On Wed, Apr 03, 2002 at 01:06:26PM -0500, Errol U. Neal wrote: > Is it possible to use the string module to filter the body of a http > request for possible keywords?
No. The string can be used to filter the content of a single data packet for a keyword. It has no knowledge of HTTP protocol, headers, and bodies. It cannot be used to match across packet boundaries, and packet boundaries are arbitrary, in principle, with TCP based protocols. As Fabrice Marie aleady pointed out, this has been extensively discussed here, with the resolution always being to use a HTTP proxy (e.g. squid) for the filtering, along with the iptables REDIRECT NAT feature to transparently get the request _to_ the proxies. You can find a complete description of how to do that in the squid FAQ at www.squid-cache.org. Just look for "netfilter" there. best regards Patrick
