From: Jim Laurino <nfcan.x.jimlaur@dfgh.net>
To: netfilter@lists.netfilter.org
Subject: Re: filtering HTTP signatures/headers ? (nfcan: addressed to exclusive sender for this address)
Date: Thu, 2 Mar 2006 00:37:38 -0500 [thread overview]
Message-ID: <20060302053738.GK11698@salty> (raw)
In-Reply-To: <20060302040400.27574.qmail@web51111.mail.yahoo.com> (from +nfcan+jimlaur+c938beccd8.fasi_74#yahoo.com@spamgourmet.com on Wed, Mar 01, 2006 at 23:04:00 -0500)
On 2006.03.01 23:04, S t i n g r a y - fasi_74@yahoo.com wrote:
> The problem is that , i have a proxy/firewall box that
> provides internet to my internal users, now i have
> only permitted the common ports like
> ftp,http,smtp,pop3 etc etc & blocked all other , now
> there are couple of p2p applications out there that
> tunnel through my port 80 as its open, this is taking
> up my internet bandwith, i want to stop that ...
Well, then what Rob said before applies.
Netfilter is not good for solving this problem.
Squid is reputed to be very good for this problem.
Regards,
Jim
>
> regards
>
>
> --- Rob Sterenborg <rob@sterenborg.info> wrote:
>
> > On Wed, March 1, 2006 16:40, S t i n g r a y wrote:
> > > will it filter out HTTP tunneling also ?
> >
> > Do you mean you have a VPN tunnel which transfers
> > http, or what ? If that is
> > the case, I don't think so ; Squid can only inspect
> > traffic that it can see of
> > course. However, if the Squid-box is at the end of
> > the tunnel you may be able
> > to do it.
> > But maybe I don't understand correctly what problem
> > you are trying to solve.
> >
> >
> > Gr,
> > Rob
> >
> > > --- Rob Sterenborg <rob@sterenborg.info> wrote:
> > >> On Wed, March 1, 2006 12:45, S t i n g r a y
> > wrote:
> > >> > Is it possible to filter HTTP
> > signatures/headers
> > >> > with Iptables ? or is there addon for it ?
> > >>
> > >> You may be able to use the String match but you
> > can
> > >> only filter the payload of 1 packet at a time :
> > if a
> > >> signature/header spans multiple packets then it
> > >> won't work.
> > >>
> > >> Netfilter is not meant to do content filtering.
> > >> Perhaps you can use Squid.
> > >>
> > >>
> > >> Gr,
> > >> Rob
> >
> >
> >
> >
>
>
> *º¤., ¸¸,.¤º*¨¨¨*¤ Stingray *º¤., ¸¸,.¤º*¨¨*¤
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
>
>
--
Jim Laurino
nfcan.x.jimlaur@dfgh.net
Please reply to the list.
Only mail from the listserver reaches this address.
next prev parent reply other threads:[~2006-03-02 5:37 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-01 11:45 filtering HTTP signatures/headers ? S t i n g r a y
2006-03-01 12:13 ` Rob Sterenborg
2006-03-01 15:40 ` S t i n g r a y
2006-03-01 17:31 ` Rob Sterenborg
2006-03-02 4:04 ` S t i n g r a y
2006-03-02 5:37 ` Jim Laurino [this message]
2006-03-02 11:04 ` filtering HTTP signatures/headers ? (nfcan: addressed to exclusive sender for this address) Rob Sterenborg
2006-03-02 11:36 ` filtering HTTP signatures/headers ? Oleg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060302053738.GK11698@salty \
--to=nfcan.x.jimlaur@dfgh.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.