How to protect my proxy server

I'm using a proxy server written for tomcat on fedora 4. This morning i noticed strange activity coming from a chinese address in my log files. Is there any simple way to protect against abuse without modifying the proxy server?
LVL 1
JPERKS1985Asked:
Who is Participating?
 
mymymacCommented:
if you are running GUI, grab firestarter from http://www.fs-security.com/ and you will have a GUI firewall using iptables. from it you can configure what to accept and deny as well as sharing the internet connection.
0
 
xDamoxCommented:
Hi,

I would suggest you look into iptables, you could try:

iptables -A INPUT -s 207.46.98.0/24 -j DROP

Replace the 207.46.98.0 ip with the offending IP
0
 
JPERKS1985Author Commented:
It was a chinese proxy I believe, any way to set a list of IPs with permission?
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

 
xDamoxCommented:
Hi,

Yea you can drop all outside connections and only allow internal connections with iptables.
0
 
JPERKS1985Author Commented:
how do I block every IP accept one?
0
 
JPERKS1985Author Commented:
or allow only one certain IP address to access port 8080
0
 
TintinCommented:
What proxy are you running?

If it is squid, then you should edit squid.conf and set appropriate ACL's for your environment.
0
 
JPERKS1985Author Commented:
its a custom proxy.
0
 
ygouthamCommented:
why not create a ACL for your intranet with the following in /etc/squid/squid.conf or whatever conf file

*******************
TAG:  acl intranet 10.10.10.0/255.255.255.0

http_access allow intranet

*******************

that should take care of only intranet using the internet proxy.  you might want to look at other protocols as well before curtailing only http access.

goutham
0
 
JPERKS1985Author Commented:
it has to allow for people outside of the local network. But I will have the IPs of those people.
0
 
ssvlCommented:
add their ip to acl too

do like this



acl outside <ip>

http_access allow outside




0
 
ssvlCommented:
and You need to ac src before the ip


the syntax is


       acl       aclname          src         ip-address/netmask.

For example:

Define an ACL that corresponds to your client's IP addresses.

        acl myclients src 172.16.5.0/24

Next, allow those clients in the http_access list:

        http_access allow myclients



http://www.visolve.com/squid/squid24s1/access_controls.php
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html
0
 
TintinCommented:
Please note that JPERKS1985 has said it is a custom proxy NOT a squid proxy, so all these squid ACL suggestions aren't going to help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.