DD-WRT QoS过滤器定义

原文:http://www.dd-wrt.com/wiki/index.php/QoS_Filter_Definitions


This is a dump of /etc/l7-protocols/* in DD-WRT, automatically formatted using a PHP script, so pardon its somewhat crude layout.

These are the definitions that DD-WRT uses to classify packets using the QoS filter. As you can see, it's far more than just port numbers...

extra


  • audiogalaxy

  • ^(x45x5fxd0xd5|x45x5f.*0.60(6|8)W)

  • gtalk

  • ^

  • http-dap

  • User-Agent: DA [678].[0-9]

  • http-freshdownload

  • User-Agent: FreshDownload/[456](.[0-9][0-9]?)?

  • http-itunes

  • http/(0.9|1.0|1.1).*(user-agent: itunes)

  • httpaudio

  • http/(0.9|1.0|1.1)[x09-x0d ][1-5][0-9][0-9][x09-x0d -~]*(content-type: audio)

  • httpcachehit

  • http/(0.9|1.0|1.1)[x09-x0d ][1-5][0-9][0-9][x09-x0d -~]*(x-cache: hit)

  • httpcachemiss

  • http/(0.9|1.0|1.1)[x09-x0d ][1-5][0-9][0-9][x09-x0d -~]*(x-cache: miss)

  • httpvideo

  • http/(0.9|1.0|1.1)[x09-x0d ][1-5][0-9][0-9][x09-x0d -~]*(content-type: video)

  • pressplay

  • user-agent: nsplayer

  • quicktime

  • user-agent: quicktime (qtver=[0-9].[0-9].[0-9];os=[x09-x0d -~]+)x0dx0a

  • snmp-mon

  • ^x02x01x04.+[xa0-xa3]x02[x01-x04].?.?.?.?x02x01.?x02x01.?x30

  • snmp-trap

  • ^x02x01x04.+xa4x06.+x40x04.?.?.?.?x02x01.?x02x01.?x43



file_types


  • exe

  • x4dx5a(x90x03|x50x02)x04

  • flash

  • [FC]WS[x01-x09]|FLVx01x05x09

  • gif

  • GIF8(7|9)a

  • html

  • jpeg

  • xffxd8

  • mp3

  • x49x44x33x03

  • ogg

  • oggs.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?x01vorbis

  • pdf

  • %PDF-1.[0123456]

  • perl

  • #! ?/(usr/(local/)?)?bin/perl

  • png

  • x89PNGx0dx0ax1ax0a

  • postscript

  • %!ps

  • rar

  • rarx21x1ax07

  • rpm

  • xedxabxeexdb.?.?.?.?[1-7]

  • rtf

  • {\rtf[12]

  • tar

  • ustar

  • zip

  • pkx03x04x14


malware



  • code_red

  • /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN­NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN­NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%­u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9­090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a

  • nimda

  • GET (/scripts/root.exe?/c+dir|/MSADC/root.exe?/c+dir|/c/winnt/sys­tem32/cmd.exe?/c+dir|/d/winnt/sys­tem32/cmd.exe?/c+dir|/scripts/..%5c../winnt/sys­tem32/cmd.exe?/c+dir|/_vti_bin/..%5c../..%5c../..%5c../winnt/sys­tem32/cmd.exe?/c+dir|/_mem_bin/..%5c../..%5c../..%5c../winnt/sys­tem32/cmd.exe?/c+dir|/msadc/..%5c../..%5c../..%5c/..xc1x1c../..xc1x1c../..xc1x1c../winnt/sys­tem32/cmd.exe?/c+dir|/scripts/..xc1x1c../winnt/sys­tem32/cmd.exe?/c+dir|/scripts/..xc0/../winnt/sys­tem32/cmd.exe?/c+dir|/scripts/..xc0xaf../winnt/sys­tem32/cmd.exe?/c+dir|/scripts/..xc1x9c../winnt/sys­tem32/cmd.exe?/c+dir|/scripts/..%35c../winnt/sys­tem32/cmd.exe?/c+dir|/scripts/..%35c../winnt/sys­tem32/cmd.exe?/c+dir|/scripts/..%5c../winnt/sys­tem32/cmd.exe?/c+dir|/scripts/..%2f../winnt/sys­tem32/cmd.exe?/c+dir)



