|
Custom iptables redirect
Hello,
Currently, I'm running two websites on the same IP with apache virtualhost. One of the sites gets often attacked by bots so what I did is redirect those IPs to a third virtual host that is listening on port 88 and displays a 'your ip has been blocked page'. What i've used to redirect traffic is: Code:
iptables -t nat -A PREROUTING -p tcp -s ATTACKING-IP --dport 80 -j REDIRECT --to 88If an ip has currently a redirect rule in iptables, if it tries to access website1 or website2, it gets redirected to virtualhost:88, i am trying to make it so if an iptables redirect ip tries to access website1, to get redirected to virtualhost:88, but if the same ip tries to access website2, it displays the normal website2, Can this be done with a single IP? Thank you! |
Quote:
However what you'll need to do is packet inspection. You'll need to inspect the content to detect the HOST: http header in the request. Roughly you'll need something like (untested!) Code:
-p tcp --dport 80 -m string --algo bm --string 'HOST: website1.domain.name' |
Thank you for your reply
Code:
iptables -t nat -A PREROUTING -p tcp -s test.ip --dport 80 -m string --algo bm --string 'HOST: website1' -j REDIRECT --to 88 |
write answer by Ten Tenths,this will help other as well as me , thanks Ten Tenths.
netguy. |
| All times are GMT -5. The time now is 09:14 PM. |