How to Block a HTTP Website along with Its All Subdomain using IPTABLE

Posted by netnovice on Server Fault See other posts from Server Fault or by netnovice
Published on 2012-11-21T18:26:14Z Indexed on 2012/11/21 23:01 UTC
Read the original article Hit count: 508

Filed under:
|

I run a small HTTP web proxy site . We can not modify anything there in Proxy program. Few users mainly use Yahoo Web mail for Spamming and We need to block yahoo web mail access only ( complete yahoo website is also Ok) through our proxy . specially .mail.yahoo.com..

 Like - we need to block URL like -  http://uk-mg61.mail.yahoo.com
                                      http://in-mg61.mail.yahoo.com

                                      etc. etc.

Note : We generaly open http://mail.yahoo.com in browser - but after loggin in it forwards it to Urls like above but all those are subdomain of mail.yahoo.com

My target is if we can get all IP list for all available subdomain of mail.yahoo.com I can block it totally .

We can only use IPTABLE ...I know using proxy itself we can check HTTP header and check Host field for .mail.yahoo.com. and block it.

Solution :

Follwoign what I did using IPtable . I collected IP CIDR block for yahoo mainly for yahoo web mail ( mail.yahoo.com ) as much as possible ( using linux host and whois command )

[ like 66.163.160.0/19 nd 98.136.0.0/14 etc ]

and applied follwing command Like

iptables -A OUTPUT -p tcp -d 66.163.160.0/19 -m state --state NEW -j DROP etc.

Things are working fine. user can not access yahoo mail BUT the problem is I need to be updated with the avaialble CIDR YAHOO IP list ... I am ready to do it every week.

I collected many from Net... You know theer are countles subdomain of mail.yahoo.com

and seems every week Yahoo adding new IP...

But what I observed some time user can bypass our rule and the reason obvously all the avaialble Ips are not entered in IPtable yet.

What we need to do is enter all Ips of mail.yahoo.co But where do I find all subdomain for mail.yahoo.com

I know we can get it from DNS but I must not be allowed to make DNS axfr query. Also doing reverse DNS will have performance issue.

I want to know all subdomain of .mail.yahoo.c

Can I get it from yahoo site. I have the list of all YAHOO smtp IP....but I need webmail Ip... ( http://public.yahoo.com/carloc/ymail.html )

Can you please share your Idea.

Thank you

© Server Fault or respective owner

Related posts about website

Related posts about block