URL filtering

This application performs URL filtering in whitelist/blacklist. This console application runs on Windows Vista, Windows 2008, Windows 7, Windows 8 and Windows 10 using the WinDivert library and kernel driver.

Usage:

Start by recording the URL's (-r), then switch to block mode (whitelist or blacklist):

urlfilter.exe -f patterns.txt -r
urlfilter.exe -f patterns.txt -w
urlfilter.exe -f patterns.txt -b

Last argument for urlfilter.exe is an optional divert language filter that can be used to limit captured URL's by IP-address or TCP-port:

urlfilter.exe -r -f patterns.txt "outbound and tcp.DstPort == 3580"

Run the application in record mode. Once the wanted URL's has been collected, switch to whitelist/blacklist to test URL blocking:

urlfilter.exe -f patterns.txt -r // Use Ctrl+C to stop
urlfilter.exe -f patterns.txt -w // Test in whitelist mode

For more fine grained selection of URL's, all request parameters (e.g. ?xxx=yy) can also be recorded.

urlfilter.exe -f patterns.txt -r -p // Record request parameters

Each URL in the filter file has a prefix defining its match type. It's possible to match URL exact ([E]), partial ([P]) or against a regex pattern ([R]):

[E] www.example.com/file.html                 // Match URL exact (default).
[P] www.example.com/image                     // Allow all URL's from /images location.
[R] www.example.com/(image|css|js)/.*         // Allow all images, CSS and JS-files.
[R] www.example.com/.*\.php                   // Allow all PHP-pages.

Notice that regex pattern is not allowed for server name:

[R] .*\.example\.com/.*                       // Invalid!!!

Requirements

Requires WinDivert binaries (SYS/DLL-files) unpacked in the application directory. Works with all Windows versions having WFP (Windows Filtering Platform). Both 32 and 64-bit platform is supported.

Download WinDivert

Download

Source code for urlfilter can be downloaded from here.

Download Source

Known problems

These are a few existing problems related to the runtime environment rather than the filtering code itself. Follow these advices to resolve them:

  1. Remember to clear browser cache before recording or press F5 (reload web page) to get all resources (e.g. images, javacript or CSS-files) referenced by the web page.

  2. Stopping the application (using Ctrl + C) might hang. This is because the network packet receiver is stuck waiting for I/O. Refresh the browser solves this problem.