#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Posts
    200
    Rep Power
    12

    Red face IPTables to Drop HTTP POST traffic


    Hi,

    I hope that somebody might help me with this.

    I would like to know some iptables rule to drop all external traffic coming to port 80 in my domain (IP) using the HTTP header POST.

    .. namely, droping the connection for any kind of post done by people in a specific website, and using IPtables instead of doing it with Apache.

    Seems there is a "string" command in IPTables to regex this, so I think it's possible.

    In summary, a translation of the following to the firewall language ...
    Code:
    <Limit POST>
    order deny,allow
    deny from all
    </Limit>
    Is this possible?

    Thank you very much in advance.

    Mapg
    Last edited by mapg; September 7th, 2012 at 05:23 AM.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    May 2007
    Posts
    765
    Rep Power
    929
    Where are you stuck?

    If you're looking for the documentation, search for "--string" in the iptables man page. If your system doesn't have the man pages installed, searching for "man iptables" finds several copies on line.

    If you've tried a rule that isn't working, what command did you try? What errors/or unexpected behavior are you seeing?


    Any particular reason why you're doing this in the firewall? The webserver should have better controls to disallow requests and I'd be worried about adding a "HEADER.PNG" to a page and send things crashing down.
    sub{*{$::{$_}}{CODE}==$_[0]&& print for(%:: )}->(\&Meh);
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Posts
    200
    Rep Power
    12
    Thank you OmegaZero. It's a long story.

    Is this rule correct?

    iptables -I INPUT -d my_server_ip -p tcp --dport 80 -m string --string 'POST /' --algo bm -j DROP

    Thank you!

    Mapg
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    May 2007
    Posts
    765
    Rep Power
    929
    It looks fine to me, but that's not saying anything. Run it against a *nix box and test it to know for sure.
    sub{*{$::{$_}}{CODE}==$_[0]&& print for(%:: )}->(\&Meh);
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Posts
    200
    Rep Power
    12
    Thank you OmegaZero for your help.

    Cheers!

    Mapg

IMN logo majestic logo threadwatch logo seochat tools logo