Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 240
  • Last Modified:

How to protect my proxy server

I'm using a proxy server written for tomcat on fedora 4. This morning i noticed strange activity coming from a chinese address in my log files. Is there any simple way to protect against abuse without modifying the proxy server?
0
JPERKS1985
Asked:
JPERKS1985
  • 5
  • 2
  • 2
  • +3
1 Solution
 
xDamoxCommented:
Hi,

I would suggest you look into iptables, you could try:

iptables -A INPUT -s 207.46.98.0/24 -j DROP

Replace the 207.46.98.0 ip with the offending IP
0
 
JPERKS1985Author Commented:
It was a chinese proxy I believe, any way to set a list of IPs with permission?
0
 
xDamoxCommented:
Hi,

Yea you can drop all outside connections and only allow internal connections with iptables.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
JPERKS1985Author Commented:
how do I block every IP accept one?
0
 
JPERKS1985Author Commented:
or allow only one certain IP address to access port 8080
0
 
TintinCommented:
What proxy are you running?

If it is squid, then you should edit squid.conf and set appropriate ACL's for your environment.
0
 
JPERKS1985Author Commented:
its a custom proxy.
0
 
ygouthamCommented:
why not create a ACL for your intranet with the following in /etc/squid/squid.conf or whatever conf file

*******************
TAG:  acl intranet 10.10.10.0/255.255.255.0

http_access allow intranet

*******************

that should take care of only intranet using the internet proxy.  you might want to look at other protocols as well before curtailing only http access.

goutham
0
 
JPERKS1985Author Commented:
it has to allow for people outside of the local network. But I will have the IPs of those people.
0
 
ssvlCommented:
add their ip to acl too

do like this



acl outside <ip>

http_access allow outside




0
 
ssvlCommented:
and You need to ac src before the ip


the syntax is


       acl       aclname          src         ip-address/netmask.

For example:

Define an ACL that corresponds to your client's IP addresses.

        acl myclients src 172.16.5.0/24

Next, allow those clients in the http_access list:

        http_access allow myclients



http://www.visolve.com/squid/squid24s1/access_controls.php
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html
0
 
TintinCommented:
Please note that JPERKS1985 has said it is a custom proxy NOT a squid proxy, so all these squid ACL suggestions aren't going to help.
0
 
mymymacCommented:
if you are running GUI, grab firestarter from http://www.fs-security.com/ and you will have a GUI firewall using iptables. from it you can configure what to accept and deny as well as sharing the internet connection.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

  • 5
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now