Configuration [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    Next revision    		Previous revision
    en:dpi:dpi_options:opt_filtration:filtration_settings:start [2020/02/17 07:09] edrudichgmailcomen:dpi:dpi_options:opt_filtration:filtration_settings:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
    Line 1: Line 1:
    -====== 2 Configuration ====== 
    -{{indexmenu_n>2}} 
    -<note warning>The system is delivered with black list filtering option turned on.</note> 
      
    -You can configure the option or turn it off by configuration file /etc/dpi/fastdpi.conf. All parameters are optional and have default values. 
    - 
    -Filtering service configuration: 
    - 
    -<code>federal_black_list=true enable automatic loading and application of cloud service list  
    -(false - disables)</code> 
    - 
    -The lists received from clouds are placed to the directory /var/lib/dpi. Their names are: 
    - 
    -blcache.bin - URL dictionary to block HTTP\\   
    -blcachecn.bin - names' dictionary to block HTTPS by certificates\\  
    -blcacheip.bin - IP addresses dictionary to block HTTPS by IP 
    - 
    -<note important>The subscriber's browser receives 403 error (Forbidden) as a reply on an attempt to access a restricted page by HTTP protocol. Its look depends on the browser in use.</note> 
    -  
    -This behaviour can be modified. The browser can be redirected to a special operator's information page Instead of the error code((in case this parameter ends by ? or &: the parameter UrlRedir is added to the formed URL. It points to a page selected by the subscriber.)): 
    - 
    -<code>black_list_redirect=http://operator.ru/blockpage.html</code> 
    - 
    -The operator can attach his own black list in addition to or as a replacement of the federal black lists. The latest are provided as a part of the service. 
    - 
    -<code>#URL dictionary for blocking by HTTP protocol  
    -custom_url_black_list=http://operator.ru/url_list.dic 
    - 
    -#Names dictionary for blocking HTTPS by certificate 
    -custom_cn_black_list=http://operator.ru/cn_list.dic 
    - 
    -#IP addresses dictionary for blocking HTTPS by IP  
    -custom_ip_black_list=http://operator.ru/ip_list.dic</code> 
    - 
    -URL field can be used to specify ftp protocol and authentication parameters. 
    - 
    -The lists downloaded from the specified URL are stored in /var/lib/dpi. Their names are: 
    - 
    -blcustom.bin - the URL dictionary to block HTTP\\   
    -blcustomcn.bin - the name's dictionary to block HTTPS by certificate\\   
    -blcustomip.bin - the IP addresses' dictionary to block HTTPS by IP 
    - 
    -The black list update period can be configured. It is 60 minutes by default: 
    - 
    -<code>timeout_check_new_bl=60</code> 
    - 
    -The service has to load modified parameters after configuration changes. One can do it by the following instructions (([[en:dpi:dpi_components:platform:dpi_update:errata:start|Corrections]])): 
    - 
    -To update modified "hot" parameters: 
    -<code>service fastdpi reload</code> 
    - 
    -To update all parameters by the service's restart:  
    -<code>service fastdpi restart</code> 
    -:!: The short break (less than 1 second) in service is caused by restart, if the Bypass is not supported. 
    - 
    -For your information: 
    - 
    -'#' character at the beginning of a configuration file line marks the comment. 
    - 
    -In case the service is used to filter by black list only, we advise to switch off the analysis of protocols rather than HTTP. It helps increase productivity and reduces CPU load: 
    -<code>only_tcp=1</code> 
    - 
    -If the black lists are created on the same computer that runs DPI: you can just put them to /var/lib/dpi directory. Their names must be blcustom.bin and blcustomip.bin, same as above.\\  
    -:!: Please use the instruction mv to move dictionaries! This command is an atomic one. Do not use copy instruction! 
    - 
    -Creation of dictionaries with URL and IP addresses is described [[en:dpi:dpi_options:opt_filtration:making_dictionary:start|in the next chapter]]. 
    - 
    -In order to switch off the black lists functionality, one has to switch off their automatic loading by configuration file and delete dictionaries from /var/lib/dpi. You have to restart the service then. 
    - 
    -To switch off federal lists of Federal Supervision Agency for Information Technologies and Communications and Department of Justice:\\ 
    -Set the parameter federal_black_list=false in the configuration file /etc/dpi/fastdpi.conf. And then:   
    -<code> 
    -rm /var/lib/dpi/blcache.bin    
    -rm /var/lib/dpi/blcachecn.bin 
    -rm /var/lib/dpi/blcacheip.bin  
    -</code> 
    - 
    -To switch off additional (operator's) black lists:\\ 
    -please comment out or remove the parameters custom_url_black_list and custom_ip_black_list in configuration file /etc/dpi/fastdpi.conf. 
    -<code> 
    -rm /var/lib/dpi/blcustom.bin   
    -rm /var/lib/dpi/blcustomcn.bin 
    -rm /var/lib/dpi/blcustomip.bin 
    -</code> 
    - 
    -<note>The "hot" parameters: federal_black_list, only_tcp, timeout_check_new_bl 
    -The "cold" parameters: black_list_redirect, custom_url_black_list, custom_cn_black_list, custom_ip_black_list 
    -You can find more details here: [[en:dpi:dpi_components:platform:dpi_admin:start|administering]] 
    -</note>