asked on

IPTABLES blocking domains and files send a message to the users browser

I have iptables setup to block certain domains. I would like to know two things how to also block files or extensions and also when a domain/file or anything is blocked send a message to their browser. Load a simple HTML file anything of that nature. Thanks in advance.

ASKER CERTIFIED SOLUTION

alextoft

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

madunix

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

georgopanos

ASKER

Ok much appreciated I have very basically used squid before after setting up apache. I will definitly read about squid if it will make life easier. Is it possible though to be able to at least not send messages but just block file extensions using IPTABLES? I mean you can block ports, ip's, domains I could not see why you could not block a file extension.

alextoft

The reason being that in order to block a file extension (say for example in an HTTP GET request), you need to start disassembling the traffic. IPtables can see source address, destination addresses, ports, protocols etc.... doing deep packet inspection and putting TCP packet sequences back together on-the-fly using IPtables is not very practical.

You may wish to familiarise yourself with the OSI model. IP traffic is way down on the network layer (3), whereas http requests fall firmly into application layer traffic (7). Very different ball game. IPtables is designed to work with the former, Squid with the latter.

georgopanos

ASKER

Thank you both for your help, much appreciated.