Содержание

Preparing white list

The allowed resources list is created in two steps: first, a text file with the list of resources is created. Second, this file is converted into internal dictionary's format by the special utility.

The following utilities are used for conversion:
  • url2dic - for URL, SNI, CN
  • ip2bin - for IP

Reverse conversion utilities:

  • dic2host - to convert dic files with URL, SNI, CN to a list of domains
  • dic2star - to convert dic files from SNI, CN to a list of domains with *
  • bin2ip - to convert dic files from IP

To create a white list for payment systems, we recommend using a ready-made list. List of payment systems

After the text file is converted you need to move the lists to the DPI configuration directory:

mv my_url_list.bin /var/lib/dpi/whlist.bin
mv my_cn_list.bin /var/lib/dpi/whlistcn.bin
mv my_ip_list.bin  /var/lib/dpi/whlistip.bin
mv my_sni_list.bin  /var/lib/dpi/whlistsni.bin
This list names are used for the default profile.
Any of the lists may be missing, but for restricting https resources, the SNI list is mandatory

The file format of the whitelisted resources' URLs:

Each line contains one URL (no http:// prefix), it is allowed to use *. For example:

1magehut.com/users.php?act=gallery&gal=81&page=4
3dmx.net
*.3dmx.net

To convert into the internal format:

cat my_url_list.txt|url2dic my_url_list.dic

The file format of the whitelisted names in SSL certificates (Common name):

Each line contains one name. For example:

*.facebook.com
www.vasexpertsdpi.com

To convert into the internal format:

cat my_cn_list.txt|url2dic my_cn_list.dic

The file format of the whitelisted SNI (HTTPS)

Each line contains one SNI (without http:// prefix). It is allowed to use *. For expample:

qiwi.ru
*.qiwi.ru

To convert into the internal format:

cat my_sni_list.txt|url2dic my_sni_list.bin
To prevent the https sites blocking, you have to prepare white list for CN, SNI with * symbol, signaling that CN and SN can be any.

File Format for White List of IP Addresses, CIDR:

Starting from version 12.4, the creation of a list is supported based on:

Each line of the file contains only one entry, example for IPv4:

78.47.115.34 443
95.211.6.93
95.211.4.0/24

Convert to internal format:

cat my_ip_list.txt | ip2bin my_ip_list.bin
If an IP address or CIDR is specified, ONLY ALL TCP ports except for the allowed IP/CIDR are blocked. To block UDP ports, you need to enable the udp_block=3 setting in /etc/dpi/fastdpi.conf