Service selection statements define conditions an incoming request must satisfy in order to be handled by this service.
Returns ‘true’ if the source IP of the request matches one of the CIDRs from the named access control list name. The ACL itself must have been defined earlier (see ACL Definition).
See ACL, for a detailed discussion.
This statement defines an unnamed ACL to match the source IP against.
This line must be followed by one or more lines defining CIDRs, as
described in ACL Definition. The ACL definition is finished with an
End keyword on a line by itself.
Semantically, this statement is equivalent to the named ACL reference described above.
See ACL, for a detailed discussion.
Evaluates to ‘true’, if the incoming request passes basic authorization
as described in RFC 7617. Filename is the name of a plain text
file containing usernames and passwords, created with htpasswd
or similar utility. Unless the name starts with a slash, it is taken
relative to the IncludeDir directory (see include directory).
The file is cached in the memory on the first authorization attempt,
so that further authorizations do not result in disk operations. The
file will be rescanned if pound notices that its
modification time has changed.
See Authentication.
Evaluates to ‘true’ if the client presents the certificate matching that from the file filename (PEM format).
This conditional cannot be used in standalone services (i.e. services
that are defined in global scope). It also cannot be used if the
ListenHTTPS section that hosts the service has the
ClientCert statement on its own.
Yields ‘true’, if the request contains at least one header matching the given pattern. By default, pattern is treated as case-insensitive POSIX extended regular expression. This can be changed by options, described below.
Evaluates to ‘true’, if the Host header matches
hostname. In the absence of options, case-insensitive
exact match is assumed, i.e. this construct is equivalent to
Header "Host:[[:space:]]*qhost"
where qhost is the hostname argument in quoted form, i.e. with all characters that have special meaning in regular expressions escaped.
See Table 9.2, for a detailed discussion of options and their effect on matching.
This statement is provided to facilitate handling of virtual hosts. See Service Selection, for details.
Returns ‘true’, if the path part of the incoming request matches pattern.
Returns ‘true’, if the query part of the incoming request matches pattern. The argument must be properly percent-encoded, if it contains whitespace or other non-printable characters.
Returns ‘true’, if the value of the query parameter name matches pattern.
See Table 9.2, for a detailed discussion of options and their effect on matching.
Expands string as described in String Expansions, and matches the resulting value against pattern.
Matches URL of the request. Pattern is treated as case-sensitive extended regular expression, unless instructed otherwise by options (see below).
The options argument in the directives discussed above defines the comparison algorithm used. It consists of one or more flags described in Table 9.2.
Placing the keyword Not before a header matching directive reverts its
meaning. For example, the following will match any request whose URL
does not begin with /static/:
Not URL -beg "/static/"
The Match block statement can be used to join multiple header
matching directives. Its syntax is:
Match op … End
where … stands for any number of matching directives, and
op is a boolean operation: AND or OR
(case-insensitive). See Match in service statement, for a detailed
discussion with examples.