bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2026-05-01 16:30:11 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
9f477e2fb2
3proxy/doc/html/plugins/PCREPlugin.html
Vladimir Dubrovin ac20f189c8 Update documentation
2026-04-30 19:11:17 +03:00

91 lines
3.2 KiB
HTML
Raw Blame History

<h3>3proxy PCRE (Perl Compatible Regular Expressions) Filtering</h3>
<p><b>Note:</b> Since version 0.9.7, PCRE filtering is built into 3proxy and does not require
a separate plugin. All pcre_* commands are available directly when 3proxy is compiled with
PCRE2 support (WITH_PCRE). The plugin line is no longer needed.</p>
<p>This filtering functionality can be used to create matching and replacement
rules with regular expressions for client requests, client and
server headers, and client and server data. It adds 3 additional
configuration commands:</p>
<pre>
pcre TYPE FILTER_ACTION REGEXP [ACE]
pcre_rewrite TYPE FILTER_ACTION REGEXP REWRITE_EXPRESSION [ACE]
pcre_extend FILTER_ACTION [ACE]
pcre_options OPTION1 [...]
</pre>
pcre - allows applying a rule for matching
<br>pcre_rewrite - in addition to 'pcre', allows substituting substrings
<br>pcre_extend - extends the ACL of the last pcre or pcre_rewrite command by
adding an additional ACE (like with allow/deny configuration commands).
<br>pcre_options - allows setting matching options. Available options are:
PCRE_CASELESS,
PCRE_MULTILINE,
PCRE_DOTALL,
PCRE_EXTENDED,
PCRE_ANCHORED,
PCRE_DOLLAR_ENDONLY,
PCRE_EXTRA,
PCRE_NOTBOL,
PCRE_NOTEOL,
PCRE_UNGREEDY,
PCRE_NOTEMPTY,
PCRE_UTF8,
PCRE_NO_AUTO_CAPTURE,
PCRE_NO_UTF8_CHECK,
PCRE_AUTO_CALLOUT,
PCRE_PARTIAL,
PCRE_DFA_SHORTEST,
PCRE_DFA_RESTART,
PCRE_FIRSTLINE,
PCRE_DUPNAMES,
PCRE_NEWLINE_CR,
PCRE_NEWLINE_LF,
PCRE_NEWLINE_CRLF,
PCRE_NEWLINE_ANY,
PCRE_NEWLINE_ANYCRLF,
PCRE_BSR_ANYCRLF,
PCRE_BSR_UNICODE
<ul>
<li>TYPE - type of filtered data. May contain one or more
(comma-delimited list) values:
<ul>
<li>request - content of the client's request, e.g., the HTTP GET request string.
(known problem: changing the request string doesn't change the IP of the host to connect to)
<li>cliheader - content of the client request headers, e.g., HTTP request headers.
<li>srvheader - content of the server's reply headers, e.g., HTTP status and headers.
<li>clidata - data received from the client, e.g., HTTP POST request data
<li>srvdata - data received from the server, e.g., an HTML page
</ul>
<li>FILTER_ACTION - action on match
<ul><li>allow - allow this request without checking the rest of the rules for the given type
<li>deny - deny this request without checking the rest of the rules
<li>dunno - continue with the rest of the rules (useful with pcre_rewrite)
</ul>
<li>REGEXP - PCRE (Perl) regular expression. Use * if no regexp matching
is required.
<li>REWRITE_EXPRESSION - substitution string. May contain Perl-style
substrings
(not tested) $1, $2. $0 means the whole matched string. \r and \n may be used
to insert new strings; the string may be empty ("").
<li>ACE - access control entry (user names, source IPs, destination IPs,
ports, etc.), absolutely identical to allow/deny/bandlimin commands.
The regular expression is only matched if the ACL matches the connection data.
Warning:
Regular expressions don't require authentication and cannot replace
authentication and/or allow/deny ACLs.
</ul>
<h4>Example:</h4>
<pre>
pcre request deny "porn|sex" user1,user2,user3 192.168.0.0/16
pcre srvheader deny "Content-type: application"
pcre_rewrite clidata,srvdata dunno "porn|sex|pussy" "***" baduser
pcre_extend deny * 192.168.0.1/16
</pre>
&copy; Vladimir Dubrovin, License: BSD style
Reference in New Issue View Git Blame Copy Permalink