Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Block Urls based on Domain name

v_kalv_kal Member Posts: 3
edited March 19 in NTDEV

My task is to block Urls based on domain names. So I tried to retrive the ip addresses using 'getaddrinfo' in user application and add filter condition for every ip address in driver.
I manage to block urls with single ip address but not able to block urls which contains multiple ip adresses, even after adding filter condition for all of its ips.
What can I do to block the urls based on domain names in kmdf driver.

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,482

    The normal way to do that is to configure a web proxy, so all web requests go through your proxy. No kernel work required.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • MBond2MBond2 Member Posts: 535

    It should also be noted that in the same way that a single website (base URL) may reference several IP addresses, a single IP address may also host may websites.

    If you want to do full URL filtering, then you really need to operate as a proxy or a transcrypting firewall (firewall that acts as a TLS proxy and views the encrypted content). There are many commercial products that you can choose from that do this job

    if you want to do basic URL filtering, then what you want to do is fail the DNS requests for the URLs of interest. A determined attacker can bypass your protection, but ordinary browsers, including those that implement their own DNS resolution separate from the OS settings, will be prevented from accessing the URLs on your block list regardless of how the network admin has configured that website

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 January 2023 Live, Online
Developing Minifilters 20 March 2023 Live, Online
Internals & Software Drivers 17 April 2023 Live, Online
Writing WDF Drivers 22 May 2023 Live, Online