<div dir="ltr"><br><br><div class="gmail_quote">On Wed, Mar 14, 2012 at 2:02 PM, ik <span dir="ltr"><<a href="mailto:idokan@gmail.com">idokan@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Wed, Mar 14, 2012 at 13:30, shimi <<a href="mailto:linux-il@shimi.net">linux-il@shimi.net</a>> wrote:<br>
><br>
> On Wed, Mar 14, 2012 at 1:23 PM, ik <<a href="mailto:idokan@gmail.com">idokan@gmail.com</a>> wrote:<br>
>><br>
>> Hello,<br>
>><br>
>> I'm trying to detect a layer 7 based HTTP request, and see if it<br>
>> contain headers that provided as spoofed IP address.<br>
>> Is there a way to detect what is the Ethernet that the request arrived<br>
>> from at apace level ?<br>
>><br>
>> If so, how can I provide rules what to do according to an HTTP header<br>
>> fields ?<br>
>><br>
><br>
> You could look at the ARP cache by reading /proc/net/arp I guess.<br>
><br>
> You ARE aware that Ethernet MACs, just like IPs, can be 'spoofed', right?<br>
<br>
</div>Yes, but it's not what I need to work upon.<br>
<div class="im"><br>
><br>
> If your LAN is insecure, secure your LAN. Don't run web applications on<br>
> unsecure networks...<br>
<br>
</div>My web app require to work also over the internet, and not only LAN<br>
(client request), that's why I'm looking for a way to secure it<br>
further.<br>
<br></blockquote><div><br>I suspected that's going to be your reply... <br><br>MAC is meaningless outside Layer 2. <br><br>You can't do anything MAC related for clients outside your subnet. All Ethernet frames will arrive from the MAC of your router.<br>
<br>The way to secure a website over HTTP, for the last few decades, has been by using SSL, signed by a mutually trusted CA. <br><br>If you want to authenticate the clients, there's an option to request a client certificate during the SSL negotiation.<br>
<br>-- Shimi<br></div></div><br></div>