FT_PROXY
Preprocessor for HTTPS and SOCKS v4/4a/5 proxies. The filter classifies transmitted
content and detects proxy type automatically.
Category: Preprocessor
Supported flags:
FF_READ_ONLY_OUT
FF_READ_ONLY_IN
FF_PROXY_INDICATE_HTTPS_PROXY_RESPONSE
Object types:
OT_HTTPS_PROXY_REQUEST - HTTP CONNECT request to HTTPS proxy
OT_SOCKS4_REQUEST - request to SOCKS v4/4a proxy
OT_SOCKS5_AUTH_REQUEST - initial request to SOCKS5 proxy for negotiating authentication
method
OT_SOCKS5_AUTH_UNPW - authentication request to SOCKS5 proxy with user name and
password
OT_SOCKS5_REQUEST - request to SOCKS5 proxy containing a command with parameters
OT_HTTPS_PROXY_RESPONSE - a response to HTTP CONNECT request
Indicates object parts: yes
OT_HTTPS_PROXY_RESPONSE contains 3 streams (HS_STATUS, HS_HEADER, HS_CONTENT), like HTTP objects. The other objects contain a buffer in a single stream.
When FF_READ_ONLY_OUT flag is not specified for FT_PROXY filter, it is possible
to modify requests before posting to destination (for example to change the address
of remote server in proxy request). However it is possible only in case when outgoing packet contains the full proxy request. If a filtered application sends some request
in several packets, FT_PROXY switches to read-only mode to avoid blocking the other
traffic due to false positive. The indicated objects have read-only flag in this
case.
When FF_PROXY_INDICATE_HTTPS_PROXY_RESPONSE flag is enabled, it is possible to filter proxy responses in
dataPartAvailable/dataAvailable as objects with type
OT_HTTPS_PROXY_RESPONSE, having the same structure as generic HTTP
objects. The HTTPS proxy requests are indicated in dataAvailable as
OT_HTTPS_PROXY_REQUEST objects, containing request data in a single
stream. If the flag FF_READ_ONLY_IN is enabled, the indicated objects are read-only
and response data are sent to destination immediately.
References:
http://www.faqs.org/rfcs/rfc2616.html
http://www.faqs.org/rfcs/rfc1928.html
http://www.faqs.org/rfcs/rfc1929.html