IPTABLES blocking domains and files send a message to the users browser

Posted on 2009-12-30
Last Modified: 2013-12-16
I have iptables setup to block certain domains. I would like to know two things how to also block files or extensions and also when a domain/file or anything is blocked send a message to their browser. Load a simple HTML file anything of that nature. Thanks in advance.
Question by:georgopanos
    LVL 19

    Accepted Solution

    iptables is hardly ideal for your requirements.  It works at the IP layer; you want something a bit higher up the food chain than that.

    Squid can easily cater for all your requirements, blocking via whatever mask you like, and displaying custom "access denied" pages.  You can install Squid as a transparent proxy on your gateway without the need for browser config modifications.
    LVL 25

    Assisted Solution

    set up Squid proxy server, indeed squid is the best but keep in mind it requires times and skills to install, manage and configure it with other components. I used it in many complex environments with success but again you need  the skill in Linux and squid (open source packages)...


    Author Comment

    Ok  much appreciated I have very basically used squid before after setting up apache. I will definitly read about squid if it will make life easier. Is it possible though to be able to at least not send messages but just block file extensions using IPTABLES? I mean you can block ports, ip's, domains I could not see why you could not block a file extension.
    LVL 19

    Expert Comment

    The reason being that in order to block a file extension (say for example in an HTTP GET request), you need to start disassembling the traffic. IPtables can see source address, destination addresses, ports, protocols etc.... doing deep packet inspection and putting TCP packet sequences back together on-the-fly using IPtables is not very practical.

    You may wish to familiarise yourself with the OSI model.  IP traffic is way down on the network layer (3), whereas http requests fall firmly into application layer traffic (7). Very different ball game. IPtables is designed to work with the former, Squid with the latter.

    Author Closing Comment

    Thank you both for your help, much appreciated.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Suggested Solutions

    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now