clear-web-db — format of clear-web-db component configuration
General syntax rules of Kernun Firewall configuration files are described in configuration(7). This man page describes types, sections and items specific for the clear-web-db component configuration.
Repeatable sections/items are marked by
the '*' before section/item name.
Configuration directives have attributes of several value-types. For the basic types description, see configuration(7).
Enumeration is a list of words (names) representing integer values. Some enumerations accept both names and direct integer values; in this case, enumeration description contains values for every name (in parenthesis next to name). For other enumerations, using of names is obligatory.
The following enumerations are used in clear-web-db configuration directives:
clear-web-db-category (name-usage obligatory)Categories of web servers recognized by the Clear Web DataBase.
advertisement, alcohol-tobacco, arts, cars-vehicles, banking, brokers, building-home, business, chats-blogs-forums, communications, crime, education, entertainment, environment, erotic-adult-nudity, extreme-hate-violence, fashion-beauty, food-restaurants, foundations-charity-social-services, gambling, games, government, hacking-phishing-fraud, health-medicine, hobbies, humour-cool, it-hardware-software, it-services-internet, illegal-drugs, instant-messaging, insurance, job-career, kids-toys-family, military-guns, mobile-phones-operators, music-radio-cinema-tv, news-magazines, peer-to-peer, personal-dating-lifestyle, politics-law, pornography, portals-search-engines, proxies, real-estate, regional, religious-spirituality, sale-auctions, sects, sex-education, shopping, social-networks, sports, streaming-broadcasting, swimwear-intimate, translation-services, travelling-vacation, uploading-downloading, warez-piracy, web-based-mail, web-hosting, money-financial, unknown
clear-web-db-match-mode (name-usage obligatory)How to match Clear Web DataBase categories.
anyAt least one category of the request URI matches the condition.
allAll categories in the condition are matched by categories of the request URI.
exactCategories of the request URI are exactly those in the condition.
Configuration of clear-web-db library component consists of following prototypes:
clear-web-db { ... }
clear-web-db-bypass { ... }
* clear-web-db-match ... ;
clear-web-db {
db ... ;
db-download ... ;
credentials ... ;
no-sig-check ... ;
}
Global settings for web filtration based on URL. Enables periodic updates of the database.
db [dir];Local directory used to store Clear Web DataBase data.
dir (type: str, optional, default: "/data/var/clear-web-db")db-download [url];URL used for downloading the Clear Web DataBase data and updates.
url (type: str, optional, default: "https://download.kernun.com/clear-web-db/")credentials user password;Credentials used to download the Clear Web DataBase data. If not set, default credentials are derived from the license file.
user (type: str)password (type: str)no-sig-check;Do not check the GPG digital signature of the Clear Web DataBase data.
[End of section clear-web-db description.]
clear-web-db-bypass {
status ... ;
cookie ... ;
activation ... ;
duration ... ;
}
Enable the bypass functionality (time-limited access to a page blocked by the Clear Web DataBase).
status [code];Status code returned when the bypass is inactive. Default is 403 Forbidden.
code (type: uint16, optional, default: 403)cookie [name];Use cookies for bypass management. Default is to used a table of client IP addresses with enabled bypass.
name (type: str, optional, default: "Kernun-ClearWebDB-Bypass")bypass cookie name
activation [sec];Maximum time for clicking on bypass activation link after the bypass activation page is shown. If the user clicks the link later, the proxy will return the activation page again.
sec (type: uint8, optional, default: 30)duration [sec];Duration of allowed access.
sec (type: uint16, optional, default: 60)[End of section clear-web-db-bypass description.]
clear-web-db-match [any] categories-set;clear-web-db-match all categories-list;clear-web-db-match exact categories-list;Clear Web Matching Control.
This item is used as an ACL entry condition for a URL based on Clear Web category matching.
clear-web-db-match-mode, optional, default: any)categories-set (type: clear-web-db-category-set)categories-list (type: clear-web-db-category-list)