blocking user agents via IPTables?


Recommended Posts

What proxy are you using. I don't see how you could do with that sort of thing without a proxy, or layer 7 type of firewall. So what are you using to filter/block? Or is this on your server and your wanting to block specific useragents from accessing your service/httpd?

You need Layer 7 support 

 

http://l7-filter.sourceforge.net/ might help with that.

 

If I remember rightly it uses REGEX to match which is a bit of pain to get right (Well that could just be I'm not very good at writing regex patterns)

  On 05/08/2014 at 13:54, BudMan said:

What proxy are you using. I don't see how you could do with that sort of thing without a proxy, or layer 7 type of firewall. So what are you using to filter/block? Or is this on your server and your wanting to block specific useragents from accessing your service/httpd?

correct this is my proxy server (squid), but everyone is going via the server to access the internet so there is a linux machine between the clients and the interwebs so I was going to use IP tables to block everything but (lets say safari) if they are not using safari not forwarding to the interwebs

 

to summarise to clear up confusion

 

user -> server (IPtables->squid) -> internet

in squid its simple acl that matches the UA you want to allow, and deny all others.

acl aclname browser [-i] regexp ...

# pattern match on User-Agent header (see also req_header below) [fast]

acl aclname req_header header-name [-i] any\.regex\.here

# regex match against any of the known request headers. May be

# thought of as a superset of "browser", "referer" and "mime-type"

# ACL [fast]

  On 05/08/2014 at 14:40, BudMan said:

in squid its simple acl that matches the UA you want to allow, and deny all others.

acl aclname browser [-i] regexp ...

# pattern match on User-Agent header (see also req_header below) [fast]

acl aclname req_header header-name [-i] any\.regex\.here

# regex match against any of the known request headers. May be

# thought of as a superset of "browser", "referer" and "mime-type"

# ACL [fast]

ok I will do it this way then thanks :) was actually just trying it out but I cannot seem to get it working... do you have an example (e.g.... MSIE?) or a useful link?

do google for blocking browser useragent squid and you should find a couple of walk thru's - you are running what version of squid? I recall a previous thread with you about squid and you were running really old version - but I think you updated?

  On 05/08/2014 at 15:23, BudMan said:

do google for blocking browser useragent squid and you should find a couple of walk thru's - you are running what version of squid? I recall a previous thread with you about squid and you were running really old version - but I think you updated?

*cough* I am still using squid 2.4 :D I have latest squid 3 on the system from the other thread but for now this one is using 2.4. I will most likely upgrade after I have the browsers blocked

Well 2.4 doesn't have the acls - believe they were added in 2.6, so like that last thread would explain why not working. At a loss to why anyone would be using such an old version?? 2.4 is like 2002 ;)

  On 05/08/2014 at 15:37, BudMan said:

Well 2.4 doesn't have the acls - believe they were added in 2.6, so like that last thread would explain why not working. At a loss to why anyone would be using such an old version?? 2.4 is like 2002 ;)

ah I meant i am using 2.7!? :p I am using the acls for blocking sites, but I cannot seem to get the blocking of browsers, just donot think I know enough about squid to block them/get it working http://gaugusch.at/squid.shtml i tried this guide but seemed to cause me issues

Well that should work then.. But still why not using current 3.4? At a loss why anyone - especially in security area type software would use outdated versions, I can see being a version behind or so.. But 2.7 was released in 2008, and last change I see to that branch was 2011

  On 05/08/2014 at 15:45, BudMan said:

Well that should work then.. But still why not using current 3.4? At a loss why anyone - especially in security area type software would use outdated versions, I can see being a version behind or so.. But 2.7 was released in 2008, and last change I see to that branch was 2011

 

I will be upgrading, very shortly once i work out exactly what I need to do, I do not want to upgrade half way through experimenting for it not to work and me be confused as to why once I have finished this task and have the my prototype setup I will upgrade and will only use squid3 from then on (I also used squid 2.7 caching as squid3 cache refused to work if you remember from my previous post, and I could not seem to solve it) either way! im going to have to keep trying this out

  On 05/08/2014 at 15:45, BudMan said:

Well that should work then.. But still why not using current 3.4? At a loss why anyone - especially in security area type software would use outdated versions, I can see being a version behind or so.. But 2.7 was released in 2008, and last change I see to that branch was 2011

got it working! (upgrading tomorrow)

  On 05/08/2014 at 16:39, BudMan said:

so what were you doing wrong for the next guy that might have same sort of issue?

ah good point probably should say, thank you for reminding me.

