IPTables to Drop HTTP POST traffic

Hi,

I hope that somebody might help me with this.

I would like to know some iptables rule to drop all external traffic coming to port 80 in my domain (IP) using the HTTP header POST.

.. namely, droping the connection for any kind of post done by people in a specific website, and using IPtables instead of doing it with Apache.

Seems there is a "string" command in IPTables to regex this, so I think it's possible.

In summary, a translation of the following to the firewall language ...Is this possible?

Thank you very much in advance.

Mapg

Where are you stuck?

If you're looking for the documentation, search for "--string" in the iptables man page. If your system doesn't have the man pages installed, searching for "man iptables" finds several copies on line.

If you've tried a rule that isn't working, what command did you try? What errors/or unexpected behavior are you seeing?


Any particular reason why you're doing this in the firewall? The webserver should have better controls to disallow requests and I'd be worried about adding a "HEADER.PNG" to a page and send things crashing down.

Thank you OmegaZero. It's a long story.

Is this rule correct?

iptables -I INPUT -d my_server_ip -p tcp --dport 80 -m string --string 'POST /' --algo bm -j DROP

Thank you!

Mapg

It looks fine to me, but that's not saying anything. Run it against a *nix box and test it to know for sure.

Thank you OmegaZero for your help.

Cheers!

Mapg