Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

IPTABLES blocking domains and files send a message to the users browser

Posted on 2009-12-30
5
Medium Priority
?
699 Views
Last Modified: 2013-12-16
I have iptables setup to block certain domains. I would like to know two things how to also block files or extensions and also when a domain/file or anything is blocked send a message to their browser. Load a simple HTML file anything of that nature. Thanks in advance.
0
Comment
Question by:georgopanos
  • 2
  • 2
5 Comments
 
LVL 19

Accepted Solution

by:
alextoft earned 1000 total points
ID: 26152848
iptables is hardly ideal for your requirements.  It works at the IP layer; you want something a bit higher up the food chain than that.

Squid can easily cater for all your requirements, blocking via whatever mask you like, and displaying custom "access denied" pages.  You can install Squid as a transparent proxy on your gateway without the need for browser config modifications.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 1000 total points
ID: 26158029
set up Squid proxy server, indeed squid is the best but keep in mind it requires times and skills to install, manage and configure it with other components. I used it in many complex environments with success but again you need  the skill in Linux and squid (open source packages)...
http://www.linuxhelp.net/guides/squid/
http://wiki.squid-cache.org/
http://wiki.squid-cache.org/SquidFaq/SquidAcl#head-926288cb0cbbdea92bc4a807f06dd75ddbc446ff
http://www.howtoforge.com/squid-proxy-server-on-ubuntu-9.04-server-with-dansguardian-clamav-and-wpad-proxy-auto-detection

madunix
0
 

Author Comment

by:georgopanos
ID: 26158940
Ok  much appreciated I have very basically used squid before after setting up apache. I will definitly read about squid if it will make life easier. Is it possible though to be able to at least not send messages but just block file extensions using IPTABLES? I mean you can block ports, ip's, domains I could not see why you could not block a file extension.
0
 
LVL 19

Expert Comment

by:alextoft
ID: 26162709
The reason being that in order to block a file extension (say for example in an HTTP GET request), you need to start disassembling the traffic. IPtables can see source address, destination addresses, ports, protocols etc.... doing deep packet inspection and putting TCP packet sequences back together on-the-fly using IPtables is not very practical.

You may wish to familiarise yourself with the OSI model.  IP traffic is way down on the network layer (3), whereas http requests fall firmly into application layer traffic (7). Very different ball game. IPtables is designed to work with the former, Squid with the latter.
0
 

Author Closing Comment

by:georgopanos
ID: 31671479
Thank you both for your help, much appreciated.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month13 days, 17 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question