blocking user agents via IPTables?


Recommended Posts

What proxy are you using. I don't see how you could do with that sort of thing without a proxy, or layer 7 type of firewall. So what are you using to filter/block? Or is this on your server and your wanting to block specific useragents from accessing your service/httpd?

You need Layer 7 support 

 

http://l7-filter.sourceforge.net/ might help with that.

 

If I remember rightly it uses REGEX to match which is a bit of pain to get right (Well that could just be I'm not very good at writing regex patterns)

  On 05/08/2014 at 13:54, BudMan said:

What proxy are you using. I don't see how you could do with that sort of thing without a proxy, or layer 7 type of firewall. So what are you using to filter/block? Or is this on your server and your wanting to block specific useragents from accessing your service/httpd?

correct this is my proxy server (squid), but everyone is going via the server to access the internet so there is a linux machine between the clients and the interwebs so I was going to use IP tables to block everything but (lets say safari) if they are not using safari not forwarding to the interwebs

 

to summarise to clear up confusion

 

user -> server (IPtables->squid) -> internet

in squid its simple acl that matches the UA you want to allow, and deny all others.

acl aclname browser [-i] regexp ...

# pattern match on User-Agent header (see also req_header below) [fast]

acl aclname req_header header-name [-i] any\.regex\.here

# regex match against any of the known request headers. May be

# thought of as a superset of "browser", "referer" and "mime-type"

# ACL [fast]

  On 05/08/2014 at 14:40, BudMan said:

in squid its simple acl that matches the UA you want to allow, and deny all others.

acl aclname browser [-i] regexp ...

# pattern match on User-Agent header (see also req_header below) [fast]

acl aclname req_header header-name [-i] any\.regex\.here

# regex match against any of the known request headers. May be

# thought of as a superset of "browser", "referer" and "mime-type"

# ACL [fast]

ok I will do it this way then thanks :) was actually just trying it out but I cannot seem to get it working... do you have an example (e.g.... MSIE?) or a useful link?

do google for blocking browser useragent squid and you should find a couple of walk thru's - you are running what version of squid? I recall a previous thread with you about squid and you were running really old version - but I think you updated?

  On 05/08/2014 at 15:23, BudMan said:

do google for blocking browser useragent squid and you should find a couple of walk thru's - you are running what version of squid? I recall a previous thread with you about squid and you were running really old version - but I think you updated?

*cough* I am still using squid 2.4 :D I have latest squid 3 on the system from the other thread but for now this one is using 2.4. I will most likely upgrade after I have the browsers blocked

Well 2.4 doesn't have the acls - believe they were added in 2.6, so like that last thread would explain why not working. At a loss to why anyone would be using such an old version?? 2.4 is like 2002 ;)

  On 05/08/2014 at 15:37, BudMan said:

Well 2.4 doesn't have the acls - believe they were added in 2.6, so like that last thread would explain why not working. At a loss to why anyone would be using such an old version?? 2.4 is like 2002 ;)

ah I meant i am using 2.7!? :p I am using the acls for blocking sites, but I cannot seem to get the blocking of browsers, just donot think I know enough about squid to block them/get it working http://gaugusch.at/squid.shtml i tried this guide but seemed to cause me issues

Well that should work then.. But still why not using current 3.4? At a loss why anyone - especially in security area type software would use outdated versions, I can see being a version behind or so.. But 2.7 was released in 2008, and last change I see to that branch was 2011

  On 05/08/2014 at 15:45, BudMan said:

Well that should work then.. But still why not using current 3.4? At a loss why anyone - especially in security area type software would use outdated versions, I can see being a version behind or so.. But 2.7 was released in 2008, and last change I see to that branch was 2011

 

I will be upgrading, very shortly once i work out exactly what I need to do, I do not want to upgrade half way through experimenting for it not to work and me be confused as to why once I have finished this task and have the my prototype setup I will upgrade and will only use squid3 from then on (I also used squid 2.7 caching as squid3 cache refused to work if you remember from my previous post, and I could not seem to solve it) either way! im going to have to keep trying this out

  On 05/08/2014 at 15:45, BudMan said:

Well that should work then.. But still why not using current 3.4? At a loss why anyone - especially in security area type software would use outdated versions, I can see being a version behind or so.. But 2.7 was released in 2008, and last change I see to that branch was 2011

got it working! (upgrading tomorrow)

  On 05/08/2014 at 16:39, BudMan said:

so what were you doing wrong for the next guy that might have same sort of issue?

ah good point probably should say, thank you for reminding me.

 

the httpd_accel comman in the guide was not liked by squid in a very much shortened version of his guide assuming you can connect via the proxy just put this in under acl CONNECT method CONNECT line tested on an older MSIE version and it 403 errored tried it on chrome worked fine

 

acl CONNECT method CONNECT

acl ie_browser browser ^Mozilla/4\.0 .compatible; MSIE 

acl bad_browser browser ^Gator

http_access deny bad_browser

http_access deny ie_browser

http_access allow manager localhost #you will have this bold config already in place do not copy this over your working config

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access deny to_localhost

http_access allow localhost

http_access deny all

http_reply_access allow all

icp_access allow all

cache_mgr hostmaster@mycompany.at

append_domain .mycompany.at

deny_info ERR_IEBROWSER ie_browser

wccp_router 172.16.0.1

ie_refresh on

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I have mixed feelings about this. This is not going to be a budget CPU; it will likely cost $350+. I don't think you should pay that much for 6-cores in 2025. I am sure it will perform great on some games for a reasonable discount compared to the 9800X3D, and even in games optimized for 8-cores, these 6 will be so fast that it will likely be respectable. I just feel like for (probably) less money, the 9700X would be a better well rounded CPU. I'm only guessing until we see benchmarks. If the 9600X3D beats the 9700X across the board in gaming performance, then I guess it is a good product. However, I more expect it to be a mixed bag of trading blows, and I can't help but think games that show an advantage to more cores are only going to become more common going forward.
    • No, you have no idea, if there is a cable.it is prone to that unless it is shielded.
    • Would be cool if the user can drag it around like a widget. Set a boundary so that it cannot go outside the monitor.
    • missing feew things like CPU temp, hopefully they add an option to customize what would i want displayed or not, but as a default and easy msi afterburner alternative its great and it even work on destiny 2
    • Microsoft Visual Studio Professional 2022 for Windows reaches all-time low price by Steven Parker Today's highlighted deal comes via our Neowin Deals store, where you can save 94% on a copy of Microsoft Visual Studio Professional 2022 for Windows. Visual Studio Professional 2022 is a fully featured development environment that developers around the world know and love. Our first 64-bit IDE makes it easier to work with even bigger projects and more complex workloads. Enhance your productivity, write high-quality code, and re-imagine collaboration with an advanced suite of tools and built-in integrations to tackle the most challenging development workflows and deliver innovative apps. Build across languages & platforms Craft cross-platform mobile and desktop apps with .NET MAUI Build responsive Web UIs in C# with Blazor Build, debug, & test .NET and C++ apps in Linux Use hot reload capabilities across .NET and C++ apps Edit running ASP.NET pages in the web designer view Type less, code more with IntelliCode Understand your code context: variable names, functions, & the type of code you’re writing Complete a line or block of code Get a list of next best options, helping you code more rapidly & accurately Gain deep insights into your code with CodeLens Reveal crucial information like recent changes, authors, tests, and commit history Make informed decisions with a comprehensive overview of your codebase Collaborate seamlessly with Live Share's real-time collaboration sessions Speed up your team's edit & debugging cycles with personalized sessions, access controls, and custom editor settings Ensures everyone's code stays consistent Good to Know ONE-TIME PURCHASE INSTALLED ON 1 DEVICE Redemption deadline: redeem your code within 30 days of purchase Access options: desktop & mobile Version: Professional 2022 Supported languages: Visual Studio is available in English, Chinese (Simplified), Chinese (Traditional), Czech, French, German, Italian, Japanese, Korean, Polish, Portuguese (Brazil), Russian, Spanish, & Turkish Updates included Microsoft Visual Studio Professional 2022 for Windows normally costs $499, but this deal can be yours for just $27.97, that's a saving of $471. For full terms, specifications, and license info, click the link below. Use MSO8 when checking out for additional $8 off. Coupon Expires June 29. Get Microsoft Visual Studio Professional 2022 for Windows for just $19.97, or learn more Although priced in U.S. dollars, this deal is available for digital purchase worldwide. We post these because we earn commission on each sale so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. Other ways to support Neowin Whitelist Neowin by not blocking our ads Create a free member account to see fewer ads Make a donation to support our day to day running costs Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: Neowin benefits from revenue of each sale made through our branded deals site powered by StackCommerce.
  • Recent Achievements

    • Week One Done
      Helen Shafer earned a badge
      Week One Done
    • First Post
      emptyother earned a badge
      First Post
    • Week One Done
      Crunchy6 earned a badge
      Week One Done
    • One Month Later
      KynanSEIT earned a badge
      One Month Later
    • One Month Later
      gowtham07 earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      666
    2. 2
      ATLien_0
      271
    3. 3
      Michael Scrip
      220
    4. 4
      Steven P.
      166
    5. 5
      +FloatingFatMan
      162
  • Tell a friend

    Love Neowin? Tell a friend!