  • protocols




  • 100bao

  • ^x01x01x05x0a

  • aim

  • ^(*[x01x02].*x03x0b|*x01.?.?.?.?x01)|flapon|toc_signon.*0x

  • aimwebcontent

  • user-agent:aim/

  • applejuice

  • ^ajprotx0dx0a

  • ares

  • ^x03[]Z].?.?x05$

  • armagetron

  • YCLC_E|CYEL

  • battlefield1942

  • ^x01x11x10|xf8x02x10x40x06

  • battlefield2

  • ^(x11x20x01...?x11|xfexfd.?.?.?.?.?.?(x14x01x06|xffxffxff))|[]x01].­?battlefield2

  • battlefield2142

  • ^(x11x20x01x90x50x64x10|xfexfd.?.?.?x18|[x01\].?battlefield2)

  • bgp

  • ^xffxffxffxffxffxffxffxffxffxffxffxffxffxffxffxff..?x01[x03x0­4]

  • biff

  • ^[a-z][a-z0-9]+@[1-9][0-9]+$

  • bittorrent

  • ^(x13bittorrent protocol|azverx01$|get /scrape?info_hash=get /announce?info_hash=|get /client/bitcomet/|GET /data?fid=)|d1:ad2:id20:|x08'7P)[RP]

  • bt

  • ^x13bittorrent protocol|d1:ad2:id20:|x08'7P)[RP]|^x04x17x27x10x19x80|^get (.*)User-Agent: bittorrent|^azverx01$|^get /(scrape|announce)?info_hash=|^.?.?.?.?.?.?[0-9]_BitTorrent

  • bt1

  • ^get (/task/bt/.*|/task_recommend.*|/issupported )http/*[x09-x0d -~]

  • bt2

  • ^get (/announce.php?info_hash=.*|/announce?info_hash=.*|/announce.php?passkey=.*|/announce?passkey=.*|/?info_hash=.*|/data?fid=.*)http/*[x09-x0d -~]

  • bt3

  • ^x01

  • chikka

  • ^CTPv1.[123] Kamusta.*x0dx0a$

  • cimd

  • x02[0-4][0-9]:[0-9]+.*x03$

  • ciscovpn

  • ^x01xf4x01xf4

  • citrix

  • x32x26x85x92x58

  • clubbox

  • ^get .*host: .*.clubbox.co.kr

  • counterstrike-source

  • ^xffxffxffxff.*cstrikeCounter-Strike

  • cvs

  • ^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUESTx0a

  • dayofdefeat-source

  • ^xffxffxffxff.*dodDay of Defeat

  • dazhihui

  • ^(longaccoun|qsver2auth|x35[57]x30|+x10*)

  • dhcp

  • ^[x01x02][x01- ]x06.*cx82sc

  • directconnect

  • ^($mynick |$lock |$key )

  • dns

  • ^.?.?.?.?[x01x02].?.?.?.?.?.?[x01-?][a-z0-9][x01-?a-z]*[x02-x06][a-z][a-z]­[fglmoprstuvz]?[aeop]?(um)?[x01-x10x1c][x01x03x04xFF]

  • doom3

  • ^xffxffchallenge

  • edonkey

  • ^[xc5xd4xe3-xe5].?.?.?.?([x01x02x05x14x15x16x18x19x1ax1bx1cx20x­21x32x33x34x35x36x38x40x41x42x43x46x47x48x49x4ax4bx4cx4dx4ex­4fx50x51x52x53x54x55x56x57x58[x60x81x82x90x91x93x96x97x98x99­x9ax9bx9cx9exa0xa1xa2xa3xa4]|x59................?[ -~]|x96....$)

  • fasttrack

  • ^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]?

