Differences

This shows you the differences between two versions of the page.

--- en:dpi:dpi_options:opt_capture:capt_mgmt:start [2024/07/12 12:17] – [Management of a named profile (service 16):] elena.krasnobryzh
+++ en:dpi:dpi_options:opt_capture:capt_mgmt:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-====== Management ======
-{{indexmenu_n>4}}
-This service is configured for individual subscribers by ''[[en:dpi:dpi_components:platform:subscriber_management:subsman_cmd:start|fdpi_ctrl]]''.
-Instruction format:
-<code bash>
-fdpi_ctrl command --service 5 [Services_list] [IP_list]
-</code>
-The instruction syntax and IP addresses specification methods are described in details here: [[en:dpi:dpi_components:platform:subscriber_management:subsman_cmd:start|Control instructions]].
-===== Management of a default profile (service 5): =====
-  - Enable the "white list" operation for the particular subscriber with **a default profile** (is specified in ''etc/dpi/fastdpi.conf'' configuration file):<code bash>
-fdpi_ctrl load --service 5 --ip 192.168.0.1
-</code>
-  - Disable the "white list" operation for the particular subscriber:<code bash>
-fdpi_ctrl del --service 5 --ip 192.168.0.1
-</code>
-===== Management of a named profile (service 5): =====
-. In order to create **a named profile** and activate the locking service with a profile for several subscribers:
-<code bash>
-fdpi_ctrl load profile --service 5  --profile.name test_white --profile.json '{ "url_list" : "http://mysite.ru/myfile.bin" , "sni_list" : "http://mysite.ru/myfilesni.bin", "ip_list" : "http://mysite.ru/myfileip.bin", "cn_list" : "http://mysite.ru/myfilecn.bin", "redirect" : "mysite.ru/block" }'
-</code>
-here the following profile settings using the json format are specified:
-  * ''redirect'' — the redirection page((Attention: if you specify the https site, then you have to put the given domain on the list of SNI otherwise the domain will be blocked))((Additional parameters can be added (according to HTTP rules) only after ? or &, they must be specified in the URL for whitelisting and here you need to think for DPI, otherwise DPI will assign /?))
-  * ''url_list'' — white URL list
-  * ''sni_list'' — white SNI list
-  * ''ip_list'' — white list of IP:PORT pairs((a check against the ip:port or cname is run if the request does not contain URL or SNI))
-  * ''cn_list'' — white list of Common Name((a check against the ip:port or cname is run if the request does not contain URL or SNI))
-<note tip>The list can be placed both on an external resource - in this case it is loaded before it is used, and in a local file, for example, ''cn_list'' : ''/tmp/cn_list.bin''</note>
-. Connection of blocking service with a profile for multiple subscribers:
-<code bash>fdpi_ctrl load --service 5 --profile.name test_white --ip 192.168.0.1
-fdpi_ctrl load --service 5 --profile.name test_white --login user01</code>
-. To search for subscribers who have an activated alert service with the specified profile name:
-<code bash>
-fdpi_ctrl list all --service 5 --profile.name test_white</code>
-. To delete a named profile(there should be no subscribers using this profile):
-<code bash>
-fdpi_ctrl del profile --service 5  --profile.name test_white
-</code>
-. Change of service (profile) settings (new settings are applied to all subscribers with the specified service profile):
-<code bash>
-fdpi_ctrl load profile --service 5 --profile.name test_white --profile.json '{ "url_list" : "http://mysite.ru/newfile.bin" , "ip_list" : "http://mysite.ru/myfileip.bin", "cn_list" : "http://mysite.ru/myfilecn.bin", "redirect" : "mysite.ru/block" }'
-</code>
-===== Management of a named profile (service 16): =====
-. In order to create **a named profile** and activate the locking service with a profile for several subscribers:
-<code bash>
-fdpi_ctrl load profile --service 16 --profile.name portal_info_1 --profile.json '{ "ip_list" : "/var/lib/dpi/ip_list_1.bin", "redirect" : "http://info.com" }'
-</code>
-here the following profile settings using the json format are specified:
-  * ''redirect'' — the redirection page((Attention: if you specify the https site, then you have to put the given domain on the list of SNI otherwise the domain will be blocked))((Additional parameters can be added (according to HTTP rules) only after ? or &, they must be specified in the URL for whitelisting and here you need to think for DPI, otherwise DPI will assign /?))
-  * ''ip_list'' — white list of IP:PORT pairs((Check by IP:Port))
-. Connection of blocking service with a profile for multiple subscribers:
-<code bash>
-fdpi_ctrl load --service 16 --profile.name portal_info_1 --ip 192.168.0.1
-fdpi_ctrl load --service 16 --profile.name portal_info_1 --login user01
-</code>
-<note tip>When the service is activated, only TCP traffic is blocked. To block UDP traffic as well, you must [[en:dpi:dpi_components:platform:subscriber_management:subsman_cmd:start#configuring_tcp_and_udp_protocol_blocking|enable the]] ''[[en:dpi:dpi_components:platform:subscriber_management:subsman_cmd:start#configuring_tcp_and_udp_protocol_blocking|udp_block]]'' parameter.</note>
-. To search for subscribers who have an activated service with the specified profile name:
-<code bash>
-fdpi_ctrl list all --service 16 --profile.name portal_info_1</code>
-. To delete a named profile(there should be no subscribers using this profile):
-<code bash>
-fdpi_ctrl del profile --service 16  --profile.name portal_info_1
-</code>
-. Change of service (profile) settings (new settings are applied to all subscribers with the specified service profile):
-<code bash>
-fdpi_ctrl load profile --service 16 --profile.name portal_info_1 --profile.json '{ "ip_list" : "/var/lib/dpi/new_ip_list_1.bin", "redirect" : "http://new.info.com" }'
-</code>

Profile

Settings

Differences