From 417f6dcb2343d33f56196bc24227334a5723974b Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@owncloud.com>
Date: Thu, 21 Jan 2016 14:53:28 +0100
Subject: [PATCH 1/2] Update for file firewall docs

---
 .../enterprise_firewall/file_firewall.rst     |  73 ++++++------------
 .../enterprise_firewall/images/firewall-3.png | Bin 0 -> 18065 bytes
 2 files changed, 23 insertions(+), 50 deletions(-)
 create mode 100644 admin_manual/enterprise_firewall/images/firewall-3.png

diff --git a/admin_manual/enterprise_firewall/file_firewall.rst b/admin_manual/enterprise_firewall/file_firewall.rst
index 4875268b3..17968ac59 100644
--- a/admin_manual/enterprise_firewall/file_firewall.rst
+++ b/admin_manual/enterprise_firewall/file_firewall.rst
@@ -11,12 +11,14 @@ expressions.
 
 Each rule consists of one or more conditions. A request matches a rule if 
 all conditions evaluate to true. If a request matches at least one of the 
-defined rules, the request is blocked.
+defined rules, the request is blocked and the file content can not be read or
+written.
 
-Administrators are excluded from the firewall when they 
-access the instance via the WebUI, to allow admins to modify the rules. 
-Otherwise they could potentially be locked out. Public share links and syncing 
-via WebDAV are subject to firewall rules for all users all the time.
+.. note::
+   As of ownCloud 9.0 administrators are no longer exceptions to the rules.
+   This was changed, because since ownCloud 9.0 the file firewall app no longer
+   can lock out administrators from the web interface, when rules are
+   misconfigured.
 
 Figure 1 shows an empty firewall configuration panel. Set your logging level to 
 **Failures Only** for debugging, and create a new ruleset by clicking the **Add 
@@ -52,7 +54,7 @@ User Agent
  The User-Agent of the request (matches|does not match) the given string.
 
 User Device
-  A shortcut for matching all known (``android``|``ios``|``desktop``) sync clients by 
+  A shortcut for matching all known (``android`` | ``ios`` | ``desktop``) sync clients by
   their User Agent string.
 
 Request Time
@@ -80,6 +82,10 @@ File Mimetype Upload
  When a file is uploaded the mimetype (is|is not|begins with|does not begin 
  with|ends with|does not end with) the given string.
 
+System File Tag
+ One of the parent folders or the file itself (is|is not) tagged with a System
+ tag.
+
 Regular Expression
  The File Firewall supports regular expressions, allowing you to create custom 
  rules using the following conditions:
@@ -107,54 +113,21 @@ and a single typo will break all of your rules.
 Controlling Access to Folders
 -----------------------------
 
-These examples show how to use regular expressions to control access to folders.
-It is quite important to note that WebDAV and WebUI require two different URL 
-matches in 8.2, and are therefore split into 2 rules.
+The easiest way to block access to a folder starting ownCloud 9.0 is to use a
+system tag. A new rule type was added, which allows you to block access to
+files and folders, where at least one of the parents has a given tag. Now you
+just need to add the tag to the folder or file and then block the tag with the
+file firewall.
 
-This example blocks access to any folder with "Secure" in the name.
+This example blocks access to any folder with the tag "Confidential".
 
-Block Web UI::
+Block by System Tag::
 
-   Request Type: Other
-   Request IP: 127.0.0.1/24
-   Regex: Request URL: apps\/files\/
-   Regex: Request URL: dir\=(.*)\%2FSecure(\%2F(.*)|$|&(.*))
-  
-Block WebDAV::
+   System file tag:   is       "Confidential"
+   Subnet IPv4:       is not   "255.255.255.0/24"
 
-   Request Type: WebDAV
-   Request IP: 127.0.0.1/24
-   Regex: Request URL: remote\.php\/webdav(\/(.*))*\/Secure(\/(.*)|$)
-
-This example blocks only the root folder named Secure.
-
-Block Web UI::
-
-   Request Type: Other
-   Request IP: 127.0.0.1/24
-   Regex: Request URL: apps\/files\/
-   Regex: Request URL: dir\=(\%2F)+Secure(\%2F(.*)|$|&(.*))
-
-Block Webdav::
-
-   Request Type: WebDAV
-   Request IP: 127.0.0.1/24
-   Regex: Request URL: remote\.php\/webdav(\/)+Secure(\/(.*)|$)
-
-Blocking multiple folders isn't much more complicated. These examples block the folders named Secure and Secret.
-
-Block Web UI::
-
-   Request Type: Other
-   Request IP: 127.0.0.1/24
-   Regex: Request URL: apps\/files\/
-   Regex: Request URL: dir\=(.*)\%2F(Secure|Secret)(\%2F(.*)|$|&(.*))
-
-Block Webdav::
-
-   Request Type: WebDAV
-   Request IP: 127.0.0.1/24
-   Regex: Request URL: remote\.php\/webdav(\/(.*))*\/(Secure|Secret)(\/(.*)|$)
+.. figure:: images/firewall-3.png
+   :alt: Protecting files tagged with "Confidential" from outside access
 
