Home / ubuntu / Questions / 1215924
In Process
Example person
Asked: 2020-03-10 06:51:47 +0800 CST

Is there anyway to block http on port 443 using ufw

  • 772

How can I configure ufw so that it blocks any connection to port 443 using the http protocol, but not the https protocol. So what I mean is:

http://example.com:443 (Deny any connection) https://example.com:443 (Allow any connection)

Can anyone please help me on this? Thanks in advance!

Edit:

If there is any other program for doing this, please let me know! Thanks!

firewall ufw 19.10

2 Answers

  1. This just an opinion until you get another valid answer.

    $ sudo ufw deny port/protocol

    is the typical command for ufw but 

    $ sudo ufw deny 443/http

    gives

    ERROR: Bad port

    And

    $ sudo ufw deny http
$ sudo ufw status
  Status: active
--
80/tcp                     DENY       Anywhere
--

    Now my guess is that ufw only works on the Transport layer. In that layer you can access port numbers, transport layer protocols like TCP/UDP, and of course the IP addresses. And ufw is capable of working with those. But http/https is on session layer, one layer lower than transport layer and ufw does not have access to those. But there are other firewalls that work on different layer according to this

    • 1

  2. HTTP uses Port 80, HTTPS is using Port 443. Therefore, you can't block HTTP by filtering Port 443/TCP.

    • 1