which is an equivalent to `listen 80` directive. - -Below are examples of `listen` directive: -``` -listen 80; -listen 443 proto=https; -listen [::0]:80; -listen 127.0.0.1:8001; -listen [::1]:8001; -``` - -It is allowed to specify the type of listening socket via the `proto`. At -the moment **HTTP** and **HTTPS** protos are supported. If no `proto` -option was given, then **HTTP** is supposed by the default. - ### TLS/SSL support Tempesta allows the use of TLS-encrypted HTTP connections (HTTPS). @@ -144,21 +113,6 @@ ssl_certificate /path/to/tfw-root.crt; ssl_certificate_key /path/to/tfw-root.key; ``` -### Keep-alive timeout - -Tempesta may use a single TCP connection to send and receive multiple HTTP -requests/responses. The syntax is as follows: -``` -keepalive_timeout ; -``` -`TIMEOUT` is a timeout in seconds during which a keep-alive client connection -will stay open in Tempesta. The zero value disables keep-alive client -connections. Default value is 75. - -Below are examples of `keepalive_timeout` directive: -``` -keepalive_timeout 75; -``` ### Caching diff --git a/etc/tempesta_fw.conf b/etc/tempesta_fw.conf index aa9f80a394..b5e73612c1 100644 --- a/etc/tempesta_fw.conf +++ b/etc/tempesta_fw.conf @@ -344,6 +344,39 @@ # Default: # listen 80; +# TAG: block_action +# +# Syntax: +# block_action MSG_TYPE ACTION [OPTIONS]; +# +# MSG_TYPE specifies type of incoming message (e.g. malicious). +# The following keywords are supported: +# - error - Action must be applied only to malformed messages. +# - attack - Action must be applied only to malicious (attack) messages. +# +# ACTION specifies operation which Tempesta must perform with specified +# message type. The following ACTION keywords are supported: +# - drop - Tempesta must block message silently (response won't +# be generated). +# - reply - Response with appropriate error status will be +# sent to client. +# +# Currently supported OPTIONS: +# - nolog - logging information about error/attack situation is disabled. +# +# Default: +# block_action error reply; +# block_action attack drop; + +# TAG: response_body +# +# Syntax: +# response_body status_code file; +# +# Specifies a path to file with page body for defined HTTP status_code; +# status_code must be present in three-digit form ('502', '403'), or +# in form of codes group ('4*' or '5*'). + # TAG: ssl_certificate # TAG: ssl_certificate_key #