From b854e9d661b27d0ec9ef23634e80b723b2014a73 Mon Sep 17 00:00:00 2001
From: Jez Caudle <jezcaudle@noreply.localhost>
Date: Wed, 9 Jul 2025 12:54:06 +0000
Subject: [PATCH] Update README.md

---
 README.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ae33056..81e1dec 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,12 @@
 # barbara
 
-Reads logs and, if the traffic doesn't pass muster, updates the pf table <barbara> to block it.
\ No newline at end of file
+Reads logs and, if the traffic doesn't pass muster, updates the pf table <barbara> to block it.
+
+Barbara is the name of our Romainian White Border Collie. She doesn't trust you on your first meeting, it can months or even years before she feels secure enough to let you stroke her and even then she might try and bite you. She errs on the side of caution as does this Python3 script.
+
+## How it works
+The idea is to block traffic before it gets to your servers. PF-Badhost does a good job at keeping baddies out, but is always a few hours out-of-date and it doesn't stop everything. What can get through appears in the logs - in my case, the relayd logs, before being redirected to the actual web servers.
+
+The Python script reads each log entry and gets the domain name of the site request and looks to see if the request is trying to retrieve file types that are allowed for that website - if it is, the request passes; otherwise it is blocked.
+
+So, for example, if you use a static site using only html and css and a php page is requested, that IP address will be blocked. Same for cgi-bin etc.
\ No newline at end of file