somewhat improved config file doc - thanks to Florian Riedl for doing the

    bulk of work

1 files changed, 22 insertions, 0 deletions

diff --git a/doc/rsconf1_dropmsgswithmaliciousdnsptrrecords.html b/doc/rsconf1_dropmsgswithmaliciousdnsptrrecords.html
new file mode 100644
index 00000000..e0a53ae6
--- /dev/null
+++ b/doc/rsconf1_dropmsgswithmaliciousdnsptrrecords.html
@@ -0,0 +1,22 @@
+<html>
+<head>
+<title>rsyslog.conf file</title>
+</head>
+<body>
+<h2>$DropMsgsWithMaliciousDnsPTRRecords</h2>
+<p><b>Type:</b> global configuration directive</p>
+<p><b>Default:</b> off</p>
+<p><b>Description:</b></p>
+<p>Rsyslog contains code to detect malicious DNS PTR records (reverse name resolution). An attacker might use specially-crafted DNS entries to make you think that a message might have originated on another IP address. Rsyslog can detect those cases. It will log an error message in any case. If this option here is set to "on", the malicious message will be completely dropped from your logs. If the option is set to "off", the message will be logged, but the original IP will be used instead of the DNS name.</p>
+<p><b>Sample:</b></p>
+<p><code><b>$DropMsgsWithMaliciousDnsPTRRecords on</b></code></p>
+
+<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] [<a href="manual.html">manual 
+index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
+<p><font size="2">This documentation is part of the
+<a href="http://www.rsyslog.com/">rsyslog</a> project.<br>
+Copyright &copy; 2007 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
+<a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL 
+version 2 or higher.</font></p>
+</body>
+</html>
\ No newline at end of file