Solved

How to protect my proxy server

Posted on 2006-11-19
13
226 Views
Last Modified: 2010-04-20
I'm using a proxy server written for tomcat on fedora 4. This morning i noticed strange activity coming from a chinese address in my log files. Is there any simple way to protect against abuse without modifying the proxy server?
0
Comment
Question by:JPERKS1985
  • 5
  • 2
  • 2
  • +3
13 Comments
 
LVL 16

Expert Comment

by:xDamox
ID: 17976066
Hi,

I would suggest you look into iptables, you could try:

iptables -A INPUT -s 207.46.98.0/24 -j DROP

Replace the 207.46.98.0 ip with the offending IP
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976070
It was a chinese proxy I believe, any way to set a list of IPs with permission?
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17976127
Hi,

Yea you can drop all outside connections and only allow internal connections with iptables.
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976304
how do I block every IP accept one?
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976307
or allow only one certain IP address to access port 8080
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17976551
What proxy are you running?

If it is squid, then you should edit squid.conf and set appropriate ACL's for your environment.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976766
its a custom proxy.
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17977409
why not create a ACL for your intranet with the following in /etc/squid/squid.conf or whatever conf file

*******************
TAG:  acl intranet 10.10.10.0/255.255.255.0

http_access allow intranet

*******************

that should take care of only intranet using the internet proxy.  you might want to look at other protocols as well before curtailing only http access.

goutham
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17981256
it has to allow for people outside of the local network. But I will have the IPs of those people.
0
 
LVL 10

Expert Comment

by:ssvl
ID: 17987890
add their ip to acl too

do like this



acl outside <ip>

http_access allow outside




0
 
LVL 10

Expert Comment

by:ssvl
ID: 17987919
and You need to ac src before the ip


the syntax is


       acl       aclname          src         ip-address/netmask.

For example:

Define an ACL that corresponds to your client's IP addresses.

        acl myclients src 172.16.5.0/24

Next, allow those clients in the http_access list:

        http_access allow myclients



http://www.visolve.com/squid/squid24s1/access_controls.php
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17989798
Please note that JPERKS1985 has said it is a custom proxy NOT a squid proxy, so all these squid ACL suggestions aren't going to help.
0
 
LVL 1

Accepted Solution

by:
mymymac earned 500 total points
ID: 18059153
if you are running GUI, grab firestarter from http://www.fs-security.com/ and you will have a GUI firewall using iptables. from it you can configure what to accept and deny as well as sharing the internet connection.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Squid Connection Pools 3 46
Assess most serious Linux privilege escalation bug 17 149
bad ownership or modes for chroot directory 6 68
Reset Root Password on CentOS 6 4 44
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now