LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 10-18-2006, 01:24 AM   #1
pavangogineni
LQ Newbie
 
Registered: Aug 2006
Posts: 17

Rep: Reputation: 0
Exclamation how to block https using iptables


Hi,

I am using RHEL 4 AS version on which our firewall ( using iptables ) has been configured. Here I want to block particular website which uses https, say for example https://abc.com.
Is it possible to do with iptables.
Also I want to know how it can be achieved using squid proxy to filter https traffic.

Thanks in advance.
 
Old 10-18-2006, 02:03 AM   #2
hhvv
Member
 
Registered: May 2006
Location: India
Distribution: RHEL,CentOS,BSD,Ubuntu
Posts: 59
Blog Entries: 1

Rep: Reputation: 15
Regex

you can use the REGEX utility in squid .
See the squid documentation

Last edited by hhvv; 10-18-2006 at 02:05 AM.
 
Old 10-18-2006, 02:07 AM   #3
pavangogineni
LQ Newbie
 
Registered: Aug 2006
Posts: 17

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by hhvv
you can use the REGEX utility in squid .
See the squid documentation
But I think REGEX utility works only for http.
https uses CONNECT. am i right?
 
Old 10-18-2006, 03:22 AM   #4
hhvv
Member
 
Registered: May 2006
Location: India
Distribution: RHEL,CentOS,BSD,Ubuntu
Posts: 59
Blog Entries: 1

Rep: Reputation: 15
DansGuardian

Hmm,
Ok anyway just try dansguardian
There you can block URLs,domains,etc
 
Old 10-18-2006, 04:26 AM   #5
SlackDaemon
Member
 
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222

Rep: Reputation: 30
You can block access to all https based sites with iptables using the following rule:

iptables -t nat -I PREROUTING -m tcp -p tcp --dport 443 -j DROP

To block particular sites use the -d option to specify the hostname.

iptables -t nat -I PREROUTING -m tcp -p tcp -d www.example.com --dport 443 -j DROP

Last edited by SlackDaemon; 10-18-2006 at 04:29 AM.
 
Old 10-18-2006, 05:03 AM   #6
pavangogineni
LQ Newbie
 
Registered: Aug 2006
Posts: 17

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by SlackDaemon
You can block access to all https based sites with iptables using the following rule:

iptables -t nat -I PREROUTING -m tcp -p tcp --dport 443 -j DROP

To block particular sites use the -d option to specify the hostname.

iptables -t nat -I PREROUTING -m tcp -p tcp -d www.example.com --dport 443 -j DROP

Thanks dude. It's working.
Also can u tell me how to do it by using squid proxy.

Last edited by pavangogineni; 10-18-2006 at 05:11 AM.
 
Old 10-18-2006, 05:30 AM   #7
SlackDaemon
Member
 
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222

Rep: Reputation: 30
Try defining a regular expression ACL as follows

acl aclname url_regex ^https:// ...

then place the following line before any http_access allow rules

http_access deny aclname
 
Old 10-18-2006, 05:46 AM   #8
pavangogineni
LQ Newbie
 
Registered: Aug 2006
Posts: 17

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by SlackDaemon
Try defining a regular expression ACL as follows

acl aclname url_regex ^https:// ...

then place the following line before any http_access allow rules

http_access deny aclname

I'll check it tonight and let u know.
Any how thank u very much man.
 
Old 10-18-2006, 06:55 AM   #9
mblames
Member
 
Registered: Apr 2006
Location: Place for all OpenSource
Distribution: OpenBSD 4.1, FC5
Posts: 50

Rep: Reputation: 15
Im using Trustix as my proxy,i had problem blocking with url_regex. it didnt work so well.so i dont use that way.now im using dansguardian,working well tho.but,dansguardian lil bit aggresive with the rules.


Regards
 
Old 10-19-2006, 01:56 AM   #10
pavangogineni
LQ Newbie
 
Registered: Aug 2006
Posts: 17

Original Poster
Rep: Reputation: 0
I used this in my squid proxy

acl aclname url_regex ^https:// ...

then place the following line before any http_access allow rules

http_access deny aclname

and it is working fine..
Thanks man..
 
Old 10-19-2006, 01:58 AM   #11
labhesh_popli
LQ Newbie
 
Registered: Sep 2006
Posts: 18

Rep: Reputation: 0
A firewall prevents all network access to your server (with certain exceptions that you will specify).

You can configure a firewall on your VPS using the Webmin control panel. The iptables command will actually implement the firewall rules.

Before you decide to set up a firewall, please consider... 1) Misconfiguring a firewall can prevent you from accessing your own server. 2) The best way to prevent someone from accessing services on your VPS is to simply not run those services. 3) Firewalls don't protect you from insecure services. So keep your server up to date with the latest security patches. For example, using apt-get update; apt-get upgrade.

Note: A few people with mulitple IPs have reported this HOWTO does not work for them. So we recommend following this HOWTO on servers with a single IP only.

Discouraged yet? If you still want to proceed setting up a firewall, here goes...

Go to your Webmin control panel. Select Networking | Linux Firewall. Webmin will offer to create default rules for you. Select the "Block all except SSH, IDENT, ping and high ports on interface" option. You don't need to enter anything in the input to the right of the "eth0" combo.

On the resulting page there will be an option "If protocol is TCP and destination port is ssh". Select that option. On the Edit Rule page, go down to the "Destination TCP or UDP port" option. Change the option from equalling "ssh" to equalling "ssh,www,https,pop3,smtp,imap,imaps,pop3s,10000". Add in whatever other ports you need, or remove ports you want to exclude. Hit Save.

Click 'Add Rule'. For Rule Comment set "Allow traceroutes". Action to Take is 'Accept'. Set Network Protocol 'Equals' 'UDP'. Set Destination TCP or UDP port 'Equals' 'Port Range' '33434' to '33523'.

Hit Apply Configuration. Check that 'Activate at Boot' is Yes.

On your VPS you should now be able to run iptables --list and get a list of all your iptable rules. You can remove all the rules by stopping iptables: /etc/init.d/iptables stop. You can also stop the iptables service from running at startup by running chkconfig --del iptables. Or you can remove the iptables rules by running echo "" > /etc/sysconfig/iptables
 
Old 02-15-2011, 09:37 AM   #12
falcom
Member
 
Registered: May 2009
Posts: 102

Rep: Reputation: 13
Thumbs down

Quote:
Originally Posted by pavangogineni View Post
I used this in my squid proxy

acl aclname url_regex ^https:// ...

then place the following line before any http_access allow rules

http_access deny aclname

and it is working fine..
Thanks man..
Thnx men, but not work !!
 
Old 03-12-2012, 11:31 AM   #13
disappear
LQ Newbie
 
Registered: Feb 2011
Location: Bulgaria
Distribution: linux(debian 3.1)nokia n900
Posts: 7

Rep: Reputation: 0
Hi to all.Sorry for noob question but after i type:
iptables -t nat -I PREROUTING -m tcp -p tcp --dport 443 -j DROP(for all trafic http)
or
iptables -t nat -I PREROUTING -m tcp -p tcp -d www.example.com --dport 443 -j DROP(for one http)
or
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 443(to redirect traffic to a specific port)

Shoud i stop iptables every time when i using one from above commnads.If the answer yes which command i have to used to stop iptables.I am with ubuntu 11.10
regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables blocks services (HTTPS and FTP) leosgb Linux - Networking 12 04-11-2006 02:13 PM
iptables masquarading problem with https grayFalcon Linux - Networking 1 12-09-2005 09:38 AM
IPTables and PPTPD :S (to block or not to block) thewonka Linux - Networking 0 03-24-2005 07:58 PM
Iptables not allowing outbound https john8675309 Linux - Software 3 09-13-2004 11:41 PM
Iptables and https sturla69 Linux - Security 6 09-16-2003 11:13 PM


All times are GMT -5. The time now is 10:23 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration