Computer

For Online Computer Support, Ask a Computer Technician

Ask a Computer Expert,
Get an Answer ASAP!

Computer

1. How do we add firewalls for outbound HTTP traffic and

Customer Question
only allow authorized domains/subdomains to...
1. How do we add firewalls for outbound HTTP traffic and only allow authorized domains/subdomains to be accessed?
2. How do we limit the file size of outbound HTTP requests that are uploading files outside of the server?
3. How do we redirect outbound HTTP traffic through a web server (preferably Apache2)?
4. How can we be alerted when files are being uploaded from our server to an outbound destination?
Submitted: 1 year ago.Category: Computer
Show More
Show Less
Ask Your Own Computer Question
Answered in 4 minutes by:
9/20/2016
Tech Support Specialist: Bruce Wilner,
 replied 1 year ago
Bruce Wilner
Category: Computer
Satisfied Customers: 77
Experience: principal at Network Security Labortories Inc.
Verified

Hello. I am a security expert with a CISSP and CCP. I have also built the internals of several commercial firewalls, and I worked on the Lucent FIRMATO project for graphical management of multi-vendor firewall constellations in perimeter networks. I will be delighted to help you.

What brand(s) of firewalls do you already have in place?

Ask Your Own Computer Question
Customer reply replied 1 year ago

Hello,

We do not have any firewalls in place at this moment.

What we are trying to achieve is restrict our web developers to upload our company's code outside of their development environment, where they login through a VNC.

Can you help with that?

Tech Support Specialist: Bruce Wilner,
 replied 1 year ago

I certainly can. However, if you want me to (a) select a firewall for you, (b) tell you how to set it up, (c) set up all the Apache rules, it's rather beyond the scope of this small question.

Ask Your Own Computer Question
Tech Support Specialist: Bruce Wilner,
 replied 1 year ago

What precise operating system and version are you using?

Ask Your Own Computer Question
Customer reply replied 1 year ago

We are using Ubuntu Server 14.04 LTS.

I a not asking for you to setup the firewall for me, i am just looking for a way to restrict our developers from uploading the code anywhere else other than our Git server.

Just looking for some information regarding that. I tried doing it with iptables but i am getting "Connection timed out" responses, so i am missing something.

Tech Support Specialist: Bruce Wilner,
 replied 1 year ago

IPTABLES isn't the way to go. Apache modules can actually do most of what you want, plus Apache configuration; you don't need a firewall necessarily, though it's more robust. Please let me know what you prefer.

Ask Your Own Computer Question
Customer reply replied 1 year ago

But this is regarding outbound requests. So on their dev environment they have a GNOME interface, so they can access a browser and to go any site and upload the code if they want to (lets say Dropbox for example). Apache would be great, but how could we do that with Apache? Isn't Apache used only for inbound requests?

Tech Support Specialist: Bruce Wilner,
 replied 1 year ago

Not entirely sure what you intend by "inbound request." A RESPONSE to an inbound request is your concern here. An OUTBOUND REQUEST -- what are you referring to? Your developers could attach a Web page to an e-mail message and just send it out.

However, that can be prevented readily. But I can't solve your every problem within the small scope of this question. I offered you premium service, and you declined it.

Ask Your Own Computer Question
Tech Support Specialist: Bruce Wilner,
 replied 1 year ago

A very straightforward trick that will take minutes to implement can segregate development from outbound communication. Your developers would be able to develop Web content, but they would not be able to e-mail anything they developed to the outside. The only exception would be developers who have root access.

Would you be interested in this solution?

I don't see how limiting the size of uploads or downloads is relevant.

Ask Your Own Computer Question
Customer reply replied 1 year ago

I understand but until accepting your premium service, i need my question answered and that means how this is going to be done, because from what you said i'm not sure yet you have a solution for me.

INBOUND REQUEST -> Request coming in from a user to our server

OUTBOUND REQUEST -> Request going out from our server to any outside website/api

Our developers login to their virtual development machine through a VNC connection. From their virtual development machine they can open up a browser and upload sensitive stuff (like company code) to an external service like Dropbox). We need to not allow them to do that. Is there a way to prevent that from happening? I am trying to be as clear as possible in our problem, hope i sent all the necessary info. Apache definitely cannot achieve that so i am looking for another solution..

