Redirect/Block outgoing HTTP traffic for a specific URL in Ubuntu

linux ubuntu networking proxy http
6,576

Good thing, that HTTP and its headers are sent in cleartext! We can search for the URL in the HTTP Header with the -m string filter.

Example

We want to block: http://www.example.com/I/am/some/distinguishable/URL

iptables -A OUTPUT -p tcp -m string --string "/I/am/some/distinguishable/URL" --algo kmp -j REJECT --reject-with tcp-reset

Thanks to Dennis for his tip on --reject-with tcp-reset.

Share:
6,576

Related videos on Youtube

buschtoens
Author by

buschtoens

Updated on September 18, 2022

Comments

  • buschtoens
    buschtoens over 1 year

    On my Ubuntu server I have some custom software running, that connects to its vendor server to search for updates. While this is useful in general, the software is not supposed to update itself for security reasons. I found out that, if there's no internet connection, the software is unable to update, but will still start. But I obviously can't close the connection. The hosts file is not an alternative either, as the software needs to connect to the vendor for license checks.

    So my question is: How can I redirct or block outgoing HTTP traffic for a specific URL.

    tl;dr: http://www.vendor.com/license should be allowed, but http://www.vendor.com/update should be blocked for outgoing traffic.

    • buschtoens
      buschtoens about 11 years
      I know, that I can put up some custom proxy, but I want to be the most efficient as possible and looking for other possibilities. Maybe iptables is what I'm looking for?
    • mnmnc
      mnmnc about 11 years
      nope. Definitely not IPtables unless you want to compile with additional module that perform analysis on a top layer of OSI/ISO. I guess the easiest would be a setting on a router - some security policy. I think Linksys routers have such option. Linksys WAG320n has such option: i.imgur.com/3d6UmEw.jpg
    • mnmnc
      mnmnc about 11 years
      additionally - if the software updates itself I think there might be a config setting that says to do it. Maybe you are able to change the config ?
    • Dennis
      Dennis about 11 years
      Try REJECT instead of DROP.
    • buschtoens
      buschtoens about 11 years
      Doesn't work either... wget says "HTTP request sent, awaiting response..."
    • Dennis
      Dennis about 11 years
      Right, the problem is that you're "rejecting" the connection after it has already been established. Use -j REJECT --reject-with tcp-reset. This will alert the application that the connection has been reset.
    • buschtoens
      buschtoens about 11 years
      You rock! It works. :)
  • Wayne Tun
    Wayne Tun over 4 years
    it also stopped your own access to your own server . He wants to limit outgoing, I guess.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Tinyproxy Refused CONNECT method
Error parsing proxy URL. Bad port number
Python socket module. Connecting to an HTTP proxy then performing a GET request on an external resource
ubuntu 20.04 : snap x509: certificate signed by unknown authority
Apache ProxyPass with dynamic hostname
rtsp over http over a proxy
Ubuntu 16.04 apt-get - Could not resolve 'proxy_server'
How to connect to device via SSH over direct ethernet connection
How to access apache web server on Ubuntu from windows
"Connection closed by (ip adress) port 22" when trying to connect to raspberry pi with ssh