0

I've got a problem, which I didn't find any other way to restrict all the outbound traffic on my server. I have a web service, which is deployed on a server, alone. This is about one month that I get NETSCAN warnings form HETZNER data center. There are so many ips in the list, which all of them are on port 80. But none of my applications send request to that ips. I turned off the web service a few times and the error disapeared. But since I haven't changed anything in my code, I couldn't get to conclusion why this happens. Now, as I know the web service only works with some specific domains (10 domain addresses on overall), and nothing else, but the web service is run on the server, I want to block all outbound traffic on port 80, except those determined domains. Is there any way to block domains instead of IP ranges/ports directly, by windows firewall? If not, is there any software package including antiviruse/firewall that I can install on my server to do so?

Behzad Nouri
  • 11

1 Answers1

0

You might be able to do it at the router if your router has some form of URL filtering. Another way of doing this would be to set up your own custom DNS zone and use that for your server. By adding stub zones for the allowed domains, your server won't be able to resolve anything other than the domains you have added.

ChadH360
  • 404
  • 2
  • 3
  • Thanks @chadH360. I'm not really experienced in network field. How can I set up the DNS Zone on my server? – Behzad Nouri Apr 25 '15 at 08:30
  • Add the windows DNS server role to your server under server management. Once setup, add DNS stub zones for the domains - you'll need to find out the name servers for these domains and add them to your zones. Then, point your server to itself for DNS under network settings. Do a search online for configuring DNS stub zones to give you an understanding of what your DNS server will be doing - there are plenty of resources available. – ChadH360 Apr 25 '15 at 08:49
  • Ok thank you so much. But the problem is that the domains belong to large sites which has large networks. so their DNS is not a static one. Their DNS may change often. So I seek for a solution to restrict by domains rather than ip or DNSs. – Behzad Nouri Apr 25 '15 at 08:52
  • That is why you need to set up stub zones. Their DNS entries may change regularly, but their name servers won't. A stub zone allows you to host part of a domains DNS - ie their name servers, so that DNS requests will be forwarded on to their own name servers. Another option that might be easier is to have no domains on your DNS server and set up conditional forwarders for the domains in question to a public DNS server. Thinking about it further, that will actually be a lot easier in your situation. – ChadH360 Apr 25 '15 at 08:59