filtering HTTP signatures/headers ?
S t i n g r a y
fasi_74 at yahoo.com
Thu Mar 2 05:04:00 CET 2006
The problem is that , i have a proxy/firewall box that
provides internet to my internal users, now i have
only permitted the common ports like
ftp,http,smtp,pop3 etc etc & blocked all other , now
there are couple of p2p applications out there that
tunnel through my port 80 as its open, this is taking
up my internet bandwith, i want to stop that ...
regards
--- Rob Sterenborg <rob at sterenborg.info> wrote:
> On Wed, March 1, 2006 16:40, S t i n g r a y wrote:
> > will it filter out HTTP tunneling also ?
>
> Do you mean you have a VPN tunnel which transfers
> http, or what ? If that is
> the case, I don't think so ; Squid can only inspect
> traffic that it can see of
> course. However, if the Squid-box is at the end of
> the tunnel you may be able
> to do it.
> But maybe I don't understand correctly what problem
> you are trying to solve.
>
>
> Gr,
> Rob
>
> > --- Rob Sterenborg <rob at sterenborg.info> wrote:
> >> On Wed, March 1, 2006 12:45, S t i n g r a y
> wrote:
> >> > Is it possible to filter HTTP
> signatures/headers
> >> > with Iptables ? or is there addon for it ?
> >>
> >> You may be able to use the String match but you
> can
> >> only filter the payload of 1 packet at a time :
> if a
> >> signature/header spans multiple packets then it
> >> won't work.
> >>
> >> Netfilter is not meant to do content filtering.
> >> Perhaps you can use Squid.
> >>
> >>
> >> Gr,
> >> Rob
>
>
>
>
*º¤., ¸¸,.¤º*¨¨¨*¤ Stingray *º¤., ¸¸,.¤º*¨¨*¤
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the netfilter
mailing list