  • finger

  • ^[a-z][a-z0-9-_]+|login: [x09-x0d -~]* name: [x09-x0d -~]* Directory:

  • freegate_dns

  • x05x61x7ax78x64x66x03x63x6fx6d

  • freegate_http

  • ^(get$|get $|get /$|get /g$|get /gw$|get /gwt$|get /gwt/.*gapvm.dontexist)

  • freenet

  • ^x01[x08x09][x03x04]

  • ftp

  • ^220[x09-x0d -~]*x0dx0aUSER[x09-x0d -~]*x0dx0a331

  • gkrellm

  • ^gkrellm [23].[0-9].[0-9]x0a$

  • gnucleuslan

  • gnuclear connect/[x09-x0d -~]*user-agent: gnucleus [x09-x0d -~]*lan:

  • gnutella

  • ^(gnd[x01x02]?.?.?x01|gnutella connect/[012].[0-9]x0dx0a|get /uri-res/n2r?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh|foxy|mxie)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?.[1-9][0-9]?[0-9]?.[1-9][0-9]?[0-9]?.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella.*content-type: application/x-gnutella|...................?lime)

  • goboogy

  • |^get /getfilebyhash.cgi?|^get /queue_register.cgi?|^get /getupdowninfo.cgi?
  • gogobox

  • ^get .*host: .*.gogobox.com.tw

  • gopher

  • ^[x09-x0d]*[1-9,+tgi][x09-x0d -~]*x09[x09-x0d -~]*x09[a-z0-9.]*.[a-z][a-z].?.?x09[1-9]

  • gtalk1

  • ^x80x4cx01x03x01x33x10x04x05x0ax01x80x07.x03x80x09x06x40x64x­62x03x06x02x80x04x80x13x12x63

  • gtalk2

  • ^(get|post) (/mail/channel/bind?|/talkgadget/popout?.*host: talkgadget.google.com)

  • gtalk_file

  • ^x02xf0

  • gtalk_file_1

  • ^get /create_session .*x-google-relay-auth.*x-session-type .*/session/share

  • gtalk_vista

  • ^

  • guildwars

  • ^[x04x05]x0c.ix01

  • h323

  • ^x03..?x08...?.?.?.?.?.?.?.?.?.?.?.?.?.?.?x05

  • halflife2-deathmatch

  • ^xffxffxffxff.*hl2mpDeathmatch

  • hamachi1

  • ^..x01x12

  • hddtemp

  • ^|/dev/[a-z][a-z][a-z]|[0-9a-z]*|[0-9][0-9]|[cfk]|

  • hotline

  • ^....................TRTPHOTLx01x02

  • hotspot-shield

  • ^.?x20.*@metrofreefivpn.com

  • http-rtsp

  • ^(get[x09-x0d -~]* Accept: application/x-rtsp-tunnelled|http/(0.9|1.0|1.1) [1-5][0-9][0-9] [x09-x0d -~]*a=control:rtsp://)

  • http

  • http/(0.9|1.0|1.1) [1-5][0-9][0-9] [x09-x0d -~]*(connection:|content-type:|content-length:|date:)|post [x09-x0d -~]* http/[01].[019]

  • icq_file

  • x82x22x44x45x53x54

  • icq_file_1

  • ^post /data?.*filexfer

  • icq_file_2

  • filexfer

  • icq_login

  • ^(*x01.?.?.?.?x01$)|^get /hello http/(0.9|1.0|1.1)[x09-x0d -~].*host: http.proxy.icq.com|^get /hello(.*)host: .*.icq.com[x09-x0d -~]

  • ident

  • ^[1-9][0-9]?[0-9]?[0-9]?[0-9]?[x09-x0d]*,[x09-x0d]*[1-9][0-9]?[0-9]?[0-9]?[0­-9]?(x0dx0a|[x0dx0a])?$

  • imap

  • ^(* ok|a[0-9]+ noop)

  • imesh

  • ^(post[x09-x0d -~]*

    ................................|x34x80?x0d?xfcxffx04|get[x09-x0d -~]*Host: imsh.download-prod.musicnet.com|x02[x01x02]x83.*x02[x01x02]x83)
  • ipp

