diff options
author | Ermal Luçi <eri@pfsense.org> | 2008-08-02 22:24:45 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2008-08-02 22:24:45 +0000 |
commit | 4ae45b1093b1a2fda98b263a5cffce9689ad109a (patch) | |
tree | c770e69156a527cbe1deb11a288dc3315c9423ca /usr/local/share/protocols/http.pat | |
parent | b5a7edb1ca42023606cde872cb8b5339d3b9837a (diff) | |
download | pfsense-4ae45b1093b1a2fda98b263a5cffce9689ad109a.zip pfsense-4ae45b1093b1a2fda98b263a5cffce9689ad109a.tar.gz |
Add protocol definitions needed by ipfw-classifyd. Basically they are copied from the ipfw-classifyd pfPort which inherits them from l7-filter project on sf.net.
Diffstat (limited to 'usr/local/share/protocols/http.pat')
-rw-r--r-- | usr/local/share/protocols/http.pat | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/usr/local/share/protocols/http.pat b/usr/local/share/protocols/http.pat new file mode 100644 index 0000000..550aa0b --- /dev/null +++ b/usr/local/share/protocols/http.pat @@ -0,0 +1,27 @@ +# HTTP - HyperText Transfer Protocol - RFC 2616 +# Pattern attributes: great slow notsofast superset +# Protocol groups: document_retrieval ietf_draft_standard +# Wiki: http://protocolinfo.org/wiki/HTTP +# +# Usually runs on port 80 +# +# This pattern has been tested and is believed to work well. +# +# this intentionally catches the response from the server rather than +# the request so that other protocols which use http (like kazaa) can be +# caught based on specific http requests regardless of the ordering of +# filters... also matches posts + +# Sites that serve really long cookies may break this by pushing the +# server response too far away from the beginning of the connection. To +# fix this, increase the kernel's data buffer length. + +http +# Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF (rfc 2616) +# As specified in rfc 2616 a status code is preceeded and followed by a +# space. +http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\x09-\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\x09-\x0d -~]* http/[01]\.[019] +# A slightly faster version that might be good enough: +#http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9]|post [\x09-\x0d -~]* http/[01]\.[019] +# old pattern(s): +#(http[\x09-\x0d -~]*(200 ok|302 |304 )[\x09-\x0d -~]*(connection:|content-type:|content-length:))|^(post [\x09-\x0d -~]* http/) |