3proxy Perl Compatible Regular Expressions (PCRE) plugin

× Few antiviral products inadequately detect 3proxy as Trojan.Daemonize, Backdoor.Daemonize, etc and many detect 3proxy as a PUA (potentially unwanted program). It may cause browser warning on download page. 3proxy is not trojan or backdoor and contains no functionality except described in documentation. Clear explanation of this fact is given, for example, in Microsoft's article.

3proxy Perl Compatible Regular Expressions (PCRE) Plugin

This filtering plugin can be used to create matching and replacement rules with regular expressions for client requests, client and server headers, and client and server data. It adds 3 additional configuration commands:

pcre TYPE FILTER_ACTION REGEXP [ACE]
pcre_rewrite TYPE FILTER_ACTION REGEXP REWRITE_EXPRESSION [ACE]
pcre_extend FILTER_ACTION [ACE]
pcre_options OPTION1 [...]

pcre - allows applying a rule for matching
pcre_rewrite - in addition to 'pcre', allows substituting substrings
pcre_extend - extends the ACL of the last pcre or pcre_rewrite command by adding an additional ACE (like with allow/deny configuration commands).
pcre_options - allows setting matching options. Available options are: PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, PCRE_EXTENDED, PCRE_ANCHORED, PCRE_DOLLAR_ENDONLY, PCRE_EXTRA, PCRE_NOTBOL, PCRE_NOTEOL, PCRE_UNGREEDY, PCRE_NOTEMPTY, PCRE_UTF8, PCRE_NO_AUTO_CAPTURE, PCRE_NO_UTF8_CHECK, PCRE_AUTO_CALLOUT, PCRE_PARTIAL, PCRE_DFA_SHORTEST, PCRE_DFA_RESTART, PCRE_FIRSTLINE, PCRE_DUPNAMES, PCRE_NEWLINE_CR, PCRE_NEWLINE_LF, PCRE_NEWLINE_CRLF, PCRE_NEWLINE_ANY, PCRE_NEWLINE_ANYCRLF, PCRE_BSR_ANYCRLF, PCRE_BSR_UNICODE

TYPE - type of filtered data. May contain one or more (comma-delimited list) values:
- request - content of the client's request, e.g., the HTTP GET request string. (known problem: changing the request string doesn't change the IP of the host to connect to)
- cliheader - content of the client request headers, e.g., HTTP request headers.
- srvheader - content of the server's reply headers, e.g., HTTP status and headers.
- clidata - data received from the client, e.g., HTTP POST request data
- srvdata - data received from the server, e.g., an HTML page
FILTER_ACTION - action on match
- allow - allow this request without checking the rest of the rules for the given type
- deny - deny this request without checking the rest of the rules
- dunno - continue with the rest of the rules (useful with pcre_rewrite)
REGEXP - PCRE (Perl) regular expression. Use * if no regexp matching is required.
REWRITE_EXPRESSION - substitution string. May contain Perl-style substrings (not tested) $1, $2. $0 means the whole matched string. \r and \n may be used to insert new strings; the string may be empty ("").
ACE - access control entry (user names, source IPs, destination IPs, ports, etc.), absolutely identical to allow/deny/bandlimin commands. The regular expression is only matched if the ACL matches the connection data. Warning: Regular expressions don't require authentication and cannot replace authentication and/or allow/deny ACLs.

Example:

plugin PCREPlugin.dll pcre_plugin
pcre request deny "porn|sex" user1,user2,user3 192.168.0.0/16
pcre srvheader deny "Content-type: application"
pcre_rewrite clidata,srvdata dunno "porn|sex|pussy" "***" baduser
pcre_extend deny * 192.168.0.1/16

Download:

Plugin is included in the 3proxy 0.6 binary and source distribution
Example configuration (by Dennis Garber): NoPornLitest.cfg