 Custom Configuration for Branded Clients
 ----------------------------------------
diff --git a/admin_manual/enterprise_firewall/images/firewall-3.png b/admin_manual/enterprise_firewall/images/firewall-3.png
new file mode 100644
index 0000000000000000000000000000000000000000..742a9dda9ff9136ebf01d39f93fcc9936b6f4697
GIT binary patch
literal 18065
zcmce;WmFtdv?dAxg1dVN7Tn!}2M-~^CAhm=H}38ZfndQQxCIaH-Z+iBHI2T`opsmD
z+?jc^-k;Y$x~l8cI<@Q6u5-S<zi)TsXH|JjG%_?eI5<p&PcmQN;NGCX_CY9bVc&#f
zI<Bw{qN|j`R}|RC55+734(=VCf{f%>ubh)LPd9>ZkAE)D?ZzE^LPHWh9(?mr&w3Yu
zNl4zLMId9?9uZL%5fxN+poZ&TN1S3JkAz<EC51sHVO?5@BipXKTO#S>_hc0*=6k=1
zON!w!&?891(=so&m8XKKm_Q1JCIn~Tz(xcPww0O_OM3V3KyNr5%D<Ki8q^>h*pA<)
zpm(rl6zc!dY+N?A;(eSUx{bvDL*A&@#PsQNp8t#R(P>6cAGN^u-rWl8&)UJJL#%^<
zgunfk91LwgV<%<kw}n<y=794vrLe9M2~}|5SgS~`S7vWenEeUEdlWy_B6Vs;{+(Fx
zf?YGh^<$%7K7VsdFjKsi{IF$7^#JWZOWnDVCI6W!{tJvI6?zuy>$=={&m;Z_z<jhf
zOySn(-T^=DH$_|He&vHI4MWa1wj$5lxeu|#qAfZn3%lc!QnB~NxTA;K-=^{KBd@Oe
zB<LjKXLuO&X$bSYo-ejS2syAPyaGJZw$b@7N0w?1ubz@`u$t<82i^l7Zq=Ho>bCB@
zoR5R77tR^v^k*agHn?^DGq=I$G%qM6wu)L};D(a2^>}*m0FNB5nwQ^SJU2bB;qv~c
zt+iQo^+>1SZ1eR13vh?>iL)j?mKILH!MyCFodubPW0d`igqh)NLK!|(S=<+}5w?gv
z3R$sU6yB7nn&>-TBA&_24&t5qQ&D&*^u#2`harbu_JqI+FeT#v8pT^y+kGAt`Gi8#
z-~Fv>-Nfkx8YH0A&tn4`cZ<dRh`?(~w{P(JZjl_gTl9_8tD^3u<8-60`}`TSLK_E%
zIfX&uMi@PwHJ5xpH-9q5c2|^f*ZI`N6K5MP*Wf<@pkO5O`n1-8>A%V^a{$j4Vd4KU
z^Mg|eZi*FE-|PD0+{iZyS1r?>P?)nw*l<ZY)j~>By?n8LNFP|o6CV^Ea2JR_rk}pA
zAp^$f5--J#w#%koM3_NMXM?h5X@xWAA5R&Z*B?bzdwr&>l(blZHM<E7PJts9Ll2@^
z9#I1ajO_ka2tij#!%2v+$1lTHeouJv1k3;o-O{siCc2ICGGIrt7zyPmdz?GtNU#zm
zPfB6hDpQoinALY0pk4{Y|G>K>Da_K4C<s9!jAF~-Hwe<MWgxX|FUfGKJ%<2Mj@>B}
zr#;#-jkYKI*t2-KrPiqyeh$vo7^|0~4JEp>J~(hyG*i73+lbYIA5jf!K#=~$C4>ia
z<frm9$UCnQjkrbCrnSLA0jgbgQ&f%*7c0(khLJ<)^j%2hXxr1I2#RL`XagmTZPLDO
zJOYW^4vGkq0Kf*BRE=%#G--$1q0Q#2CN=m$4)c;qceJO>fw#^k;JxLJud>fE4y7Z-
zAc6oNz3}Jww+WAoYVpr~YDKWIjyU?}>$>U2@P>^GqvhQE%+AoB2X|5#$&_c%{fF#J
zsoiK>RN0OB6XjfVMX!56+{2o1kwrDVxfN@kN_(waN6=@=P2oR5kcF9>y!6)As?=@k
z2p18j(Rl>e8`fBMxA*R#&kFRXuM44dUKsZ><|{A1>l-mL%X$wZqG6x|%|Q?rQZf#_
zslKOh+hRQzU$6nt*J{4{`$TX(wS}*Tm@uC(pAei=@yYx7Z;dMdMvJ+Sh>=OxO1Ksw
z6CG%hUv$!Ft0`;RkTh2$KD6jyvL->~<H5{-IlUB+cY0c>(;eDfPd+VF{rx4-q88`p
zB<;M%3MNkKK-hU&G6OyVYzXEGb^XVtXO86LnzYBGXZPy&KA#P@zRB~8JJ;@835L!s
zq~1jhl;DC2$tCpwW~~dk6Qv!LBQj4=`@h;Z2*^k7^mSHW%sy(c3v)y}N<dQ)ph)zs
z4R;r-k2Q5I>o_a<FE{_DK=oi7h?uA@3Z=aGXrIzP&uc1IN8-`PA3u1I@K+1TiLq^g
z3;iYNwkpWazEA65s{Cg8EPVC?^L4e8!=;ozh1Xp~GU18w&THZ4oaQ&kyVh@&jTLS>
zd<3y?ov!C4!fi@&VZ$SX%3GYG9F7m$?PuB@%KCTZEonT&f0Oim!avuC&3tr{u%k2~
z*a|rRe>VSU5_;K+oi@FHN@%wkeLC0f64r-uUkh~ni5LRVjO!se&$|ymWWSxIA1w{>
z=>Rax|7vRp>D}AS09&8$MDEY8l@xC0oRm`!uU*Z6k*-Eid_*-giMaN>;~I{q^DsT=
zc?juK?QGbuLAc4B^b`Bh<pfO?c`Wr?iq-p#=lCnAq!vAz&?3b5Tl2Zy2?w@(y5AqX
zQJ~jtCnN*<*}u!HtbS)tUrQi<rqH2ci4c)3;d&7Gr^EX?<8k;{bn2GGwRF-ry&<cx
z0>hEvcn>g<#XCGRNmhc$PI^i0v&fU<O}hU8s5!dJO??KxfBwjC%tns;Gmt1j8|v)J
zz>BF;vCKRP(!nn)lb*Q8FDC7?S}(=E?belxlAa#>xh4F9oIiFSVFUsHXy~8bDS2$|
zbYx{9xO<l1I==O;R6$a*!s}#@GU>}=P|k3}O^mx$Znb33Eft$AC=1G=2hJ*iUadv)
zfM+I!w<(5A$0)EBJXokAF5&#L0Nu84imO@UJpIt`H<&XnoytPvyV%<p(#dbP8vcuv
zk2vWA<k5{|(j!rj3@%5u@N0cRu^(<N#u%PPAe@FBY76lzq$)?pp<kX7mi{l^F+hJ-
zdlw~JNV)!y=GAa^gH9VQLNj}U#iH_Vq!RqN^a}Mkr!!P8Zf|c3^|-$lS>9D$nuiRq
za#k~Da;l)m6<oSU2A!PsoMzKM_mlviKPT$&>@~1svi^uYSQs!Ek(^SK*xLT<c+S0Z
zOeyFNrK48vi_P@u9OMLd-R;(}nv3iMh&rI`w|N<Zjng8T&<ptx!;C+9x8Z+XcN0|b
z!$1;Ql9=OGgv;lcqpiSEo(m;1gxR;X7q}8TkQ?XEiFNvZem*=pk3G>{r_oHd7^yRR
zfjxHY<sDadTE*hn=JAbqkLAs&z`gDP<O=RjhL0H7FJzMizTr-r<B(AShbKTDGxrNT
zm=0RH=;e0mF>{?mLUw0<|J*z!HnItn$QP%Id+s@DwrH@+$K=q&^I7|Qpy!Kg`^oe&
z*;L14xI%QEg<w2;aGUYmBF%x<QQV&fSD3>(I^PU5GMe$y4-HYodiN`fnFHe7Xa#cO
z^UhUaDo$C<{KY>`S|ca=k}G_osVIb91~onZtmfCK1orM6N$mI}#<OkA_ZpzV^vHhO
z)7dvaD?#zuqvlKAN%uS>wqa?t?~P^Zk-8%Ixj3);S^d^DYG20Po80ItEw#bVxO8=o
z^)PFj{w1WNS`DUR(Gd?;9dqH-FBASpv&b(MFU@O!`mvb>u~02A^?ISlPr(!|?^OF^
z-=nkDlCs8DMW#nhKGR)JJ{ORP4H&om>KFHlL5^$w!%5H9Q6xuGxn1)YL-`WLad+Yr
