IPTables to Drop HTTP POST traffic

**mapg** · Sep 7, 2012 02:27

Hi,

I hope that somebody might help me with this.

I would like to know some iptables rule to drop all external traffic coming to port 80 in my domain (IP) using the HTTP header POST.

.. namely, droping the connection for any kind of post done by people in a specific website, and using IPtables instead of doing it with Apache.

Seems there is a "string" command in IPTables to regex this, so I think it's possible.

In summary, a translation of the following to the firewall language ...

Code:

<Limit POST>
order deny,allow
deny from all
</Limit>

Is this possible?

Thank you very much in advance.

Mapg

**cpradio** · Sep 7, 2012 02:48

This may help you http://spamcleaner.org/en/misc/w00tw00t.html, change GET to POST and I think it would apply to your situation

**mapg** · Sep 7, 2012 10:24

Thank you cpradio!

Is this rule correct?

iptables -I INPUT -d my_server_ip -p tcp --dport 80 -m string --string 'POST /' --algo bm -j DROP

Thank you!

Mapg

**cpradio** · Sep 7, 2012 11:16

That rule looks like it would be valid.

In all honesty, I'm not the best iptables person in the world, so if someone else out there is decent at it, please add your thoughts.

**mapg** · Sep 9, 2012 01:34

Thank you CPRadio for your help.

Cheers!

Mapg

User Tag List

Thread: IPTables to Drop HTTP POST traffic

Thread Tools

Display

IPTables to Drop HTTP POST traffic

Bookmarks

Bookmarks

Posting Permissions