Service selection statements define conditions an incoming request must satisfy in order to be handled by this service.
Returns ‘true’ if the source IP of the request matches one of the CIDRs from the named access control list name. The ACL itself must have been defined earlier (see ACL Definition).
See ACL, for a detailed discussion.
Reads ACL definitions from the file filename. The file shall contain unquoted CIDR definitions, each one on a separate line. Empty lines and comments (starting with ‘#’ and ending at the nearest newline) are ignored.
If the -filewatch option is used, the file will be monitored and reloaded automatically as soon as it changes. See File-based Conditions, for a detailed discussion.
This statement defines an unnamed ACL to match the source IP against.
This line must be followed by one or more lines defining CIDRs, as
described in ACL Definition. The ACL definition is finished with an
End keyword on a line by itself.
Semantically, this statement is equivalent to the named ACL reference described above.
See ACL, for a detailed discussion.
Evaluates to ‘true’, if the incoming request passes basic authorization
as described in RFC 7617. Filename is the name of a plain text
file containing usernames and passwords, created with htpasswd
or similar utility. Unless the name starts with a slash, it is taken
relative to the IncludeDir directory (see include directory).
The file is cached in the memory at startup, so that further
authorizations do not result in disk operations. The file will be
rescanned upon any change. See File-based Conditions, for a
detailed description of this feature.
See Authentication, for a detailed description.
For consistency with other conditions, BasicAuth accepts the
following options: -file and -filewatch. The
latter enables the default behavior and so need not be specified
explicitly. The former disables file change monitoring.
Evaluates to ‘true’ if the client presents the certificate matching that from the file filename (PEM format).
This conditional cannot be used in standalone services (i.e. services
that are defined in global scope). It also cannot be used if the
ListenHTTPS section that hosts the service has the
ClientCert statement on its own.
Evaluates the detached condition name. The result is
cached, so that each detached condition is evaluated at most once.
All Eval directives referring to its name will reuse the cached
value. See Detached Conditions, for a detailed discussion.
Yields ‘true’, if the request contains at least one header matching the given pattern. By default, pattern is treated as case-insensitive POSIX extended regular expression. This can be changed by options, described below.
Evaluates to ‘true’, if the Host header matches
hostname. In the absence of options, case-insensitive
exact match is assumed, i.e. this construct is equivalent to
Header "Host:[[:space:]]*qhost"
where qhost is the hostname argument in quoted form, i.e. with all characters that have special meaning in regular expressions escaped.
See conditional-option, for a detailed discussion of options and their effect on matching.
This statement is provided to facilitate handling of virtual hosts. See Service Selection, for details.
Run Lua function func with the supplied arguments. Use its return value (which must be boolean) as the result of the test.
The func can be either an unqualified function name, or function
name with module qualifier (module.func).
Each arg is subject to to backreference expansion and request accessor interpretation, as discussed in Request modifications.
This statement is available only if pound was built with Lua
support. See Lua conditionals, for a detailed discussion.
Returns ‘true’, if the request method matches pattern.
Returns ‘true’, if the path part of the incoming request matches pattern.
Returns ‘true’, if the query part of the incoming request matches pattern. The argument must be properly percent-encoded, if it contains whitespace or other non-printable characters.
See conditional-option, for a detailed discussion of options and their effect on matching.
Returns ‘true’, if the value of the query parameter name matches pattern.
options is zero or more conditional options (see conditional-option), or -decode, which instructs the program to percent-decode the value prior to comparison.
Expands string as described in String Expansions, and matches the resulting value against pattern.
See conditional-option, for a detailed discussion of options and their effect on matching.
Matches URL of the request. Pattern is treated as case-sensitive extended regular expression, unless instructed otherwise by options (see below).
The options argument in the directives discussed above defines the comparison algorithm used. It consists of one or more flags described in conditional-option.
Placing the keyword Not before a header matching directive reverts its
meaning. For example, the following will match any request whose URL
does not begin with /static/:
Not URL -beg "/static/"
The Match block statement can be used to join multiple header
matching directives. Its syntax is:
Match op … End
where … stands for any number of conditionals, and
op is a boolean operation: AND or OR
(case-insensitive). See Match in service statement, for a detailed
discussion with examples.