-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathuri-cgi.txt
executable file
·197 lines (149 loc) · 5.44 KB
/
uri-cgi.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
URI CGI & HTTP Daemon Overview
==============================
Request By File
---------------
GET /uri/?p=[01]&q=[01]&v=[01]&x=[01]&f=/abs-path HTTP/1.1<CRLF>
Host: www.weeder.example:8088<CRLF>
Connection: close<CRLF>
<CRLF>
Request By File (equivalent)
----------------------------
HEAD /uri/?p=[01]&q=[01]&v=[01]&x=[01]&f=/abs-path HTTP/1.1<CRLF>
Host: www.weeder.example:8088<CRLF>
Connection: close<CRLF>
<CRLF>
Request By Message
------------------
POST /uri/?p=[01]&q=[01]&v=[01]&x=[01] HTTP/1.1<CRLF>
Host: www.weeder.example:8088<CRLF>
Content-Type: message/rfc822<CRLF>
Content-Length: NNN...N<CRLF>
Connection: close<CRLF>
<CRLF>
complete message
with headers and
body follows
Request By Chunked Message (daemon-only)
----------------------------------------
POST /uri/?p=[01]&q=[01]&v=[01]&x=[01] HTTP/1.1<CRLF>
Host: www.weeder.example:8088<CRLF>
Content-Type: message/rfc822<CRLF>
Transfer-Encoding: chunked<CRLF>
Connection: close<CRLF>
<CRLF>
HHH...H[; ignored...]<CRLF>
HHH...H data octets follow<CRLF>
HHH...H[; ignored...]<CRLF>
HHH...H data octets follow<CRLF>
...
0...[; ignored]<CRLF>
<CRLF>
Note: Trailer header semantics will not be supported at this time.
URL Options
-----------
f=/abs_path Path of a local file to parse.
p=1 Dump each URI parsed from the content. (Not supported
for chunked transfer-encoding yet.)
p=2 Dump each URI parsed from the content and redo lookups.
(Not supported for chunked transfer-encoding yet.)
q=1 Check URL query part for embedded URLs.
v=1 Verbose debugging sent with body content. (CGI only)
x=N Stop after Nth list hit; default 1.
Optional Request Headers (CGI-only)
-----------------------------------
These headers present alternative blacklist suffix lists to override
the default CGI configuration options.
A-BL: bl_suffix0, bl_suffix1 ...
*Reserved* does not apply to normal URI. SpamHaus IP BL format.
Domain-BL: bl_suffix0, bl_suffix1 ...
A list of domain black list suffixes to consult, like
.dbl.spamhaus.org. The host or domain name found in a URI is
checked against these DNS black lists. These black lists are
assumed to use wildcards entries, so only a single lookup is
done. IP-as-domain in a URI are ignored.
URI-BL: bl_suffix0, bl_suffix1 ...
A list of domain name black list suffixes to consult, like
.multi.surbl.org. The domain name found in a URI is checked
against these DNS black lists.
URI-A-BL: bl_suffix0, bl_suffix1 ...
A list of IP black list suffixes to consult, like
zen.spamhaus.org. The host or domain name found in a URI is used
to find its DNS A record and IP address, which is then checked
against these IP DNS black lists.
URI-NS-BL: bl_suffix0, bl_suffix1 ...
A list of host name and/or domain name black list suffixes to
consult. The domain name found in a URI is used to find its DNS
NS records; the NS host names are checked against these host
name and/or domain name DNS black lists.
URI-NS-A-BL: bl_suffix0, bl_suffix1 ...
A list of IP black list suffixes to consult, like
zen.spamhaus.org. The host or domain name found in a URI is used
to find its DNS A record and IP address, which is then checked
against these IP DNS black lists.
Mail-BL: bl_suffix0, bl_suffix1 ...
A list of mail address black list suffixes to consult. The mail
addresses found in select headers and the message are MD5
hashed, which are then checked against these black lists.
Mail-BL-Domains: glob0, glob1 ...
A list of domain glob-like patterns for which to test against
mail-bl, typically free mail services. This reduces the load on
public BLs. Specify * to test all domains, empty list to
disable.
Mail-BL-Headers: header0, header1, ...
A list of mail headers to parse for mail addresses and check
against one or more mail address black lists. Specify the empty
list to disable.
List Hit
--------
HTTP/1.0 204 No Content<CRLF>
Uri-Found: line_no complete_URI_found0[ ; blacklist_suffix]<CRLF>
Uri-Found: line_no complete_URI_found1[ ; blacklist_suffix]<CRLF>
...
Uri-Found: line_no complete_URI_foundN[ ; blacklist_suffix]<CRLF>
Blacklist-Hits: NNN<CRLF>
Connection: close<CRLF>
<CRLF>
List Hit & Parse Output
-----------------------
HTTP/1.1 200 OK<CRLF>
Content-Type: text/plain
Uri-Found: line_no complete_URI_found0[ ; blacklist_suffix]<CRLF>
Uri-Found: line_no complete_URI_found1[ ; blacklist_suffix]<CRLF>
...
Uri-Found: line_no complete_URI_foundN[ ; blacklist_suffix]<CRLF>
Blacklist-Hits: NNN<CRLF>
Connection: close<CRLF>
<CRLF>
uri -p output follows<CRLF>
Nothing Found
-------------
HTTP/1.1 204 No Content<CRLF>
Blacklist-Hits: 0<CRLF>
Connection: close<CRLF>
<CRLF>
Dump Runtime Blacklist Hits (daemon-only)
-----------------------------------------
GET /uri/stat/ HTTP/1.1<CRLF>
Host: www.weeder.example:8088<CRLF>
Connection: close<CRLF>
<CRLF>
Example response:
HTTP/1.1 200 OK<CRLF>
Content-Type: text/plain<CRLF>
Connection: close<CRLF>
<CRLF>
00123<TAB>dbl.spamhaus.org.<CRLF>
00046<TAB>multi.surbl.org.<CRLF>
00078<TAB>black.uribl.com.<CRLF>
Syslog Format (daemon-only)
---------------------------
$session_id $client_ip "$http_request_line" $http_status $hits/$found
For example:
o1KFA0139260000100 192.168.1.16 "GET / HTTP/1.0" 404 0/0
o1KFAw139260000200 192.168.1.16 "GET /uri/stat/ HTTP/1.0" 200 0/0
o1KFDm139260000400 192.168.1.16 "POST /uri/?p=0&q=1&x=3 HTTP/1.0" 204 0/1
The $session_id format is
ymd HMS ppppp sssss cc
where y, m, d, H, M, and S are unique over a 62-year cycle. The 'cc' portion
in the context of this daemon will always be zero-zero (00).
-END-