My web application run on Centos6. I want to protect my application. I want to ensure that HTTP request with some specific header come only from a specific IP only.
(The header include a user name and I want to prevent HTTP header spoofing).
Important clarification: Requests without the specific header should be allowed from any IPs
Is it possible to do it with IPTable? Other options?
You can only do this at web server level, which is application level and where your HTTP Headers are visible. iptables can't handle HTTP headers, because it handles layer 3 and HTTP is layer 7.
Check the OSI model. You can use nginx or apache2 for this
Here are two similar questions and their answers https://stackoverflow.com/questions/18970620/nginx-reject-request-if-header-is-not-present-or-wrong