  • ipp://

  • irc

  • ^(nick[x09-x0d -~]*user[x09-x0d -~]*:|user[x09-x0d -~]*:[x02-x0d -~]*nick[x09-x0d -~]*x0dx0a)

  • jabber

  • kugoo

  • ^(x64.....x70....x50x37|x65.+)

  • live365

  • membername.*session.*player

  • liveforspeed

  • ^..x05x58x0ax1dx03

  • lpd

  • ^(x01[!-~]+|x02[!-~]+x0a.[x01x02x03][x01-x0a -~]*|[x03x04][!-~]+[x09-x0d]+[a-z][x09-x0d -~]*|x05[!-~]+[x09-x0d]+([a-z][!-~]*[x09-x0d]+[1-9][0-9]?[0-9]?|root[x09-x0d]+[!-~]+).*)x0a$

  • mohaa

  • ^xffxffxffxffgetstatusx0a

  • msn-filetransfer

  • ^(ver [ -~]*msnftpx0dx0aver msnftpx0dx0ausr|method msnmsgr:)

  • msnmessenger

  • ver [0-9]+ msnp[1-9][0-9]? [x09-x0d -~]*cvr0x0dx0a$|usr 1 [!-~]+ [0-9. ]+x0dx0a$|ans 1 [!-~]+ [0-9. ]+x0dx0a$

  • mute

  • ^(Public|AES)Key: [0-9a-f]*x0aEnd(Public|AES)Keyx0a$

  • napster

  • ^(.[x02x06][!-~]+ [!-~]+ [0-9][0-9]?[0-9]?[0-9]?[0-9]? "[x09-x0d -~]+" ([0-9]|10)|1(send|get)[!-~]+ "[x09-x0d -~]+")

  • nbns

  • x01x10x01|)x10x01x01|0x10x01

  • ncp

  • ^(dmdt.*x01.*(""|x11x11|uu)|tncp.*33)

  • netbios

  • x81.?.?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][­A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][­A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]

  • nntp

  • ^(20[01][x09-x0d -~]*AUTHINFO USER|20[01][x09-x0d -~]*news)

  • ntp

  • ^([x13x1bx23xd3xdbxe3]|[x14x1c$].......?.?.?.?.?.?.?.?.?[xc6-xff])

  • openft

  • x-openftalias: [-)(0-9a-z ~.]

  • pcanywhere

  • ^(nq|st)$

  • poco

  • ^x80x94x0ax01....x1fx9e

  • pop3

  • ^(+ok |-err )

  • pplive

  • x01...xd3.+x0c.$

  • pre_icq_login

  • ^(*|get)

  • pre_msn_login

  • ^(ver|get|post)

  • pre_urlblock

  • ^get

  • pre_yahoo_login

  • ^(ymsg|ypns|yhoo|post)

  • qianlong

  • ^x24x1c

  • qq

  • ^.?.?x02.+x03$

  • qqdownload_1

  • ^x02.*x38.x87x58xea.x82x08.*x03$

  • qqdownload_2

  • ^xfe

  • qqdownload_3

  • ^(get|post) /.*http/*[x09-x0d -~].*host: (.*.soso.com|121.14.74.41)[x09-x0d -~]

  • qqfile

  • ^(post|get) /?ver=.*user-agent: qqclientx0dx0a

  • qqgame

  • x31x32x33x34x35x36x37x38

  • qqlive

  • ^x02

  • qqlive2

  • ^get /.*.video.qq.com/flv

  • qq_login

  • ^(.?x02.+x03$|(x01|x03).+x02.+x03$)

  • qq_login_1

  • ^.?.?x02.*x03$

  • qq_tcp_file

  • ^x04.*x03$

  • qq_udp_file

  • ^x03x01x65

  • quake-halflife

  • ^xffxffxffxffget(info|challenge)