 

the httpd_accel comman in the guide was not liked by squid in a very much shortened version of his guide assuming you can connect via the proxy just put this in under acl CONNECT method CONNECT line tested on an older MSIE version and it 403 errored tried it on chrome worked fine

 

acl CONNECT method CONNECT

acl ie_browser browser ^Mozilla/4\.0 .compatible; MSIE 

acl bad_browser browser ^Gator

http_access deny bad_browser

http_access deny ie_browser

http_access allow manager localhost #you will have this bold config already in place do not copy this over your working config

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access deny to_localhost

http_access allow localhost

http_access deny all

http_reply_access allow all

icp_access allow all

cache_mgr hostmaster@mycompany.at

append_domain .mycompany.at

deny_info ERR_IEBROWSER ie_browser

wccp_router 172.16.0.1

ie_refresh on

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Weekend PC Game Deals: Rhythm bundles, fishing festivals, and DRM-free summer sales by Pulasthi Ariyasinghe Weekend PC Game Deals is where the hottest gaming deals from all over the internet are gathered into one place every week for your consumption. So kick back, relax, and hold on to your wallets. The Humble Store introduced the June Tunes collection this week. Coming in with music and rhythm titles, the bundle begins with Wanderson, Everhood, and Onde in the first tier for $5. Going up a tier by paying $8 gets you three more games: Rhythm Fighter, One Btn Bosses, and Oddada. Lastly, Trombone Champ, DJMAX RESPECT V, and Ragnarock lead the final tier, which are yours for $10. Just yesterday, Humble also brought out the Serenity Forge Storyteller's Bundle. This carries 12 indie games inside it, including LISA the Joyful and LISA the Painful, Neversong, Death's Gambit, Smile for Me, Long Gone Days, and more, all split into three tiers of prices. Replacing Two Point Hospital, The Operator landed as the latest freebie on the Epic Games Store earlier this week. The 2024-released indie title has you taking the role of a new hire at the Federal Department of Intelligence (FDI). Here you have to analyze evidence, fact-check, and try to solve a streak of mysterious crimes using the agency's advanced investigative software. However, as the story progresses, a conspiracy is revealed that paints the FDI in a different light. The Operator giveaway on the Epic Games Store is slated to last until June 26. On the same day, Sable will become the next freebie in the promotion. Free Events If you're looking to try out some games over the weekend without opening your wallet, there are three games having free weekend offers right now. Starting off, Paradox is offering its grand strategy experience, Victoria 3, to try out. The title has a much higher focus on state management than war and roleplaying compared to the company's other games. If that's too much of a tough start, Len's Island is temporarily free-to-play now too. This is a top-down perspective survival game with support for up to eight players in co-op, with combat, farming, dungeon diving, and other elements being included. Lastly, Dead by Daylight should be the most familiar to most. The multiplayer four-versus-one asymmetric survival horror game has you assuming the roles of survivors or the killer to see who can come out on top. Big Deals With the Steam Summer Sale only being days away, most publishers and developers are laying low to prepare for the big event. Still, we found quite a few games having some attractive discounts. Here's our hand-picked big deals list for this weekend: Red Dead Redemption – $29.99 on Steam Mount & Blade II: Bannerlord – $24.99 on Steam Timberborn – $24.49 on Steam BERSERK and the Band of the Hawk – $23.99 on Steam Wo Long: Fallen Dynasty – $23.99 on Steam Disney Epic Mickey: Rebrushed – $23.99 on Steam Jagged Alliance 3 – $22.49 on Steam [NINJA GAIDEN: Master Collection] NINJA GAIDEN Σ2 – $19.99 on Steam Alone in the Dark – $19.99 on Steam Last Train Home – $19.99 on Steam Len's Island – $19.49 on Steam Nightingale – $17.99 on Steam DYNASTY WARRIORS 8: Xtreme Legends Complete Edition – $16.99 on Steam Mortal Kombat 1 – $16.49 on Steam SOMA – $14.99 on Steam Victoria 3 – $14.99 on Steam Trepang2 – $14.99 on Steam Blasphemous 2 – $14.99 on Steam Wreckfest – $14.99 on Steam Expeditions: Rome – $14.84 on Steam EA SPORTS FC 25 – $13.99 on Steam STAR WARS Jedi: Survivor – $13.99 on Steam DRAGON BALL Z: KAKAROT – $12.99 on Gamesplanet Amnesia: The Bunker – $12.49 on Steam DREDGE – $12.49 on Steam Dead Space – $11.99 on Steam DAVE THE DIVER – $11.99 on Steam WILD HEARTS – $10.49 on Steam It Takes Two – $9.99 on Steam Dragon Age Inquisition – $9.99 on Steam Haven – $9.99 on Steam Hellboy Web of Wyrd – $9.99 on Steam Nova Lands – $9.99 on Steam BIOMUTANT – $9.99 on Steam Destroy All Humans! 2 - Reprobed – $9.99 on Steam Ghostrunner 2 – $9.99 on Steam Need for Speed Unbound – $9.79 on Steam Call of the Wild: The Angler – $8.99 on Steam DEAD OR ALIVE 6 – $8.99 on Steam Operation: Tango – $8.99 on Steam Katana ZERO – $8.99 on Steam Dead by Daylight – $7.99 on Steam Killer Frequency – $7.49 on Steam Nioh: Complete Edition – $7.49 on Steam Overcooked! 