Redirect/Block outgoing HTTP traffic for a specific URL in Ubuntu
Good thing, that HTTP and its headers are sent in cleartext! We can search for the URL in the HTTP Header with the -m string
filter.
Example
We want to block: http://www.example.com/I/am/some/distinguishable/URL
iptables -A OUTPUT -p tcp -m string --string "/I/am/some/distinguishable/URL" --algo kmp -j REJECT --reject-with tcp-reset
Thanks to Dennis for his tip on --reject-with tcp-reset
.
Related videos on Youtube
buschtoens
Updated on September 18, 2022Comments
-
buschtoens over 1 year
On my Ubuntu server I have some custom software running, that connects to its vendor server to search for updates. While this is useful in general, the software is not supposed to update itself for security reasons. I found out that, if there's no internet connection, the software is unable to update, but will still start. But I obviously can't close the connection. The
hosts
file is not an alternative either, as the software needs to connect to the vendor for license checks.So my question is: How can I redirct or block outgoing HTTP traffic for a specific URL.
tl;dr:
http://www.vendor.com/license
should be allowed, buthttp://www.vendor.com/update
should be blocked for outgoing traffic.-
buschtoens about 11 yearsI know, that I can put up some custom proxy, but I want to be the most efficient as possible and looking for other possibilities. Maybe iptables is what I'm looking for?
-
mnmnc about 11 yearsnope. Definitely not IPtables unless you want to compile with additional module that perform analysis on a top layer of OSI/ISO. I guess the easiest would be a setting on a router - some security policy. I think Linksys routers have such option. Linksys WAG320n has such option: i.imgur.com/3d6UmEw.jpg
-
mnmnc about 11 yearsadditionally - if the software updates itself I think there might be a config setting that says to do it. Maybe you are able to change the config ?
-
Dennis about 11 yearsTry REJECT instead of DROP.
-
buschtoens about 11 yearsDoesn't work either...
wget
says "HTTP request sent, awaiting response..." -
Dennis about 11 yearsRight, the problem is that you're "rejecting" the connection after it has already been established. Use
-j REJECT --reject-with tcp-reset
. This will alert the application that the connection has been reset. -
buschtoens about 11 yearsYou rock! It works. :)
-
-
Wayne Tun over 4 yearsit also stopped your own access to your own server . He wants to limit outgoing, I guess.