Preparing white list [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show pagesource
  • Old revisions
  • Export to PDF
  • Backlinks
  • Show pagesource
  • Old revisions
  • Export to PDF
  • Backlinks
    • Stingray Service Gateway by VAS ExpertsDPIAllow list and Captive PortalPreparing white list

    Table of Contents

    Preparing white list

    The allowed resources list is created in two steps: first, a text file with the list of resources is created. Second, this file is converted into internal dictionary's format by the special utility.

    The following utilities are used for conversion:
    • url2dic - for URL, SNI, CN
    • ip2bin - for IP

    Reverse conversion utilities:

    • dic2host - to convert dic files with URL, SNI, CN to a list of domains
    • dic2star - to convert dic files from SNI, CN to a list of domains with *
    • bin2ip - to convert dic files from IP

    To create a white list for payment systems, we recommend using a ready-made list. List of payment systems

    After the text file is converted you need to move the lists to the DPI configuration directory: 

    mv my_url_list.bin /var/lib/dpi/whlist.bin
mv my_cn_list.bin /var/lib/dpi/whlistcn.bin
mv my_ip_list.bin  /var/lib/dpi/whlistip.bin
mv my_sni_list.bin  /var/lib/dpi/whlistsni.bin
    This list names are used for the default profile.
    Any of the lists may be missing, but for restricting https resources, the SNI list is mandatory

    The file format of the whitelisted resources' URLs:

    Each line contains one URL (no http:// prefix), it is allowed to use *. For example: 

    1magehut.com/users.php?act=gallery&gal=81&page=4
3dmx.net
*.3dmx.net

    To convert into the internal format: 

    cat my_url_list.txt|url2dic my_url_list.dic

    The file format of the whitelisted names in SSL certificates (Common name):

    Each line contains one name. For example: 

    *.facebook.com
www.vasexpertsdpi.com

    To convert into the internal format: 

    cat my_cn_list.txt|url2dic my_cn_list.dic

    The file format of the whitelisted SNI (HTTPS)

    Each line contains one SNI (without http:// prefix). It is allowed to use *. For expample: 

    qiwi.ru
*.qiwi.ru

    To convert into the internal format: 

    cat my_sni_list.txt|url2dic my_sni_list.bin
    To prevent the https sites blocking, you have to prepare white list for CN, SNI with * symbol, signaling that CN and SN can be any.

    File Format for White List of IP Addresses, CIDR:

    Starting from version 12.4, the creation of a list is supported based on:

    • IPv4 <space> port_number
    • IPv4
    • IPv6 <space> port_number
    • IPv6
    • CIDR IPv4/IPv6

    Each line of the file contains only one entry, example for IPv4: 

    78.47.115.34 443
95.211.6.93
95.211.4.0/24

    Convert to internal format: 

    cat my_ip_list.txt | ip2bin my_ip_list.bin
    If an IP address or CIDR is specified, ONLY ALL TCP ports except for the allowed IP/CIDR are blocked. To block UDP ports, you need to enable the udp_block=3 setting in /etc/dpi/fastdpi.conf