-
Notifications
You must be signed in to change notification settings - Fork 14
iptables url filtering
Seongmyun Cho edited this page Jun 13, 2017
·
6 revisions
When you access "http://www.xnsystems.com/product/" on a web browser, the typical content of the packet looks this:
GET /product/ HTTP/1.1
User-Agent: Wget/1.14 (linux-gnu)
Accept: */*
Host: www.xnsystems.com
Connection: Keep-Alive
So, to filter just "http://www.xnsystems.com/product/" at the gateway while forwarding the packets,
iptables -A FORWARD -p tcp --dport 80 -m string --string "/\/product\/? .+Host: www.xnsystems.com/si" --algo pcre -j DROP
or if you want to filter all the URLs which start with "http://www.xnsystems.com/product/"
iptables -A FORWARD -p tcp --dport 80 -m string --string "/\/product\/.+Host: www.xnsystems.com/si" --algo pcre -j DROP
The 's' option must be specified for '.' ('.' matches any single character except for new line character) to include new line character.
If you have any questions on how to filter HTTP requests with kpcre module, feel free to ask. :)
"My colleague and I have been using your kpcre implementation extensively and have been finding it incredibly well-designed and comprehensive. Many thanks for all your efforts."
- Michael, Verisign, Inc.