blocking user agents via IPTables?


Recommended Posts

What proxy are you using. I don't see how you could do with that sort of thing without a proxy, or layer 7 type of firewall. So what are you using to filter/block? Or is this on your server and your wanting to block specific useragents from accessing your service/httpd?

You need Layer 7 support 

 

http://l7-filter.sourceforge.net/ might help with that.

 

If I remember rightly it uses REGEX to match which is a bit of pain to get right (Well that could just be I'm not very good at writing regex patterns)

  On 05/08/2014 at 13:54, BudMan said:

What proxy are you using. I don't see how you could do with that sort of thing without a proxy, or layer 7 type of firewall. So what are you using to filter/block? Or is this on your server and your wanting to block specific useragents from accessing your service/httpd?

correct this is my proxy server (squid), but everyone is going via the server to access the internet so there is a linux machine between the clients and the interwebs so I was going to use IP tables to block everything but (lets say safari) if they are not using safari not forwarding to the interwebs

 

to summarise to clear up confusion

 

user -> server (IPtables->squid) -> internet

in squid its simple acl that matches the UA you want to allow, and deny all others.

acl aclname browser [-i] regexp ...

# pattern match on User-Agent header (see also req_header below) [fast]

acl aclname req_header header-name [-i] any\.regex\.here

# regex match against any of the known request headers. May be

# thought of as a superset of "browser", "referer" and "mime-type"

# ACL [fast]

  On 05/08/2014 at 14:40, BudMan said:

in squid its simple acl that matches the UA you want to allow, and deny all others.

acl aclname browser [-i] regexp ...

# pattern match on User-Agent header (see also req_header below) [fast]

acl aclname req_header header-name [-i] any\.regex\.here

# regex match against any of the known request headers. May be

# thought of as a superset of "browser", "referer" and "mime-type"

# ACL [fast]

ok I will do it this way then thanks :) was actually just trying it out but I cannot seem to get it working... do you have an example (e.g.... MSIE?) or a useful link?

do google for blocking browser useragent squid and you should find a couple of walk thru's - you are running what version of squid? I recall a previous thread with you about squid and you were running really old version - but I think you updated?

  On 05/08/2014 at 15:23, BudMan said:

do google for blocking browser useragent squid and you should find a couple of walk thru's - you are running what version of squid? I recall a previous thread with you about squid and you were running really old version - but I think you updated?

*cough* I am still using squid 2.4 :D I have latest squid 3 on the system from the other thread but for now this one is using 2.4. I will most likely upgrade after I have the browsers blocked

Well 2.4 doesn't have the acls - believe they were added in 2.6, so like that last thread would explain why not working. At a loss to why anyone would be using such an old version?? 2.4 is like 2002 ;)

  On 05/08/2014 at 15:37, BudMan said:

Well 2.4 doesn't have the acls - believe they were added in 2.6, so like that last thread would explain why not working. At a loss to why anyone would be using such an old version?? 2.4 is like 2002 ;)

ah I meant i am using 2.7!? :p I am using the acls for blocking sites, but I cannot seem to get the blocking of browsers, just donot think I know enough about squid to block them/get it working http://gaugusch.at/squid.shtml i tried this guide but seemed to cause me issues

Well that should work then.. But still why not using current 3.4? At a loss why anyone - especially in security area type software would use outdated versions, I can see being a version behind or so.. But 2.7 was released in 2008, and last change I see to that branch was 2011

  On 05/08/2014 at 15:45, BudMan said:

Well that should work then.. But still why not using current 3.4? At a loss why anyone - especially in security area type software would use outdated versions, I can see being a version behind or so.. But 2.7 was released in 2008, and last change I see to that branch was 2011

 

I will be upgrading, very shortly once i work out exactly what I need to do, I do not want to upgrade half way through experimenting for it not to work and me be confused as to why once I have finished this task and have the my prototype setup I will upgrade and will only use squid3 from then on (I also used squid 2.7 caching as squid3 cache refused to work if you remember from my previous post, and I could not seem to solve it) either way! im going to have to keep trying this out

  On 05/08/2014 at 15:45, BudMan said:

Well that should work then.. But still why not using current 3.4? At a loss why anyone - especially in security area type software would use outdated versions, I can see being a version behind or so.. But 2.7 was released in 2008, and last change I see to that branch was 2011

got it working! (upgrading tomorrow)

  On 05/08/2014 at 16:39, BudMan said:

so what were you doing wrong for the next guy that might have same sort of issue?

ah good point probably should say, thank you for reminding me.

 

the httpd_accel comman in the guide was not liked by squid in a very much shortened version of his guide assuming you can connect via the proxy just put this in under acl CONNECT method CONNECT line tested on an older MSIE version and it 403 errored tried it on chrome worked fine

 

acl CONNECT method CONNECT

acl ie_browser browser ^Mozilla/4\.0 .compatible; MSIE 

acl bad_browser browser ^Gator

http_access deny bad_browser

http_access deny ie_browser

http_access allow manager localhost #you will have this bold config already in place do not copy this over your working config

