Block Outgoing HTTP traffic
 

Hi,

I am working on a linux server. Is there any tool using which we can block outgoing http traffic based on particular keywords. For example, if we have a webpage that contains the word "creditcard", the outgoing traffic from the webserver to the end user's browser should be blocked.

Please advice...

I'm not sure exactly what you mean, but it sounds like you might be looking for something like this:

Web Traffic Filters

'Hope that helps .. PSM

PS:
Here's another alternative:
http://www.howtoforge.com/perfect_li...ewall_ipcop_p2

Wow, that's a nice challenge for you: just create that program. Linux comes with lots of compilers to get this job done.

What you are proposing here is censorship. It's against the nature of Linux, where we cherish the freedom for all. Perhaps ypu can ask how Google do these things for the totalitarian regimes they prefer to support.
If you don't want people to retrieve that kind of information from your servers, just make sure that that kind of information was not available in the first place.

Taking measures against disclosure of sensitive information could hardly be described as censorship IMHO. While it's clear that nothing beats making sure the information isn't there to begin with, security works well when done in layers. As a side note, application layer solutions such as ModSecurity include these sort of features:

ok...I guess I need to explain this.
Suppose a person has managed to upload a phishing page (For. e.g. a Bank) that asks users for credit card details. The phishing page has a textbox named "creditcard" (where users enter credit card details), then the server's attempt to send the page to the end user's browser should be blocked.
I hope this explains my requirement. I already have snort installed in the server. Is this of any use in my case ?

Hi win32sux,

I didn't know that mod security can be used to block outbound traffic. How can I use this in my case. May I know the rule that should be used.

Who is this "we?" Certainly not me and certainly not you. I bet your servers aren't open to the public. Why else would you be interested in a security forum? You employ censorship to keep people out. If you cherished the "freedom for all" your servers would have no security; everybody would have root access.

If more admins would monitor and restrict outgoing traffic there could be a lot less spam and illegal/fraudulent activity on the internet.

"The nature of Linux" is whatever someone can get it to do (or not do).

Snort can alert based on rules, so perhaps it can be used. However, the example is rather weak, and I hope you're not really basing security on it.

Because in what you stated, all someone would have to do, is rename that field to something else, like "Middlename" or "phone". What you call the variable is meaningless, if you have the source code. And if you're talking about what's on the form...replace the WORDS "Credit Card #", with a small image-file, SAYING those words. Same thing appears onscreen...but skates right past your filter.

To me, though, a filter like this is pointless, and will only really slow down your overall web performance. If you put good security practices in place on your server, harden it up, and make sure your server is only sending pages that YOU wrote, your problem is solved. Eliminate the holes, and the threat is eliminated too. But no matter what you do, that's not going to stop someone internally at your organization from stealing the info if they want it.