Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
10-18-2006, 01:24 AM
|
#1
|
LQ Newbie
Registered: Aug 2006
Posts: 17
Rep:
|
how to block https using iptables
Hi,
I am using RHEL 4 AS version on which our firewall ( using iptables ) has been configured. Here I want to block particular website which uses https, say for example https://abc.com.
Is it possible to do with iptables.
Also I want to know how it can be achieved using squid proxy to filter https traffic.
Thanks in advance.
|
|
|
10-18-2006, 02:03 AM
|
#2
|
Member
Registered: May 2006
Location: India
Distribution: RHEL,CentOS,BSD,Ubuntu
Posts: 59
Rep:
|
Regex
you can use the REGEX utility in squid .
See the squid documentation
Last edited by hhvv; 10-18-2006 at 02:05 AM.
|
|
|
10-18-2006, 02:07 AM
|
#3
|
LQ Newbie
Registered: Aug 2006
Posts: 17
Original Poster
Rep:
|
Quote:
Originally Posted by hhvv
you can use the REGEX utility in squid .
See the squid documentation
|
But I think REGEX utility works only for http.
https uses CONNECT. am i right?
|
|
|
10-18-2006, 03:22 AM
|
#4
|
Member
Registered: May 2006
Location: India
Distribution: RHEL,CentOS,BSD,Ubuntu
Posts: 59
Rep:
|
DansGuardian
Hmm,
Ok anyway just try dansguardian
There you can block URLs,domains,etc
|
|
|
10-18-2006, 04:26 AM
|
#5
|
Member
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222
Rep:
|
You can block access to all https based sites with iptables using the following rule:
iptables -t nat -I PREROUTING -m tcp -p tcp --dport 443 -j DROP
To block particular sites use the -d option to specify the hostname.
iptables -t nat -I PREROUTING -m tcp -p tcp -d www.example.com --dport 443 -j DROP
Last edited by SlackDaemon; 10-18-2006 at 04:29 AM.
|
|
|
10-18-2006, 05:03 AM
|
#6
|
LQ Newbie
Registered: Aug 2006
Posts: 17
Original Poster
Rep:
|
Quote:
Originally Posted by SlackDaemon
You can block access to all https based sites with iptables using the following rule:
iptables -t nat -I PREROUTING -m tcp -p tcp --dport 443 -j DROP
To block particular sites use the -d option to specify the hostname.
iptables -t nat -I PREROUTING -m tcp -p tcp -d www.example.com --dport 443 -j DROP
|
Thanks dude. It's working.
Also can u tell me how to do it by using squid proxy.
Last edited by pavangogineni; 10-18-2006 at 05:11 AM.
|
|
|
10-18-2006, 05:30 AM
|
#7
|
Member
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222
Rep:
|
Try defining a regular expression ACL as follows
acl aclname url_regex ^https:// ...
then place the following line before any http_access allow rules
http_access deny aclname
|
|
|
10-18-2006, 05:46 AM
|
#8
|
LQ Newbie
Registered: Aug 2006
Posts: 17
Original Poster
Rep:
|
Quote:
Originally Posted by SlackDaemon
Try defining a regular expression ACL as follows
acl aclname url_regex ^https:// ...
then place the following line before any http_access allow rules
http_access deny aclname
|
I'll check it tonight and let u know.
Any how thank u very much man.
|
|
|
10-18-2006, 06:55 AM
|
#9
|
Member
Registered: Apr 2006
Location: Place for all OpenSource
Distribution: OpenBSD 4.1, FC5
Posts: 50
Rep:
|
Im using Trustix as my proxy,i had problem blocking with url_regex. it didnt work so well.so i dont use that way.now im using dansguardian,working well tho.but,dansguardian lil bit aggresive with the rules.
Regards
|
|
|
10-19-2006, 01:56 AM
|
#10
|
LQ Newbie
Registered: Aug 2006
Posts: 17
Original Poster
Rep:
|
I used this in my squid proxy
acl aclname url_regex ^https:// ...
then place the following line before any http_access allow rules
http_access deny aclname
and it is working fine..
Thanks man..
|
|
|
10-19-2006, 01:58 AM
|
#11
|
LQ Newbie
Registered: Sep 2006
Posts: 18
Rep:
|
A firewall prevents all network access to your server (with certain exceptions that you will specify).
You can configure a firewall on your VPS using the Webmin control panel. The iptables command will actually implement the firewall rules.
Before you decide to set up a firewall, please consider... 1) Misconfiguring a firewall can prevent you from accessing your own server. 2) The best way to prevent someone from accessing services on your VPS is to simply not run those services. 3) Firewalls don't protect you from insecure services. So keep your server up to date with the latest security patches. For example, using apt-get update; apt-get upgrade.
Note: A few people with mulitple IPs have reported this HOWTO does not work for them. So we recommend following this HOWTO on servers with a single IP only.
Discouraged yet? If you still want to proceed setting up a firewall, here goes...
Go to your Webmin control panel. Select Networking | Linux Firewall. Webmin will offer to create default rules for you. Select the "Block all except SSH, IDENT, ping and high ports on interface" option. You don't need to enter anything in the input to the right of the "eth0" combo.
On the resulting page there will be an option "If protocol is TCP and destination port is ssh". Select that option. On the Edit Rule page, go down to the "Destination TCP or UDP port" option. Change the option from equalling "ssh" to equalling "ssh,www,https,pop3,smtp,imap,imaps,pop3s,10000". Add in whatever other ports you need, or remove ports you want to exclude. Hit Save.
Click 'Add Rule'. For Rule Comment set "Allow traceroutes". Action to Take is 'Accept'. Set Network Protocol 'Equals' 'UDP'. Set Destination TCP or UDP port 'Equals' 'Port Range' '33434' to '33523'.
Hit Apply Configuration. Check that 'Activate at Boot' is Yes.
On your VPS you should now be able to run iptables --list and get a list of all your iptable rules. You can remove all the rules by stopping iptables: /etc/init.d/iptables stop. You can also stop the iptables service from running at startup by running chkconfig --del iptables. Or you can remove the iptables rules by running echo "" > /etc/sysconfig/iptables
|
|
|
02-15-2011, 09:37 AM
|
#12
|
Member
Registered: May 2009
Posts: 102
Rep:
|
Quote:
Originally Posted by pavangogineni
I used this in my squid proxy
acl aclname url_regex ^https:// ...
then place the following line before any http_access allow rules
http_access deny aclname
and it is working fine..
Thanks man..
|
Thnx men, but not work !!
|
|
|
03-12-2012, 11:31 AM
|
#13
|
LQ Newbie
Registered: Feb 2011
Location: Bulgaria
Distribution: linux(debian 3.1)nokia n900
Posts: 7
Rep:
|
Hi to all.Sorry for noob question but after i type:
iptables -t nat -I PREROUTING -m tcp -p tcp --dport 443 -j DROP(for all trafic http)
or
iptables -t nat -I PREROUTING -m tcp -p tcp -d www.example.com --dport 443 -j DROP(for one http)
or
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 443(to redirect traffic to a specific port)
Shoud i stop iptables every time when i using one from above commnads.If the answer yes which command i have to used to stop iptables.I am with ubuntu 11.10
regards
|
|
|
All times are GMT -5. The time now is 07:56 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|