Linked Questions

Popular Questions

iptable rule to drop packet containing PHP

Asked by At

I'm trying to write some iptable rules to drop all packets containing ".php" to avoid seeing that in the logs of my HTTP server:

140.143.19.50 - - [10/Feb/2019:20:31:12 +0000] "GET /wp-config.php HTTP/1.1" 404 330 140.143.19.50 - - [10/Feb/2019:20:31:23 +0000] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 345 140.143.19.50 - - [10/Feb/2019:20:31:36 +0000] "POST /wp-admins.php HTTP/1.1" 404 330 140.143.19.50 - - [10/Feb/2019:20:32:17 +0000] "POST /tomcat.php HTTP/1.1" 404 327 140.143.19.50 - - [10/Feb/2019:20:34:19 +0000] "GET /admin/mysql/index.php HTTP/1.1" 404 338 140.143.19.50 - - [10/Feb/2019:20:34:19 +0000] "GET /admin/mysql2/index.php HTTP/1.1" 404 339 140.143.19.50 - - [10/Feb/2019:20:34:21 +0000] "GET /admin/phpmyadmin/index.php HTTP/1.1" 404 343 140.143.19.50 - - [10/Feb/2019:20:34:22 +0000] "GET /admin/phpMyAdmin/index.php HTTP/1.1" 404 343 140.143.19.50 - - [10/Feb/2019:20:34:23 +0000] "GET /admin/phpmyadmin2/index.php HTTP/1.1" 404 344 140.143.19.50 - - [10/Feb/2019:20:34:23 +0000] "GET /mysqladmin/index.php HTTP/1.1" 404 337

I use the following rules:

iptables -I INPUT -p tcp --dport 80 -m string --to 100 --algo bm --string '.php' -j DROP
iptables -I INPUT -p tcp --dport 8080 -m string --to 100 --algo bm --string '.php' -j DROP
iptables -I OUTPUT -p tcp --dport 80 -m string --to 100 --algo bm --string '.php' -j DROP
iptables -I OUTPUT -p tcp --dport 8080 -m string --to 100 --algo bm --string '.php' -j DROP
iptables -I FORWARD -p tcp --dport 80 -m string --to 100 --algo bm --string '.php' -j DROP
iptables -I FORWARD -p tcp --dport 8080 -m string --to 100 --algo bm --string '.php' -j DROP

I thought that those rules would be enough, I expected that the packets containing PHP would be dropped but I keep having those packets that bloat my logs. I use Jetty, I don't need PHP on my server. How can I get rid of the packets above once for all?

Related Questions