zdianjiang / netfilter_url_l7_filtering Goto Github PK
View Code? Open in Web Editor NEWNetfilter userland plugin for L7 URL filtering (school project, not for real-life use!)
License: GNU General Public License v2.0
Netfilter userland plugin for L7 URL filtering (school project, not for real-life use!)
License: GNU General Public License v2.0
An url-based http/ftp filtering extension for NetFilter. Licensing: This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version. It is based on code from the following projects: libnetfilter-queue (svn-r7519), released under GPLv2 license libnetfilter-conntrack (svn-r7519), released under GPLv2 license l7-filter (userspace-0.4), released under GPLv2 license google-perftools (0.79), released under modified BSD license google-psvm (1.0), released under Apache License 2.0 boost library, released under Boost Software License All third-party code used in this program is either licensed in GPLv2 by the author, or released with a GPLv2-compatible license. Authors: This program was written by S. Jacob, J. Whitbeck and V. Zanotti as part of an university project at TELECOM ParisTech (http://www.enst.fr/). Purpose: This program offers url filtering capabilities for http and ftp connections. Based on the NFQUEUE netfilter mechanism, it can intercept, parse, and classify http and ftp connections using user-defined rules. Although the classifier will resist to many bypass tricks (such as packet fragmentation), it was not designed to handle tcp packet re-ordering, and bypass by using HTTP's KeepAlive connections. Dependencies: libnetfilter-queue (http://www.netfilter.org/projects/libnetfilter_queue/) libnetfilter-conntrack (http://www.netfilter.org/projects/libnetfilter_conntrack/) in-kernel support for nf_conntrack, nfnetlink, nfnetlink_queue, and nf_conntrack_netlink kernel >= 2.6.18 google-gflags (http://code.google.com/p/google-gflags/) Boost regex library How to install dependencies on Debian: apt-get libnetfilter-conntrack-dev libnetfilter-queue-dev libboost-regex-dev wget http://google-gflags.googlecode.com/files/libgoogle-gflags-dev_0.8-1_i386.deb wget http://google-gflags.googlecode.com/files/libgoogle-gflags0_0.8-1_i386.deb dpkg -i libgoogle-gflags-dev_0.8-1_i386.deb libgoogle-gflags0_0.8-1_i386.deb How to install dependencies on Fedora Core: yum install libnetfilter_conntrack-devel libnetfilter_queue-devel boost-devel wget http://google-gflags.googlecode.com/files/gflags-devel-0.8-1.i386.rpm wget http://google-gflags.googlecode.com/files/gflags-0.8-1.i386.rpm yum --nogpgcheck localinstall gflags-devel-0.8-1.i386.rpm gflags-0.8-1.i386.rpm How to install dependencies on Gentoo: echo "dev-cpp/gflags ~amd64" >> /etc/portage/package.keywords emerge -va net-libs/libnetfilter_queue net-libs/libnetfilter_conntrack dev-cpp/gflags dev-libs/boost Urlfilter configuration / usage: Basically, it should be used as "urlfilter --rules <path/to/the/rules>". Rules are each written on their own line; lines starting with "#" are comments. The basic rule format is: mark=<mark> proto=<ftp|http> [method=<method> | method_re=<method regex>] [url=<url regex> | url_maxsize=<size>] Where: - regex are standard unix regex (ex: ^.*\.pdf^ to match pdf urls); - method is the method used in the protocol (GET/POST/PUT/...); - when url_maxsize is used, urls whose size is above this size will be marked; - mark is the NFQUEUE mark that will be put on packets, for later use by iptables (cf. infra). See rules.example for examples of rules. Netfilter/iptable configuration example: A basic iptables configuration could be: # Redirects all packets to and from port 80 to the urlfilter. iptables -A FORWARD -m tcp -p tcp --dport 80 -j NFQUEUE --queue-num 0 iptables -A FORWARD -m tcp -p tcp --sport 80 -j NFQUEUE --queue-num 0 # Matches mark on post-filter (let us suppose that 0-2 is no match, # 3 is url above 255 chars, and 4 is url ending with .pdf). # We have to use a chain downstream to the initial matching rule # (mangle/POSTROUTING is after filter/FORWARD). iptables -t mangle -A POSTROUTING -m mark --mark 3 -j LOG --log-prefix "Url too long " iptables -t mangle -A POSTROUTING -m mark --mark 4 -j REJECT
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.