Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    Aug 2009
    Mumbai, India

    Capture X-Forwared-For header for iptables


    I'm looking to block certain IP's on Linux web servers matching specific criteria. These web servers are behind a load balancer that's configured to operate in reverse proxy mode.

    A tcpdump of port 80 traffic shows the traffic originating from the load balancer's IP because of which I'm not able to block the actual client IP the traffic originates from. The apache logs show me the client IP's since XFF info is captured. Any method to cause iptables to capture the actual XFF ip through some match string ???

    My script picks up the actual client IP's from a DB but since the actual IP's are substituted with the load balancer's IP in packet capture, the iptables rules are ineffective

    Assistance appreciated.


  2. #2
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    I'm afraid that if it is a transparent proxy you can win only by using deep packet inspection methods.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts