From l7protocols
Jump to navigation Jump to search

HTTP is HyperText Transfer Protocol as defined in RFC 2616. It is among the most common protocols in use on the Internet.

HTTPS is HyperText Transfer Protocol over Secure layer as defined in RFC 2818.



The vast majority of HTTP servers run on TCP port 80. However, some don't, such as and

The vast majority of HTTPS servers run on TCP port 443.


l7-filter can identify HTTP using the http pattern. This pattern is very well tested.

It intentionally catches the response from the server rather than the client request so that other protocols which use HTTP or HTTP-like protocols (like Fasttrack) can be caught based on specific HTTP client requests regardless of the ordering of iptables rules. Some legitimate HTTP client requests are so long that they exceed the default maximum data length that l7-filter will look at. These will not be correctly identified unless this length is increased.

l7-filter also supports matching various subsets of HTTP:

If you want to use these, note two things:

  1. Since the general HTTP pattern will match all of these, these must be put earlier in the iptables chain than it in order to work.
  2. You may be better served by a transparent web proxy

See also