问题
I need to block packets from any source that includes some special User agents using IPTables. But I don’t want to manage it via .htaccess or Apache. Is there any way?
回答1:
You can do it like this:
iptables -A INPUT -p tcp --dport 80 -m string --algo bm --string "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" -j DROP
回答2:
Short answer: No.
Long answer: You could try something using the string match with iptables (see iptables -m string -h). However, the clients would still be able to connect to your server, the only thing you could do is interrupt the connection in the middle of the request. And if the user agent header happens to be split across multiple IP packets, you are out of luck.
来源:https://stackoverflow.com/questions/19209551/how-can-i-block-some-special-user-agents-via-iptables