Update layer 7 protocol definitions and adding new regex definitions.

1 files changed, 32 insertions, 0 deletions

diff --git a/usr/local/share/protocols/httpaudio.pat b/usr/local/share/protocols/httpaudio.pat
new file mode 100644
index 0000000..c6cdd9a
--- /dev/null
+++ b/usr/local/share/protocols/httpaudio.pat
@@ -0,0 +1,32 @@
+# HTTP - Audio over HyperText Transfer Protocol (RFC 2616)
+# Pattern attributes: good notsofast notsofast subset
+# Protocol groups: streaming_audio document_retrieval ietf_draft_standard
+# Wiki: http://protocolinfo.org/wiki/HTTP
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
+#
+# Usually runs on port 80
+#
+# Contributed by Deepak Seshadri <dseshadri AT broadbandmaritime.com>
+#
+# This pattern has been tested and is believed to work well.
+#
+# To get or provide more information about this protocol and/or pattern:
+# http://www.protocolinfo.org/wiki/HTTP
+# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
+#
+# If you use this, you should be aware that:
+#
+# - they match both simple downloads of audio/video and streaming content.
+#
+# - blocking based on content-type encourages server
+# writers/administrators to misreport content-type (which will just make
+# headaches for everyone, including us), so I would strongly recommend
+# shaping audio/video down to a speed that discourages use of streaming
+# players without actually blocking it.
+#
+# - obviously, since this is a subset of HTTP, you need to match it
+# earlier in your iptables rules than HTTP.
+
+httpaudio
+http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: audio)
+