Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello
i am a linux newbie and i want to block a specific IP that lies behind a proxy server using iptables.
how i can do this?!
in php i can block this IP by using the HTTP_X_FORWARDED_FOR server enviroment.
but how i can do it in the iptables?!
thanx
Well, if the connection is being forwarded by a proxy, I don't think there's a good way to block just that connection, since proxy information is not recorded in the IP packet header (the HTTP_X_FORWARDED_FOR is part of the HTTP protocol, while iptables works at a lower level). You could always block all connections from that particular proxy, using the method Moy described.
Thanx but that didnt block it.
maybe i should explain further.
there is only one ISP in my country, and this ISP is using cache proxy server. therefore, all the users are having two IPs:
the first IP: xxx.xxx.xxx.xxx which is the proxy IP
the second IP: yyy.yyy.yyy.yyywhich is the user's real IP
if i blocked the first IP,which is the proxy IP, all the users in my country wont be able to browse my site and my site will be useless.
i need to block the real user IP, not the proxy IP. how i can do that??!
Originally posted by btmiller Well, if the connection is being forwarded by a proxy, I don't think there's a good way to block just that connection, since proxy information is not recorded in the IP packet header (the HTTP_X_FORWARDED_FOR is part of the HTTP protocol, while iptables works at a lower level). You could always block all connections from that particular proxy, using the method Moy described.
hmmm
is there any way to block it from apache!? like editing httpd.conf?!
I am guessing you are wanting to restrict access to your website from certain IP's. Maybe squid has an acl that looks at headers..? You could then use transparent proxy in front of your webserver to control access.
Have a look at the "external_acl_type" squid.conf tag with "%{Header} HTTP request header" parameter - not sure if that could work.
Otherwise, as Moy suggested, you can use iptables.
iptables -A INPUT -p tcp --dport 80 -s xx.xx.xx.xx -j ACCEPT # this would be the ISP's proxy address
iptables -A INPUT -p tcp --dport 80 -j DROP # or -j REJECT for nicer.
The above rules will not affect https traffic. Note that if your ISP is using transparent proxy, they probably would not be transparent proxy'ing https traffic, so all secure connections would be from the users' actual IP address, so using rules above for port 443 would probably more or less block everyones access to https on your site.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
