csrf meta tags "can they be blocked ?" via iptables

b_unix · 01-02-2014, 04:15 PM

Quick Question

I'm currently running a remote site that uses csrf meta tags

in my iptables
configuration
block site "abc"

if a meta tag was received/requested hdgsebeuicimmeabc
would it be blocked ?

The file was requested and the file exist on the server
I get the requested file with 0 conntent ?

I'm trying to figure if this is a configuration issue at my end or somthing going on at the server end?

wget reports a (406) error ?

Habitual · 01-02-2014, 06:37 PM

406 - Not Acceptable

block like so?

Code:

iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string "abc" --to 1000 -j DROP

b_unix · 01-04-2014, 10:21 AM

Thank-you

A little more detail just to clarify things

the request comes in IE as a html get request
the server see this process the request and responded as required

In this case it returns a js, that request a jquery to render the requested page or part of the page. i'm getting a call to a HTML format as opposed to the correct call to the js file

in the server logs I can see the response to call the html format

Now I can see the client not getting the correct response, as it is filtered buy IPTABLES
what I'm having a hard time getting my head around is why the server is calling the HTML response

Could IPTABLES be responsible in changing the header requested mime type form json to html

any thoughts?

jpollard · 01-04-2014, 12:11 PM

no

IP tables doesn't as a rule do deep packet inspection/filtering. You have to add custom modules for that.

The web server just isn't sending back what you want.