URL filtering

This application performs URL filtering in whitelist/blacklist. This console application runs on Windows Vista, Windows 2008, Windows 7, Windows 8 and Windows 10 using the WinDivert library and kernel driver.

Usage:

Start by recording the URL's, then switch to block mode:

    cmd> urlfilter.exe -f urllist.txt -r          // Record mode
    cmd> urlfilter.exe -f urllist.txt -b          // Blacklist mode
    cmd> urlfilter.exe -f urllist.txt -w          // Whitelist mode

Last argument for urlfilter.exe is an optional divert language filter that can be used to limit captured URL's by IP-address or TCP-port:

    cmd> urlfilter.exe -r -f urllist.txt "outbound and tcp.DstPort == 3580"

Run the application in record mode. Once the wanted URL's has been collected, switch to whitelist/blacklist to test URL blocking:

    cmd> urlfilter.exe -f urllist.txt -r          // Use Ctrl+C to stop
    cmd> urlfilter.exe -f urllist.txt -w          // Test in whitelist mode

For more fine grained selection of URL's, all request parameters (e.g. ?xxx=yy) can also be recorded.

    cmd> urlfilter.exe -f urllist.txt -r -p       // Record request parameters

Each URL in the filter file has a prefix defining its match type. It's possible to match URL exact ([E]), partial ([P]) or against a regex pattern ([R]):

    [E] www.example.com/file.html                 // Match URL exact (default).
    [P] www.example.com/image                     // Allow all URL's from /images location.
    [R] www.example.com/(image|css|js)/.*         // Allow all images, CSS and JS-files.
    [R] www.example.com/.*\.php                   // Allow all PHP-pages.

Notice that regex pattern is not allowed for server name:

    [R] .*\.example\.com/.*                       // Invalid!!!

Requirements

Requires WinDivert binaries (SYS/DLL-files) unpacked in the application directory. WinDivert can be downloaded from https://reqrypt.org/windivert.html

Works with all Windows versions having WFP (Windows Filtering Platform). Both 32 and 64-bit platform is supported.

Known problems

These are existing problems related to the runtime environment rather than the filtering code itself:

  1. Remember to clear browser cache before recording or press F5 (reload web page) to get all resources (e.g. images, javacript or CSS-files) referenced by the web page.

  2. Stopping the application (using Ctrl + C) might hang. This is because the network packet receiver is stuck waiting for I/O. Refresh the browser solves this problem.

Download

Go to the download page to download binaries or source code.