Skip to content

Add rule-based filtering system with domain-specific controls#119

Merged
fifthsegment merged 1 commit intofifthsegment:masterfrom
abdullah-cognite:feat/rule-based-filtering
Jan 26, 2026
Merged

Add rule-based filtering system with domain-specific controls#119
fifthsegment merged 1 commit intofifthsegment:masterfrom
abdullah-cognite:feat/rule-based-filtering

Conversation

@abdullah-cognite
Copy link
Contributor

@abdullah-cognite abdullah-cognite commented Jan 26, 2026

Summary

This PR introduces a comprehensive rule-based filtering system that allows granular control over SSL inspection and content filtering on a per-domain basis.

Features

  • Domain-specific SSL/TLS inspection (MITM) control with wildcard support (e.g., *.reddit.com)
  • Per-domain content filtering by content-type or URL patterns
  • Entire domain blocking - Set action to "block" with no URL patterns to block entire domain
  • Rule priority system for conflict resolution
  • Time-based and user-based rule restrictions
  • Rules take precedence over global exception lists
  • Full CRUD API for rule management with authentication
  • Modern, collapsible UI for rule configuration
  • Support for blocking specific content while allowing domain access

Technical Implementation

Backend

  • Added Rule, RuleMatch, and related types in application/types/rule.go
  • Implemented RuleManager with storage and matching logic in application/rules.go
  • Created RESTful API endpoints for rule management in application/webserver/endpoints/handler_rules.go
  • Integrated rule checking into proxy MITM decision flow in gatesentryproxy/proxy.go
  • Added URL regex pattern matching for selective content blocking
  • Added entire domain blocking by closing connection immediately when action=block
  • Proper random ID generation using existing RandomString utility

Frontend

  • Updated UI with rule creation, editing, and deletion capabilities
  • Implemented collapsible rule view for better UX
  • Added per-rule save functionality
  • Action field always visible for easier configuration
  • Default MITM action set to "enable" for new rules
  • Enabled Rules menu item in navigation

Use Cases

  1. Block Entire Domain: Set domain (e.g., video.twimg.com), MITM=enable, Action=block, no URL patterns
  2. Selective HTTPS Inspection: Enable MITM only for specific domains (e.g., social media sites)
  3. Content Blocking: Block specific content types (images, videos) or URL patterns on allowed domains
  4. Reddit Example: Allow reddit.com but block the home feed (/svc/shreddit/feeds/home-feed)
  5. Time-based Filtering: Apply rules only during specific time periods
  6. User-specific Rules: Create rules that apply only to certain users

Testing

  • Tested with reddit.com blocking specific feed URLs while allowing general browsing
  • Tested entire domain blocking with video.twimg.com
  • Verified rules take precedence over exception lists

Version

Updated to v1.18.0

@fifthsegment
Update rule-based filtering with domain blocking and UI improvements
2d59583 
- Add domain blocking for rules with action=block and no URL patterns
- Always show Action field in UI when SSL inspection is enabled
- Set default MITM action to 'enable' for new rules
- Simplify domain blocking by closing connection immediately
@fifthsegment fifthsegment merged commit d7b6b7b into fifthsegment:master Jan 26, 2026
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@abdullah-cognite @fifthsegment