  • quake1

  • ^x80x0cx01quakex03

  • radmin

  • ^x01x01(x08x08|x1bx1b)$

  • rdp

  • rdpdr.*cliprdr.*rdpsnd

  • replaytv-ivs

  • ^(get /ivs-IVSGetFileChunk|http/(0.9|1.0|1.1) [1-5][0-9][0-9] [x09-x0d -~]*x23x23x23x23x23REPLAY_CHUNK_STARTx23x23x23x23x23)

  • rlogin

  • ^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]?[0-9]?[0-9]?00

  • rtp

  • ^x80[x01-"`-x7fx80-xa2xe0-xff]?..........*x80

  • rtsp

  • rtsp/1.0 200 ok

  • runesofmagic

  • ^x10x03...........x0ax02.....x0e

  • shoutcast

  • ^get /.*icy-metadata:1|icy [1-5][0-9][0-9] [x09-x0d -~]*(content-type:audio|icy-)

  • sip

  • ^(invite|register|cancel|message|subscribe|notify) sip[x09-x0d -~]*sip/[0-2].[0-9]

  • skypeout

  • ^(x01.?.?.?.?.?.?.?.?x01|x02.?.?.?.?.?.?.?.?x02|x03.?.?.?.?.?.?.?.?x03|x0­4.?.?.?.?.?.?.?.?x04|x05.?.?.?.?.?.?.?.?x05|x06.?.?.?.?.?.?.?.?x06|x07.?.?­.?.?.?.?.?.?x07|x08.?.?.?.?.?.?.?.?x08|x09.?.?.?.?.?.?.?.?x09|x0a.?.?.?.?.­?.?.?.?x0a|x0b.?.?.?.?.?.?.?.?x0b|x0c.?.?.?.?.?.?.?.?x0c|x0d.?.?.?.?.?.?.?­.?x0d|x0e.?.?.?.?.?.?.?.?x0e|x0f.?.?.?.?.?.?.?.?x0f|x10.?.?.?.?.?.?.?.?x1­0|x11.?.?.?.?.?.?.?.?x11|x12.?.?.?.?.?.?.?.?x12|x13.?.?.?.?.?.?.?.?x13|x1­4.?.?.?.?.?.?.?.?x14|x15.?.?.?.?.?.?.?.?x15|x16.?.?.?.?.?.?.?.?x16|x17.?.?­.?.?.?.?.?.?x17|x18.?.?.?.?.?.?.?.?x18|x19.?.?.?.?.?.?.?.?x19|x1a.?.?.?.?.­?.?.?.?x1a|x1b.?.?.?.?.?.?.?.?x1b|x1c.?.?.?.?.?.?.?.?x1c|x1d.?.?.?.?.?.?.?­.?x1d|x1e.?.?.?.?.?.?.?.?x1e|x1f.?.?.?.?.?.?.?.?x1f|x20.?.?.?.?.?.?.?.?x2­0|x21.?.?.?.?.?.?.?.?x21|x22.?.?.?.?.?.?.?.?x22|x23.?.?.?.?.?.?.?.?x23|$.­?.?.?.?.?.?.?.?$|x25.?.?.?.?.?.?.?.?x25|x26.?.?.?.?.?.?.?.?x26|x27.?.?.?.?­.?.?.?.?x27|(.?.?.?.?.?.?.?.?(|).?.?.?.?.?.?.?.?)|

  • skypetoskype

  • ^..x02.............

  • smb

  • xffsmb[x72x25]

  • smtp

  • ^220[x09-x0d -~]* (e?smtp|simple mail)

  • snmp

  • ^x02x01x04.+([xa0-xa3]x02[x01-x04].?.?.?.?x02x01.?x02x01.?x30|xa4­x06.+x40x04.?.?.?.?x02x01.?x02x01.?x43)

  • socks

  • x05[x01-x08]*x05[x01-x08]?.*x05[x01-x03][x01x03].*x05[x01-x08]?[x­01x03]

  • soribada

  • ^GETMP3x0dx0aFilename|^x01.?.?.?(x51x3a+|x51x32x3a)|^x10[x14-x16]x1­0[x15-x17].?.?.?.?$