Customer reply replied 1 year ago

That would not be enough, because as i said in the original question, we still need the server to be able to do outbound communications, we just need it to only be authorized to do that for specific domains/subdomains. So either that, or restrict size of file uploads.

Restricting file uploads would work because we have thousands of files and if they have to upload them one by one, they won't do it.

Tech Support Specialist: Bruce Wilner,
 replied 1 year ago

I made it clear that I can provide a VERY SIMPLE solution (one that wouldn't occur to you, I promise) to STRICTLY SEGREGATE development from external communication.

No dropbox.

Apache can be configured to curtail the sizes of requests coming and files going--as well as to do some simple-minded restriction of the IP addresses of prospective communicants.

I served on the NSA Trusted UNIX Working Group and the DoD/DOE Labeling Working Group and was the chief architect of Trusted RUBIX B2 RDBMS and of the Norman Firewall and the only person ever to reverse-engineer the internals of the CheckPoint from its terminal characteristics.

I'm not going to discuss qualfications endlessly. I have a solution.

Ask Your Own Computer Question
Tech Support Specialist: Bruce Wilner,
 replied 1 year ago

"Restricting file uploads would work because we have thousands of files and if they have to upload them one by one, they won't do it."

You don't seem to have much faith in your developers. I could write a five-line shell script that could automatically upload every file within a given directory subtree, one by one, by e-mail, without requiring more than sixty seconds' total effort by me.

Ask Your Own Computer Question
Customer reply replied 1 year ago

It's not a problem of current developers, it's regarding new developers that need to build trust first. And they are remote to, so harder to manage.

You could do that yes, but what if you're limiting the upload size to 1kb and most files are bigger than that? You'd have to separate etc.. so more work to do.

Regarding Apache being able to curtail the sizes of outgoing files, can you explain to me how that is possible? I have worked for many years with Apache and i don't understand how it can access the server's outgoing requests and be able to manipulate them.

Tech Support Specialist: Bruce Wilner,
 replied 1 year ago

I thought you wanted to prevent your developers from mailing files outside your worksite. Limiting file sizes won't solve the problem.

Ask Your Own Computer Question
Customer reply replied 1 year ago

Yes but not just mailing.. also uploading to Github, Google Drive, Dropbox..anything.

So restricting external traffic would be a better solution. But we still need the server to be able to access external APIs like googleapis.com and eu11.salesforce.com which are constantly changing IPs... Do you have a solution for that?

Tech Support Specialist: Bruce Wilner,
 replied 1 year ago

Um, if your external developers are hacking in the code, they can steal things WHETHER OR NOT they go through the Web server. You really have to think this through much more carefully. I offered you a comprehensive analysis, but you weren't interested. I really don't know what to tell you. You can't protect your PRICELESS infrastructure for essentially NO investment.

I can solve any problem you can pose, quickly and efficiently. But I can't solve your every last problem within what you have committed to this analysis. You have to call customer service at(###) ###-####and accept the premium offer, and I will solve ALL your problems, QUICKLY and CLEVERLY.

Ask Your Own Computer Question
Customer reply replied 1 year ago

So paying $45 just for getting an "I can do it" answer is NO investment? I don't think so.. For that i would have hoped i'd get a clear explanation on what it would be done before going to pay the other $66 for the solution. You don't have to tell me the steps, i won't steal the solution, but make me understand how you're going to handle it because i am not confident enough yet.

Tech Support Specialist: Bruce Wilner,
 replied 1 year ago

I won't go on and on about my qualifications. If you don't want expert help, that's fine. Feel free to hack away at your Apache modules, and your solution will be defeated with thirty seconds' effort.

I have already shot down your EVERY "solution" and STILL you question my ability to help you?

And it is certainly NO investment because, one presumes, you are protecting potentially hundreds of thousands, or millions, of dollars' worth of intellectual property.

Ask Your Own Computer Question
Customer reply replied 1 year ago
Relist: Inaccurate answer.
Tech Support Specialist: Bruce Wilner,
 replied 1 year ago

All of your problems could have been solved already.

I can trivially segregate development from outside communicaton via a simple stunt using group IDs.

Apache modules and logging can take care of your every other concern.

