Block Incoming Requests that point to IP vs. URL

Firewalling
Log in to reply
  • J

    Howdy all!

    Is it possible to block incoming requests to the WAN IP address on a specific port, but allow requests that come in via URL?

    Example:

    Request from WAN comes into 123.45.67.89 to port 80. Block this request.

    Request from WAN comes into example.com to port 80. Allow the request.

    Thanks!

    0
  • K

    Yes, but it will require you to use a reverse HTTP/HTTPS proxy service such as HAProxy. HAProxy exists as a package for pfSense, so it’s fairly easy to setup.
    Basically what you do is:
    1: Install HAProxy as a package, set it up to listen on the loopback adapter.
    2: Create the backend Webservice link to the real webserver in your network
    3: Setup a frontend webservice that allows ONLY requests for the URL’s you want to pass. It will deny everything else
    4: Create a NAT pass rule from WAN to the Loopback adaptor IP on port 80

    The beauty is this can also be made to work with HTTPS as you can install the certificate on HAproxy and that will then terminate and decrypt the session and look at the URL.

    0
  • J

    Thanks for the tips! This doesn't look too difficult. I may give it a try. I'm not sure how this is going to work with LetsEncrypt certificates (my webserver gets it's own). Something else to look into, but this appears to allow what I'm looking for!

    Thanks!

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy