D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Level 7 firewalling



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Theo P. Zourzouvillys wrote:
> On Friday 24 October 2003 1:19 am, Paul Weaver wrote:
>
>>Long story semi-short, is there an iptables style thingee that can drop
>>packets based on their application layer content?

Sure but that isn't a layer 7 proxy.

Layer seven proxies reassemble, check and recreate the data, in some
cases stateful type inspections may be good enough, but for XML it gets
hideous I suspect. What do you do if the later packets don't close tags
opened in the earlier ones?

Squid handles HTTP, HTTPS, FTP.
Check out delegate.org and try Googling for "application level gateway".

> Nothing readily avalible for what you need, but easy to write using
iptables
> contrack API.

If they genuinely want a layer 7 proxy, why not just write one in Perl?

Java may be a better choice for once, as the parser is probaby
guaranteed to be a bit more robust.

If all it is doing is inspecting XML and pass it on to a remote machine,
or does this proxy allow them to filter on the basis of the content of
the XML?

There are several start ups flogging XML firewalls, although I thought
the whole point of XML was it was easy to parse safely, so is it the
content they want to filter?

I assume this is all SOAP driven which is usually bound to http
requests, so you might check what sort of stuff SQUID and friends can do
already with HTTP.

Also kick Nick Kew if you want an answer from someone who knows, as he
has been involved in proxies that manipulate HTML in complex ways, so
probably knows a thing or two that may be relevant.
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/mWaWGFXfHI9FVgYRAsOVAJ4w5AXXJSpmbPFlCb7mCNl2xUAwmQCdEuCb
UQhGLGuzWG8cPlOgypGFMWc=
=1r63
-----END PGP SIGNATURE-----

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.


Lynx friendly