The Un-Official Proxomitron Forum / Forum Related / Privoxy / Path Blocking with Metacharacters


Post Reply 
Path Blocking with Metacharacters
Sep. 23, 2016, 04:30 PM (This post was last modified: Mar. 20, 2017 11:04 AM by Faxopita.)
Post: #23
Faxopita Offline
Member
*
 		Posts: 98
Joined: Jul 2015
RE: Path Blocking Using Wildcard Characters
Highlighting the Importance of Path Filtering Beyond Pure Domain Blocking

Resorting to filtering tools such as hosts file, Privoxy, DNS blocking, pfSense, etc. are good strategies to create domain blacklists. In my case, I combined Privoxy with Unbound, but it isn't enough.

Example: real-world request attempt…

Code:
https://platform2.cloud-iq.com/cartrecovery/?mode=store&session_id=&app_id=1234&basket_timeout=1500&base_campaign_id=14236&email_campaign_id=0008&baseAppId=4620&fingerprint=5346534625&page_title=Which%3F%20Magazine%20Subscription%20%3A%3A%20iSUBSCRiBE.co.uk&page_url=https%3A%2F%2Fwww.isubscribe.co.uk%2FWhich-Magazine-Subscription.cfm&cloudiqReferringURL=false&cloudiq_page_load=true&cloudiq_product_viewed=4357943579405&cloudiq_cart_started=0

Domain .cloud-iq.com was not initially blacklisted in my config. No response from my domain black list. In such a situation, resorting to path-side filtering is necessary; thanks to ProxHTTPSProxyMII, parts of my rule set were triggered even though the request was encrypted:
  1. In file: Borrowed/DSzalkowski.action
    Code:
    {+block{Denis Szalkowski} }
    /(.*[^a-z])?campaign(_|/)
    /(.*[^a-z])?fingerprint(=|\.)
    -–—
  2. In file: Borrowed/YoranBrault.action
    Code:
    {+block{Web Beacon} } # Shared by Cattleyavns
    /.{300}
    -–—
  3. In file: Personal/RefusedPath.action
    Code:
    {+block{Declined Paths} }
    /.*(campaign|comm?ercial|marketing|parte?nn?(er|air)|promo|social)
    /.*((resolution|ram.{0,3}MB|screen)=|subscribe|splash.?page|track)
    /.*([^o]ads?.?(bloc?k?|loade?r|manage?r|modul)|fingerprint|=false)
    /.*(advertize|invisible|(e.?mail|slot.?name|url)=|widget|win.?bid)
    /.*((client|request|survey).?id|https?(:|%3A)(\/\/|%2F%2F)|lytics)
    /(.*[^a-z])?(F?www\.)
    -–—
What has been captured: fingerprint, subscribe, campaign, url=, =false, https%3A%2F%2F

If there were no ProxHTTPSProxyMII, Privoxy would have let go the connexion to platform2.cloud-iq.com; simply because it cannot see the path side of any HTTPS-enabled URL without the ProxHTTPSProxyMII add-on. Frustrating!

Another example from “customer engagement” company.

Code:
https://mxm.mxmfb.com/rsps/m/27kYkShl7ccUi-xNnW2r8s-tlXSPuQesk3J_yE3fldV

Fortunaly, I had this domain blacklisted, but another cushion came in on the path side as well:
Code:
{+block{Declined Paths} }
/(.*((/|%2F)|(\?|%3F)))?(([a-z]|\d|_)+[-+]\w*(\d[a-z]|[a-z]\d)[a-z0-9-_+]*|\w*(\d[a-z]|[a-z]\d)\w*[-+][a-z0-9-_+]+)[~=?]*$

You know what you have to do for truly efficient filtering: neither rely only on EasyList sources nor domain blacklists. Above, none of my EasyList sources were triggered. For truly efficient blocking, go a step further by allowing Privoxy to view secured connexions while both keeping a suspicious eye on overly complicated websites and creating your own rule set as a fallback…

Tip: if you wish to bookmark a new site, you can assess it first via this tool.
Add Thank You Quote this message in a reply
Post Reply 


Messages In This Thread
Path Blocking with Metacharacters - Faxopita - Aug. 10, 2015, 10:19 PM
RE: Path Blocking Using Wildcard Characters - Faxopita - Sep. 23, 2016 04:30 PM

Forum Jump:


Contact Us | The Un-Official Proxomitron Site | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication