1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Webfilter

Discussion in 'Tomato Firmware' started by vasiloui, Jul 1, 2008.

  1. vasiloui

    vasiloui Addicted to LI Member

    Did tomato have webfiltering?
     
  2. danix71

    danix71 LI Guru Member

    Do you mean the address www.example.com or the web-port (80 / 8080)?
     
  3. vasiloui

    vasiloui Addicted to LI Member

  4. HennieM

    HennieM Network Guru Member

    No. You need the ipt_string or ipt_http_uri or some such iptables module, and Tomato does not have that at current AFAIK.

    You could block by IP address or range, but that would be a lot of work and not very effective.
     
  5. mstombs

    mstombs Network Guru Member

    ? its very effective AFAIK

    You just put "youtube" in the HTTP Request box, Tomato uses " web --hore "

    Code:
    Chain rres04 (1 references)
    target     prot opt source               destination
    REJECT     tcp  --  anywhere             anywhere            web --hore "youtube" reject-with tcp-reset
     
  6. HennieM

    HennieM Network Guru Member

    My bad. I was not aware that the web module can do that.
    Link to a man page or some docs for "web"?
     
  7. mstombs

    mstombs Network Guru Member

    Its Jon's own !

    Code:
    /*
    
    	web (experimental)
    	HTTP client match
    	Copyright (C) 2006 Jonathan Zarate
    
    	Licensed under GNU GPL v2 or later.
    
    */
    #include <stdio.h>
    #include <string.h>
    #include <stdlib.h>
    #include <getopt.h>
    
    #include <iptables.h>
    #include <linux/netfilter_ipv4/ipt_web.h>
    
    
    #undef IPTABLES_SAVE
    
    
    static void help(void)
    {
    	printf(
    		"web match v0.01 (experimental)\n"
    		"Copyright (C) 2006 Jonathan Zarate\n"
    		"Options:\n"
    		"[!] --http (default)   find an HTTP GET/POST request\n"
    		"[!] --host <text ...>  find in host line\n"
    		"[!] --req <text ...>   find in request\n"
    		"[!] --path <text ...>  find in request path\n"
    		"[!] --query <text ...> find in request query\n"
    		"[!] --hore <text ...>  find in host or request line\n"
    		" <text> can be:\n"
    		"  text    contains\n"
    		"  ^text   begins with\n"
    		"  text$   ends with\n"
    		"  ^text$  exact match\n");
    }
    Tomato also seems to use

    Code:
    /* Shared library add-on to iptables to add string matching support. 
    * 
    * Copyright (C) 2000 Emmanuel Roger  <winfield@freegates.be>
    *
    * ChangeLog
    *     27.01.2001: Gianni Tedesco <gianni@ecsc.co.uk>
    *             Changed --tos to --string in save(). Also
    *             updated to work with slightly modified
    *             ipt_string_info.
    */
    
    /* Shared library add-on to iptables to add webstr matching support. 
    *
    * Copyright (C) 2003, CyberTAN Corporation
    * All Rights Reserved.
    *
    * Description:
    *   This is shared library, added to iptables, for web content inspection. 
    *   It was derived from 'string' matching support, declared as above.
    *
    */
    
    #include <stdio.h>
    #include <netdb.h>
    #include <string.h>
    #include <stdlib.h>
    #include <getopt.h>
    
    #include <iptables.h>
    #include <linux/netfilter_ipv4/ipt_webstr.h>
    
    /* Function which prints out usage message. */
    static void help(void)
    {
    	printf(
    		"WEBSTR match v%s options:\n"
    		"[!] --host 'host<host'   Match one of the hostname in a URL.\n"
    		"[!] --url 'key<key'      Match one of the keyword in a URL.\n"
    		"[!] --content ##         Match Java, ActiveX, proxy. See code for details.\n\n",
    		IPTABLES_VERSION);
    }
     
  8. HennieM

    HennieM Network Guru Member

    Very cool.
    Thanks mstombs
     
  9. danix71

    danix71 LI Guru Member

    :) I don't think that the one that started this thread understood smth...
     
  10. vasiloui

    vasiloui Addicted to LI Member

    i understant mate
     
  11. kd9rg

    kd9rg LI Guru Member

    You can block this by using the "Access Restrictions" part of tomato ware too.
     
  12. vasiloui

    vasiloui Addicted to LI Member

    ok thanx
     

Share This Page