Is it possible to block a webpage using ufw?
basically I have two machines X and Y.
I want to block "http:// <IP-of-Y-Here> /AFolder/" from machine X on HTTP port 80 using ufw.
Trivially, this can be completed (awfully) using ufw through:
sudo ufw deny out 80
But is it possible to do something along the lines of:
ufw deny from (X IP ADDRESS) port 80 to (Y IP ADDRESS)/AFolder
That will satisfy my requirements?
No, you cannot use ufw to block access to some specific pages on a web server but not others.
ufw is a frontend for iptables
which controls the netfilter firewall, which is built into the Linux kernel. This is an ordinary firewall--you can use it to filter packets based on their headers.
An IP address and port are included in a packet's headers, but what web document is being retrieved is not. Instead, this information is transmitted in the bodies of packets, after a connection is already established.
As you're probably aware, it is possible to block access to certain websites (though it's usually pretty easy for someone to circumvent the block), and there are utilities that provide the granularity to block specific pages while allowing access to other pages on the same server. But to address what you've asked: ufw will not do this.
You can block access to a port on a server with ufw
. man ufw
has a whole raft of examples but assuming it's enabled, it should be like this:
sudo ufw deny out to <<ip address>> port 80
I've just tested this against my own server and it works. Remember that port 443 is used for SSL so that might want blocking too.
Remember, this blocks the whole of port 80 on this server.
If you want to start filtering based on subfolders (allowing some paths but not others) you're going to need something that proxies the requests. A firewall doesn't look at the content, it looks at the connections. To a firewall, a request for /subfolder is the same as a request to /a-different-subfolder.
So what you're looking for is a transparent proxy that you can twist into nixing some of your traffic. Parental-control software is probably your best bet for a quick setup. Something like dansguardian
certainly used to be popular and I would say it warrants exploration. More information is available on the wiki:
- https://help.ubuntu.com/community/ParentalControls