IPFW Is IPFW capable of filtering WebSockets flood?

Is there a way to block WebSocket traffic on IPFW without blocking https traffic with the same destination and port? How to distinguish websockets from https?
 
From what I read in the specs, that websockets is a http upgrade - so apparently it is http, until the peers mutually agree to switch to websockets.
If that's the case, then the distinction is only within the payload. One would probably need to use a kind of plugin, e.g. a netgraph node that parses the payload and decides accordingly.
Thinking further: as it is https, the firewall would need to decrypt it in order to parse it. I think I give up. ;) (Is there any firewall that can do this?)
 
you have to do it at the application if it is possible or as last resort scan ips from logs and add them to a firewall table of banned ips (fail2ban style)
 
The only way I see this happening is by using a reverse proxy like HAProxy and terminate the SSL/TLS on the proxy. Then you can do some filtering on the proxy itself, or use an unencrypted connection to the backend server.
 
Back
Top