Reputation: 2345
How to use iptable to filter urls containing string?
to block all requests to xxx.com :
sudo iptables -A OUTPUT -p tcp -m string --string "xxx.com" --algo kmp -j DROP
What will block requests to any url containing xxx like ?
google.com?q=xxx&...
without blocking google.com.
Upvotes: 1
Views: 7232
Answers (2)
Reputation: 61
You may want to use kpcre, iptables PCRE extension.
For example, to filter the example you have pointed:
iptables -I INPUT -p tcp -m string --string "/\/.+xxx.+/i" --algo pcre -j DROP
The string "//.+xxx.+/i" denotes case insensitive strings which start with "/" and contain "xxx".
Upvotes: 2
Reputation: 2277
Your suggested approach could potentially block dns requests, but if somebody uses the IP address directly that would be bypassed.
As suggested above you can use an http proxy.
Alternatively, I implemented a restriction of the type you mention without a proxy using dnsmasq and ipset. I list here the high level steps of how to do it:
- create an empty ipset called myprohibitedsites
- run your own instance of dnsmasq (you do not need the dhcp part of dnsmasq for this, just the dns cache)
- configure all your machine to use your dnsmasq (or redirect udp port 53 to your dnsmasq via iptables)
- configure your dnsmasq to log to the ipset myprohibitedsites all dns requests of the type xxx.com (see dnsmasq user guide)
- configure iptables filter to drop all packets which have as destination the IPs contained in myprohibitedsites
Upvotes: 0
Related Questions
- Ansible playbook block ALL IP exclude one or more IP
- Dropping packets with matching string using iptables drops all the subsequent packets with no match
- How can I drop packets matching the source URL
- Block IP address which matches a rule
- iptables and password protection
- Allow connections to only a specific URL via HTTPS with iptables, -m recent (potentially) and -m string (definitely)