LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-25-2009, 10:38 AM   #1
curtisa
Member
 
Registered: Oct 2005
Location: Switzerland
Distribution: Ubuntu
Posts: 33

Rep: Reputation: 16
A fail2ban equivalent for http when someone uses my website as a proxy ?...


Hi all,
Does anyone know if there's a fail2ban type equivalent to try and detect and then block ips which are using my apache2 as a proxy?

I would like to have 'proxy' and 'proxy_http' enabled on apache2 for my own use but I see others are then using it as a proxy. At the moment I'm manually entering an iptables DROP command for each IP.

Is there a way to dynamically drop the IP's (but only those which are trying to proxy)?.

Can anyone suggestion anything please?

Thanks,
Alex

P.S. This is what I'm seeing my my log files and which I'm assuming means someone is using it as a proxy...

Code:
XXX.XXX.XXX.XXX - - [25/Mar/2009:16:04:16 +0100] "GET http://www.somewebsite.com HTTP/1.1" 403 - "http://www.someotherwebsite.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
 
Old 03-25-2009, 12:30 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,817

Rep: Reputation: 610Reputation: 610Reputation: 610Reputation: 610Reputation: 610Reputation: 610
That 403 means they were forbidden. Compare to a line when you use it.
 
Old 03-25-2009, 12:32 PM   #3
curtisa
Member
 
Registered: Oct 2005
Location: Switzerland
Distribution: Ubuntu
Posts: 33

Original Poster
Rep: Reputation: 16
Yep that was after I'd manually blocked them, there were others before which weren't 403.
 
Old 03-25-2009, 02:48 PM   #4
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,817

Rep: Reputation: 610Reputation: 610Reputation: 610Reputation: 610Reputation: 610Reputation: 610
Add authentication?
 
Old 03-25-2009, 02:54 PM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
How about you just add the IPs you'd like to see permitted, and drop
everything else rather than adding a rule for each and every person
you don't want there ... ?
 
Old 03-28-2009, 02:36 AM   #6
curtisa
Member
 
Registered: Oct 2005
Location: Switzerland
Distribution: Ubuntu
Posts: 33

Original Poster
Rep: Reputation: 16
It's actually a website which I want visible, I just don't want it used as a proxy server so adding authentication is probably not what I want. However I think I overlooked the obvious before asking. I can actually use fail2ban for this very purpose and I've almost got it working as I want.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there any squid equivalent proxy available for Windows ZAMO Linux - General 2 12-10-2008 03:12 AM
New website http://www.lpi2b.com ve6hf` Linux - Certification 1 07-30-2005 05:56 PM
suse equivalent to easy urpmi website slim27616 SUSE / openSUSE 1 02-05-2005 10:57 AM
"socks5" -> "http" proxy protocol, or ssh tunnel to sock5 ? I'm beyond http p vmicho Linux - Networking 2 12-16-2003 05:32 AM


All times are GMT -5. The time now is 05:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration