FT_PROXYΒΆ
Preprocessor for HTTPS and SOCKS v4/4a/5 proxy protocols.
- Category:
Preprocessor
Supported flags
FF_READ_ONLY_OUT
FF_READ_ONLY_IN
FF_PROXY_INDICATE_HTTPS_PROXY_RESPONSE
Object types
OT_HTTPS_PROXY_REQUEST - HTTP CONNECT request to HTTPS proxy
OT_SOCKS4_REQUEST - request to SOCKS v4/4a proxy
OT_SOCKS5_AUTH_REQUEST - initial request to SOCKS5 proxy for negotiating authentication method
OT_SOCKS5_AUTH_UNPW - authentication request to SOCKS5 proxy with user name and password
OT_SOCKS5_REQUEST - request to SOCKS5 proxy containing a command with parameters
OT_HTTPS_PROXY_RESPONSE - a response to HTTP CONNECT request
- Indicates object parts:
yes
The filter classifies the transmitted content and detects proxy protocol automatically.
OT_HTTPS_PROXY_RESPONSE contains 3 streams (HS_STATUS, HS_HEADER, HS_CONTENT), like HTTP objects. The other objects contain a buffer in a single stream.
When FF_READ_ONLY_OUT flag is not specified for FT_PROXY filter, it is possible to modify requests before posting to destination (for example to change the address of remote server in proxy request). However it is possible only in case when outgoing packet contains the full proxy request. If a filtered application sends some request in several packets, FT_PROXY switches to read-only mode to avoid blocking the other traffic due to false positive. The indicated objects have read-only flag in this case.
When FF_PROXY_INDICATE_HTTPS_PROXY_RESPONSE flag is enabled, it is possible to filter proxy responses in dataPartAvailable/dataAvailable as objects with type OT_HTTPS_PROXY_RESPONSE, having the same structure as generic HTTP objects. The HTTPS proxy requests are indicated in dataAvailable as OT_HTTPS_PROXY_REQUEST objects, containing request data in a single stream. If the flag FF_READ_ONLY_IN is enabled, the indicated objects are read-only and response data are sent to destination immediately.