Is there a way to block WebSocket traffic on IPFW without blocking https traffic with the same destination and port? How to distinguish websockets from https?
From what I read in the specs, that websockets is a http upgrade - so apparently it is http, until the peers mutually agree to switch to websockets.
If that's the case, then the distinction is only within the payload. One would probably need to use a kind of plugin, e.g. a netgraph node that parses the payload and decides accordingly.
Thinking further: as it is https, the firewall would need to decrypt it in order to parse it. I think I give up. (Is there any firewall that can do this?)
you have to do it at the application if it is possible or as last resort scan ips from logs and add them to a firewall table of banned ips (fail2ban style)
Does anyone know how to distinguish websockets at least on tcpdump? I don't see any obvious differences from https traffic and the man doesn't even mention websockets as a possible proto value.
The only way I see this happening is by using a reverse proxy like HAProxy and terminate the SSL/TLS on the proxy. Then you can do some filtering on the proxy itself, or use an unencrypted connection to the backend server.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.