How to Block a HTTP Website along with Its All Subdomain using IPTABLE
Posted
by
netnovice
on Server Fault
See other posts from Server Fault
or by netnovice
Published on 2012-11-21T18:26:14Z
Indexed on
2012/11/21
23:01 UTC
Read the original article
Hit count: 508
I run a small HTTP web proxy site . We can not modify anything there in Proxy program. Few users mainly use Yahoo Web mail for Spamming and We need to block yahoo web mail access only ( complete yahoo website is also Ok) through our proxy . specially .mail.yahoo.com..
Like - we need to block URL like - http://uk-mg61.mail.yahoo.com
http://in-mg61.mail.yahoo.com
etc. etc.
Note : We generaly open http://mail.yahoo.com in browser - but after loggin in it forwards it to Urls like above but all those are subdomain of mail.yahoo.com
My target is if we can get all IP list for all available subdomain of mail.yahoo.com I can block it totally .
We can only use IPTABLE ...I know using proxy itself we can check HTTP header and check Host field for .mail.yahoo.com. and block it.
Solution :
Follwoign what I did using IPtable . I collected IP CIDR block for yahoo mainly for yahoo web mail ( mail.yahoo.com ) as much as possible ( using linux host and whois command )
[ like 66.163.160.0/19 nd 98.136.0.0/14 etc ]
and applied follwing command Like
iptables -A OUTPUT -p tcp -d 66.163.160.0/19 -m state --state NEW -j DROP etc.
Things are working fine. user can not access yahoo mail BUT the problem is I need to be updated with the avaialble CIDR YAHOO IP list ... I am ready to do it every week.
I collected many from Net... You know theer are countles subdomain of mail.yahoo.com
and seems every week Yahoo adding new IP...
But what I observed some time user can bypass our rule and the reason obvously all the avaialble Ips are not entered in IPtable yet.
What we need to do is enter all Ips of mail.yahoo.co But where do I find all subdomain for mail.yahoo.com
I know we can get it from DNS but I must not be allowed to make DNS axfr query. Also doing reverse DNS will have performance issue.
I want to know all subdomain of .mail.yahoo.c
Can I get it from yahoo site. I have the list of all YAHOO smtp IP....but I need webmail Ip... ( http://public.yahoo.com/carloc/ymail.html )
Can you please share your Idea.
Thank you
© Server Fault or respective owner