z???BexO9Mqe6C?}2h?WK61!|Q&#;=i(>&$8W^5X}f+IPX*>}g+X6&H+D4jO+@_tQC
zWbV<EcvVeEZ~i1a>a^75E}7B3+{b2D=62S(`O8SvmvrSXMR`z_V&9SJZcnkFd(>{Z
z2kD7CuU~Yiic?(5`_Ko=w?d!4Bt9Gdc-HH9DSYLq{>k-u;hxQKAu|R%JD8~UI6@}<
zvZBBIB0M`Otz$awC<Hw^*OD)nC!+XvR(O~03i`Ty&rxZ4KRP<+T>51syVPUMS7wdt
za-Tb1r!+3y|EM8cuB^0sqx7m%(fbs6ep2K7D+E|8y_~8<4-}G%&FNAHGZl9ncK@<G
z1IUPZEt)lo&Q_!dXjNr$OU1r&$wK`^L(AR}wht88+4*g$I<$fr99p2=V}djB@<T>a
zl~nrS=?$zE2z~4hL9(-)1Gn2rKY3q3334x6sg>?-ds*n@CJP^lK~X*F0!$kM{7>ms
zvUIqKT`{37p2^?^<Jd^rIc*oAFqf(dT%6S`3v~uw-pW|v>AxAWK7eUfdX_53w#2+!
z^zPXE$f|n-1Fb6;%@tv;lNln!V@aM+Jkl}_?K14rRq$H5<=jW~cU`7Rtfb+8UDBs(
zUPcge9=nZK#yW4vAaKve<fA8}Pkq4pg>QBeNR2lQ`HJU^o`Z%nLAo=d%Gd{}3O0ea
z_v~oZCh7Ct1D@J+YaBKz5m<jd$~64MfBw?tuT$4DdOpYX8TT7sn*TkibgHc@pFh<I
zi7l9|R0c4pG9UXIBz_Li(JG7$u=sKKXEajeLS)tD8}xB&id%C@*kvt1<_+)E*yT-U
zHSv0CckQC_yI=mkZ|*AhBQz2_!Jct^l)VXI;o41N#9-0>6@(vd)|3nl<FbuqOKfjp
zlRuSz@Q?`UvV<pv+Bqk#0~1MBUXH1md9}quFfjkaoGAoveJ*e{EljKyo`%t8);JcW
z=ivN6*G@IIyZ#olX0Lpx=>8$PndC7sohTjDd#dG5S0C~|wzx{KgE%F2O-X$J*j(fj
z<Y3y@bt&C;yQ2{NfU`}jYDjlOoK5^e*ud9C<F7<9cGR?9WNn^kUD4rG3h_71?gy4x
z|BQSK|KRbZR2tk8e8&3vyX2jeD_+*E;uA)RXR{bPxlR!El9$&9)JWkk%?>mYFEc?1
z);iC6IqU&b0o%`olE&RBZ5&F>r8&;&tJbCkyFQ99*QBxFD?i2Om>-Ibt!=O=Fs8A7
z<Z^VfrM&(UyPz4*LCo7`VeCi9(e>~cBuxaM=78p5D=InAJ0CtbWb+zKA&{}%HU+w+
z(VOLte0oMfMObysJGI<nTb1=VVfQ#%by1J$hA&KjB5y0_Zc!l8qNcCO4Gr*QHng%p
z+)$*bNmQ)nLP6Ifxx5l=V2@MOp`84vagDD<y?MFO$NiFDrAwJom>+_B?MHib?$v<i
z2qei5F4wgFt>XT)*CibzEI($w+Kd#Ok5O2y*8-;*vGl#O*DXf&EzYu@cnxSV6ClJI
zXSrIHF&c~vsf4S;x9?H^im1kA<N0*n466bj-D~o>-GAJWTx0ClWRJ1%q$LRg;JAEV
z!9q$)Y7-z)5Pi<c(`_=*LU7_DyTwz#{5>sAO27d-2(ob&Vw2EZSNXzb^lw}rQ=0(G
z&gmP6&QR*^f!t|rc7E|u>RE+UYgc!FDmTqn({Z5C9e1I4!=#4npadKh`C(IXsjvCu
zyFPn*P~kOo_fCHDWyoA#l4s0`Nxre#ow^<TG$JXS#+x<#2JIGagoWL(8*5zUj0WPw
z>+}Ze9j>da^^XV=t-oAK3Nuynk!WS0IhUzSY-N;v)zRkTj~n%i@Pqe;`ri%4Eu%e>
zcHl2e)RgwL^Lm#G7;|rIp*{n+`e<L*9nzj^(dE^R!<_JfW|r$~E)o?M)iqy!CqMOK
zmvq;QEh8&TuxA9?V<`Q!_UB<QC3Yj~Rp!T{8WVC>sF`zD``lu$BZy#9Mr;RXzW=8_
z)UF}*B_g4FNmZw&2kORCW4=D=i@pM`OH6a%xZa|DeLgBxHh8C=xb?f$86$nyZ-iyz
zY)D7WyX39dVVTj80E^mLsZrO4dhb?C4B+Z#-5JF0t+HPv)1>&Q2E<4q8)uF5*3p`|
zeq)pplF4lPMC2)F+A7$6%A!DOU%mape7^sqvQBf|h547wAdp6lp@R5nSUvrXx#>_L
z5`{e|Jxx*<8jtSm-@<7}oB#Udf>blk43OWAF>enSJ03vvY4+?^@McZmB=T6L;yb2+
zmxxb@9e6c#=+nV8EYYIHEzx!RcH@j4psb!m5usS#?<(n2_y`&-KvKJ2pMe(@6HNRO
zA7^q_x!4K>kf~y4?6krB74oG9z~kWO^}(@AJP?=qur5qs>xt?VW#g-MN*zu5`gFY3
zhJOrKez*x==+sXGPZI$mHjd7dbtsV2b_M&S;h5_PBcz$K_W<2=>X=Z>@t|*p6r0-w
z@Sa%WieT|TQ3oQE%^M^F>YrCK+PcKuFvX1gc^I0`{lVJ$aBY*Z$!Ec2%~o;yK|cI?
zI-A33F^585+uHeAhKgEWPT-NH8z3~o%jg1@?pqQz7S3<-%UjijZm0>wl8)#(iuOdr
z^TIIN;e0psrL8LVuSx(n9#Pt0c>G%L8(v;%xI`5n=bg^J!*A0sY@v)*Pmj-o46;Ub
z6W?Fc<aKr+DejZsS&26csllsVUcjEz>Aj?p3T0p_<oY|iX(g0x=zRTR@_fI%W2ZZS
zy@O}5ac%GzdwkC-4nd>nC8n#JL*3`&d1>Co_GQ28K+E)Q=Pfe?m>RrlTOt{sO#)Q9
z4#JlZmeO-)IH*!XC0hx@!JLwxuB*t5-;?2NvHsqJiRdXTvQRbPvCgJHO;><NN!PEC
zCG2hRTMq2#73jO~VX@*$jLXDhH$j8t0T2v)bw-cJ5{b8Jz^dU1?zU9hRoU<C@X?BP
zQBx&^MRdNqbF9D8>Rs&|83HdcBRPpNI50&HtsR0)gGQV=3}Dfi!RNjjD*Sy>wh;Da
zY}1|ByuCoj8xnW4W`Tfvhgah<b7$_&5S(pRb=zi={|FL2huPl#e~HzYpS0U%5Bs;A
zHZQ#r80r3n^sXAAcp)7fqWbK_niYh>Jpq~zYNx2MPPbV#&k%bK-L^g2QBhG7`#-{B
zK*6C@U#y@thar=?PcHvbbx-IiB9a$gq9n0{M=`Sh!bSHG(SiSM67N5Ad|&Tn6)Y8*
zWPN;u`Li*bR}D1gqZ$%=zP}R`%&4v9^tO>hp|MejrAH|*FaJ;+5gpz4y{yh=K<6*m
zB{3-}sKh!XG<4oWPzvR;=BsHli5)+=y86F2ikmc6uCS<RczC${^fSzSql!U1#G1uu
zRYnae87N7toIbmjeK^d*S6!DuqW=#OZP6JcN?dM-?<B(5x>lt8I)#WgWIa5?wcw5_
zTcgQ-40uQ7(EW@hCkDkF1{g9Nf^MlG>#tnCw%1G&63>P<dcRDJU;|o)Z}VCu%N$%B
zzcG;A?sjmCR5Q;P%2zT=-|R93u0p8>U;GLS-|6n0#LlzzKFmdrbh6*?3?DM_c0v>2
z<JUCpi~{AdEKw~4PfUlluha#54vqhkSp%%#X%+XN!}^zP%zp>>{l@?TkJnz%cU~}q
z>*E_kfP-*8Z+;Jue9^=1TaU`a3#*ha9d04AO8TDy5r;k;t?{)QZXE$j_UxKN7j8*T
zzDl#T#yKL`F!B95qnzhMFdp}v6**%`D;D}(N{@0j$2aDEY?^j9(Gwl%lN-)`6emfi
zgI+D(@<o$tze?@iT#s3m@Z;0Kj<<*Qr3jN@{X+NTPn~joac2w!6SZd|gYCQK#y^`i
zhC{0Bln|^EfQsP7BESxdT&Mcsru$etjNh{XdadKv!ktUoMoiLPLbbo)&DPqmPP3Vq
z-qM-~{}^cG_4qHqMNs<Ay6=wOQ!y{Hy!V^WkADXt?POe@M{WvmAO_-V;UX%1^%3y9
z!K1bpmwWl)d{Q4a`@D_{A^}F^tIk!?p2o++f>*xbRxAp37Pc_Z5Q0|oyV{@rJL4wF
z-A(;@O*M+qtNt-y>WS|YzlxSR9lm~~UH9K9=b`3-InOWsH6@&s?8@9x?Yy-Z@$ol8
z;N~ZNWawUK^Aey3(Gb{ys_BUaobZV%e~sQOMsCO37XK^2(J{PXK(+PC@S8>%oRnud
zIM!9zJG?5MU+zd*uyH?h0MvE){273{+KzQq-0cH@1-Uv7{L#T{O|a#|K{{H(d3TzB
zaM?TmyZZ$oR|1-REu`8RASW|%JK0?;6wdX{c-^-9@>XoTaulCS=<d2N1(nqulU@5v
zb??#IvA*%x%R<>s_2Yx0q3;R3xb+jaC;y$1<50FdkJpY_+`3Tgqb@Q*%KnG-@05}X
zYovEeD!lPrTcAgw9Y(<4k*;J?lCQm8)1eQJO3r}ou7O)7YKP-q4W1gh^)e?j3YPPO
ze~ByUqrY?meofu{S$dAGq1g^Cks|pIu|5JI$$YD4CfnAy%1ua2lfJJrekIxWn37|6
zEu1E28a)@nYFZYZwCOlw=@pz3WDH4}5E3;y(z8AZZvO}26;aMOnpgzE=kO4v)pY~8
zPPl`<1Ku)(Egv|_9)&8DaiNcLq}_I>!u3(}-lr{lg)(DgR`8KG?e$`TE5rO8D)!^I
z>HLhJ5&X?8-+DSV0Khaksb$RpVXcO?y8Ri`Q=9?^A6Ie6hg?O$%Plb;sZ`BTR?1%o
zU5MCMCBx9iwr*Jr@?o>(uW$0z@3gI)fiOrax|FoYxjzu8>@Gfu@2^%39#){)z*G5D
zS9UAO6_TX#Ydl&2A_!gZ2}$LJOt|LIzh=u*Rkglb5fFk?T<faz;er=NH-;a$VpEaU
zFig4HaEWKb3~zj4GA9qBts~l#TZhFD`<14H(w@0XI)?I8C1<J~B$F+MaR0)A?#*oT
zRR!1M=?c-LS+N_Ap%U{;;^yj}R8b+WD93KUba{!US*t&o$}Qk0=CW_F)#Y0`Evl5W
z&l_?#iz%f1tEH&UT}Z5GD;?cir5BodgO6JZpk&_|WkThz1z5SXNdX;2rK}Q?=!LWX
z$*o@dym|RAYzoQM4AXu`%x!;?nmH=glihP9ZL4rIPRn=O)Y4AJCkM}B*&~=fWNluc
zliUI!GYp%*V<|<R7xm;sq1hY8BNQ#BS9CsuB-0eD-p4%x%<B<&_p#*f>WKTOjt1Oy
zR_{F?ct8G2Kb9#S{bdW=CaC`1tyBL#HX^N#Kq8#n)R*U-56d;tS$_$f7MkroP+qRR
z=Qq|2=V0z6lqNf)*$KJT@K3gyk0O;JTyAPv8D|zIWgjLyx)*eo4auB<qdVpF)_hKn
zba3g+jmvSfVgqaYa{<LLt5Izrh2!*<;SIXpq~*r5bXsWvFo$%QZa-~@KVU+tOekLZ
zk^8c9r@#qpvCTR3nPV=XB!|MFGs4|EwY&4PCMd76^F+z>2b}*W>8wG$Uq4l06X>_n
zIDN?vIl&htZ%2ZMa3rI}i@e;d-pG06>W||LneUv@z5;o?on(j{%;`${aHyUg1*G`?
zEJfH-btXRv7=iOR8l0GEFM}C4p@Sxj&ZexvXWhwFJBH?(qt>ERJWpn6Usvw>vL9=j
zxyMvm04JR508>2A33w$ZQ3GU5hVla$`xwi=MUc%LzUc5U>Y=SWlL(v9RBVafDeYI;
zqUeIh+Gy>EmA;sJ;W$HVvC&)wS#-XCP;kn~2z;0*VTy`MyA?#EKYfHFlxp`y$JwZQ
z;i~7i<x+M{pA{$0%*p!_E!lrr<X<r*Ut7;KlM@pqy}a&8wSHSpQY9rNjTov&NO4<)
z;1u4?_2^;zTXD<m{|mGCpP=Bs5P$Np<zF}#t7cJ8V?MGWXB6CP#d?^#4C}&13f2@D
z82GcKWc%{#c=kho>*%RRa#E6%larHu`1^m$JKr6{Kv~&`nb}z(w}S*a)LxEGL$yzz
zP=5UQ(MTBu11+}mOWFUD`6$kJ2?|mF4Ew(^kpBle|1bQdeCl&n(SPEt5Buj5|8P}d
z+^-}=8V(NZ^wH3Hn}P3~1=hOX2v}fXDnj?m;s1iT<iGm-Plzi=nmPBKmnc<?oawiI
z*zHP12utOe{J&=Cf1SuG(AO>7d5Pv7RZ5|BW4uMstZ3|A9bOW<?!uSKA^*iD`FDJL
z;P`fAC%#a#b<N@G>WbN|Fu6`|Q~5y^#rdqPNe{y%fY3d##JXke49%X_wE0iwO)kzh
zNWJPG6y47Qf%N(9mOjEj9aeZzQy;EW4t&G1va&M9>1s2_E%Of;(Hr41Iy`KAI8*%F
zW<E+aS9tgonZ{=L33}anP#8U7rKd7Gb?8RN$k<>ujQ19cB4XL@PDkzEt);9!+#Xvm
zR#T2=@g?tmjA%&tf)+m{ZD+?COU7q%y*Ex@%?Klq3qf(z5~_ZFe*aKj*&9Ws?VTMV
zpBt;lQF<7Ik&^vI5#TEu;Tln5y}Q4k-lF^;G{?5l$nkAj+kgA<KXM*r?^2tS9Sy05
z{2^<T8BFLxUv8*K_o*!6v;XWP>o=0YRs$4uLK_-Mr{t~|*AfX2Y+Cu4@BL-Iqyk`5
z&C>is-*dtyv5KV(O?*ec>x8x|4ZtPF)}fZs4w!3PoBNWfYYAAQAgMCQ&OF|ly^PP?
z&@KB-eVN?rd@H-<;phj5*BE!`nL_+(L3Fqg0#H*tY}T#F_vhhQ7fe#STb#07^N%6S
z2acAEeIYYga8c*lw*oGD1#PMr4OccV;`l%FjQQ;wtONYHA%^q0B|Q&3ET7HmE-PxZ
zlXdYWDtBmhzGL;M;G-@CTSS#UB%Gc6rxsviTwsdj4r4>$TTxxKA`gEV=;cN0GNBc!
zWJq;QT}{E85Qu>6vW)p^KGNIw^@ZS&!Fwy4^>^G}Cr7v09X{s$Zd^Om%*dV5!La_t
zus18kgst{<{AQI|t9fK&^4#e8uf#GymFjHg>2e-oH*(`z`C(GnJ**et$1&VQCTN@|
z`)ndn8&gAUPg4;WqPrt69M2ZYs$m-TJF5RD{2nKsZfM}+2MJNWQ2TU=QE3C|DLB!g
z`^)A1`^Ti=n8V%gw;<1Zmo;Y!LxGW;KcPiovu5M0dk!i+053dWHe)v`D2_CFrc-In
z{-~#f=`uhhiz|meJ$|$41r@R7j?;IBk;I1~sRNAD+M2nWq3b%l`Ea7!mbRlxEF>hS
zYvhaF>=wN#v$8#IaU2w%(I6ab+P3Ir<BzfC(D`OHJpX$a#Jai)Xd|LjWhA1rzSruQ
zg43RN!{_P^$-bqi6LM-{<)!pv^fXu?sMvdNK2Na@-J`z3boi1q>tsS#IgS|v+>|Pu
z<Q)2CI~Y$rIhM(zWWaCS8$uRWmT=73O>}y`q^y}MP9?uF`AwnAk+wp?z37}kr@|1N
zXDKlKQtjOF>_={*tU3d60Du1cm5{<s|L5uW`$BuX9x|&my6P@R0{Hpd7VlZ;b+Fo!
z#}JZREPLfBs3pn0U9iiU@(|TuNTPod!Y56_*6ulov%4=1co5dz0=g%T>`#TM{PeK<
z6#U2LB~Lf6s{-xY)CT+|rFEk_jqM$u#YcSG%mJoiW-Vh<8&OHlg=59|TI;bFFRo^+
zQ<dmX8j_48CI`;ytP(Hvc`+0IkyC+>OU!BJjhk&vJ%S#9k(^vgFS8Z;ep14TF#@}V
z554%|Jl{v%;?{&CMf3=$a@OSUp|_Cb^-Fj|l2t_4L7VkF(O@X*q>JtQ?;Df(<<j1F
z)2k@&v-xTyM)atEo9*tR-o#89Z(K6rTl$Z#WA$0vFk|QwOC7VwJ1ZTT`jJ52C0E-7
