Written by wens

CentOS: Limit incoming HTTP connections

How to restrict HTTP access to certain list of network addresses?

You need to define set of rules on your server’s iptables to be able to do so. The following steps show how to limit access of HTTP connection to a certain network address :

1. Check iptables existing set of rules.

iptables –list –line-numbers

Sample output:

Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT icmp — anywhere anywhere
3 ACCEPT all — anywhere anywhere
4 ACCEPT tcp — anywhere anywhere state NEW tcp dpt:ftp
5 ACCEPT tcp — anywhere anywhere state NEW tcp dpt:smtp
6 ACCEPT tcp — anywhere anywhere state NEW tcp dpt:ssh
7 ACCEPT tcp — anywhere anywhere state NEW tcp dpt:http
8 ACCEPT tcp — anywhere anywhere state NEW tcp dpt:smtp
9 REJECT all — anywhere anywhere reject-with icmp-host-prohibited

Please take note that the rule that allows http connection is found on line number 7.

2. Remove iptables rule that accepts all incoming HTTP connections. We have to delete this by line number.

iptables -D INPUT 7

3. Define new set of rules for incoming HTTP connection.

iptables -I INPUT -p tcp -m tcp –dport 80 -s 192.36.253.73 -j ACCEPT
iptables -I INPUT -p tcp -m tcp –dport 80 -s 192.168.1.0/24 -j ACCEPT

4. Save and restart iptables.

service iptables save
service iptables restart

Test by navigating the server’s ip address on your web browser. Or you can use telnet to check server’s port 80 connection.

Leave a comment