LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Firewall on Web server and outgoing connections to other sites
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-14-2012, 11:09 AM   #1
pyx69
LQ Newbie
 
Registered: Mar 2012
Posts: 1

Rep: Reputation: Disabled
Question Firewall on Web server and outgoing connections to other sites

Hello,

I have a Debian web server with shorewall firewall.

For security reasons I closed outgoing connections in FW configuration.

Some websites need to use Curl to get contents from other websites so they need to make outgoing connection to port 80 but I do not want to open port 80 to ALL websites.

I tried to use an external proxy but it becomes a critical point of failure.

I want to permit outgoing connections only from PHP curl calls, but I want to block connections made by apache if there are xss attacks or hacking.

Can I install a proxy on the web server and configure shorewall to permit outgoing connection to port 80 on the net only if they are originated by proxy?

Do you have other suggestions?

Thank you
P.
Last edited by pyx69; 03-14-2012 at 11:10 AM. Reason: changed title
 
Old 03-15-2012, 07:59 PM   #2
elfenlied
Member
 
Registered: Dec 2004
Posts: 83

Rep: Reputation: 8
If your server is running selinux then you can restrict httpd from making any outbound network connections with setsebool

Code:
[root@localhost ~]# setsebool -P  httpd_can_network_connect off
From your firewall's point of view all it knows about is packets, both incomming and outgoing. It doesn't know what or who generates those packets so you have to set the restriction at the operating system level.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables firewall for web server author_unknown Linux - Networking 7 05-16-2009 08:35 AM
Do you run a firewall on web server too? rhaag71 Linux - Security 13 10-02-2008 03:42 PM
Web Server Firewall > YOUR EXPERIENCE Fr33B5D Linux - Networking 1 09-02-2005 01:54 AM
Web Server / Firewall Issue JohnLocke Linux - Newbie 3 03-10-2005 02:16 PM
Web server behind RHL 9 Firewall yzxix Linux - Security 2 07-31-2004 08:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:36 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration