iptables Block Direct IP Access to HTTPS

iptables
Marks-Man

Marks-Man

Administrator
Joined: Mar 15, 2021
Messages: 616
Resources: 306
Points: 43
Reaction score: 210
- Convert IP Address to Hex Format

Ex: 127.0.0.1

7f.00.00.01 (0x7f000001)

Replace string : "|7d 00 00 01|"

www.browserling.com

IP to Hex Converter - Convert IP to Hexadecimal - Online - Browserling Web Developer Tools

Useful, free online tool that converts an IP address to hex. No ads, nonsense, or garbage, just a hex IP converter. Press a button – get the result.
www.browserling.com www.browserling.com

Add the following rule to "Filter" Table:

Code: 
-I INPUT -p tcp -m tcp  --dport 443 -m string --hex-string "|7d 00 00 01|" --algo kmp --to 65535 -m string --string "/" --algo bm --to 65535 -j DROP

Code: 
service iptables restart

Note: Websites hosted on this IP will keep working, but anyone who tries to access IP directly will be blocked !!
 
RankBit

RankBit

Registered Member
Joined: Mar 16, 2021
Messages: 1,117
Resources: 30
Points: 48
Reaction score: 56
Age: 30
On Port 80 doesn't need Hex string to be added otherwise virtual host will not be accessible from domain

Code: 
-I INPUT -p tcp -m tcp  --dport 80 -m string --hex-string "127.0.0.1" --algo kmp -j DROP
 
Marks-Man

Marks-Man

Administrator
Joined: Mar 15, 2021
Messages: 616
Resources: 306
Points: 43
Reaction score: 210
RankBit said:
On Port 80 doesn't need Hex string to be added otherwise virtual host will not be accessible from domain

Code: 
-I INPUT -p tcp -m tcp  --dport 80 -m string --hex-string "127.0.0.1" --algo kmp -j DROP
Click to expand...
Thank you for mentioning that 😎
 
Marks-Man

Marks-Man

Administrator
Joined: Mar 15, 2021
Messages: 616
Resources: 306
Points: 43
Reaction score: 210
@RankBit
It should be ✊
Code: 
-I INPUT -p tcp -m tcp  --dport 80 -m string --hex-string "Host: 127.0.0.1" --algo kmp -j DROP
 
You must log in or register to reply here.
  • Tags
    block direct ip access to https with iptables ddos ddos protection
    • Top