zOt*$F)AP+3J&%tuj@WwIqt+Fn*vw^CP<Ny;sLSa;c7rp^UA6sR5Fd^fFQ;=5+$djp
ziRXC|8eV{+*Y@vCCx7h1eLtEjhZARP(^bJzHQj*9qV7z8y$hSKRK3Y{6}Yx|Qk*N(
z5%rU`+makqmPwA2A*gcM6<GI%QWBj{3@E*eecb5jD|(pyquc|&7uk6Kv`yzxy&OKC
zr^3M2@=_Px`kp4gTihozb97elVo31po-2@rsx!}@W0KC}NDq`$#^|`%-0{#W|CCv1
zjA|=YlUJ>Q1*$IU<~k02y_|I*7giGOlouZqL)hVZtXdq*=V82D7z|#@ry6eiBgmdB
zm}z_qxqy!HpdE*qDs60rV!v)Cj7Rq2t1fP-UHwgvOUdFFj;p^7NVEv<<MQHOzF1Q;
zb8n66!bBTN5()jb@f3Hoj4(Okj%eg2bQ<is++cxpjBU1a<uk2wG+XURt&3z{>kd8&
zau0$7)7TDicS&RfjUUQUFNCmniX?0IqAn-5$GeX%)`|2*TA<L>X*jm=qcS}sZix>@
zIWC%5ld0;uFt9fxh^YTQTuUZ0M$+?kxw~AX2G%jIMfS>g?Zn-jfHH9W#gP}EMplY+
zT7b`Kv?brOZco)#YqycPI9h$R8ccR*>T{_;%mHsHA6x*@oEUj0NvqU$EbT_U1k3GO
z4cq4gpseUhWpYCdM1ix>Vlj+LgUuQhfJtH0gC4PrNd*eO-MYNP&H`e3qDbmZ#P-=*
zyOKT!7Z+}FxyevjR=1{&;`hJzm;EmnY_5zzNe5-Ew}#$)2)g08>&`eT-A`%Xm^xd2
z=B3jDpCUU?fmXO>#wcp<-n$Y;zuHX@iY1|-NB1Cp?oAb2tea<5bL^=NRH?Q3D1-da
zoIAQ|i?ySScw_v#y+BBkEFd*Z<vps??N&!b5WG#Ct*Xq6$xLok&?p7rPV<XJ>}7W}
zuktjTmF}ED-KiB}N7S4?wgXmzg|*yuL=f>jA_Fg@;Ircw{q)c06pA>1ATnC%NeBfu
zm)gj49viLkRa=uW44}Doz%ViiY|WE^3j1<o4>EEv;BGEWVo%2ITtardY~7UJz}bo1
zA1>K<JdgB+9Dyhvp2W|5P3b#J4L<E};kTS$IIY{f;PF()_I=+Ni<UJPX}a$DiT$_b
zj&RRt8O8L>VjXCOp;H2nG-~je@i=FD(&2=bui_Z?G6hpq9FXn__y+48!2s^QfoaQj
z4dXD?BNlcOyC`@yT0mLtQv-Ud>xz}`V8-9oCk9V3DAw_#T8TW9ysp+B;7cs#0Zti$
zKZ=41E9(k?Kt338EI`DcINUArCYrOh$|~CwSjSJF*t7VXL8iuO&tj+UVC#k>IgcXg
zTG$Di>W@0p{%P%=Hah+My~}skAXOcXWHu$O#P$34)sz&GX^pwX5-)=bf0eAM_xAs6
zE1G&bAXk(4iNj~5pHxX)^c@A$Vc5hBB=?jQR}5S6C;SNR<!a+uzI>cyUB(#$8x&eC
zwKB5BvGzE>;P}X-&j|^SCB`1|)}l`bzRek0xLBL%7F=nOxc#E!0Q7#41)uK3yD#&$
z-ne8T2ih-ku!2@oqJ8=PoCxi8!yGhf@tXk<S%wiWry+Ug4(6Yi{MSi%A-{j~=4&yA
zhlM3&WE?<pk?G4*v&(fqimrvNt29?!3I5(=SqD4|#Yx<-3J5rk|GCS*oWAPQcMA<C
zv=wzDOa1EfC!#Z?&XiW?=9y8HXHv3HT+4Yj)u3Ff7pe!QVr2BBJr}*ah<xiq=}jUc
zqD~^ogKxsV@>zQJkW+Vzk-^L=D=chVxn}*orn@rsda2nD9{m+0+ol(92zI5Lm3I7t
zvyhSTM7`v<B-tl}kSW5SOgWq8vwskM8l~z+Lqp@vECk1y!cR5%?nfoo{IaLH!Gha<
zNs?m}9q8*-+r)D;l&@I?8{0t{4s8ro-^~`dr}`9^+uT^dh88n@)Am!0CQFJ*Or0&;
z^mz-8lwCGMozO2XMT+o6iy+<f)$wWTsHZO&kL$;~GEC{Prp@DXv;|ix?Ou*d1Mkf!
z3vIY<j@@5-=hr<)J0K@n(pw^bpXhmoy0+AyfVZbss0Dwr=3+|*AqsWgpJ@gbS&r~S
z#c1(8ze`sNhkhXoj2uT<sSoahUh<+jCD+rEO7Fmj98rGkY09FfP+F&YSteI$A5_<V
zBh6X(*}>g}vY5b%2v2tqzf9wU`MW|L7O9uzVJ=^dH?fS1?v|&<&0=v><FuR~kZ5A9
zaO?6g!|i^fVzPS|W_>AWn5nhKus}0umXR|7CCYZ`8IP^>iOVDS@MHEB5GYbBet8^x
z>U0ya-j~HIBD`5Fe|Bb;cEV5(^|!!?r`2zU&z{w@c@zU55I3{MifZtx!;>in3cV-m
zD<QBu8`QqoD1q}o<YICqyldtPK`Dw&(I-|QdM!OjQoYX=c7HD-lKuP$K`59#JeV!T
z7S268`Gli7r4xA$z+9{`7(ZbvZ^<5-{R#BUfQq#1GA)q%xES>no|}`Ug{`&vxOs+|
zotsT(*Icha>Xh4hJ@0J-)e%G8cO)j`e}WGe?{a*jqAK_S#}ekU8xqT}&=9TeplpVi
zBHI+)@z!W;Dq!>X+XPjRup4P|iTLnJm@#5V<KDvSomi;@M^5#Dj20w?o2tg)lfm%f
zuZr^#MI5&@r#Je(!){*cL>rQ46GDo4e2MR#hw1dG@svKlsMZ^xnScI}8(IsuHk=IX
zN%M+U{eVQ;8;P&1-n-dU{2g2QUB6Skost=foPi{$`lQdSq~`k-B{`=Jl6lK@rwsoj
z$A?v;PJ%ht5rr!4wUO+;JK20r&td)<F`t`tJCFU0LpR+R#>dI%(K9(q?z|834TH0+
zZnPp;`^i)9k}2iK=rA$lN>3P7%i3z2Fisr7=i|WI@44^WWEtC<>^~L=-~O!NrPVa8
zdoITQQz<m;>5cx-;$#pnhU~iz4|sg|@X#xM+18=`-oPuB8Tz@L01W~DZI!kW6G2`O
zH>HqZtZ~Ng<VQ&!WMh|NW5|b;u38Bt6`Y)(XQ2MH&hlLrOckNOP9zcE&<w1YPB~7`
z2OeY{W9g<^V|Oc?LPBkKsl=jKe$xj&1j+OoWv4KUmHaw&6l3TNw`*=5o6H*0xUw6>
zq7-&In4%G-!e-O`{f?LS_niB4IaDEvw0$X+T(+p?^O%q9`j1A|Rm{syw6h(n%g#gc
z8$2VxkJ>w*kfq+DDn?(4;XFaIF!E_+fdXfJxX}};6!wJg8dS&F7F!Ou!SFD6Ie|pO
zaRH7OX@S)5A*E+?$0u3D2&o&oU+DqA*EO_GxagjsX*m#KY2cekVOWg}Uv{U}a;^0t
z!R0CQv#S-a_Q8<j>`E>M#8K<WtMc@Z%}1RLDYxlUYunr*?27o=<3g)^#{yj^f7Yfx
zGvN*|bYfwi<l&}%oU-ff+dR=gqIoczU|V4a67c$qQ|+x!^n%t0Fp?7D-jnIBVDyOQ
zuH~|mFWSO<C0EEGhRI3gqm}!E{NI=6S05(fzxn#Ab#1N-orB2@DxlXZ-idhr0DC@s
z$JZ9lz2xKE6A6wiEKzo1s+wjeDL1&f@m{FyBMtXWxR8Uj6f%ofC(<gBT}>a(dIpw1
z*)01xN_HCij^}kThMm42W$2ag-$vgHA9S@#RdR1C1dHc#uyL(PJ%jTL;o4>EiqX<y
zS8&0>?ipA{%ZqSCZ)%bRflII+=18ba!eRTC#sb=0M0Yh;d7%7KS1M>SefEtTwHq!b
zg8Qbj#i0N>I;2_C<uMy6b&X>$%+0<%IW(H6mV*_}^s}f~`;aL!Nd9HTOyY>6g!#lV
zp1c(Kri@#{wwMhY1LLPogT={8V|0`Ks^<NOWMY;YPCftiExAMk&syNjO-3*Nq02G?
