IPTables to Drop HTTP POST traffic

mapg · September 7, 2012, 9:27am

Hi,

I hope that somebody might help me with this.

I would like to know some iptables rule to drop all external traffic coming to port 80 in my domain (IP) using the HTTP header POST.

… namely, droping the connection for any kind of post done by people in a specific website, and using IPtables instead of doing it with Apache.

Seems there is a “string” command in IPTables to regex this, so I think it’s possible.

In summary, a translation of the following to the firewall language …


<Limit POST>
order deny,allow
deny from all
</Limit>

Is this possible?

Thank you very much in advance.

Mapg

cpradio · September 7, 2012, 9:48am

This may help you http://spamcleaner.org/en/misc/w00tw00t.html, change GET to POST and I think it would apply to your situation

mapg · September 7, 2012, 5:24pm

Thank you cpradio!

Is this rule correct?

iptables -I INPUT -d my_server_ip -p tcp --dport 80 -m string --string ‘POST /’ --algo bm -j DROP

Thank you!

Mapg

cpradio · September 7, 2012, 6:16pm

That rule looks like it would be valid.

In all honesty, I’m not the best iptables person in the world, so if someone else out there is decent at it, please add your thoughts.

mapg · September 9, 2012, 8:34am

Thank you CPRadio for your help.

Cheers!

Mapg

Topic		Replies	Views
Basic iptables question Server Config	8	840	October 8, 2014
Access Control List Server Config security	2	785	October 8, 2014
Iptables for web server Server Config	10	1337	October 8, 2014
Blocking all ips except localhost Server Config	3	3870	December 26, 2010
Web Server - Traffic Crash? Hosting	6	663	March 12, 2010