mkblacklist — tool for converting http-proxy blacklists into DB format


mkblacklist db_file


The http-proxy can limit access to some servers according to a blacklist. The blacklist can exist in textual or DB formats. The proxy uses only the DB format, which provides much faster search for entries. Utility mkblacklist reads the blacklist in text format from the standard input and writes entries into a DB file given as an argument.

If the DB database file already exists, its content is preserved and new entries are added to it. If an entry with a key already existing in the database is to be added, a warning message is written to the standard error and the original entry is left in the DB file.

Blacklist textual format

Each line defines a single blacklist entry consisting of a server address (hostname or IP address) with an optional path and a list of categories. Individual categories are separated among themselves and from the address by whitespace. For example: warez hacking audio video

define two entries of a blacklist. The first one assigns categories warez and hacking to all content on server The second line assigns categories audio and video to pages in subtree specified by path /multimedia on the server with the IP address


  • There are no port numbers in the blacklist, because matching is always done regardless of the port the server is running on.

  • Empty and comment lines (those with '#' as the first non-whitespace character) in the blacklist are ignored.

  • Matching of server addresses is performed as text, i.e., hostname matches only with hostname and IP address with IP address. Utility resolveblacklist(1) can be used to automatically add all IP addresses for each host in the blacklist.

See Also

printblacklist(1), resolveblacklist(1), http-proxy(8)


This man page is a part of Kernun Firewall.
Copyright © 2000–2023 Trusted Network Solutions, a. s.
All rights reserved.