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access deny to_localhost

http_access allow localhost

http_access deny all

http_reply_access allow all

icp_access allow all

cache_mgr hostmaster@mycompany.at

append_domain .mycompany.at

deny_info ERR_IEBROWSER ie_browser

wccp_router 172.16.0.1

ie_refresh on

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Is Polaroid's Now 3rd Gen camera worth the $99.99 price drop? by Paul Hill For at least a decade there has been a nostalgic feeling gripping people in response to the digitization of everything. We’ve seen this mainly in products like vinyl, and even apps like Slowly that make you wait before your friends receive your “letter”. Another such product trying to capitalize on nostalgia is the Polaroid Now 3rd Generation camera. For a limited time, you can pick it up for just $99.99, instead of $119.99. If you are still searching for a gift for Father’s Day, taking advantage of this limited-time deal would be our suggestion. The Polaroid Now 3rd Generation is available in several colors but only four - Black, Coral, Purple, and Yellow - are available for $99.99, and they all look great. While there is certainly nothing wrong with snapping photos on your phone and storing them in the cloud, you do lose out on the tactileness of a photograph that you get with the Polaroid Now 3rd Generation. Additionally, in recent years, Google has been nagging everyone that their Google Photos storage is about to run out, urging you to delete photos or pay to upgrade, in future clean ups, you might accidentally delete a photo you really wanted to keep, you can’t do that as easily with hard-copy photograph. What it does (and doesn’t) With the 3rd generation of Polaroid Now, you get several improvements over the predecessor. There is a better light meter, upgraded two-lens autofocus, a built-in tripod mount, photo filter compatibility, a self-timer to take snaps with yourself included, and double-exposure modes. This camera remains faithful to the iconic Polaroid design but comes with new colors, four of which are now $99.99 for a limited time. Environmentalism has become all the rage in recent years and consumers want stuff that’s produced more responsibly; to this end, Polaroid has used 40% recycled materials to reduce waste and improve the product’s carbon footprint. The Polaroid Now 3rd Generation uses Polaroid i-Type Film and 600 Film, both of which are sold separately. The cost of the film is probably the biggest issue with this product, it’s priced at $17.99 per 8-pack, so you’re definitely going to want to be mindful about the shots you take. You can cut the cost by buying in bulk. Some of the reviewers were also disappointed with the low-light shots they took indoors. If you are planning to take indoor shots, then be mindful about what other people have said. Outdoors, everything seems in order. The two-lens autofocus system mentioned earlier is a key new feature of this camera. The system combines two fixed focus zones with one lens covering distances from 0.40 meters to 1.3 meters, and the other covering from 1.0 meter to infinity. The camera then automatically switches lenses depending on the best one for the shot. With the self-timer, you can now set up the Polaroid Now 3rd Generation on a tripod and join in with a group photo, or just take a shot of yourself. The double exposure feature lets you layer two images on one piece of film to bring out your creativity to create visually striking and unexpected results. How it compares At this discounted price, the Polaroid Now 3rd Generation is the same price as the 2nd Generation model, but gets newer features. It should also be stated that there’s a Polaroid Now+ 3rd Generation which you can connect to your phone to control with an app, but it’s priced higher. If you’re just looking for a camera that doesn’t complicate things, then the Polaroid Now 3rd Generation is the ideal model. You get the new hardware features, but don’t need to worry about extra connectivity. Who it’s right for The Polaroid Now 3rd Generation is ideal for casual photographers, those looking to snap memories to tangible film, gift-givers looking to buy a parent a Father’s Day gift, or those who love the classic Polaroid aesthetic and want it on a shelf somewhere for decorative purposes. While the camera is now priced well at $99.99, buyers need to consider the on-going cost of the film, which can add up. For anyone who hasn’t used a film camera before, it’s also important for me to point out that prints take a bit of time to develop, some users have also complained about the low-light performance when indoors. If you’re looking for snapping retro outdoor shots, the Polaroid Now 3rd Generation is definitely worth your consideration! Polaroid Now 3rd Generation (Black): $99.99 (Amazon US) - MSRP $119.99 / 17% off Polaroid Now 3rd Generation (Coral): $99.99 (Amazon US) - MSRP $119.99 / 17% off Polaroid Now 3rd Generation (Purple): $99.99 (Amazon US) - MSRP $119.99 / 17% off Polaroid Now 3rd Generation (Yellow): $99.99 (Amazon US) - MSRP $119.99 / 17% off This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.
    • My Machines with Classic Outlook 365, have a banner on top Next Time Outlook is opened, will be autoly switched to NEW Outlook, not sure if i should try to prevent that or just get used to new Outlook at this point Probably gonna try to prevent that now that i read that privacy notice
    • Yeah, no. I won't be "upgrading" to the "mandatory" Windows 11 until all the bugs with DirectX and Hibernate are sorted out. Until then ASUS and Microsoft can both stuff it where the sun don't shine.
    • Microsoft Edge It works as expected, and I see no reason to use another browser.
  • Recent Achievements

    • First Post
      m10d earned a badge
      First Post
    • Conversation Starter
      DarkShrunken earned a badge
      Conversation Starter
    • One Month Later
      jrromero17 earned a badge
      One Month Later
    • Week One Done
      jrromero17 earned a badge
      Week One Done
    • Conversation Starter
      johnwin1 earned a badge
      Conversation Starter
  • Popular Contributors

    1. 1
      +primortal
      251
    2. 2
      snowy owl
      157
    3. 3
      ATLien_0
      140
    4. 4
      +FloatingFatMan
      139
    5. 5
      Xenon
      128
  • Tell a friend

    Love Neowin? Tell a friend!