Iptables IP access control for the requested URL

Source: Internet
Author: User

The server runtime environment is Tomcat and is now implemented to allow only specific IP access to a directory,
One approach is to use Remoteaddrvalve to access control of the virtual host in the Tomcat configuration file server.conf.
Another way to do this is through iptables rules. Personally prefer Iptables
For example: Access to Http://192.168.137.254:10000/managersns is forbidden and only 192.168.137.101 access is allowed
    1. /sbin/iptables-a input-i eth0-p tcp--dport 10000-s 192.168.137.101-m string--string "/managersns"--algo bm-j ACCE Pt/sbin/iptables-a input-i eth0-p tcp--dport 10000-m string--string "/managersns"--algo bm-j DROP
    2. /sbin/iptables-a input-i eth0-p tcp--dport 10000-s 192.168.137.101-m string--string "/managersns"--algo bm-j ACCE Pt
    3. /sbin/iptables-a input-i eth0-p tcp--dport 10000-m string--string "/managersns"--algo bm-j DROP
The above rules are positive to the ETH0 network card, you can track your needs to modify.
Parameter description:
-M string
Using the string function, string is a module of iptables, which is a string match.
–string "XXXX"
Define the string content, can be any character in the URL, if it is necessary block download some types of files or requests, this has a lot of space, you can freely imagine oh.
–algo BM
Set the character matching query algorithm, generally by default using the BM algorithm effect is possible, in addition to set the KMP algorithm, which is a more complex algorithm, the details can be self-reference in higher mathematics data. (BM = boyer-moore, KMP = Knuth-pratt-morris)
-j DROP
This is very effective for disabling video sites on the corporate network, which is set on the gateway server:
    1. Iptables-a forward-m string–-string "ku6.com"--algo bm-j DROP iptables-a forward-m string–-string "tudou.com" –-al Go bm-j drop iptables-a forward-m string–-string "ouou.com" –-algo bm-j drop
    2. Iptables-a forward-m string–-string "ku6.com"--algo bm-j DROP
    3. Iptables-a forward-m string–-string "tudou.com" –-algo bm-j DROP
    4. Iptables-a forward-m string–-string "ouou.com" –-algo bm-j DROP
The meanings of each of these parameters are as follows:
-A FORWARD
Added rules for forward chains, the above rule is for routing enabled (i.e.: Echo 1 >/proc/sys/net/ipv4/ip_forward)
If it is direct access, the input or output can be used.
Setting the handling of packages that meet this condition, drop is discarded and reject.
    1. Iptables-a input-m string--string "Stringname"--algo bm-j DROP

Iptables IP Access control for the requested URL

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.