HTTP is HyperText Transfer Protocol as defined in RFC 2616. It is among the most common protocols in use on the Internet.
HTTPS is HyperText Transfer Protocol over Secure layer as defined in RFC 2818.
The vast majority of HTTPS servers run on TCP port 443.
It intentionally catches the response from the server rather than the client request so that other protocols which use HTTP or HTTP-like protocols (like Fasttrack) can be caught based on specific HTTP client requests regardless of the ordering of iptables rules. Some legitimate HTTP client requests are so long that they exceed the default maximum data length that l7-filter will look at. These will not be correctly identified unless this length is increased.
l7-filter also supports matching various subsets of HTTP:
- For RTSP tunneled in HTTP, use http-rtsp
- For iTunes HTTP traffic, use http-itunes
- For QuickTime HTTP traffic, use quicktime
- For HTTP with the content-type audio, use httpaudio
- For HTTP with the content-type video, use httpvideo
- For HTTP cache hits, use httpcachehit
- For HTTP cache misses, use httpcachemiss
If you want to use these, note two things:
- Since the general HTTP pattern will match all of these, these must be put earlier in the iptables chain than it in order to work.
- You may be better served by a transparent web proxy