Mandril is a plugin which provides a security layer to Monkey through rules which can be applied to the request URI or by network address.
For every incoming connection, the plugin take the defined security rules and check at first instance the incoming IP address and then the HTTP request, if some rule matches the server will behave as follows:
If the plugin have not been built in static mode (check with '$ monkey -b'), you can enable the the Mandril plugin through the steps mentioned on Plugins section. The plugin name is monkey-mandril.so, so make sure the plugin entry is Load and the absolute path is correct.
As mentioned there are two type of security mechanism that works at different stages of a live connection. Once a connection is accepted Mandril will check it blacklist rules for restrictions by IP, if there is a match, it will drop the connection. The restriction by URL happens at a later stage. Both security modes requires to have a set of rules in the conf/plugins/mandril/mandril.conf configuration file which are explained below.
note: restrictions by URL requires to set a proper Handler match rule.
An URI represent the relative address of the resource requested through HTTP, a common request looks like this:
GET /documents/ HTTP/1.1 Host: example.com
If we split the first request line in three parts, the first one is the HTTP method, the second the URI and the third one the protocol version used. So if you look to restrict the access to some client requesting a specific URI or using a specific keyword on it, you can add that rule to the RULES section, e.g:
[RULES] URL documents URL pictures URL /private
then is mandatory to add a handler rule in your Virtual Host configuration file (e.g: conf/sites/default):
[HANDLERS] Match /.* mandril
without the handler Mandril will not be able to apply security rules by URI once a request arrives.
You can define multiple rules to deny the access to a specific IP address or a network range, most well known as a sub-network, e.g:
[RULES] IP 10.20.1.1/24 IP 192.168.3.150
In the first rule we are blocking a range of IPs from 10.20.1.1 to 10.20.1.255. In the second example just one specific IP address. You can add as many restriction by IP as you want.
You can mix different rules type under the RULES section, check the following example which uses the data specified previoulsy:
[RULES] URL documents URL pictures URL /private IP 10.20.1.1/24 IP 192.168.3.150
Make sure to restart Monkey every time you edit the configuration file, so the changes can take effect.