Route block CONNECT requisitions for apache

Rob Sterenborg rob at sterenborg.info
Sun Nov 27 13:06:58 CET 2005


> I have a apache webserver behind a iptables firewall, and some people
> are trying to abuse from my server probably for spam. I have this
> information on the log of the apache:
> 
> 219.80.160.238 - - [27/Nov/2005:08:56:13 -0200] "CONNECT
> 64.161.246.99:25 HTTP/1.0" 200 6446
> 
> I have a lot of this lines, with some diferent IPs, I already blocked
> all those IPs. 
> 
> I want create a rule that block all those type of connections,
> someone know how can i do? 

You say you already block these connections. So why do you ask ?

- If you have a lot of IP addresses : http://ipset.netfilter.org/ for
creating a set of ip addresses to match
- Use Squid as reverse proxy

> The ideia ir more or less it:
> 
> "everything witch comes for the htttp_port wich contain 'connect type
> connections' must be deny or droped'"

You want content filtering and Netfilter is no good for that. You could
use the string match, but if the string you want to match is divided
over 2 (or more) packets, it won't work.
Use Squid as reverse proxy to block something like this.


Gr,
Rob




More information about the netfilter mailing list