Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
My task is to block Urls based on domain names. So I tried to retrive the ip addresses using 'getaddrinfo' in user application and add filter condition for every ip address in driver.
I manage to block urls with single ip address but not able to block urls which contains multiple ip adresses, even after adding filter condition for all of its ips.
What can I do to block the urls based on domain names in kmdf driver.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Kernel Debugging||30 January 2023||Live, Online|
|Developing Minifilters||20 March 2023||Live, Online|
|Internals & Software Drivers||17 April 2023||Live, Online|
|Writing WDF Drivers||22 May 2023||Live, Online|
The normal way to do that is to configure a web proxy, so all web requests go through your proxy. No kernel work required.
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.
It should also be noted that in the same way that a single website (base URL) may reference several IP addresses, a single IP address may also host may websites.
If you want to do full URL filtering, then you really need to operate as a proxy or a transcrypting firewall (firewall that acts as a TLS proxy and views the encrypted content). There are many commercial products that you can choose from that do this job
if you want to do basic URL filtering, then what you want to do is fail the DNS requests for the URLs of interest. A determined attacker can bypass your protection, but ordinary browsers, including those that implement their own DNS resolution separate from the OS settings, will be prevented from accessing the URLs on your block list regardless of how the network admin has configured that website