diff options
author | Renato Botelho <renato@netgate.com> | 2015-08-25 08:08:24 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-08-25 14:49:54 -0300 |
commit | 46bc6e545a17e77202aaf01ec0cd8d5a46567525 (patch) | |
tree | 32d18dda436ec739c67c489ceb771e8629cd926f /src/usr/local/share/protocols/httpaudio.pat | |
parent | 4d9801c2dbd2b3e54a39578ee62b93af66607227 (diff) | |
download | pfsense-46bc6e545a17e77202aaf01ec0cd8d5a46567525.zip pfsense-46bc6e545a17e77202aaf01ec0cd8d5a46567525.tar.gz |
Move main pfSense content to src/
Diffstat (limited to 'src/usr/local/share/protocols/httpaudio.pat')
-rw-r--r-- | src/usr/local/share/protocols/httpaudio.pat | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/src/usr/local/share/protocols/httpaudio.pat b/src/usr/local/share/protocols/httpaudio.pat new file mode 100644 index 0000000..c6cdd9a --- /dev/null +++ b/src/usr/local/share/protocols/httpaudio.pat @@ -0,0 +1,32 @@ +# HTTP - Audio over HyperText Transfer Protocol (RFC 2616) +# Pattern attributes: good notsofast notsofast subset +# Protocol groups: streaming_audio document_retrieval ietf_draft_standard +# Wiki: http://protocolinfo.org/wiki/HTTP +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE +# +# Usually runs on port 80 +# +# Contributed by Deepak Seshadri <dseshadri AT broadbandmaritime.com> +# +# This pattern has been tested and is believed to work well. +# +# To get or provide more information about this protocol and/or pattern: +# http://www.protocolinfo.org/wiki/HTTP +# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers +# +# If you use this, you should be aware that: +# +# - they match both simple downloads of audio/video and streaming content. +# +# - blocking based on content-type encourages server +# writers/administrators to misreport content-type (which will just make +# headaches for everyone, including us), so I would strongly recommend +# shaping audio/video down to a speed that discourages use of streaming +# players without actually blocking it. +# +# - obviously, since this is a subset of HTTP, you need to match it +# earlier in your iptables rules than HTTP. + +httpaudio +http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: audio) + |