  • soulseek

  • ^(x05..?|.x01.[ -~]+x01F..?.?.?.?.?.?.?)$

  • ssdp

  • ^notify[x09-x0d ]*[x09-x0d ]http/1.1[x09-x0d -~]*ssdp:(alive|byebye)|^m-search[x09-x0d ]*[x09-x0d ]http/1.1[x09-x0d -~]*ssdp:discover

  • ssh

  • ^ssh-[12].[0-9]

  • ssl

  • ^(.?.?x16x03.*x16x03|.?.?x01x03x01?.*x0b)

  • stun

  • ^[x01x02]................?$

  • subspace

  • ^x01....x11x10........x01$

  • subversion

  • ^( success ( 1 2 (

  • teamfortress2

  • ^xffxffxffxff.....*tfTeam Fortress

  • teamspeak

  • ^xf4xbex03.*teamspeak

  • teamviewer

  • ^x17

  • teamviewer1

  • ^(post|get) /d(out|in).aspx?.*client=dyngate

  • telnet

  • ^xff[xfb-xfe].xff[xfb-xfe].xff[xfb-xfe]

  • tesla

  • x03x9ax89x22x31x31x31.x30x30x20x42x65x74x61x20|xe2x3cx69x1e­x1cxe9

  • tftp

  • ^(x01|x02)[ -~]*(netascii|octet|mail)

  • thecircle

  • ^tx03ni.?[x01-x06]?t[x01-x05]s[x0ax0b](glob|who are you$|query data)

  • thunder5_see

  • ^(get|post) /.*http/*[x09-x0d -~].*host: .*.xunlei.com[x09-x0d -~]

  • thunder5_tcp

  • ^((^get .*http/1.1x0dx0aaccept: */*x0dx0acache-control: no-cachex0dx0aconnection: keep-alivex0dx0a.*pragma: no-cachex0dx0a.*user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1; .net clr 1.1.4322; .net clr 2.0.50727)x0dx0ax0dx0a$)|(post (/.*http/*[x09-x0d -~].*host: .*sandai.­net|/ http/1..x0dx0ahost: .*:80x0dx0acontent-type: application/octet-streamx0dx0a)))

  • tonghuashun

  • ^(GET /docookie.php?uname=|xfdxfdxfdxfdx30x30x30x30x30)

  • tor

  • TOR1.*

  • tsp

  • ^[x01-x13x16-$]x01.?.?.?.?.?.?.?.?.?.?[ -~]+

  • unknown

  • (Nothing there!)

  • unset

  •  

  • uucp

  • ^x10here=

  • validcertssl

  • ^(.?.?x16x03.*x16x03|.?.?x01x03x01?.*x0b).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root|entrust.net limited)

  • ventrilo

  • ^..?v$xcf

  • vnc

  • ^rfb 00[1-9].00[0-9]x0a$

  • webmail_163

  • ^(get|post) .*host:.*.mail.(163.com|126.com|yeah.net)x0dx0a

  • webmail_gmail

  • get (http://mail.google.com/mail/|/mail/)?.*host: mail.google.comx0dx0a

  • webmail_hinet

  • ^post ((http://webmail.hinet.net/login.do|/login.do).*host: webmail.|(http://webmail1.hinet.net/cgi-bin/login.cgi|/cgi-bin/login.cgi).*host: webmail1.)hinet.netx0dx0a

  • webmail_hotmail

  • ^get (http://.*mail.live.com/mail/|/mail/).*host: .*mail.live.comx0dx0a

  • webmail_pchome

  • ^(post|get) .*host: mail.pchome.com.twx0dx0a

  • webmail_qq

  • ^(get|post) /cgi-bin/login.*host:.*(.mail.qq|.foxmail).comx0dx0a

  • webmail_seednet

  • ^(post|get) .*host: webmail.seed.net.tw

  • webmail_sina

  • ^(post|get) .*host: (mail.sina.com.cn|mp.sina.com.tw)x0dx0a

  • webmail_sohu

  • ^(get|post) .*host: .*mail.sohu.comx0dx0a

  • webmail_tom

  • ^(get|post).*host: (login.mail|pass).tom.comx0dx0a

  • webmail_url

  • ^post (http://www.url.com.tw/sgllogon/|/sgllogon/)sgllogon.asp.*host: www.url.com.twx0dx0a

  • webmail_yahoo

  • get (http://.*mail.yahoo.com/ym/login|/ym/login)?.*host: .*mail.yahoo.comx0dx0a

  • webmail_yam

  • ^(get|post).*host: mail.yam.com

  • whois

  • ^[ !-~]+x0dx0a$

  • worldofwarcraft

  • ^x06xecx01

  • x11

  • ^[lb].?x0b

  • xboxlive

  • ^x58x80........xf3|^x06x58x4e

  • xunlei

  • ^([()]|get)(...?.?.?(reg|get|query)|.+User-Agent: (Mozilla/4.0 (compatible; (MSIE 6.0; Windows NT 5.1;? ?)|MSIE 5.00; Windows 98))))|Keep-Alivex0dx0ax0dx0a[26]

  • yahoo

  • ^(ymsg|ypns|yhoo).?.?.?.?.?.?.?[lwt].*xc0x80

  • yahoo_camera

  • ^(ymsg(.*)ystatus=1..47..0|ymsg(.*)49..webcaminvite)

  • yahoo_file

  • ^(get|post) /relay?(.*domain=.yahoo.com|token=.*recver=)

  • yahoo_login

  • ^(ymsg|ypns|yhoo).?.?.?.?.?.?.?[a-z]+|^post(.*)(ymsg|ypns|yhoo).?.?.?.?.?.?.?[a-­z]+

  • yahoo_voice

  • ^ymsg.?.?.?.?.?.?.?[j]+

  • zmaap

  • ^x1bxd7x3bx48[x01x02]x01?x01



  • PHP source code of formatting script


    <?php
    if (isset($_FILES["zipfile"]["name"])) {
    $zipfile = zip_open($_FILES["zipfile"]["tmp_name"]);
    if (!$zipfile) {
    echo 'Not a ZIP file uploaded. Aborting.';
    break 2;
    }
    while ($file = zip_read($zipfile)) {
    $filepath = zip_entry_name($file);
    $fh = zip_entry_open($zipfile,$file);
    $path = explode('/',$filepath);
    $path = array_map('trim',$path);
    $last = end($path);
    if (!empty($last)) {
    $script = trim(zip_entry_read($file));
    $eval = '$root';
    foreach ($path as $bit) {
    if ($bit == $last) $bit = substr($bit,0,-4);
    $eval .= '[''.addslashes($bit).'']';
    }
    // yes, I know, eval is evil, but it's the only easy way to allow for
    //  dynamic array generation based on path level. plus, addslashes. it's ok.
    $eval .= '= $script;';
    eval($eval);
    }
    }
    zip_close($zipfile);
    var_dump($root);
    echo '<hr><pre>';
    $category = array_keys($root);
    foreach ($category as $thiscat) {
    echo "== $thiscat ==rn";
    foreach ($root[$thiscat] as $type => $regex) {
    echo "; $typern";
    if (strpos($regex,"rn")) $regex = explode("rn",$regex);
    else $regex = explode("n",$regex);
    if (isset($regex[1])) $regex = htmlspecialchars($regex[1]);
    else $regex = '(Nothing there!)';
    echo ': &lt;nowiki&gt;';
    while (strlen($regex) > 0) {
    $chunk = substr($regex,0,80);
    if ((strlen($chunk) == 80) && !strpos($chunk,' ')) $chunk .= '&shy;';
    echo htmlspecialchars($chunk);
    $regex = substr($regex,80);
    }
    echo "&lt;/nowiki&gt;rn";
    }
    }
    echo '</pre>';
    }
    ?>
    build l7-protocols page from zipped folder structure here...<br>
    <form method="POST" enctype="multipart/form-data">
    <input type="file" name="zipfile"><br>
    <input type="submit">
    </form>

  本文链接:https://www.zhangminghao.com/post/19.html

相关文章

发表评论:

验证码

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。