can't block a domain which is redirected by aws

endiku

4/11/24, 11:52 AM

This is my first year at university and This is also my first time trying to configure a server.

They want me to block some https-web. I was able to block all websites with iptables except one.

I'm using FedoraServer 37 and I would like to block access https://www.example.edu

If i try to curl it, it shows a 301 code. If I follow it with the flag -L, it works normal.

I tried to use iptables with:

iptables -A OUTPUT -p tcp -d www.example.edu --dport -j DROP

After that i tried

curl -sSL -D - https://www.example.com and nothing happens. I checked iptables --list and I saw that there is a redirection: destination: server-18-66-122-86.fra60.r.cloudfront.net

I blocked also this direction and all the IPs that it uses. Then I tried to block it with squid + iptables:

nano /etc/squid/squid.conf

acl example dstdomain .example.edu http_access deny example

systemctl restart squid

and iptables:

iptables -A FORWARD -p tcp -d www.example.edu --dport 443 -j DROP

And still doesn't work. Does someone know what is it going on?

Thank you

0 + 1

iptables

squid

traffic-management

301-redirect

amazon-web-services

paladin

4/13/24, 11:52 AM

That's why you don't use domain names in iptables. You always block IP. You never know which domainname is resolving to which IP, as it might change every second, depending on the configured DNS-Server. iptables will resolve domain names only once, and will block the IP which they have resolved. If the DNS server changes the IP, iptables will not be notified about this.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: can't block a domain which is redirected by aws

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.