Custom iptables redirect

reevv · 01-29-2017, 01:07 AM

Hello,

Currently, I'm running two websites on the same IP with apache virtualhost. One of the sites gets often attacked by bots so what I did is redirect those IPs to a third virtual host that is listening on port 88 and displays a 'your ip has been blocked page'.

What i've used to redirect traffic is:

Code:

iptables -t nat -A PREROUTING -p tcp -s ATTACKING-IP --dport 80 -j REDIRECT --to 88

The question is, can this be done just for incoming traffic to website1?

If an ip has currently a redirect rule in iptables, if it tries to access website1 or website2, it gets redirected to virtualhost:88, i am trying to make it so if an iptables redirect ip tries to access website1, to get redirected to virtualhost:88, but if the same ip tries to access website2, it displays the normal website2,

Can this be done with a single IP?

Thank you!

TenTenths · 01-30-2017, 06:18 AM

Quote:

Originally Posted by reevv

Can this be done with a single IP?

Short answer - Yes.

However what you'll need to do is packet inspection. You'll need to inspect the content to detect the HOST: http header in the request. Roughly you'll need something like (untested!)

Code:

-p tcp --dport 80 -m string --algo bm --string 'HOST: website1.domain.name'

reevv · 01-30-2017, 11:43 PM

Thank you for your reply

Code:

iptables -t nat -A PREROUTING -p tcp -s test.ip --dport 80 -m string --algo bm --string 'HOST: website1' -j REDIRECT --to 88

this allows test.ip to access website1 and website2 just like nothing ever happened

netguy2000 · 02-04-2017, 08:26 AM

write answer by Ten Tenths,this will help other as well as me , thanks Ten Tenths.

netguy.