Ping a Specific Port

Question

夏期劇場

Asked: 2016-02-24 18:05:04 +0800 CST2016-02-24 18:05:04 +0800 CST 2016-02-24 18:05:04 +0800 CST

Is there a local "firewall" to block by "X-Forwarded-For" IPs behind the reverse proxies?

772

The situation is quite typical. I'm using CentOS + Apache(s) behind a Load-balancer for the WebSites.

At this point, let's assume i don't have any access to the Load-balancer (or) let's forget about that one.

Currently i'm using .htaccess to BLOCK the IPs because the native iptables is not able to block the X-Forwarded-For kind of IP addresses (as far as i understand).

My current approach works anyway. But this still allows my Apache(s) to be hit, at least.

Is there a firewall (like: iptables) which can block the X-Forwarded-For IP/connections as well?

Thanks all in advance :)

1 Answers

Voted

Nath · Answer 1 · 2016-02-24T23:17:14+08:00

Nath

2016-02-24T23:17:14+08:002016-02-24T23:17:14+08:00

Nope, firewalls like iptables work at the tcp layer. To look at the x-forwarded-for http header you need to accept the connection and accept at least the request headers from the client before you can evaluate the x-forwarded-for IP.

By far the best place to do the blocking is on load balancer itself before the request gets passed to apache, most load balancers will have this functionality.

1

Is there a local "firewall" to block by "X-Forwarded-For" IPs behind the reverse proxies?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?