iptables Block Direct IP Access to HTTPS

iptables

Marks-Man

Administrator
Joined: Mar 15, 2021
Messages: 616
Resources: 306
Points: 43
Reaction score: 210
- Convert IP Address to Hex Format

Ex: 127.0.0.1


7f.00.00.01 (0x7f000001)

Replace string : "|7d 00 00 01|"


Add the following rule to "Filter" Table:

Code:
-I INPUT -p tcp -m tcp  --dport 443 -m string --hex-string "|7d 00 00 01|" --algo kmp --to 65535 -m string --string "/" --algo bm --to 65535 -j DROP

Code:
service iptables restart

Note: Websites hosted on this IP will keep working, but anyone who tries to access IP directly will be blocked !!
 

RankBit

Registered Member
Joined: Mar 16, 2021
Messages: 1,117
Resources: 30
Points: 48
Reaction score: 56
Age: 30
On Port 80 doesn't need Hex string to be added otherwise virtual host will not be accessible from domain

Code:
-I INPUT -p tcp -m tcp  --dport 80 -m string --hex-string "127.0.0.1" --algo kmp -j DROP
 

Marks-Man

Administrator
Joined: Mar 15, 2021
Messages: 616
Resources: 306
Points: 43
Reaction score: 210
On Port 80 doesn't need Hex string to be added otherwise virtual host will not be accessible from domain

Code:
-I INPUT -p tcp -m tcp  --dport 80 -m string --hex-string "127.0.0.1" --algo kmp -j DROP
Thank you for mentioning that 😎
 

Marks-Man

Administrator
Joined: Mar 15, 2021
Messages: 616
Resources: 306
Points: 43
Reaction score: 210
@RankBit
It should be ✊
Code:
-I INPUT -p tcp -m tcp  --dport 80 -m string --hex-string "Host: 127.0.0.1" --algo kmp -j DROP
 
  • Tags
    block direct ip access to https with iptables ddos ddos protection
  • Top