2
On my Ubuntu server I have some custom software running, that connects to its vendor server to search for updates. While this is useful in general, the software is not supposed to update itself for security reasons.
I found out that, if there's no internet connection, the software is unable to update, but will still start. But I obviously can't close the connection. The hosts
file is not an alternative either, as the software needs to connect to the vendor for license checks.
So my question is: How can I redirct or block outgoing HTTP traffic for a specific URL.
tl;dr: http://www.vendor.com/license
should be allowed, but http://www.vendor.com/update
should be blocked for outgoing traffic.
I know, that I can put up some custom proxy, but I want to be the most efficient as possible and looking for other possibilities.
Maybe iptables is what I'm looking for? – buschtoens – 2013-03-31T01:30:46.463
nope. Definitely not IPtables unless you want to compile with additional module that perform analysis on a top layer of OSI/ISO. I guess the easiest would be a setting on a router - some security policy. I think Linksys routers have such option. Linksys WAG320n has such option: http://i.imgur.com/3d6UmEw.jpg
– mnmnc – 2013-03-31T01:39:57.357additionally - if the software updates itself I think there might be a config setting that says to do it. Maybe you are able to change the config ? – mnmnc – 2013-03-31T01:43:51.810
1
iptables -A OUTPUT -p tcp -m string --string "URL_HERE" --algo kmp -j DROP
Great thing that HTTP Headers are sent in cleartext. :D – buschtoens – 2013-03-31T03:11:18.193Hm...
wget URL_HERE
now goes on forever... Is there a way to actually close the connection instead of only dropping it? – buschtoens – 2013-03-31T03:12:05.557Try REJECT instead of DROP. – Dennis – 2013-03-31T03:13:09.643
Doesn't work either...
wget
says "HTTP request sent, awaiting response..." – buschtoens – 2013-03-31T03:17:55.9531Right, the problem is that you're "rejecting" the connection after it has already been established. Use
-j REJECT --reject-with tcp-reset
. This will alert the application that the connection has been reset. – Dennis – 2013-03-31T03:34:14.660You rock! It works. :) – buschtoens – 2013-03-31T03:35:25.257