Is there a way using IPTables to drop all requests coming to a particular domain name?
For instance, all requests coming in to www.a.com will be dropped. No replies, no error pages, just dropped.
If it's possible, how can it be done?
Btw, I know, it's probably not a good practice. But need to get it done now. Thanks!
From serverfault
Kenny
-
I'm pretty certain IPTables only accepts IP addresses.
If you want to stick with domains, you can try using hosts.deny by adding this line:
ALL: www.a.comThis will prevent www.a.com to access any service on your machine.
Pier : Well, never tried, but i read somewhere that it can accept a dns name, but it'll be reverted to ip address as soon as the rule is loaded by the kernel. Better use a proxyKenny : That isn't what I need. What I need is, when a site accessed is www.a.com, drop the packet. The problem I'm facing is, I have a server in China and somehow a particular domain is in violation. The government censor will only accept a complete non-response. Problem is, the user is using a DNS server from elsewhere and directly pointing his IP at my server.chmeee : Is www.a.com a domain hosted in your server, then?Kenny : Nope. That's the problem. He just pointed his domain's IP at my server.voretaq7 : +1 for the "only takes IPs bit" even though it's not a solution. iptables (any packet-filter really) can't do what you're asking: all they know is the source & destination IP and a few other bits of info. They would have to do deep packet inspection to determine what hostname the request was pointed at, and even then there would have to be something in the data that identified the hostname (e.g. a HTTP Host: header).From Weboide
0 comments:
Post a Comment