VAS Experts documentation VAS Experts documentation-mobile
in

Settings

  • Show pagesource
  • Old revisions
  • Export to PDF
  • ODT export
  • Backlinks
  • Show pagesource
  • Old revisions
  • Export to PDF
  • ODT export
  • Backlinks
    • Stingray Service Gateway by VAS ExpertsDPIAllow list and Captive PortalManagement

    Table of Contents

    Management

    This service is configured for individual subscribers by fdpi_ctrl.

    Instruction format: 

    fdpi_ctrl command --service 5 [Services_list] [IP_list]

    The instruction syntax and IP addresses specification methods are described in details here: Control instructions.

    Management of a default profile (service 5):

    1. Enable the "white list" operation for the particular subscriber with a default profile (is specified in etc/dpi/fastdpi.conf configuration file):
      fdpi_ctrl load --service 5 --ip 192.168.0.1
    2. Disable the "white list" operation for the particular subscriber:
      fdpi_ctrl del --service 5 --ip 192.168.0.1

    Management of a named profile (service 5):

    1. In order to create a named profile and activate the locking service with a profile for several subscribers: 

    fdpi_ctrl load profile --service 5  --profile.name test_white --profile.json '{ "url_list" : "http://mysite.ru/myfile.bin" , "sni_list" : "http://mysite.ru/myfilesni.bin", "ip_list" : "http://mysite.ru/myfileip.bin", "cn_list" : "http://mysite.ru/myfilecn.bin", "redirect" : "mysite.ru/block" }'

    here the following profile settings using the json format are specified:

    • redirect — the redirection page1)2)
    • url_list — white URL list
    • sni_list — white SNI list
    • ip_list — white list of IP:PORT pairs3)
    • cn_list — white list of Common Name4)
    The list can be placed both on an external resource - in this case it is loaded before it is used, and in a local file, for example, cn_list : /tmp/cn_list.bin

    2. Connection of blocking service with a profile for multiple subscribers: 

    fdpi_ctrl load --service 5 --profile.name test_white --ip 192.168.0.1
fdpi_ctrl load --service 5 --profile.name test_white --login user01

    3. To search for subscribers who have an activated alert service with the specified profile name: 

    fdpi_ctrl list all --service 5 --profile.name test_white

    4. To delete a named profile(there should be no subscribers using this profile): 

    fdpi_ctrl del profile --service 5  --profile.name test_white

    5. Change of service (profile) settings (new settings are applied to all subscribers with the specified service profile): 

    fdpi_ctrl load profile --service 5 --profile.name test_white --profile.json '{ "url_list" : "http://mysite.ru/newfile.bin" , "ip_list" : "http://mysite.ru/myfileip.bin", "cn_list" : "http://mysite.ru/myfilecn.bin", "redirect" : "mysite.ru/block" }'

    Management of a named profile (service 16):

    1. In order to create a named profile and activate the locking service with a profile for several subscribers: 

    fdpi_ctrl load profile --service 16 --profile.name portal_info_1 --profile.json '{ "ip_list" : "/var/lib/dpi/ip_list_1.bin", "redirect" : "http://info.com" }'

    here the following profile settings using the json format are specified:

    • redirect — the redirection page5)6)
    • ip_list — white list of IP:PORT pairs7)

    2. Connection of blocking service with a profile for multiple subscribers: 

    fdpi_ctrl load --service 16 --profile.name portal_info_1 --ip 192.168.0.1
fdpi_ctrl load --service 16 --profile.name portal_info_1 --login user01
    When the service is activated, only TCP traffic is blocked. To block UDP traffic as well, you must enable the udp_block parameter.

    3. To search for subscribers who have an activated service with the specified profile name: 

    fdpi_ctrl list all --service 16 --profile.name portal_info_1

    4. To delete a named profile(there should be no subscribers using this profile): 

    fdpi_ctrl del profile --service 16  --profile.name portal_info_1

    5. Change of service (profile) settings (new settings are applied to all subscribers with the specified service profile): 

    fdpi_ctrl load profile --service 16 --profile.name portal_info_1 --profile.json '{ "ip_list" : "/var/lib/dpi/new_ip_list_1.bin", "redirect" : "http://new.info.com" }'
    1) , 5)
    Attention: if you specify the https site, then you have to put the given domain on the list of SNI otherwise the domain will be blocked
    2) , 6)
    Additional parameters can be added (according to HTTP rules) only after ? or &, they must be specified in the URL for whitelisting and here you need to think for DPI, otherwise DPI will assign /?
    3) , 4)
    a check against the ip:port or cname is run if the request does not contain URL or SNI
    7)
    Check by IP:Port