Results 1 to 5 of 5
  1. #1
    Join Date
    May 2007
    Posts
    83

    iptables - block empty user agents

    How to block requests with empty user agents using iptables firewall?

  2. #2
    Join Date
    Sep 2007
    Posts
    368

    *

    Quote Originally Posted by SysTeam View Post
    How to block requests with empty user agents using iptables firewall?
    iptables is not use for that purpose, use modsecurity or block via apache,

    here is example to block via apache with modrewrite.


    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTP_USER_AGENT} [regex to match user agent]
    RewriteRule ^/.* - [F]
    </IfModule>

    Just keep in mind that user agents can always be spoofed, so there's nothing keeping the "attacker" from pretending to be Googlebot, Firefox, MSIE, or any other browser or "good" bot. For that matter, blocking by IP only works so long as the "attacker" is using the same IP; if an attack comes from a botnet with thousands of zombie hosts, there's not a lot you can do about that.

  3. #3
    Join Date
    May 2007
    Posts
    83
    I successfully block DDoS attack (10000+ bots) using only user agent filters in iptables. Now, my webserver (nginx) still handle requests from bots (without user agents). Nginx block this requests, but would be much more effective to block using iptables.

  4. #4
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    432
    Quote Originally Posted by SysTeam View Post
    How to block requests with empty user agents using iptables firewall?
    You can't because if there's none, there's nothing to do; iptables won't find it.
    You can use mod_Security as mentionned above.
    NinTechNet
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  5. #5
    Join Date
    Sep 2007
    Posts
    368

Similar Threads

  1. CSF enabled but Iptables empty!
    By sOliver in forum Hosting Security and Technology
    Replies: 10
    Last Post: 02-20-2008, 02:20 AM
  2. modsecurity, empty referer, empty user agent
    By P Lao in forum Hosting Security and Technology
    Replies: 2
    Last Post: 06-23-2006, 08:33 PM
  3. iptables cant block ip
    By Dmitry85 in forum Hosting Security and Technology
    Replies: 6
    Last Post: 06-15-2006, 07:33 AM
  4. block bad spiders/bots/agents
    By torwill in forum Hosting Security and Technology
    Replies: 3
    Last Post: 06-17-2005, 03:26 PM
  5. iptables block ssh for certain ips and allow for others
    By nightduke in forum Hosting Security and Technology
    Replies: 6
    Last Post: 06-03-2005, 01:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •