iptables Block Direct IP Access to HTTPS

iptables

Marks-Man

Administrator
Joined: Mar 15, 2021
Messages: 985
Resources: 402
Points: 93
Reaction score: 870
- Convert IP Address to Hex Format

Ex: 127.0.0.1


7f.00.00.01 (0x7f000001)

Replace string : "|7d 00 00 01|"


Add the following rule to "Filter" Table:

Code:
-I INPUT -p tcp -m tcp  --dport 443 -m string --hex-string "|7d 00 00 01|" --algo kmp --to 65535 -m string --string "/" --algo bm --to 65535 -j DROP

Code:
service iptables restart

Note: Websites hosted on this IP will keep working, but anyone who tries to access IP directly will be blocked !!
 

RankBit

Registered Member
Joined: Mar 16, 2021
Messages: 12,054
Resources: 42
Points: 113
Reaction score: 5,112
Age: 31
On Port 80 doesn't need Hex string to be added otherwise virtual host will not be accessible from domain

Code:
-I INPUT -p tcp -m tcp  --dport 80 -m string --hex-string "127.0.0.1" --algo kmp -j DROP
 

Marks-Man

Administrator
Joined: Mar 15, 2021
Messages: 985
Resources: 402
Points: 93
Reaction score: 870
On Port 80 doesn't need Hex string to be added otherwise virtual host will not be accessible from domain

Code:
-I INPUT -p tcp -m tcp  --dport 80 -m string --hex-string "127.0.0.1" --algo kmp -j DROP
Thank you for mentioning that 😎
 
  • Tags
    block direct ip access to https with iptables ddos ddos protection
  • Top