filtering HTTP signatures/headers ?
S t i n g r a y
fasi_74 at yahoo.com
Thu Mar 2 05:04:00 CET 2006
The problem is that , i have a proxy/firewall box that
provides internet to my internal users, now i have
only permitted the common ports like
ftp,http,smtp,pop3 etc etc & blocked all other , now
there are couple of p2p applications out there that
tunnel through my port 80 as its open, this is taking
up my internet bandwith, i want to stop that ...
--- Rob Sterenborg <rob at sterenborg.info> wrote:
> On Wed, March 1, 2006 16:40, S t i n g r a y wrote:
> > will it filter out HTTP tunneling also ?
> Do you mean you have a VPN tunnel which transfers
> http, or what ? If that is
> the case, I don't think so ; Squid can only inspect
> traffic that it can see of
> course. However, if the Squid-box is at the end of
> the tunnel you may be able
> to do it.
> But maybe I don't understand correctly what problem
> you are trying to solve.
> > --- Rob Sterenborg <rob at sterenborg.info> wrote:
> >> On Wed, March 1, 2006 12:45, S t i n g r a y
> >> > Is it possible to filter HTTP
> >> > with Iptables ? or is there addon for it ?
> >> You may be able to use the String match but you
> >> only filter the payload of 1 packet at a time :
> if a
> >> signature/header spans multiple packets then it
> >> won't work.
> >> Netfilter is not meant to do content filtering.
> >> Perhaps you can use Squid.
> >> Gr,
> >> Rob
*º¤., ¸¸,.¤º*¨¨¨*¤ Stingray *º¤., ¸¸,.¤º*¨¨*¤
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
More information about the netfilter