Home > Developer > Web Develop

Iptables IP access control for the requested URL

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The server runtime environment is Tomcat and is now implemented to allow only specific IP access to a directory,
One approach is to use Remoteaddrvalve to access control of the virtual host in the Tomcat configuration file server.conf.
Another way to do this is through iptables rules. Personally prefer Iptables
For example: Access to Http://192.168.137.254:10000/managersns is forbidden and only 192.168.137.101 access is allowed
    1. /sbin/iptables-a input-i eth0-p tcp--dport 10000-s 192.168.137.101-m string--string "/managersns"--algo bm-j ACCE Pt/sbin/iptables-a input-i eth0-p tcp--dport 10000-m string--string "/managersns"--algo bm-j DROP
    2. /sbin/iptables-a input-i eth0-p tcp--dport 10000-s 192.168.137.101-m string--string "/managersns"--algo bm-j ACCE Pt
    3. /sbin/iptables-a input-i eth0-p tcp--dport 10000-m string--string "/managersns"--algo bm-j DROP
The above rules are positive to the ETH0 network card, you can track your needs to modify.
Parameter description:
-M string
Using the string function, string is a module of iptables, which is a string match.
–string "XXXX"
Define the string content, can be any character in the URL, if it is necessary block download some types of files or requests, this has a lot of space, you can freely imagine oh.
–algo BM
Set the character matching query algorithm, generally by default using the BM algorithm effect is possible, in addition to set the KMP algorithm, which is a more complex algorithm, the details can be self-reference in higher mathematics data. (BM = boyer-moore, KMP = Knuth-pratt-morris)
-j DROP
This is very effective for disabling video sites on the corporate network, which is set on the gateway server:
    1. Iptables-a forward-m string–-string "ku6.com"--algo bm-j DROP iptables-a forward-m string–-string "tudou.com" –-al Go bm-j drop iptables-a forward-m string–-string "ouou.com" –-algo bm-j drop
    2. Iptables-a forward-m string–-string "ku6.com"--algo bm-j DROP
    3. Iptables-a forward-m string–-string "tudou.com" –-algo bm-j DROP
    4. Iptables-a forward-m string–-string "ouou.com" –-algo bm-j DROP
The meanings of each of these parameters are as follows:
-A FORWARD
Added rules for forward chains, the above rule is for routing enabled (i.e.: Echo 1 >/proc/sys/net/ipv4/ip_forward)
If it is direct access, the input or output can be used.
Setting the handling of packages that meet this condition, drop is discarded and reject.
    1. Iptables-a input-m string--string "Stringname"--algo bm-j DROP

Iptables IP Access control for the requested URL

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
requested url rejected requested url returned error 403 network access control for dummies requested url no url invalid reference block ip using iptables iptables allow ip iptables block ip address

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More