Answer the question
In order to leave comments, you need to log in
H
H
HoHsi2016-04-12 14:07:42
HoHsi, 2016-04-12 14:07:42
How to block access to the site by IP for the outside world?
Good afternoon!
How to block access to sites by IP for the outside world? I have several machines:
- One machine - just an nginx balancer that redirects via proxy_pass to other machines
- Several machines with websites listening on custom ports.
Now you can get to the sites through their direct IP address of the machine + port, but I would like to close this, since some lokeshans have basic auth.
I consider it strange and unnecessary to check headers, Host, IP address of the request, etc. on the machines themselves with sites.
Going to these sites through local addresses will also fail, since the machines are in different data centers.
I consider it too complicated and superfluous to lift VPN between machines.
What are the appropriate solutions to this problem?
2 answer(s)
Boom @BillyBOOM
B
Billy, 2016-04-18 Boom @BillyBOOM
iptables rules!
something like this:
## allow connection to port 80 (Apache) if the address is between 192.168.1.100 and 192.168.1.200 ##
iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 192.168 .1.100-192.168.1.200 -j ACCEPT
## example for nat ##
iptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.1.20-192.168.1.25
source vasilisc.com/21-examples-iptables example 19
Similar questions
N
D
M
I
H
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question