proxies / tunnels

Customer support forums for the modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the real time modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
chrismfz
Forum User
Forum User
Posts: 7
Joined: Tue Sep 24, 2013 3:26 pm
Location: Greece

proxies / tunnels

Unread post by chrismfz »

I don't know if that's a new style or fashion,
I saw in a few servers proxy scripts others hand-written and a few
open source scripts like HTTP Tunnel (on sf.net).

Making the server a proxy basically.

I was thinking if there is a way to block outgoing connections to port 80 but only for httpd
but then again, it would also block all legitimate scripts that trying to connect to a service, a licence check, another server for any legal purpose.

Is there a way to block such proxy/tunnel scripts and not legit traffic using mod_security ?
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: proxies / tunnels

Unread post by scott »

We actually do that with a kernel security policy in ASL. You can assign a user id or group the "server" facility, meaning it can only receive connections (there are other facilities like client, or none). That way its not limited to a single service, or can by otherwise bypassed in userland.
Post Reply