LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Restrict access to webpages that needs to load more than a few seconds (let's say 20) (http://www.linuxquestions.org/questions/linux-networking-3/restrict-access-to-webpages-that-needs-to-load-more-than-a-few-seconds-lets-say-20-a-4175442298/)

artaxerxe 12-20-2012 07:03 AM

Restrict access to webpages that needs to load more than a few seconds (let's say 20)
 
Currently I need to set on my server (CentOS 6.2) a way to restrict for some users access to pages that take more than 10 or 20 seconds to load. Is that possible through iptables? Or what suggestions do you have for this? Are there other ways to get this done?

Thanks.

unSpawn 12-20-2012 07:20 AM

Quote:

Originally Posted by artaxerxe (Post 4853636)
Is that possible through iptables?

How about using a proxy that times out requests after say 15 seconds?

artaxerxe 12-20-2012 07:21 AM

Restrict access to webpages that needs to load more than a few seconds (let's say 20)
 
I'm trying to put some restrictions for specific users on my LAN. So I need to restrict access to a webpage for a specific user. What suggestions do you have for this? Is that possible through iptables (remember: restrict on webpage, not on IP)? I know that can be possible through squid (for the whole lan I think), but I would be more glad to implement it through iptables or something like this if possible.

artaxerxe 12-20-2012 07:30 AM

Quote:

Originally Posted by unSpawn (Post 4853648)
How about using a proxy that times out requests after say 15 seconds?

I don't know exactly how to do that with squid, but after some research I guess I will get it (if have some hints, you can guide me). I'm just wondering if it's possible to do that with iptables. Probably in some contexts it will be more comfortable for me. I'm looking for possibilities that I have.

Thanks.

unSpawn 12-20-2012 08:47 AM

Quote:

Originally Posted by artaxerxe (Post 4853660)
I'm just wondering if it's possible to do that with iptables. Probably in some contexts it will be more comfortable for me.

Yes,you can probably get the iptables string match module to block something but basically Netfilter concerns itself only with what the network layer holds. Making it do things it wasn't meant for is inefficient (filter-wise it will always be incomplete), circumventable (you won't be able to get all the permutations in anyway) and it'll be a complete performance drain. In short: worse than a kludge. Maybe there's more to all of this but I shouldn't have to ask you again to be detailed and verbose about things, unless you want to show you haven't learned from your previous thread (about a month ago).

artaxerxe 12-21-2012 01:47 AM

Quote:

Originally Posted by unSpawn (Post 4853708)
... making it do things it wasn't meant for is inefficient (filter-wise it will always be incomplete), circumventable (you won't be able to get all the permutations in anyway) and it'll be a complete performance drain... In short: worse than a kludge.

Thanks. That's what I needed to know. At least for now.

jschiwal 12-21-2012 01:56 AM

I copied post #3 from a duplicate thread. You will probably apply the same solution to both which are variations on a theme.

tonyfreeman 12-21-2012 10:13 PM

If the web page is a php page, then you can put some logic at the top of the page to check for the IP address accessing it and redirect them out of there to another page.

Also, if the web server is apache, then you can use mod_rewrite to redirect IP addresses out of particular areas of the website.


All times are GMT -5. The time now is 06:00 AM.