Getting RPZ statistics

John Hascall john at
Sat Dec 8 17:20:48 UTC 2012

> If you have a pointer to the technique you're using to
> distinguish images and serve up replies, i'd be interested to see it.

   I'll be the first to admit it's not perfect, but even if we send
   the wrong content, it's better than what they would have gotten! :)

   First we just look at the suffix on the requested filename
   (is it something obvious like .gif or .html or so on).

   Then we look at if there was an accepts header sent, is
   it something like: text/html, text/css, text/javascript, etc.

   If you can't figure it out, one option is to just send
   back a "403 Forbidden".

   One bit I think a little bit clever is I figured out how to
   make one file be legal html and legal javascript so if I'm
   not sure which it might be it doesn't matter.  Now, if I
   could just encode a legal image in it too! :)


> Jo=
> hn Hascall <john at> wrote:
> >
> >We point our DNS-RPZ records at a =
> server ("here-be-dragons")
> >that records connections at that point.  Also t=
> he webserver
> >listening there sends back either and image or javascript+htm=
> l
> >which explains to the user the reason they are not seeing the
> >webpage t=
> hey expect.
> >
> -- 
> Sent from my mobile device, please excuse brevity and ty=
> pos.

More information about the bind-users mailing list