LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Question on securing port80 from upload (http://www.linuxquestions.org/questions/linux-security-4/question-on-securing-port80-from-upload-845437/)

ahmedkamel1355 11-20-2010 12:52 AM

Question on securing port80 from upload
 
Hello,
I am using a linux fedora 12.0 with L7 filter and proxy as the main firewall for my system composed of some several hundred pcs. The port 80 is open for certain mac addresses these computers, that is to say that , only a few of these computers have access to internet and others have been denied. However, they have access to two specific websites on internet .
I would like to know that if there is a virus attack through these websites in form of executable adwares or malwares, can this linux firewall detect any information that might be directed out of those computers to the attacking source? In other words, is there s tuning in L7 filter or any other filter that can detect transfer of files or some bites through port 80 unrelated to normal http requests?
Thanks

win32sux 11-20-2010 06:32 AM

Quote:

Originally Posted by ahmedkamel1355 (Post 4165043)
detect transfer of files or some bites through port 80 unrelated to normal http requests?

Maybe you could implement an ACL in your proxy server which checks for HTTP methods (with the objective being to block anything that doesn't match). For example, if you're using Squid you could do something like:
Code:

acl http_port port 80
acl http_methods method GET POST
http_access deny http_port !http_methods



All times are GMT -5. The time now is 11:48 AM.