Scribd
Upload
8 views

From_ Telstra Security Operations (2)

The document provides instructions for implementing IP whitelisting and blocking malicious URL patterns in a firewall using Python. It includes a sample script for an HTTP server that checks incoming requests against a list of trusted IPs and filters out requests with suspicious query parameters. The document also outlines testing procedures to ensure the firewall functions correctly.

Uploaded by

acdiscordbottest
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
8 views

From_ Telstra Security Operations (2)

The document provides instructions for implementing IP whitelisting and blocking malicious URL patterns in a firewall using Python. It includes a sample script for an HTTP server that checks incoming requests against a list of trusted IPs and filters out requests with suspicious query parameters. The document also outlines testing procedures to ensure the firewall functions correctly.

Uploaded by

acdiscordbottest
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

From: Telstra Security Operations

To: nbn team (nbn@email

Subject: Urgent Security Update: Implementing IP Whitelisting and URL Pattern


Blocking

Hello Network Team,

Here’s how you can approach creating a firewall rule in Python to filter incoming
traffic based on malicious URL patterns and IP whitelisting. Since you’ll be simulating
this using an HTTP server, the script will inspect incoming requests and drop/block
any that don't match the whitelisted IPs or contain malicious patterns.

### Steps:

1. **Set Up IP Whitelisting**: Only allow requests from trusted IPs.

2. **Block Suspicious URL Patterns**: Filter requests containing malicious query


parameters (like `cmd=`, `pwd=`, `exec=`) and return an error if they are found.

3. **Write Python Code**: Use Python’s built-in HTTP server and modify the `do_GET`
or `do_POST` methods to implement these checks.

Here’s a possible implementation for `firewall_server.py`:

### `firewall_server.py`

```python

#!/usr/bin/env python3

from http.server import BaseHTTPRequestHandler, HTTPServer

from urllib.parse import urlparse, parse_qs

# Define trusted IPs (IP Whitelisting)

TRUSTED_IPS = ['192.168.1.100', '192.168.1.101'] # Replace with actual trusted IPs

# Suspicious patterns to block in query parameters

BLOCKED_PATTERNS = ['cmd', 'pwd', 'exec']

class FirewallHTTPRequestHandler(BaseHTTPRequestHandler):

# Override the method for handling GET requests

def do_GET(self):

# Get the client IP address

client_ip = self.client_address[0]
# Check if the IP is whitelisted

if client_ip not in TRUSTED_IPS:

self.send_response(403) # Forbidden

self.end_headers()

self.wfile.write(b"Access denied: Your IP is not whitelisted.\n")

return

# Parse the URL and query parameters

parsed_url = urlparse(self.path)

query_params = parse_qs(parsed_url.query)

# Check for malicious query parameters

for param in query_params:

if param in BLOCKED_PATTERNS:

self.send_response(400) # Bad Request

self.end_headers()

self.wfile.write(b"Request blocked: Suspicious query parameter detected.\


n")

return

# If the request passes all checks, allow it

self.send_response(200) # OK

self.end_headers()

self.wfile.write(b"Request allowed: You have passed the firewall.\n")

# Override the method for handling POST requests (if necessary)

def do_POST(self):

self.do_GET() # Handle POST requests similarly to GET requests for simplicity

# Set up and run the HTTP server with the firewall logic
def run(server_class=HTTPServer, handler_class=FirewallHTTPRequestHandler,
port=8080):

server_address = ('', port)

httpd = server_class(server_address, handler_class)

print(f'Starting firewall HTTP server on port {port}...')

httpd.serve_forever()

if __name__ == '__main__':

run()

```

### Key Parts:

1. **Whitelisting IPs**:

- In the `do_GET` method, we check if the request's IP (`client_ip`) is in the


`TRUSTED_IPS` list. If not, we return a `403 Forbidden` response.

2. **Blocking Suspicious Patterns**:

- We parse the URL and query parameters using `urlparse` and `parse_qs`.

- We iterate over the query parameters, and if any match the blocked patterns
(`cmd`, `pwd`, `exec`), we return a `400 Bad Request` response.

3. **Handling Requests**:

- If the IP is trusted and no malicious patterns are detected, the request is allowed
(`200 OK`).

Testing:

- Use the `test_requests.py` script provided to send test requests to this HTTP server.

- Run the server:

```bash

python3 firewall_server.py

```

Next Steps:
- Test the server against various inputs using the `test_requests.py` script to ensure it
correctly blocks malicious requests and allows legitimate ones.

Kind regards,
Amine Dhaouadi
Cybersecurity Analyst
[email protected]

You might also like