blocking user agents via IPTables?


Recommended Posts

What proxy are you using. I don't see how you could do with that sort of thing without a proxy, or layer 7 type of firewall. So what are you using to filter/block? Or is this on your server and your wanting to block specific useragents from accessing your service/httpd?

You need Layer 7 support 

 

http://l7-filter.sourceforge.net/ might help with that.

 

If I remember rightly it uses REGEX to match which is a bit of pain to get right (Well that could just be I'm not very good at writing regex patterns)

  On 05/08/2014 at 13:54, BudMan said:

What proxy are you using. I don't see how you could do with that sort of thing without a proxy, or layer 7 type of firewall. So what are you using to filter/block? Or is this on your server and your wanting to block specific useragents from accessing your service/httpd?

correct this is my proxy server (squid), but everyone is going via the server to access the internet so there is a linux machine between the clients and the interwebs so I was going to use IP tables to block everything but (lets say safari) if they are not using safari not forwarding to the interwebs

 

to summarise to clear up confusion

 

user -> server (IPtables->squid) -> internet

in squid its simple acl that matches the UA you want to allow, and deny all others.

acl aclname browser [-i] regexp ...

# pattern match on User-Agent header (see also req_header below) [fast]

acl aclname req_header header-name [-i] any\.regex\.here

# regex match against any of the known request headers. May be

# thought of as a superset of "browser", "referer" and "mime-type"

# ACL [fast]

  On 05/08/2014 at 14:40, BudMan said:

in squid its simple acl that matches the UA you want to allow, and deny all others.

acl aclname browser [-i] regexp ...

# pattern match on User-Agent header (see also req_header below) [fast]

acl aclname req_header header-name [-i] any\.regex\.here

# regex match against any of the known request headers. May be

# thought of as a superset of "browser", "referer" and "mime-type"

# ACL [fast]

ok I will do it this way then thanks :) was actually just trying it out but I cannot seem to get it working... do you have an example (e.g.... MSIE?) or a useful link?

do google for blocking browser useragent squid and you should find a couple of walk thru's - you are running what version of squid? I recall a previous thread with you about squid and you were running really old version - but I think you updated?

  On 05/08/2014 at 15:23, BudMan said:

do google for blocking browser useragent squid and you should find a couple of walk thru's - you are running what version of squid? I recall a previous thread with you about squid and you were running really old version - but I think you updated?

*cough* I am still using squid 2.4 :D I have latest squid 3 on the system from the other thread but for now this one is using 2.4. I will most likely upgrade after I have the browsers blocked

Well 2.4 doesn't have the acls - believe they were added in 2.6, so like that last thread would explain why not working. At a loss to why anyone would be using such an old version?? 2.4 is like 2002 ;)

  On 05/08/2014 at 15:37, BudMan said:

Well 2.4 doesn't have the acls - believe they were added in 2.6, so like that last thread would explain why not working. At a loss to why anyone would be using such an old version?? 2.4 is like 2002 ;)

ah I meant i am using 2.7!? :p I am using the acls for blocking sites, but I cannot seem to get the blocking of browsers, just donot think I know enough about squid to block them/get it working http://gaugusch.at/squid.shtml i tried this guide but seemed to cause me issues

Well that should work then.. But still why not using current 3.4? At a loss why anyone - especially in security area type software would use outdated versions, I can see being a version behind or so.. But 2.7 was released in 2008, and last change I see to that branch was 2011

  On 05/08/2014 at 15:45, BudMan said:

Well that should work then.. But still why not using current 3.4? At a loss why anyone - especially in security area type software would use outdated versions, I can see being a version behind or so.. But 2.7 was released in 2008, and last change I see to that branch was 2011

 

I will be upgrading, very shortly once i work out exactly what I need to do, I do not want to upgrade half way through experimenting for it not to work and me be confused as to why once I have finished this task and have the my prototype setup I will upgrade and will only use squid3 from then on (I also used squid 2.7 caching as squid3 cache refused to work if you remember from my previous post, and I could not seem to solve it) either way! im going to have to keep trying this out

  On 05/08/2014 at 15:45, BudMan said:

Well that should work then.. But still why not using current 3.4? At a loss why anyone - especially in security area type software would use outdated versions, I can see being a version behind or so.. But 2.7 was released in 2008, and last change I see to that branch was 2011

got it working! (upgrading tomorrow)

  On 05/08/2014 at 16:39, BudMan said:

so what were you doing wrong for the next guy that might have same sort of issue?

ah good point probably should say, thank you for reminding me.

