David-ms

I filter specific IPs of the following way:

Code Snippet

RtlZeroMemory(&filter, sizeof(FWPM_FILTER0));

RtlZeroMemory(&FilterCondition, sizeof(FWPM_FILTER_CONDITION0));

FilterCondition.fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;

FilterCondition.matchType = FWP_MATCH_EQUAL;

FilterCondition.conditionValue.type = FWP_UINT32;

//193.145.233.8, www.ua.es

FilterCondition.conditionValue.uint32 = 0xC191E908;

filter.layerKey = FWPM_LAYER_OUTBOUND_IPPACKET_V4;

filter.action.type = FWP_ACTION_BLOCK;

filter.weight.type = FWP_EMPTY;

filter.numFilterConditions = 1;

filter.filterCondition = &FilterCondition;

error = FwpmFilterAdd0(engineHandle, &filter, NULL, NULL);

Is possible to filter URLs (for example www.ua.es) with similar method using WFP

Thanks to all. A greeting.



Re: Windows Filtering Platform (WFP) How to filter a specific URL with WFP?

Biao Wang [MSFT]

WFP does not currently support firewall rules with hostname or URL.

You could consider performing UDP content inspection to block DNS resolution packets; however you wouldn't be able to intercept name resolutions resolved by local dns cache or via host file. Also such filtering can be bypassed by using literal IP addresses.

To inspect HTTP traffic send to certain URLs, you could perform TCP content inspection by utilizing WFP's stream layer and parse out HTTP urls.

Hope this helps,

Biao.W.





Re: Windows Filtering Platform (WFP) How to filter a specific URL with WFP?

Truesearch

Biao.W:

Can you post some code showing how to "utilize WFP's stream layer and parse out HTTP urls"

Thanks in advance!

Truesearch





Re: Windows Filtering Platform (WFP) How to filter a specific URL with WFP?

Charlie Hu [MSFT]

WDK sample 'stmedit' is a good demo to show usage of stream inspection. It depends on your application requirements how to use stream layer. If you want to restrict access to specific URL, a block to HTTP 'GET' method containing the URL will be enough.