Solved

How to protect my proxy server

Posted on 2006-11-19
13
232 Views
Last Modified: 2010-04-20
I'm using a proxy server written for tomcat on fedora 4. This morning i noticed strange activity coming from a chinese address in my log files. Is there any simple way to protect against abuse without modifying the proxy server?
0
Comment
Question by:JPERKS1985
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +3
13 Comments
 
LVL 16

Expert Comment

by:xDamox
ID: 17976066
Hi,

I would suggest you look into iptables, you could try:

iptables -A INPUT -s 207.46.98.0/24 -j DROP

Replace the 207.46.98.0 ip with the offending IP
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976070
It was a chinese proxy I believe, any way to set a list of IPs with permission?
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17976127
Hi,

Yea you can drop all outside connections and only allow internal connections with iptables.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976304
how do I block every IP accept one?
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976307
or allow only one certain IP address to access port 8080
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17976551
What proxy are you running?

If it is squid, then you should edit squid.conf and set appropriate ACL's for your environment.
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17976766
its a custom proxy.
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17977409
why not create a ACL for your intranet with the following in /etc/squid/squid.conf or whatever conf file

*******************
TAG:  acl intranet 10.10.10.0/255.255.255.0

http_access allow intranet

*******************

that should take care of only intranet using the internet proxy.  you might want to look at other protocols as well before curtailing only http access.

goutham
0
 
LVL 1

Author Comment

by:JPERKS1985
ID: 17981256
it has to allow for people outside of the local network. But I will have the IPs of those people.
0
 
LVL 10

Expert Comment

by:ssvl
ID: 17987890
add their ip to acl too

do like this



acl outside <ip>

http_access allow outside




0
 
LVL 10

Expert Comment

by:ssvl
ID: 17987919
and You need to ac src before the ip


the syntax is


       acl       aclname          src         ip-address/netmask.

For example:

Define an ACL that corresponds to your client's IP addresses.

        acl myclients src 172.16.5.0/24

Next, allow those clients in the http_access list:

        http_access allow myclients



http://www.visolve.com/squid/squid24s1/access_controls.php
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17989798
Please note that JPERKS1985 has said it is a custom proxy NOT a squid proxy, so all these squid ACL suggestions aren't going to help.
0
 
LVL 1

Accepted Solution

by:
mymymac earned 500 total points
ID: 18059153
if you are running GUI, grab firestarter from http://www.fs-security.com/ and you will have a GUI firewall using iptables. from it you can configure what to accept and deny as well as sharing the internet connection.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question