glob

http_filter

http_filter
© 2001-2006 byron jones
artistic license
glob.com.au/http_filter
httpfilter @ glob.com.au

about http_filter

a while back, i had to set up iis's web access for email (owa). now, i think iis has more holes that swiss cheese, so i wrote a simple http tunnel script in perl which allows you to filter requests.

i've added to it, so it call also multiplex multiple web servers on the port 80 (owa 2000 must run on port 80).

it works like

  internet --> ( *nix firewall  )
               ( http_filter:80 ) --> iis_box_1:80
                                  --> iis_box_2:80
                                  --> apache_box:80

it looks at the host: header and creates a tunnel to the appropriate web server in the dmz.

it's now a two second job for me to "patch" my iis servers when a problem is announced .. i schedule patches at the next reboot rather than schedule reboots to apply patches :)

i've been running it for several years without issue. i think this may be useful to other sysadmins, so here it is.

alternatives

if you want to run http_filter on your iis box directly, you probably don't want to run http_filter :) run a tool microsoft released a while after http_filter called URLscan :

http://www.microsoft.com/technet/security/tools/URLscan.asp

if you don't need multiplexing (if you only have a single server to protect), you may want to look at hogwash. hogwash is a packet layer firewall which drops packet based on inspection and signatures. this means that the packets (and therefore your log files) aren't affected :

http://hogwash.sourceforge.net/

download http_filter

you'll be needing perl.

http_filter.tar.gz version 1.4.6

http_filter is distributed under the artistic license.