4. Block Incoming Requests that point to IP vs. URL

Block Incoming Requests that point to IP vs. URL

  • J

    Howdy all!

    Is it possible to block incoming requests to the WAN IP address on a specific port, but allow requests that come in via URL?

    Example:

    Request from WAN comes into 123.45.67.89 to port 80. Block this request.

    Request from WAN comes into example.com to port 80. Allow the request.

    Thanks!

    0
  • K

    Yes, but it will require you to use a reverse HTTP/HTTPS proxy service such as HAProxy. HAProxy exists as a package for pfSense, so it’s fairly easy to setup.
    Basically what you do is:
    1: Install HAProxy as a package, set it up to listen on the loopback adapter.
    2: Create the backend Webservice link to the real webserver in your network
    3: Setup a frontend webservice that allows ONLY requests for the URL’s you want to pass. It will deny everything else
    4: Create a NAT pass rule from WAN to the Loopback adaptor IP on port 80

    The beauty is this can also be made to work with HTTPS as you can install the certificate on HAproxy and that will then terminate and decrypt the session and look at the URL.

    0
  • J

    Thanks for the tips! This doesn't look too difficult. I may give it a try. I'm not sure how this is going to work with LetsEncrypt certificates (my webserver gets it's own). Something else to look into, but this appears to allow what I'm looking for!

    Thanks!

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy