Thank you Humberto, can you suggest tutorial or howto to apply same simply rule with suricata? Il giorno lun 15 apr 2019 alle ore 23:37 Humberto Jucá <betolj@xxxxxxxxx> ha scritto: > > Hi, > > You can do this only with IPS (like Snort or suricata) in inline mode! > > > Em seg, 15 de abr de 2019 às 17:30, Gianluca Gargiulo > <gianluca.gargiulo@xxxxxxxxx> escreveu: > > > > Hi, > > > > i ask if it's possible using iptables or conntrack to make following > > configuration: > > > > i have a linux debian 9 server with 2 public static ip > > > > x.y.z.t1 > > > > x.y.z.t2 > > > > and apache listening on 0.0.0.0/0. > > > > then i have this virtual host on apache: > > > > website1.domain.tld (DNS -> x.y.z.t1) > > > > and > > > > website2.domain.tld (DNS -> x.y.z.t2) > > > > Virtual host works on 0.0.0.0 ip and in the http packet select host > > field to know what website is choosen by client. > > > > there is any configuration to > > > > 1A) allow http traffic if destination is x.y.z.t1 and > > website1.domain.tld combination > > 1B) deny http traffic if destination is x.y.z.t2 and > > website1.domain.tld combination > > 1C) deny http traffic if destination is x.y.z.t1 and > > website2.domain.tld combination > > 1C) allow http traffic if destination is x.y.z.t2 and > > website2.domain.tld combination > > > > ?? > > > > thank you a lot.
