Restrict access to path vi IPTables

Question

I want to restrict access to a path via iptables - I try this one and its work on the whole site

iptables -I INPUT -p tcp --dport 443 -m string --algo bm --string 'example.com' -j DROP

but I want to restrict access to specific folder like "example.com/test", but It didn't catch any packets

iptables -I INPUT -p tcp --dport 443 -m string --algo bm --string 'example.com/test' -j DROP

Please any suggestion ?

iptables doesn't work like this. – Deer Hunter Sep 04 '14 at 09:06 — Deer Hunter, Sep 04 '14 at 09:06

score 2 · Answer 1 · answered Sep 04 '14 at 09:46

Wrong network layer. While you probably could do some horrible hackjob to block that via IPTables on unencrypted http, https is encrypted so IPTables dont even see full URL string. There are 2 solutions:

Put your site behind a reverse proxy like HAProxy + decrypt SSL (HAProxy 1.5 can do that, or you can put stunnel/nginx before it to decrypt SSL)
Block it on whatever target server you are using

score 2 · Answer 2 · answered Sep 04 '14 at 10:21

2

Just use the permission system of your web server, e.g. via .htaccess files in case of Apache.

answered Sep 04 '14 at 10:21

Sven

98,649
14
180
226

Restrict access to path vi IPTables

2 Answers2