FT_PROXY

Preprocessor for HTTPS and SOCKS v4/4a/5 proxies. The filter classifies transmitted content and detects proxy type automatically.

Category: Preprocessor

Supported flags:

FF_READ_ONLY_OUT

Object types:
OT_HTTPS_PROXY_REQUEST - HTTP CONNECT request to HTTPS proxy
OT_SOCKS4_REQUEST - request to SOCKS v4/4a proxy
OT_SOCKS5_AUTH_REQUEST - initial request to SOCKS5 proxy for negotiating authentication method
OT_SOCKS5_AUTH_UNPW - authentication request to SOCKS5 proxy with user name and password
OT_SOCKS5_REQUEST - request to SOCKS5 proxy containing a command with parameters

Indicates object parts:
no

The objects contain a buffer in one stream.

When FF_READ_ONLY_OUT flag is not specified for FT_PROXY filter, it is possible to modify requests before posting to destination (for example to change the address of remote server in proxy request). However it is possible only in case when outgoing packet contains the full proxy request. If a filtered application sends some request in several packets, FT_PROXY switches to read-only mode to avoid blocking the other traffic due to false positive. The indicated objects have read-only flag in this case.

References:

http://www.faqs.org/rfcs/rfc2616.html
http://www.faqs.org/rfcs/rfc1928.html
http://www.faqs.org/rfcs/rfc1929.html