On Thu, 20 Jan 2005, Marc Sherman wrote:
>
>> Philip, would you consider a wishlist to add something like "defer
>> = fail" to the warn ACL statement, to cause it to consider a defer
>> as a failure instead of a (pseudo-)success?
Philip Hazel wrote:
>
>
> Do you mean a hard failure? Reject the message? I'm not sure that is
> sensible. You'd start rejecting things when a nameserver went offline for
> a short time, or a network connection got chopped.
>
> Or have I misunderstood?
Yeah, I wasn't very clear, sorry. In the docs for the "warn" ACL
statement, it says:
> If any condition on a warn statement cannot be completed (that is,
> there is some sort of defer), no header is added and the configured
> log line is not written. No further conditions or modifiers in the
> warn statement are processed. The incident is logged, but the ACL
> continues to be processed, from the next statement onwards.
So if the ACL contains:
warn message = X-Broken-Reverse-DNS: Ulch, this IP address is tainted
!verify = reverse_host_lookup
and the reverse lookup defers, there's a log message, but no header is
added. I'd like to be able to specify on a warn that a defer should be
treated as a failure on the !verify (which I guess makes it a "success"
as far as the warn is concerned, due to the !, right?) and add the header.
- Marc
