LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   blocking an IP using iptables (https://www.linuxquestions.org/questions/linux-security-4/blocking-an-ip-using-iptables-270556/)

picox 12-26-2004 03:31 PM

blocking an IP using iptables
 
Hello
i am a linux newbie and i want to block a specific IP that lies behind a proxy server using iptables.
how i can do this?!
in php i can block this IP by using the HTTP_X_FORWARDED_FOR server enviroment.
but how i can do it in the iptables?!
thanx

Moy Easwaran 12-26-2004 04:18 PM

Code:

iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
(or --source instead of -s for greater readability)

The iptables web-page (netfilter.org) has FAQs and HOWTOs.

Moy

btmiller 12-26-2004 04:53 PM

Well, if the connection is being forwarded by a proxy, I don't think there's a good way to block just that connection, since proxy information is not recorded in the IP packet header (the HTTP_X_FORWARDED_FOR is part of the HTTP protocol, while iptables works at a lower level). You could always block all connections from that particular proxy, using the method Moy described.

picox 12-26-2004 04:57 PM

Thanx but that didnt block it.
maybe i should explain further.
there is only one ISP in my country, and this ISP is using cache proxy server. therefore, all the users are having two IPs:
the first IP: xxx.xxx.xxx.xxx which is the proxy IP
the second IP: yyy.yyy.yyy.yyy which is the user's real IP

if i blocked the first IP,which is the proxy IP, all the users in my country wont be able to browse my site and my site will be useless.

i need to block the real user IP, not the proxy IP. how i can do that??!

picox 12-26-2004 05:00 PM

Quote:

Originally posted by btmiller
Well, if the connection is being forwarded by a proxy, I don't think there's a good way to block just that connection, since proxy information is not recorded in the IP packet header (the HTTP_X_FORWARDED_FOR is part of the HTTP protocol, while iptables works at a lower level). You could always block all connections from that particular proxy, using the method Moy described.
hmmm
is there any way to block it from apache!? like editing httpd.conf?!

brettcave 12-27-2004 12:34 AM

I am guessing you are wanting to restrict access to your website from certain IP's. Maybe squid has an acl that looks at headers..? You could then use transparent proxy in front of your webserver to control access.
Have a look at the "external_acl_type" squid.conf tag with "%{Header} HTTP request header" parameter - not sure if that could work.


Otherwise, as Moy suggested, you can use iptables.
iptables -A INPUT -p tcp --dport 80 -s xx.xx.xx.xx -j ACCEPT # this would be the ISP's proxy address
iptables -A INPUT -p tcp --dport 80 -j DROP # or -j REJECT for nicer.

The above rules will not affect https traffic. Note that if your ISP is using transparent proxy, they probably would not be transparent proxy'ing https traffic, so all secure connections would be from the users' actual IP address, so using rules above for port 443 would probably more or less block everyones access to https on your site.

mign5856 12-10-2010 03:07 AM

I have same question...,haven't any answer?
 
I have same question...,haven't any answer?

win32sux 12-10-2010 02:00 PM

mign5856, please start your own thread instead of resurrecting one that's been dead for six years.


All times are GMT -5. The time now is 07:12 AM.