Re: https permit/deny - Leonardo Rodrigues Magalhães

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Leonardo Rodrigues Magalhães" <leolistas@solutti.com.br>
To: vects <alexc@actcom.co.il>
Cc: netfilter@lists.netfilter.org
Subject: Re: https permit/deny
Date: Sun, 11 Feb 2007 14:45:54 -0300	[thread overview]
Message-ID: <45CF5652.8050306@solutti.com.br> (raw)
In-Reply-To: <1171210904.25395.95.camel@act17.actcom.co.il>


    Never used l7 for doing that kind of filtering, dont know if it's 
possible.

    Anyway, if you need some hard filtering based on URLs, both http and 
https, i would recommend that you use an http/https proxy, just like 
squid, for doing that.

    Completly block https (TCP/443) traffic with iptables and get your 
clients for use an http/https proxy and does the filtering there. I'm 
pretty convinced it will be easier and you'll have a lot more 
flexibility on the rules. Squid's ACLs are pretty flexible, you should 
give it a try.


vects escreveu:
> Hi,
>
> I'm looking for solution of the next problem, I have to enable/disable
> an access to list of https web servers, I don't know in advance IPs of
> them, permit rule must be based of the url user typed in location bar.
>
> Is possible to do that by iptables and extentions?
> I thought about l7 filter.
>
>   

-- 


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@solutti.com.br
	My SPAMTRAP, do not email it

next prev parent reply	other threads:[~2007-02-11 17:45 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-02-11 16:21 https permit/deny vects
2007-02-11 17:45 ` Leonardo Rodrigues Magalhães [this message]
2007-02-11 16:55   ` vects
2007-02-11 18:42     ` Leonardo Rodrigues Magalhães
2007-02-13  7:28       ` vects
2007-02-13  7:58         ` Frank Petran

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=45CF5652.8050306@solutti.com.br \
    --to=leolistas@solutti.com.br \
    --cc=alexc@actcom.co.il \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.