 

the httpd_accel comman in the guide was not liked by squid in a very much shortened version of his guide assuming you can connect via the proxy just put this in under acl CONNECT method CONNECT line tested on an older MSIE version and it 403 errored tried it on chrome worked fine

 

acl CONNECT method CONNECT

acl ie_browser browser ^Mozilla/4\.0 .compatible; MSIE 

acl bad_browser browser ^Gator

http_access deny bad_browser

http_access deny ie_browser

http_access allow manager localhost #you will have this bold config already in place do not copy this over your working config

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access deny to_localhost

http_access allow localhost

http_access deny all

http_reply_access allow all

icp_access allow all

cache_mgr hostmaster@mycompany.at

append_domain .mycompany.at

deny_info ERR_IEBROWSER ie_browser

wccp_router 172.16.0.1

ie_refresh on

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Some AMD Ryzen users can get free Windows performance boost with this simple system tweak by Sayan Sen AMD understands that there is a lot of demand for its X3D processors and for good reason too, since they offer some of the best gaming experiences. As such, the company plans to launch a new 6-core Ryzen 5 9600X3D for those who may not want to spend top dollar on a 9800X3D. What makes X3D special is the densely packed last level cache (LLC) wherein the L3 (level 3) cache is 3D die-stacked such that there is a whole lot of it that the cores can access on demand all within the smallest footprint. This is said to help with latency especially, and games happen to be quite sensitive to it since they are a mixed workload and so there is a lot of to-and-fro. However, despite that fact, users have noticed micro-stuttering and freezes on Ryzen X3D CPUs. Although there is no official fix, some of the affected users have managed to resolve the issues by tweaking a motherboard setting. The tweak is related to a setting called "GLOBAL C-STATE CONTROL" (it may be called something else by your motherboard vendor) and changing it to 'Enabled' from 'Auto' could fix stuttering and lag-related issues in games. If you are not familiar with them, Processor Power Management is done through Advanced Configuration and Power Interface (ACPI) P-states or C-states. While P-states or performance states handle CPU voltage-frequency scaling, C-states deal with CPU sleep states so that some of the CPU functions, which are not necessary at that moment, are disabled. The P-states and C-states work together to make the processor run more efficiently. It helps the OS and apps determine which cores can be parked. The Global C-state control setting helps users manage not only the DF and CPU core C-states but also the I/O C-states too. For those wondering, DF here refers to Data Fabric or AMD's high bandwidth Infinity Fabric interconnect between CPUs, GPUs, and more, on AMD systems. By default, this is set to "Auto" which also means that it is "Enabled" by default. However, in the case of X3D parts, Auto may set this setting to "Disabled" and thus manually toggling it to "Enabled" may be necessary. X3D processors, the dual CCD (core complex die) ones especially, have their V-cache on a single CCD. If the CPPC (Collaborative Processor Performance Control), which lets an OS like Windows control the "preferred core" and clock speed boost, isn't working optimally to assign the correct gaming CCD, then this fix could well work. Global C-State Auto: Global C-State Enabled: We ran a benchmark on our Ryzen 9 9950X3D to see if toggling the settings would make a difference, and well, it didn't in the case of AIDA64. However, since this is a synthetic test that measures cache and memory exclusively, we can't definitively conclude that the fix will also not make a difference in the case of games. Another remedy for stuttering is to disable the monitoring of the "Power percent" metric on MSI Afterburner if you have it on. This has been a long-known issue and in fact can help you even if you are not using an X3D CPU. Source: Reddit (link1, link2) via YouTube
    • I only have one contact on WhatsApp. And that contact has sms also. I have many more contacts that use WhatsApp also, but everyone defaults to use iMessage, SMS or RCS anyway. Not a loss for me. I'm in Norway where mostly nobody uses WhatsApp.
    • Apple is boring for a kid. Only fun is browsing websites for HTML games. A PC with steam is another story. Of course if the child plays video games all day then maybe that might not be a good idea. :-)
    • Looking for a specific setting in Settings? Sorry, the option just doesn’t exist as you’d need to elevate for that. Want to do something quickly and efficiently? Nah, forced to use a “modern” interface which takes far longer to achieve what you’re looking to do. (Example: disable a NIC)
    • Yet the best laptop for all day battery life is a Mac, hands down, no contest. Windows is bloated and power management is rubbish. Search indexer. Defender. Malicious Software Removal Tool. Windows Update (+DISM). Office CTR. Telemetry. Disclaimer: I own a surface laptop studio, multiple gaming desktops, server, and a macbook pro.
  • Recent Achievements

    • One Month Later
      DecaffKnight94 earned a badge
      One Month Later
    • Dedicated
      S.P earned a badge
      Dedicated
    • One Month Later
      adxnksd42031 earned a badge
      One Month Later
    • Rising Star
      aphanic went up a rank
      Rising Star
    • Contributor
      GravityDead went up a rank
      Contributor
  • Popular Contributors

    1. 1
      +primortal
      663
    2. 2
      ATLien_0
      261
    3. 3
      Michael Scrip
      234
    4. 4
      Steven P.
      161
    5. 5
      +FloatingFatMan
      151
  • Tell a friend

    Love Neowin? Tell a friend!