We are looking to do some URL path and request method filtering with relayd
if possible. Many of the other layer 7 filters like "User-Agent" and
"Referer" work without issue.
The box is built using relayd from -current cvs downloaded on Mar 18, 2008.
Relayd is setup to be a reverse HTTP proxy with layer 7 filtering as a
relay to a test webserver.
Similar to a firewall mindset, we are looking to block everything other
than what we specifically list out.
As a test, the URL or path filtering can allow "/", "*.html" and "*.jpg".
We are unable to figure out how to get relayd to allow only these types of
files, and deny any other access. The following is from our test
relayd.conf file, but these rules block all access. Is there a way to list
out each file type, one per line? Can we instead use something similar to
a regular expression like, request path expect "(^\/|\.html|\.jpg)$"
## ## URL filtering (NOT working yet)
label "BAD path request"
request path expect "/"
request path expect "/*.html"
request path expect "/*.jpg"
The second question is how to only accept the "GET" and "HEAD" request
methods and deny any others. For example we do not want the webserver to
ever see POST or TRACE methods. As GET and HEAD are not headers, we are
unsure as what rules to use.
## ## Block bad request method (NOT working yet)
label "BAD request method"
request header expect "GET"
request header expect "HEAD"
Since it is a work in progress, our full relayd.conf file can be found
here for reference:
Relayd proxy "how to" (relayd.conf)
http://calomel.org/relayd.html
--
Calomel @ http://calomel.org
Open Source Research and Reference
