Ping a Specific Port

Question

Michael

Asked: 2015-12-10 08:06:27 +0800 CST2015-12-10 08:06:27 +0800 CST 2015-12-10 08:06:27 +0800 CST

What is simple way to ensure that HTTP request with some specific header come only from a specific IP only?

772

My web application run on Centos6. I want to protect my application. I want to ensure that HTTP request with some specific header come only from a specific IP only.

(The header include a user name and I want to prevent HTTP header spoofing).

Important clarification: Requests without the specific header should be allowed from any IPs

Is it possible to do it with IPTable? Other options?

1 Answers

Voted

kamihack · Answer 1 · 2015-12-10T08:16:07+08:00

Best Answer

kamihack

2015-12-10T08:16:07+08:002015-12-10T08:16:07+08:00

You can only do this at web server level, which is application level and where your HTTP Headers are visible. iptables can't handle HTTP headers, because it handles layer 3 and HTTP is layer 7.

Check the OSI model. You can use nginx or apache2 for this

Here are two similar questions and their answers https://stackoverflow.com/questions/18970620/nginx-reject-request-if-header-is-not-present-or-wrong

In Nginx, block user based on X header value

2

What is simple way to ensure that HTTP request with some specific header come only from a specific IP only?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?