Firewall Wizards mailing list archives
Re: Application Proxy/L7 Firewall Recommendation?
From: Balazs Scheidler <bazsi () balabit hu>
Date: Thu, 5 Sep 2002 14:34:00 +0200
On Wed, Sep 04, 2002 at 07:44:27PM -0700, Jeff Newton wrote:
Can anyone suggest or recommend a sophisticated application-layer proxy? I'm interested in anything particularly adept at scrubbing HTTP of instant message, file sharing, and remote access applications that tunnel to bypass traditional security measures.
You might be interested in Zorp. It has really nifty features, and is free (GNU/GPL). 1. it has really strict proxies 2. you can hook into decision points with its built in script language This sample demonstrates how to anonimize remove the Http referer header, so websites who expect a correct referer header still work: class RefererFilterHttpProxy(HttpProxy): def config(self): HttpProxy.config(self) self.request_headers["Referer"] = (HTTP_REQ_POLICY, self.checkReferer) def checkReferer(self, hdr_name, hdr_value): self.current_header_value = self.request_url return HTTP_HDR_ACCEPT This will insert the current url as referer, which makes usual referer checking websites happy, while filtering the real information. You can do similar tricks with FTP and all the supported protocols. (anonymous, download only FTP, with a one-way-only data channel) The GPL version includes protocol proxies for HTTP, FTP, FINGER, WHOIS, PLUG, TELNET, SSL And yes SSL means that you can peek into decrypted SSL streams. (url filtering in HTTPS, anyone?) You can limit CONNECT, or stack in a decrypting HTTPS proxy within the CONNECT method to avoid instant messengers to go through your firewall. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Application Proxy/L7 Firewall Recommendation? Jeff Newton (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? Balazs Scheidler (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? John Adams (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Adam Shostack (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? John Adams (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? Balazs Scheidler (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Balazs Scheidler (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 05)
- <Possible follow-ups>
- RE: Application Proxy/L7 Firewall Recommendation? Dawes, Rogan (ZA - Johannesburg) (Sep 05)
- RE: Application Proxy/L7 Firewall Recommendation? Noonan, Wesley (Sep 06)
- RE: Application Proxy/L7 Firewall Recommendation? ark (Sep 09)
- RE: Application Proxy/L7 Firewall Recommendation? Paul D. Robertson (Sep 09)