+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Proxomitron Filters (/forumdisplay.php?fid=38)
+--- Forum: Privacy/Security/Spam (/forumdisplay.php?fid=10)
+--- Thread: Ask for killing URL shorteners redirections (/showthread.php?tid=1489)
Ask for killing URL shorteners redirections - lnminente - Oct. 03, 2009 02:28 AM
First of all this filter is intended to work in the base config, if someone want to port it to another config replace $GET(RESP) for the url you get from the incoming header Location and share that version with us.
This filter intercepts some URL shortener services by its domain and shows you the real url asking if you want to visit it
Why it can be a security risk?
Demonstration: http://www.youtube.com/watch?v=Upciy-g_n28
Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "! :I_52 Ask for killing URL shorteners redirections {ln}091003 WIP"
URL = "(^local.ptron/)(^$TST(keyword=*.NoKill.*)) $TST(uDom=bit.ly|is.gd|xrl.us|tinyurl.com) (^$TST(ContentType= image/*)) $LOG(RHeader $DTM(c),I_52 Ask for killing URL shorteners redirections in \h)$CONFIRM(URL SHORTENER REDIRECTION: \n\n\nBlock connection to the URL below?\n$GET(RESP)\n\a) $JUMP(http://local.ptron/base/killed.html?WHY=$ESC(URL Shortener redirection not accepted)&URL=$ESC(\u))""The URL shortener covered are bit.ly|is.gd|xrl.us|tinyurl.com, do you know more?
RE: Ask for killing URL shorteners redirections - whenever - Oct. 03, 2009 03:11 PM
You may find more here: http://en.wikipedia.org/wiki/URL_shortening
RE: Ask for killing URL shorteners redirections - lnminente - Oct. 03, 2009 04:17 PM
Thanks Whenever, i added some sites more thanks to your link. In this new version also added a comprobation of the response code:
Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "! :I_52 Ask for killing URL shorteners redirections {ln}091003b WIP"
URL = "(^local.ptron/)(^$TST(keyword=*.NoKill.*))$RESP(3*) $TST(uDom=bit.ly|is.gd|xrl.us|tinyurl.com|br.st|om.ly|j.mp|qu.pe|sl.ly|mxtux.tk|tweak.tk) (^$TST(ContentType= image/*)) $LOG(RHeader $DTM(c),I_52 Ask for killing URL shorteners redirections in \h)$CONFIRM(URL SHORTENER REDIRECTION: \n\n\nBlock connection to the URL below?\n$GET(RESP)\n\a) $JUMP(http://local.ptron/base/killed.html?WHY=$ESC(URL Shortener redirection not accepted)&URL=$ESC(\u))""RE: Ask for killing URL shorteners redirections - whenever - Oct. 06, 2009 03:45 AM
(Oct. 03, 2009 02:28 AM)lnminente Wrote: if someone want to port it to another config replace $GET(RESP) for the url you get from the incoming header Location and share that version with us.
Here is a version I modified and it doesn't rely on any config.
Instead killing the redirection, I redirect it to Google mobile proxy in case you are curious about the target URL's content. I suppose Google mobile proxy would remove scripts and should be safer. Of course you can modify to use any other web proxy which you know could remove scripts or other annoyance.
Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Location: Ask for killing URL shorteners redirections {ln, whenever}091006 WIP"
URL = "(^local.ptron/)bit.ly|is.gd|xrl.us|tinyurl.com|br.st|om.ly|j.mp|qu.pe|sl.ly|mxtux.tk|tweak.tk"
Match = "\0&(^$IHDR(Content-Type: image/*))($CONFIRM(\u is to be redirected to:\n\0\n\nGo Ahead?)$SET(1=\0)$LOG(R$DTM(c): Shortened URL Passed)|$SET(1=http://www.google.com/gwt/n?u=\0)$LOG(R$DTM(c): Shortened URL Rejected))"
Replace = "\1"RE: Ask for killing URL shorteners redirections - lnminente - Oct. 06, 2009 10:55 AM
Many thanks Whenever! And please, no need to quote my sentence, the excuses are for people who don't share their filters. The mods of my filters are always welcome
I like the google mobile idea. Thanks again!
Tip: i'm not sure if (^local.ptron/) would work for all the urls, so for being sure i would use
Code:
URL = "(^local.ptron/)(bit.ly|is.gd|xrl.us|tinyurl.com|br.st|om.ly|j.mp|qu.pe|sl.ly|mxtux.tk|tweak.tk)"Some links with bit.ly: http://twitter.com/bitlynow
RE: Ask for killing URL shorteners redirections - whenever - Oct. 06, 2009 03:55 PM
I just realize that (^local.ptron/) is not needed at all in my version as those domains we want the filter to work with are already explicitly written in the URL part.
RE: Ask for killing URL shorteners redirections - lnminente - Dec. 15, 2009 12:39 PM
New URL shorteners from Google and Facebook: his domains are Goo.gl and fb.me
Maybe an improve to this filter could be matching all the domains with less than 7 chars plus tinyurl.com, mxtux.tk and tweak.tk ...
RE: Ask for killing URL shorteners redirections - whenever - Dec. 16, 2009 04:17 PM
Good idea.
Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Location: Preview Shortened URL Before Redirected {ln, whenever}091217 (In)"
URL = "[^/]+{3,7}/|tinyurl.com|mxtux.tk|tweak.tk"
Match = "\0&(^$IHDR(Content-Type: image/*))($CONFIRM(\u is to be redirected to:\n\0\n\nGo Ahead?)$SET(1=\0)$LOG(R$DTM(c): Shortened URL Passed)|$SET(1=http://www.google.com/gwt/n?u=\0)$LOG(R$DTM(c): Shortened URL Rejected))"
Replace = "\1"RE: Ask for killing URL shorteners redirections - lnminente - Dec. 17, 2009 06:59 PM
I don't have much time these days, many thanks for your work Whenever!
RE: Ask for killing URL shorteners redirections - whenever - Jan. 30, 2010 01:48 PM
The 091217 version has a bug that it will ALWAYS ADD a header for a URL even if it doesn't include a Location header at all, as long as it is short enough and its Content-Type is not image. Example: http://img.ly/pTN
Therefore, we have to use ?* to make sure there is something in the Location header, hence the updated filter:
Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Location: Preview Shortened URL Before Redirected {ln, whenever}100130 (In)"
URL = "[^/]+{3,7}/|tinyurl.com|mxtux.tk|tweak.tk"
Match = "(?*)\0&(^$IHDR(Content-Type: image/*))($CONFIRM(\u is to be redirected to:\n\0\n\nGo Ahead?)$SET(1=\0)$LOG(R$DTM(c): Shortened URL Passed)|$SET(1=http://www.google.com/gwt/n?u=\0)$LOG(R$DTM(c): Shortened URL Rejected))"
Replace = "\1"