Block subdomain (cname)
-
Hello all,
good day and happy friday!!
Just want to ask if pfsense is capable of blocking a subdomain (cname) from being accessible from outside a country?
basically something like this: "block if cname is sub.domain.com AND outside US"
i know i can do a whole country block, but unsure how can this be applied.
Thanks in advance for any advise!
-
@dridhas You can block traffic from a country to an IP address. If the IP isn't unique then I think you'll need something like squid to proxy the incoming web request and handle the block.
-
@steveit this is the scenario:
ive got a website and the traffic should only come from US.
the server that hosts the website has a static public ipaddress.So if i understand correctly, i can block for example, Canada to be able to get to the website on the static ip address, correct?
-
@dridhas
You can install and use the pfBlockerNG package for that.If you want to allow only one or a view countries, best practice is to let pfBlocker generate only aliases. You can use these after in pass rules at source for allowing access to your server.
-
@viragomann thank you for the suggestions.
this is what i did
inside the North America, i highlighted the desired countries to block and then use these settings:
.On the firewall rules i can see this:
i used a VPN to emulate the country, and the website did not load...
-
@viragomann next step is to block just the subdomain so i can leave some other services accessible to outside US.
-
@dridhas
pfSense can out of the box only filter traffic on the base of IP and port.
So if you have multiple services on the same IP and port, pfSense cannot differ them. This can only be done by a proxy package as already suggested. -
@dridhas Block from North America to that IP address as the destination.