zXi2>6oyNTUto=t`qmKRU65m2qQQ6I5(BGUzBNJd3R#DGKr!UkmuD)*=DBY-5(!mW3
zSAVc?54j$=9PFuvHXr3T9}Z~qS_BA7hoZ#`>C-{}9O;V?eEn}+59O~Zh%{r2cX}%Z
zePEV#lNE$+6I85XNl1@A=!vrxE-NtMLf=BIHQQ)<>PAj#N5tvSzIj@Lt6)M^Tbwvm
zn95e9mhAK1n6(CvLrWu}XZH(%<JG&q2VVN#1A2~I&cnU8{Q?J*1rb9T&oF7P{u*NR
z^}A>ZouDHqqJl+e{i7j(z0JyLd)2u|LKWKl1x+K^&~09<?`b2+T9^~dblrmpaElGa
zfGg%4gcRl9I*Z@$y=TC%SBO|w0@!e8rg@pba+nnjI2I%3*Ile2wj%U6l_Rs6&5_|h
zq)t?IJw7P{@%~C(#!BpNJ98vzcllvV{b=nxe<A(GtjcN1w^_K24m?1|M*O)-e4^92
zQ!yy%E{>E{0G7eW54e&(aV;I<?jO{|!<)`ZRb)(q+}Xc0+0!s~&`%ErC9g-a;L$|#
za<d!vHPQJrNA*@}v|QEKkxQZQ`}`dpmT!1#%tav5n=(c9%`H`y$*m_=q5i42B-i@J
zo;0v0c_1&=SN+l-WtJsnF+k^hSG$B#?dzts!q48Fze80u@(Bvk-nnLHYlF_n{Y;^Z
z5)J)#zE?bd*(;1h`LRwXN{0iK4hgJ3EKq!t%kBV}{;GfBxBlSCo{7cd3{Ph6zwnfM
zuh(cJtFKSt)A@3ufTJ8+y*Eu<bJq~od+cOv&leE4#i&+N5<(N>>-;HFFXT7nU~&zn
z2-xxA;!gkeqi^+<j!0y7shE+U%8|hpMh%e>eJy%?*L3mE18ebZ^E{Eu$!+soU5CS4
z;!+lxJ34k>E3)+5`gNp$WHDExz17Xt%!fg58RUb{)%thrS%Wu|%~Sr$`@IV3g)2Gr
z-AdH)`)&2qRWtZv7pR7)_bHzHs%H12IxX;~R<7*%f~kpY<lHyIk9E%*U**O|2Y2{p
zYZsju*4C2(W;r&9Mbz_MfVs10&BRrX4n6kxVVA(!A*US?BsH!Za^8dx3G_ui{_U{R
zvjONzbj%YkX1F}=Q~_hN1eEi(Z?sH{SoU1+@%nnSh=jkLD_smK+RVqg@-|3hZSYn?
z)qE`0$P_iQaG-#t_4naq7Z=g7gfvV8e|_g7+D+KA(2HHm6lTHI$|{bdaBi5E9QoOp
zf@&3@`P`I?(Tvrp+V`b~Z!I}!>g#%W`YD_9?+VWxLiB~?9j78}N2z9XGShigHnqcE
ztJ!9jvu`Z-7OqrO93)cPhg180Zw!2)r;osh?i=nEA|OV?{oTOhuMe93C{+(`L(qMf
zF6e5Y)*-5jV0;&4A=)0Dl_uVbfC*#-$*+qk#=`&Y)Q=_9RsC1dl@r~G!pUZ1UcE@W
znV=F}-=`)cumiJv_W>vJZk@*#MN{FALkw+Na_4nut~CWLw0klA_3H(T`^d?hg07FG
z&pTBaCq|AI#wT0mP{3LJ%EA6(VP=LyMP+!_ZE0y)WKAex>dh^1vE|w@9q*O)`a8vO
zfU(R@v-2J?x?N>=8W5_b2|BdP5KCQ-*=}9UdSU76%tI|EfFW71;j8k{S?j?~SGELD
zTua|smQBtrP91t;@PM#Nj$!gS`U?Z%!u!QKLO+O>AOgEXZ1*B>4khU4^DTbGSLBC0
zVx<B}>DFtZwo78oR$nJ?$boKN3i9SV?`4P`%IW0ho$-CPVbk}XH^S~mU+EiPZWoR8
zJ=fgDfi=%BAGSf0iySZ164YE%ZWjiid8wpe4XYlv4k%fZ-vxI(+YBe^pB*lo`3IM?
z_NGWW<if$PkWrl%gEtZ9OF8zV{H}C$$j*ChZgbZOzO3O>7L+K={L2@W#rkHY`=)jT
zQUP5DnnBT`*~l6ps4C^U`O>=+OA~`JZ{1Faf~qMlzwRA<^q$K_>`D3iEnbadC+Vp>
zGpt<F=*+9b(H{Bz3z$x_O!r|*Q-6t(Ts~I>^%%uoBm&@cWgXj)mD!?tDp>D>x?w**
zWnGYxmvE1zKPB3tN{2E+qBaTN6GAo$5fVve#Ahx%`<G;Hka7pwLIt=HL%)9{^bL~!
zitPUhZ;f4%*?4%Ek=Q1A0#Aw){2KG@TMa8gnm}_wl8k8k!HkF4*>#hN^^ctxQJLk1
z;TGXF9SKvFhz7%NbSOm8p#cE_c<BnT@}v*V85tyTlp=DSKDRa^1T-(V%-Qb_Zhh(-
z8p@5jcZm`I+esd$D|L3u+#m;m>FH^bSa<NijMUR(j&%?WCD&@RE}eS7Ad<}M%d?Vx
z&B}UkLUy*^g^h-Hp8nkXVuH89@D+_Q`LZl>gARc+59|U0>6qmF2{84;>S=ZHK?qK&
zF)tbHYU2NqT))@0M|~48Zc%YJ#2Io?S~x6;OWJO^?g`U&NH?yVpkQEBPHcyk@pF5G
z;=For6YBhvY5bp5{bg=J1&hbdt@__^qyLc#M-hsQDDd#`u$1}e<MMw9Mm`neBPI`r
zz!V!IBIN0#^pXE+x16!ck|6K2t2A>|89mx5<A-P!{^M|3MLjWnrZR&vgT^;P#{VEW
z=+wCWS@6FUe|=r1KrEe&?A!WpoJ_w^f#UzHOewMcre68aC>sTs39wUFPZ{XwWbpn~
zk8D$@9}1zst{gq^emL+y3@UdEg2`Ms$zuQWR#3d7{(D8k*Gw_ryEzY-$1uPDFV$z?
z?h1b<E!pvlQmMIX(u5fOdmQt+Tc>6xdEOhTGXH~gh2A`>A^E>cS01Y3Dw+^!1O$j{
z7FiHJ&M`Nysu&s?hN`-8d!XkiY@{;q@evjiI6FI&V9Y;s%FH>lr$?ux5b&zdva(jf
zSQEh4RkpW6f1=tx&i+ONnx_5-0Rt=Q%8rHcSqfN)az%*;2UadFE-=qif14TnE~L!E
zu!cBS6-%HnVA`r5>@x2`QiyRC3DX<>Zz?uOrKKXWc80%Sd**XmPLth%nK9s<-C8|(
zX_5H`3&9P}E4iZ03*IjNt|C-fP(-odQ$U*azA7}}`mbZh>q9B)Mn3vNSPpR3A2eM9
zzlUD|t~+cDhYDUQlo&b~+m>GvoI?oGR4MzinY6A)l%%cS$ph4}xRqgI5;-unxsjo(
zL!M}qW+DT{WA{F^wB*`6`Vf?3#VE#@VW`&G`)vP4b#-d8-nGmRrlhzl#ul90SFjLU
zBzc}T^1dy%9#iv6)JsxEk~Md<*h>5Gc1;`G;3aNm$NK9Htq*$=aaWI)_hrZ^uF=;3
z5R5jOBVj8e)B<^NRnd-HSt0g&7FoJs`OfNZPSDd&Dt6*@o`=1p<w}Fw<6e5Ma<KFz
zKA=XI7)PBBxOa9|>UUrx!x?hF==Pt55zq1|o=Z@{5yXiZahW=^3K%7a3_G4m<tSb$
z(8yG&FN^5plPZ;Z@q7>wYLb2uhXT@CuAGq>roc0LE$&XPK~HSg*CSC4ReqjF4)s#2
z_^#W^4s^e)5u1>Pcgy!OI+>oJJH}Z?tASH^+rsozAD3UY8ZvFIcpgY6X2ti4(9UTt
z9X&kgQ6|L30Na#f5b^Ow)WP~iVyQU;7>#l_VaNR#{{t99_1gjic<b-Lr^9t9x_hG2
zyQ-1D|5`cgU0Ks@j!SQZCI&0;6Fl+4B#Iee=0!v-a0PGO1U+7yKP4^a;Z_A-3}dUt
z%bQ;>$~!h32O(!J^#-k|BRwiVRm}CWy%jh-mau#<g>bs`qsYayr8{egTe$n!cS8(~
zR~w>Yt&6*bRKa$;Yp9c#{`Kfz8Acg5`cl5Ne)#YNft}xytX?GNykFMtZFcpl-NJ_K
zDBFASv(E1UNP2niN#V@m!r#?rnoR68rE^zOm?h-N<J+s@SJz!)c=6>fLlh<(xqKu~
