On Wed, Mar 14, 2012 at 2:02 PM, ik <ido...@gmail.com> wrote: > On Wed, Mar 14, 2012 at 13:30, shimi <linux...@shimi.net> wrote: > > > > On Wed, Mar 14, 2012 at 1:23 PM, ik <ido...@gmail.com> wrote: > >> > >> Hello, > >> > >> I'm trying to detect a layer 7 based HTTP request, and see if it > >> contain headers that provided as spoofed IP address. > >> Is there a way to detect what is the Ethernet that the request arrived > >> from at apace level ? > >> > >> If so, how can I provide rules what to do according to an HTTP header > >> fields ? > >> > > > > You could look at the ARP cache by reading /proc/net/arp I guess. > > > > You ARE aware that Ethernet MACs, just like IPs, can be 'spoofed', right? > > Yes, but it's not what I need to work upon. > > > > > If your LAN is insecure, secure your LAN. Don't run web applications on > > unsecure networks... > > My web app require to work also over the internet, and not only LAN > (client request), that's why I'm looking for a way to secure it > further. > > I suspected that's going to be your reply...
MAC is meaningless outside Layer 2. You can't do anything MAC related for clients outside your subnet. All Ethernet frames will arrive from the MAC of your router. The way to secure a website over HTTP, for the last few decades, has been by using SSL, signed by a mutually trusted CA. If you want to authenticate the clients, there's an option to request a client certificate during the SSL negotiation. -- Shimi
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il