dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1246
Wolfeman
join:2005-05-15
Irvine, CA

Wolfeman

Member

[Tomato] Block a specific area of domain

I don't want to block a whole domain but just a specific part of a site.

www.test.com/thispart/

I want to allow access to test.com and any other section except for /thispart/.
upb
Premium Member
join:2004-03-15
Carriere, MS

1 edit

upb

Premium Member

You can go to the Tomato configuration page and click on "access restriction" followed by "add," and then you can uncheck the "Block all internet access" check box. An http request box will open, and you can insert the URI(s) you want to block, one per line.

If you enter "www.test.com/thispart/" (without the quotes), you should get an approximation of what you want when you click on "save." The rule is imperfect because, as far as I am aware, it depends upon a unique kernel module written by Jon which was experimental when it was added to Tomato. My recollection is that the string matching didn't always work the way you might have expected, although it worked well enough in most cases. You may want to take a look at the Tomato FAQ and see if there is any additional information available. The string matching may be case sensitive, leading to obvious ways for someone you are trying to block to get around those blocks.

Edit: I took a look at the module source (ipt_web.c), and there are two additional meta characters you can use to narrow string matches: The character "^" matches the beginning of any string, and the character "$" matches the end of the string. For example, If you specify "^123" then the string must start with 123; if you specify "123$" then the string must end with 123. If neither character is used, then the string matches if it is found anywhere in the URI.

Also, I was able to verify that the string matching is in fact case sensitive.

Good luck.
Wolfeman
join:2005-05-15
Irvine, CA

Wolfeman

Member

I ended up just putting in /thispart/ and it works but it isn't perfect because anyother site with that will get blocked.

www.test.com/thispart/ ends up blocking nothing. $www.test.com/thispart/^ didn't work either.

Tomato
@comcast.net

Tomato to Wolfeman

Anon

to Wolfeman
»www.polarcloud.com/v/screst.htm
upb
Premium Member
join:2004-03-15
Carriere, MS

upb to Wolfeman

Premium Member

to Wolfeman
said by Wolfeman:

I ended up just putting in /thispart/ and it works but it isn't perfect because anyother site with that will get blocked.

www.test.com/thispart/ ends up blocking nothing. $www.test.com/thispart/^ didn't work either.

Sorry for the delay in replying. A tornado outbreak disrupted my schedule.

Yes, it appears that the domain part won't work, because the domain name is not included in the GET requests that a browser makes. The http window strings are only matched against GET requests, and they would look like "/thispart/..." or simply "/" instead of containing a full domain name. The domain name is supplied in the host header, and I don't know of any way to get Tomato to look there. As you observed, supplying a domain name doesn't work. Sorry to have misled you a little.