On Wed, Mar 14, 2012 at 14:23, shimi <linux...@shimi.net> wrote: > > > On Wed, Mar 14, 2012 at 2:02 PM, ik <ido...@gmail.com> wrote: >> >> On Wed, Mar 14, 2012 at 13:30, shimi <linux...@shimi.net> wrote: >> > >> > On Wed, Mar 14, 2012 at 1:23 PM, ik <ido...@gmail.com> wrote: >> >> >> >> Hello, >> >> >> >> I'm trying to detect a layer 7 based HTTP request, and see if it >> >> contain headers that provided as spoofed IP address. >> >> Is there a way to detect what is the Ethernet that the request arrived >> >> from at apace level ? >> >> >> >> If so, how can I provide rules what to do according to an HTTP header >> >> fields ? >> >> >> > >> > You could look at the ARP cache by reading /proc/net/arp I guess. >> > >> > You ARE aware that Ethernet MACs, just like IPs, can be 'spoofed', >> > right? >> >> Yes, but it's not what I need to work upon. >> >> > >> > If your LAN is insecure, secure your LAN. Don't run web applications on >> > unsecure networks... >> >> My web app require to work also over the internet, and not only LAN >> (client request), that's why I'm looking for a way to secure it >> further. >> > > I suspected that's going to be your reply... > > MAC is meaningless outside Layer 2. > > You can't do anything MAC related for clients outside your subnet. All > Ethernet frames will arrive from the MAC of your router.
Yes, "all I need" is to use layer 2 or 3 (ebtables or iptables) and allow only sources and destinations of a valid known mac addresses (router, switch etc...) > > The way to secure a website over HTTP, for the last few decades, has been by > using SSL, signed by a mutually trusted CA. I can only use self signed certificate for this, but I'll try to use SSL all the way. > > If you want to authenticate the clients, there's an option to request a > client certificate during the SSL negotiation. > > -- Shimi > Ido _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il