On Wed, March 1, 2006 16:40, S t i n g r a y wrote: > will it filter out HTTP tunneling also ? Do you mean you have a VPN tunnel which transfers http, or what ? If that is the case, I don't think so ; Squid can only inspect traffic that it can see of course. However, if the Squid-box is at the end of the tunnel you may be able to do it. But maybe I don't understand correctly what problem you are trying to solve. Gr, Rob > --- Rob Sterenborg <rob@xxxxxxxxxxxxxxx> wrote: >> On Wed, March 1, 2006 12:45, S t i n g r a y wrote: >> > Is it possible to filter HTTP signatures/headers >> > with Iptables ? or is there addon for it ? >> >> You may be able to use the String match but you can >> only filter the payload of 1 packet at a time : if a >> signature/header spans multiple packets then it >> won't work. >> >> Netfilter is not meant to do content filtering. >> Perhaps you can use Squid. >> >> >> Gr, >> Rob