2 – $6.24 on Steam A Way Out – $5.99 on Steam Mass Effect Legendary Edition – $5.99 on Steam Darksiders Genesis – $5.99 on Steam Mortal Kombat 11 – $4.99 on Steam Titanfall 2 – $4.49 on Steam Golf With Your Friends – $4.49 on Steam STAR WARS Battlefront II – $3.99 on Steam Yoku's Island Express – $3.99 on Steam theHunter: Call of the Wild – $3.99 on Steam RoboCop: Rogue City – $3.74 on Fanatical Battlefield 2042 – $2.99 on Steam Road Redemption – $2.99 on Steam Shadow Warrior 2 – $2.99 on Steam Battlefield V – $2.49 on Steam Ultimate Fishing Simulator – $1.99 on Steam DRM-free Specials The GOG store has already kicked off its own summer sale, putting thousands of DRM-free games on sale. Here are some highlights: Cyberpunk 2077 - $23.99 on GOG God of War - $19.99 on GOG Fallout 4: Game of the Year Edition - $15.99 on GOG Fallout 4: Game of the Year Edition - $15.99 on GOG Dino Crisis Bundle - $15.29 on GOG Devil May Cry HD Collection & 4SE Bundle - $14.84 on GOG The Witcher 3: Wild Hunt - Complete Edition - $9.99 on GOG Vampire: The Masquerade - Bloodlines - $9.99 on GOG SPORE Collection - $7.49 on GOG Papers, Please - $4.99 on GOG Terraria - $4.99 on GOG SWAT 4: Gold Edition - $4.99 on GOG DOOM (2016) - $3.99 on GOG DOOM 3 - $3.99 on GOG CrossCode - $3.99 on GOG Mad Max - $2.99 on GOG Heroes of Might and Magic 3: Complete - $2.49 on GOG Heroes of Might and Magic 4: Complete - $2.49 on GOG World in Conflict: Complete Edition - $2.49 on GOG Alan Wake - $1.49 on GOG Mortal Kombat 1+2+3 - $1.49 on GOG RollerCoaster Tycoon Deluxe - $1.19 on GOG Keep in mind that availability and pricing for some deals could vary depending on the region. That's it for our pick of this weekend's PC game deals, and hopefully, some of you have enough self-restraint not to keep adding to your ever-growing backlogs. As always, there are an enormous number of other deals ready and waiting all over the interwebs, as well as on services you may already subscribe to if you comb through them, so keep your eyes open for those, and have a great weekend.
    • Is there a 'recovery' settings option in Settings? The one where we can rollback to a previous restore point. I find it very useful if there is some issue and I have to rollback to the last stable point.
    • Google brings Gemini to all Workspace for Education subscribers by David Uzondu Google has announced that its Gemini app is now accessible to all Google Workspace for Education users, regardless of age. This brings the company's generative AI directly into the suite of tools used by millions of students and teachers. The Workspace for Education platform, if you did not know, already provides a massive suite of tools like Classroom, Docs, and Drive, which are designed to work together in a school setting. Naturally, the first question on any administrator's mind is what the company plans to do with student data. Google states that Gemini usage for these accounts falls under the Workspace for Education Terms of Service. This agreement includes "enterprise-grade data protections" and a promise that user data is not reviewed by anyone or used to train the company's AI models. It also maintains compliance with regulations like FERPA and COPPA, which are fundamental requirements for any technology operating in United States schools. The experience is not one-size-fits-all, particularly for younger students. Users under the age of 18 will get a more restricted version of the app, with stricter content filters to prevent inappropriate responses and a dedicated onboarding process to teach AI literacy. To reduce the likelihood of hallucinations, the first time a younger user asks a fact-based question, a double-check feature that validates the answer using Google Search runs automatically. For educators and older students, the AI can be used to brainstorm ideas, create lesson plans, and get feedback on work. The entire service is powered by what Google calls LearnLM, a family of its AI models supposedly fine-tuned for educational purposes. Access is not mandatory, as administrators can still control which users or groups can use the Gemini app through their admin console. This rollout applies to institutions using the free Education Fundamentals, the security-focused Standard, and the feature-rich Plus editions, making it widely available immediately.
  • Recent Achievements

    • Contributor
      GravityDead went up a rank
      Contributor
    • Week One Done
      BlakeBringer earned a badge
      Week One Done
    • Week One Done
      Helen Shafer earned a badge
      Week One Done
    • First Post
      emptyother earned a badge
      First Post
    • Week One Done
      Crunchy6 earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      662
    2. 2
      ATLien_0
      269
    3. 3
      Michael Scrip
      236
    4. 4
      Steven P.
      164
    5. 5
      +FloatingFatMan
      155
  • Tell a friend

    Love Neowin? Tell a friend!