Solved

How to protect my proxy server

Posted on 2006-11-19
13
224 Views
Last Modified: 2010-04-20
I'm using a proxy server written for tomcat on fedora 4. This morning i noticed strange activity coming from a chinese address in my log files. Is there any simple way to protect against abuse without modifying the proxy server?
0
Comment
Question by:JPERKS1985
  • 5
  • 2
  • 2
  • +3
13 Comments
 
LVL 16

Expert Comment

by:xDamox
ID: 17976066
Hi,

I would suggest you look into iptables, you could try:

iptables -A INPUT -s 207.46.98.0/24 -j DROP

Replace the 207.46.98.0 ip with the offending IP
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976070
It was a chinese proxy I believe, any way to set a list of IPs with permission?
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17976127
Hi,

Yea you can drop all outside connections and only allow internal connections with iptables.
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976304
how do I block every IP accept one?
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976307
or allow only one certain IP address to access port 8080
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17976551
What proxy are you running?

If it is squid, then you should edit squid.conf and set appropriate ACL's for your environment.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976766
its a custom proxy.
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17977409
why not create a ACL for your intranet with the following in /etc/squid/squid.conf or whatever conf file

*******************
TAG:  acl intranet 10.10.10.0/255.255.255.0

http_access allow intranet

*******************

that should take care of only intranet using the internet proxy.  you might want to look at other protocols as well before curtailing only http access.

goutham
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17981256
it has to allow for people outside of the local network. But I will have the IPs of those people.
0
 
LVL 10

Expert Comment

by:ssvl
ID: 17987890
add their ip to acl too

do like this



acl outside <ip>

http_access allow outside




0
 
LVL 10

Expert Comment

by:ssvl
ID: 17987919
and You need to ac src before the ip


the syntax is


       acl       aclname          src         ip-address/netmask.

For example:

Define an ACL that corresponds to your client's IP addresses.

        acl myclients src 172.16.5.0/24

Next, allow those clients in the http_access list:

        http_access allow myclients



http://www.visolve.com/squid/squid24s1/access_controls.php
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17989798
Please note that JPERKS1985 has said it is a custom proxy NOT a squid proxy, so all these squid ACL suggestions aren't going to help.
0
 
LVL 1

Accepted Solution

by:
mymymac earned 500 total points
ID: 18059153
if you are running GUI, grab firestarter from http://www.fs-security.com/ and you will have a GUI firewall using iptables. from it you can configure what to accept and deny as well as sharing the internet connection.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now