zh6-Oui2C?zyg{4vcz|PJpbW^{{P_a%(m@nSKOZn0tamN;>s$_6&yBBuWt8ljclflq
z4s%Y7u0*OGh-c@%Xo^zJXmyOsAErBP5JtM#O6DYzb^j-4HnllnnXycR7tE6^?Hh+r
zaPqpY?>v7+q@Ox4Skq;445k$1sQ>BUT>H4Hw!H2`*UZcLC4mqok}fGS{O$*N$Lq=O
z3-C|ZTE9<t&^Y^1)P0=7*dkbeZ_qUvPdf%zfD7{Ykp6VfnqMuNU-$f;3CI!2Y-#tg
zI~$e;)03vo<{sKzRuD>tf?rFnH2UpD`8v?Iim_}$7ZJkXiq4zOB}OOqu41{yQ76|2
zoEhgD;95SdrN+_I5LNgy=095(Ktg23%m-ldrJce?isibfM+cw%lq~8td-_F{%wBgF
zLd}#PgYm*tdT2T&gBaF?kqQW7#&o}#pL(z!i7Z5g<1OOVcDFNv)N);4DHyuSNuI}I
zdEfj|8M%UZ-PPFt+!LCfKknu8TpvTKW8j6Qh1DJqcaUNQe;>Z{o)E1!;JWELRb_Xy
zkVOC;9z(CzCbgS3;w&&q$HBBMRYoKt`<*?YDyAiDHIo|pm<d{H6RV<R@8)`Y(`g%o
z&OttLaGwsdG>QW8P3fi9wNQ?8La>IR#jE?IvtxL#Qt%nA-|N^{53I~F1cRXI&w`NG
zKO)_WJ1fWTW3Pp^6#jy_Z~6D4IW(Or7jd>Ha<65||9A8m;9jAJts2Iljr)glEK&|_
zxfj6_hk_4)YDH##;SnLKZXY1kC<MGcAamoL?z}oqoMbg&e69a#T2JTRbdJXKC=T#~
zn!kJ^8}B!^|L_u$FJOrcq{b}KNw#7Y=J0+5noh(+-8$M)OLD~Qn9X$pV1-p35FwrC
zv+q_WBg+PW*}R)*?Z5lcklB-Z#G4_lE9f~@TZ~G7qdNn+G{<(Ppy~2+dGu!QaK5u~
zU6<!c#z2OSx^f0{yin9t`K7T*<zgz8@odKPrHKRON;Xkq30}Re1jyP>*oRb2Tp&uj
zC|bI^W8^pKMk1&62UNJb=gLoAF{MM#;hdf6V-iN-^7!-_^KJ8fmymoTVE!p3^=4?D
z3a4e|-svz;M*anBv!O^1yk3dx$$|oCxmN(miBfmmL4%w<n%yYf`-I8v(Hqw{Sl9Ji
z=Uc?v$nTd)z`sH@EHq>-aaAVfsw`oI>q=j}MeesdZ+}yW=QXW}?&W<@psiK#+~y{_
zRNFJ}m(6`##3@nDMcZ^OtUzaMd4HE{#A#`XOqJ<@>MR$^!-JIF7?RxFeOZ>IbH9Ro
za&(8IF~r-ut!jEIuL14G?(=@Aj{D7Gs+{)I0h0S3QUken+TmKd=cVluZk5^a<E;@R
z`AdDSx)s{lYGr|6GR1Jy1x9tSp++HPDrTQOd0cu~)Sb!N_#5!Mq4g=d<(DjLdQ5BZ
z++vB#qA2+YiFBzg_12yR)`D1b>;o}2qpnfcOU|V-@I6?FPaTynUp@<ugc~4QC*d~=
z8a7HGpG^(aG8_+BFb22#Rbv<SZBq4T@&1wVJ0G=zuGzf^dmy251&F8IJ+I)FAWz|@
zEafDC%(%sHQroh?hioMLwWyky5eFY%n_Rtp$BlCU-I?CQ3gSUx+a~Xy4O1H$j!)}A
z&w+1CK9e<_4M#YqCz;LcoUX(_NIZ?CRkGh;xVn0QnR8CVXUBd8ju_8^;+I!X*$4SC
z1J+8@ej&}#a&acFl{>tBLdQeA5SyNl#Rn;bT_C>a)~dUo+|!??jjXNBNIJiMAdhFN
zfYLS)3fM3ur@_I!<^1=*01(Ho7hlLt=_qR`#vsW=4dV-e)!<Q7zqz%pSrqYC(!E@x
z2Qp8U(+LB5wul462W}<uGw4Qm=&RuBC~~2%%VUFB>+|n<A2BF@rz%uw`B^8Y75ZV_
ztK9Dx4gPgwqH{n_eZZOGb>ift{v_6(_(Sn388fq?31XrN9SIjhK|~>{94c9noGfCj
zXaRqJI|qZ@Gzmw>horK|s7S9!lZa;Ij~X)g>NJ5akzd+RJyy?(8+H)hHLglEpL#Td
zAqo%mYni#KlP6DmIoA@hzf3qg)GgL(b95FxoxVTHcXXXuzW^>2(iU#6_VP@h2eo@&
z9O{;CG|p6TkKN+VbDT}vZWT!0h9wU;|512S(KBImoRhfOpw3fq-|P~Mb)B&m)%g-h
zkT&V*ru|dRuw>oc4ofP2Bg34StHuJ~=#`?#!GmSv+$qEPoS<W=zsY{Hb17A{rIHLg
zfronf2JhylP{xRD+fIb%lN>QxsN(Kh&!BIu0rM5KeqB(?JTD2^ThMVUxJ{|-VELo!
z3{^uUL()1*phM;)m|87?KTD+k#*wwcv)J!U#?0))*{764T3t_CB@a8(of;Lld6JB`
zX6>PG7?%~f$&c=&7{^h`1@AsMGTt)^g_YGjraPTeTiy@hqfBluSe}{bPI7Ei2QvzN
zMzD=R7s<8w(?}#2aa|*t43V(jbQ*vs12yRAfCKGfjGB2b7W1feTp=Q_t3Lq)9@P~!
zmg=%$U(?ZRzC|o&7N6e7R^O1sR8^Z^in+5!z4q+aRPGFnr;0YUWaX%qh`-odIK5fl
zrNJ}Ev6?uQj}U<$@wdodz12F*6Tu}#4f78fiF+PC8zlPDgkW|kSR3pJ`S_bZ#ypmm
z%xVkbKct9!N(5McK(}9`&N)RCk$4OYwnon3joq-{YyP8Lq9%G9qwgt8nI7tKxkcQK
z-waPN!xk<CatIbmD<}<?j;-1yN^M0^j@pdko8jI>6A1qE+gmvr*jJkExs~tAl<M$@
z)pUZkrVjA@@Cq>W-gS9DJs^5Jv%?zIMl-8y>KkBne?wwOf_ic<emBG|7{H=EkTPs|
z@^j7CS&14%*pNxSJYG_BH?swo3ADPuN7tRm9uflV5ZJqzaj7KR-Q66)CwH0uKLO(c
z9Q`sG+-_A-l)B-sVrbpPrkB6ukLDDP;lfjP1~ac&#myH6Fbp5_mR`ZD8=j{AvmidV
zkLU%L65Zcz2f_1MJpB+G)~@DoTPNnknJl?)A=Per>6`DtJ(>9{?;!K`+tjaUB5h}J
zl}}^A@)azs33Krcm-F3gYgzT_Bxc|9Fw4$9(aqqko=#=!R(8j)r7AMO8?|>TS6tY}
zvs=qqcH8)Vmn^0aHn87w77Hfmf+`hu%TC^1_Z<5=P2846uy!uD-d>Ymy}31stM0#x
z<Xdm@=&Cqfj++S=%xC58GYA=gaq>1flKB08nwpx3L?XCc3c9DWuC6YQ963TT7%cXo
z$SD|(<MivHCl-rQR#w*U*W>XxMnM)VC=#cYZ7;0llc{T1yRdTjl9kiJFR$0LF}#Y$
zmuSJ0fp8p$P$+cjHy$(U+U_9ad+zq`-Aiq4ZLj-jZf+)#NMPH=UKCA=$>nkp3WW%V
z!@AB&oT_2_%NWP>o33Wd^B?fjoaM|456|dK=D-#{+;c8BJ(}m!sYnSi41-7{LL?F?
z_MwPKKPe#O!CiS353D|qRx6*8=D~1q{4=;?%>*Wgl(a=eWcVl`<i%v{#A<pjgI+iW
zp7JWHhVAo2L`06#I$I(#WO|!_AR;4^0)mK$h~!W}5D^iP90~{`A|jGQ0YOAWL~;}?
zAeg2}Ki6OqDHz9bu&n%wb<}o`8pyd5k<p`ISAQT7puN3atENd&S(b&*=gVswwcVoz
za_&TA^eE`#f#2^h<nBcZMr~I_PIsDvAR;0nITR2?L_{Qq0)mK$h~!W}5D^iP9D@!B
zE|-f;CNmVrA|fIpC1TJ4!Rz(X+1aVOaS;)bQDo2o!Q=5@Sr+kloJ=O8pdcb5G71dI
zItV_Wk90asGMU7-ZG{985s?vY$QDZScszJKo}t>Eh=_<3k*XL(L_{RVzixlnkWmuh
Q!T<mO07*qoM6N<$g0C}>5C8xG

