Threaded Mode | Linear Mode

lnminente · (This post was last modified: Dec. 17, 2009 06:48 PM by lnminente.)

First of all this filter is intended to work in the base config, if someone want to port it to another config replace $GET(RESP) for the url you get from the incoming header Location and share that version with us.

This filter intercepts some URL shortener services by its domain and shows you the real url asking if you want to visit it

Why it can be a security risk?
Demonstration: http://www.youtube.com/watch?v=Upciy-g_n28

Code:

[HTTP headers]

In = TRUE

Out = FALSE

Key = "! :I_52 Ask for killing URL shorteners redirections {ln}091003 WIP"

URL = "(^local.ptron/)(^$TST(keyword=*.NoKill.*)) $TST(uDom=bit.ly|is.gd|xrl.us|tinyurl.com) (^$TST(ContentType= image/*)) $LOG(RHeader $DTM(c),I_52 Ask for killing URL shorteners redirections in \h)$CONFIRM(URL SHORTENER REDIRECTION: \n\n\nBlock connection to the URL below?\n$GET(RESP)\n\a) $JUMP(http://local.ptron/base/killed.html?WHY=$ESC(URL Shortener redirection not accepted)&URL=$ESC(\u))""

The URL shortener covered are bit.ly|is.gd|xrl.us|tinyurl.com, do you know more?

**whenever** · Oct. 03, 2009, 03:11 PM

You may find more here: http://en.wikipedia.org/wiki/URL_shortening

lnminente · (This post was last modified: Dec. 17, 2009 06:48 PM by lnminente.)

Thanks Whenever, i added some sites more thanks to your link. In this new version also added a comprobation of the response code:

Code:

[HTTP headers]

In = TRUE

Out = FALSE

Key = "! :I_52 Ask for killing URL shorteners redirections {ln}091003b WIP"

URL = "(^local.ptron/)(^$TST(keyword=*.NoKill.*))$RESP(3*) $TST(uDom=bit.ly|is.gd|xrl.us|tinyurl.com|br.st|om.ly|j.mp|qu.pe|sl.ly|mxtux.tk|tweak.tk) (^$TST(ContentType= image/*)) $LOG(RHeader $DTM(c),I_52 Ask for killing URL shorteners redirections in \h)$CONFIRM(URL SHORTENER REDIRECTION: \n\n\nBlock connection to the URL below?\n$GET(RESP)\n\a) $JUMP(http://local.ptron/base/killed.html?WHY=$ESC(URL Shortener redirection not accepted)&URL=$ESC(\u))""

**whenever** · Oct. 06, 2009, 03:45 AM

(Oct. 03, 2009 02:28 AM)lnminente Wrote: if someone want to port it to another config replace $GET(RESP) for the url you get from the incoming header Location and share that version with us.

Here is a version I modified and it doesn't rely on any config.

Instead killing the redirection, I redirect it to Google mobile proxy in case you are curious about the target URL's content. I suppose Google mobile proxy would remove scripts and should be safer. Of course you can modify to use any other web proxy which you know could remove scripts or other annoyance.

Code:

[HTTP headers]

In = TRUE

Out = FALSE

Key = "Location: Ask for killing URL shorteners redirections {ln, whenever}091006 WIP"

URL = "(^local.ptron/)bit.ly|is.gd|xrl.us|tinyurl.com|br.st|om.ly|j.mp|qu.pe|sl.ly|mxtux.tk|tweak.tk"

Match = "\0&(^$IHDR(Content-Type: image/*))($CONFIRM(\u     is to be redirected to:\n\0\n\nGo Ahead?)$SET(1=\0)$LOG(R$DTM(c): Shortened URL Passed)|$SET(1=http://www.google.com/gwt/n?u=\0)$LOG(R$DTM(c): Shortened URL Rejected))"

Replace = "\1"

lnminente · (This post was last modified: Oct. 06, 2009 10:59 AM by lnminente.)

Many thanks Whenever! And please, no need to quote my sentence, the excuses are for people who don't share their filters. The mods of my filters are always welcome Smile!

I like the google mobile idea. Thanks again!

Tip: i'm not sure if (^local.ptron/) would work for all the urls, so for being sure i would use

Code:

URL = "(^local.ptron/)(bit.ly|is.gd|xrl.us|tinyurl.com|br.st|om.ly|j.mp|qu.pe|sl.ly|mxtux.tk|tweak.tk)"

Some links with bit.ly: http://twitter.com/bitlynow

**whenever** · Oct. 06, 2009, 03:55 PM

I just realize that (^local.ptron/) is not needed at all in my version as those domains we want the filter to work with are already explicitly written in the URL part.

lnminente · (This post was last modified: Dec. 15, 2009 12:40 PM by lnminente.)

New URL shorteners from Google and Facebook: his domains are Goo.gl and fb.me
Maybe an improve to this filter could be matching all the domains with less than 7 chars plus tinyurl.com, mxtux.tk and tweak.tk ...

**whenever** · (This post was last modified: Dec. 17, 2009 02:31 AM by whenever.)

Good idea.

Code:

[HTTP headers]

In = TRUE

Out = FALSE

Key = "Location: Preview Shortened URL Before Redirected {ln, whenever}091217 (In)"

URL = "[^/]+{3,7}/|tinyurl.com|mxtux.tk|tweak.tk"

Match = "\0&(^$IHDR(Content-Type: image/*))($CONFIRM(\u     is to be redirected to:\n\0\n\nGo Ahead?)$SET(1=\0)$LOG(R$DTM(c): Shortened URL Passed)|$SET(1=http://www.google.com/gwt/n?u=\0)$LOG(R$DTM(c): Shortened URL Rejected))"

Replace = "\1"

lnminente · Dec. 17, 2009, 06:59 PM

I don't have much time these days, many thanks for your work Whenever! Smile!

**whenever** · (This post was last modified: Jan. 30, 2010 01:51 PM by whenever.)

The 091217 version has a bug that it will ALWAYS ADD a header for a URL even if it doesn't include a Location header at all, as long as it is short enough and its Content-Type is not image. Example: http://img.ly/pTN

Therefore, we have to use ?* to make sure there is something in the Location header, hence the updated filter:

Code:

[HTTP headers]

In = TRUE

Out = FALSE

Key = "Location: Preview Shortened URL Before Redirected {ln, whenever}100130 (In)"

URL = "[^/]+{3,7}/|tinyurl.com|mxtux.tk|tweak.tk"

Match = "(?*)\0&(^$IHDR(Content-Type: image/*))($CONFIRM(\u     is to be redirected to:\n\0\n\nGo Ahead?)$SET(1=\0)$LOG(R$DTM(c): Shortened URL Passed)|$SET(1=http://www.google.com/gwt/n?u=\0)$LOG(R$DTM(c): Shortened URL Rejected))"

Replace = "\1"