{{tag>Services "Service 5" Whitelist "Captive Portal" "Service 16" Redirection}} ====== Management ====== {{indexmenu_n>4}} This service is configured for individual subscribers by ''[[en:dpi:dpi_components:platform:subscriber_management:subsman_cmd|fdpi_ctrl]]''. Instruction format: fdpi_ctrl command --service 5 [Services_list] [IP_list] The instruction syntax and IP addresses specification methods are described in details here: [[en:dpi:dpi_components:platform:subscriber_management:subsman_cmd|Control instructions]]. ===== Management of a default profile (service 5): ===== - Enable the "white list" operation for the particular subscriber with **a default profile** (is specified in ''etc/dpi/fastdpi.conf'' configuration file): fdpi_ctrl load --service 5 --ip 192.168.0.1 - Disable the "white list" operation for the particular subscriber: fdpi_ctrl del --service 5 --ip 192.168.0.1 ===== Management of a named profile (service 5): ===== 1. In order to create **a named profile** and activate the locking service with a profile for several subscribers: fdpi_ctrl load profile --service 5 --profile.name test_white --profile.json '{ "url_list" : "http://mysite.ru/myfile.bin" , "sni_list" : "http://mysite.ru/myfilesni.bin", "ip_list" : "http://mysite.ru/myfileip.bin", "cn_list" : "http://mysite.ru/myfilecn.bin", "redirect" : "mysite.ru/block" }' here the following profile settings using the json format are specified: * ''redirect'' — the redirection page((Attention: if you specify the https site, then you have to put the given domain on the list of SNI otherwise the domain will be blocked))((Additional parameters can be added (according to HTTP rules) only after ? or &, they must be specified in the URL for whitelisting and here you need to think for DPI, otherwise DPI will assign /?)) * ''url_list'' — white URL list * ''sni_list'' — white SNI list * ''ip_list'' — white list of IP:PORT pairs((a check against the ip:port or cname is run if the request does not contain URL or SNI)) * ''cn_list'' — white list of Common Name((a check against the ip:port or cname is run if the request does not contain URL or SNI)) The list can be placed both on an external resource - in this case it is loaded before it is used, and in a local file, for example, ''cn_list'' : ''/tmp/cn_list.bin'' 2. Connection of blocking service with a profile for multiple subscribers: fdpi_ctrl load --service 5 --profile.name test_white --ip 192.168.0.1 fdpi_ctrl load --service 5 --profile.name test_white --login user01 3. To search for subscribers who have an activated alert service with the specified profile name: fdpi_ctrl list all --service 5 --profile.name test_white 4. To delete a named profile(there should be no subscribers using this profile): fdpi_ctrl del profile --service 5 --profile.name test_white 5. Change of service (profile) settings (new settings are applied to all subscribers with the specified service profile): fdpi_ctrl load profile --service 5 --profile.name test_white --profile.json '{ "url_list" : "http://mysite.ru/newfile.bin" , "ip_list" : "http://mysite.ru/myfileip.bin", "cn_list" : "http://mysite.ru/myfilecn.bin", "redirect" : "mysite.ru/block" }' ===== Management of a named profile (service 16): ===== 1. In order to create **a named profile** and activate the locking service with a profile for several subscribers: fdpi_ctrl load profile --service 16 --profile.name portal_info_1 --profile.json '{ "ip_list" : "/var/lib/dpi/ip_list_1.bin", "redirect" : "http://info.com" }' here the following profile settings using the json format are specified: * ''redirect'' — the redirection page((Attention: if you specify the https site, then you have to put the given domain on the list of SNI otherwise the domain will be blocked))((Additional parameters can be added (according to HTTP rules) only after ? or &, they must be specified in the URL for whitelisting and here you need to think for DPI, otherwise DPI will assign /?)) * ''ip_list'' — white list of IP:PORT pairs((Check by IP:Port)) 2. Connection of blocking service with a profile for multiple subscribers: fdpi_ctrl load --service 16 --profile.name portal_info_1 --ip 192.168.0.1 fdpi_ctrl load --service 16 --profile.name portal_info_1 --login user01 When the service is activated, only TCP traffic is blocked. To block UDP traffic as well, you must [[en:dpi:dpi_components:platform:subscriber_management:subsman_cmd#configuring_tcp_and_udp_protocol_blocking|enable the]] ''[[en:dpi:dpi_components:platform:subscriber_management:subsman_cmd#configuring_tcp_and_udp_protocol_blocking|udp_block]]'' parameter. 3. To search for subscribers who have an activated service with the specified profile name: fdpi_ctrl list all --service 16 --profile.name portal_info_1 4. To delete a named profile(there should be no subscribers using this profile): fdpi_ctrl del profile --service 16 --profile.name portal_info_1 5. Change of service (profile) settings (new settings are applied to all subscribers with the specified service profile): fdpi_ctrl load profile --service 16 --profile.name portal_info_1 --profile.json '{ "ip_list" : "/var/lib/dpi/new_ip_list_1.bin", "redirect" : "http://new.info.com" }'