?
Solved

How to protect my proxy server

Posted on 2006-11-19
13
Medium Priority
?
233 Views
Last Modified: 2010-04-20
I'm using a proxy server written for tomcat on fedora 4. This morning i noticed strange activity coming from a chinese address in my log files. Is there any simple way to protect against abuse without modifying the proxy server?
0
Comment
Question by:JPERKS1985
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +3
13 Comments
 
LVL 16

Expert Comment

by:xDamox
ID: 17976066
Hi,

I would suggest you look into iptables, you could try:

iptables -A INPUT -s 207.46.98.0/24 -j DROP

Replace the 207.46.98.0 ip with the offending IP
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976070
It was a chinese proxy I believe, any way to set a list of IPs with permission?
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17976127
Hi,

Yea you can drop all outside connections and only allow internal connections with iptables.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976304
how do I block every IP accept one?
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976307
or allow only one certain IP address to access port 8080
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17976551
What proxy are you running?

If it is squid, then you should edit squid.conf and set appropriate ACL's for your environment.
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976766
its a custom proxy.
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17977409
why not create a ACL for your intranet with the following in /etc/squid/squid.conf or whatever conf file

*******************
TAG:  acl intranet 10.10.10.0/255.255.255.0

http_access allow intranet

*******************

that should take care of only intranet using the internet proxy.  you might want to look at other protocols as well before curtailing only http access.

goutham
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17981256
it has to allow for people outside of the local network. But I will have the IPs of those people.
0
 
LVL 10

Expert Comment

by:ssvl
ID: 17987890
add their ip to acl too

do like this



acl outside <ip>

http_access allow outside




0
 
LVL 10

Expert Comment

by:ssvl
ID: 17987919
and You need to ac src before the ip


the syntax is


       acl       aclname          src         ip-address/netmask.

For example:

Define an ACL that corresponds to your client's IP addresses.

        acl myclients src 172.16.5.0/24

Next, allow those clients in the http_access list:

        http_access allow myclients



http://www.visolve.com/squid/squid24s1/access_controls.php
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17989798
Please note that JPERKS1985 has said it is a custom proxy NOT a squid proxy, so all these squid ACL suggestions aren't going to help.
0
 
LVL 1

Accepted Solution

by:
mymymac earned 2000 total points
ID: 18059153
if you are running GUI, grab firestarter from http://www.fs-security.com/ and you will have a GUI firewall using iptables. from it you can configure what to accept and deny as well as sharing the internet connection.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month14 days, 8 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question