summaryrefslogtreecommitdiffstats
path: root/src/usr/local/share/protocols/httpaudio.pat
diff options
context:
space:
mode:
authorRenato Botelho <renato@netgate.com>2015-08-25 08:08:24 -0300
committerRenato Botelho <renato@netgate.com>2015-08-25 14:49:54 -0300
commit46bc6e545a17e77202aaf01ec0cd8d5a46567525 (patch)
tree32d18dda436ec739c67c489ceb771e8629cd926f /src/usr/local/share/protocols/httpaudio.pat
parent4d9801c2dbd2b3e54a39578ee62b93af66607227 (diff)
downloadpfsense-46bc6e545a17e77202aaf01ec0cd8d5a46567525.zip
pfsense-46bc6e545a17e77202aaf01ec0cd8d5a46567525.tar.gz
Move main pfSense content to src/
Diffstat (limited to 'src/usr/local/share/protocols/httpaudio.pat')
-rw-r--r--src/usr/local/share/protocols/httpaudio.pat32
1 files changed, 32 insertions, 0 deletions
diff --git a/src/usr/local/share/protocols/httpaudio.pat b/src/usr/local/share/protocols/httpaudio.pat
new file mode 100644
index 0000000..c6cdd9a
--- /dev/null
+++ b/src/usr/local/share/protocols/httpaudio.pat
@@ -0,0 +1,32 @@
+# HTTP - Audio over HyperText Transfer Protocol (RFC 2616)
+# Pattern attributes: good notsofast notsofast subset
+# Protocol groups: streaming_audio document_retrieval ietf_draft_standard
+# Wiki: http://protocolinfo.org/wiki/HTTP
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
+#
+# Usually runs on port 80
+#
+# Contributed by Deepak Seshadri <dseshadri AT broadbandmaritime.com>
+#
+# This pattern has been tested and is believed to work well.
+#
+# To get or provide more information about this protocol and/or pattern:
+# http://www.protocolinfo.org/wiki/HTTP
+# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
+#
+# If you use this, you should be aware that:
+#
+# - they match both simple downloads of audio/video and streaming content.
+#
+# - blocking based on content-type encourages server
+# writers/administrators to misreport content-type (which will just make
+# headaches for everyone, including us), so I would strongly recommend
+# shaping audio/video down to a speed that discourages use of streaming
+# players without actually blocking it.
+#
+# - obviously, since this is a subset of HTTP, you need to match it
+# earlier in your iptables rules than HTTP.
+
+httpaudio
+http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: audio)
+
OpenPOWER on IntegriCloud