literal 0
HcmV?d00001


From 13cecfb0f611fd951750b2c32b5ae27bb5d24d0e Mon Sep 17 00:00:00 2001
From: Carla Schroder <carla@owncloud.com>
Date: Thu, 21 Jan 2016 08:42:40 -0800
Subject: [PATCH 2/2] Update file_firewall.rst

---
 admin_manual/enterprise_firewall/file_firewall.rst | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/admin_manual/enterprise_firewall/file_firewall.rst b/admin_manual/enterprise_firewall/file_firewall.rst
index 17968ac59..6274eb4e5 100644
--- a/admin_manual/enterprise_firewall/file_firewall.rst
+++ b/admin_manual/enterprise_firewall/file_firewall.rst
@@ -15,10 +15,7 @@ defined rules, the request is blocked and the file content can not be read or
 written.
 
 .. note::
-   As of ownCloud 9.0 administrators are no longer exceptions to the rules.
-   This was changed, because since ownCloud 9.0 the file firewall app no longer
-   can lock out administrators from the web interface, when rules are
-   misconfigured.
+   As of ownCloud 9.0, the File Firewall app cannot lock out administrators from the Web interface when      rules are misconfigured.
 
 Figure 1 shows an empty firewall configuration panel. Set your logging level to 
 **Failures Only** for debugging, and create a new ruleset by clicking the **Add 
@@ -113,11 +110,11 @@ and a single typo will break all of your rules.
 Controlling Access to Folders
 -----------------------------
 
-The easiest way to block access to a folder starting ownCloud 9.0 is to use a
-system tag. A new rule type was added, which allows you to block access to
+The easiest way to block access to a folder, starting with ownCloud 9.0, is to use a
+system tag. A new rule type was added which allows you to block access to
 files and folders, where at least one of the parents has a given tag. Now you
-just need to add the tag to the folder or file and then block the tag with the
-file firewall.
+just need to add the tag to the folder or file, and then block the tag with the
+File Firewall.
 
 This example blocks access to any folder with the tag "Confidential".