Ask Your Own Computer Question
Ask Andy Your Own Question
Andy
Andy
Andy, Computer Consultant
Category: Computer
Satisfied Customers: 5,316
5,316 Satisfied Customers
Experience: 11yr exp, Comp Engg, Internet expert, Web developer, SEO

Andy is online now

A new question is answered every 9 seconds

How JustAnswer works:

  • Ask an ExpertExperts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional AnswerVia email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction GuaranteeRate the answer you receive.

JustAnswer in the News:

Ask-a-doc Web sites: If you've got a quick question, you can try to get an answer from sites that say they have various specialists on hand to give quick answers... Justanswer.com.
JustAnswer.com...has seen a spike since October in legal questions from readers about layoffs, unemployment and severance.
Web sites like justanswer.com/legal
...leave nothing to chance.
Traffic on JustAnswer rose 14 percent...and had nearly 400,000 page views in 30 days...inquiries related to stress, high blood pressure, drinking and heart pain jumped 33 percent.
Tory Johnson, GMA Workplace Contributor, discusses work-from-home jobs, such as JustAnswer in which verified Experts answer people’s questions.
I will tell you that...the things you have to go through to be an Expert are quite rigorous.

What Customers are Saying:

My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed.

One Happy CustomerNew York

I am very happy with my very fast response. Eric is very knowledgeable in the subject area. Thank you!

RPAustin, TX

Hi John, Thank you for your expertise and, more important, for your kindness because they make me, almost, look forward to my next computer problem. After the next problem comes, I'll be delighted to correspond again with you. I'm told that I excel at programing. But system administration has never been one of my talents. So it's great to have an expert to rely on when the computer decides to stump me. God bless, Bill

Bill M.Schenectady, New York

The Expert answered my Mac question and was patient. He answered in a thorough and timely manner, keeping the response on a level that could understand. Thank you!

FrankCanada

Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help.

Mary C.Freshfield, Liverpool, UK

This expert is wonderful. They truly know what they are talking about, and they actually care about you. They really helped put my nerves at ease. Thank you so much!!!!

AlexLos Angeles, CA

Thank you for all your help. It is nice to know that this service is here for people like myself, who need answers fast and are not sure who to consult.

GPHesperia, CA

< Previous | Next >

Meet the Experts:

Andy

Andy

Computer Consultant

5,316 satisfied customers

11yr exp, Comp Engg, Internet expert, Web developer, SEO

Engineer John C.

Engineer John C.

Computer Science Engineer

3,227 satisfied customers

Computer Science Engineer with 10 years of experience in Computer Support, and Microsoft, A+ and Cisco certified

Ryan H.

Ryan H.

Computer Support Specialist

1,741 satisfied customers

A+ Certified Technician - 10 Years experience working with all types of computer systems.

Jane Lefler

Jane Lefler

Sr Prog Analyst / Technician

2 satisfied customers

Computer Programmer / Technician/ Consultant 16+ years

Frederick S.

Frederick S.

Computer Specialist

7,241 satisfied customers

Computer technician and founder of a home PC repair company.

lifesaver

lifesaver

Computer Software Engineer

4,288 satisfied customers

Engineering degree in Computer science,Microsoft Certified Professional.JA computer expert.

Sudipto

Sudipto

Hardware Engineer

4,115 satisfied customers

Certificate Course In Computer Maintenance

< Previous | Next >

Related Computer Questions
I have Edge, and it says my computer is locked. I'm getting
I have Edge, and it says my computer is locked. I'm getting a critical alert from Microsoft that my computer is infected by a virus or spyware, error #268D3, the phone number they give is(###) ###-###… read more
Viet - Computer Tech
Viet - Computer Tech
Computer Technican
Bachelor\u0027s Degree
952 satisfied customers
Marvin Chin here. Pc win 10. Pc recently updated with a
Pc recently updated with a solidstate HD after a crash. only problem is I cannot hear music from Linein using Realtek audio Manager. Drivers are updated. just not sure how to select the linein jack. I know the input is there. … read more
Specialist Sean S.
Specialist Sean S.
Computer Support Technician
663 satisfied customers
I need a factory reset disk for a K55A lapt, ASUS K55A, My
My friend forgot his password ***** a Win 8 upgraded to a Win 10 .. asked me if I could fix it ... I think he earaded the partition ... cause I cant do a factory reboot … read more
Mr.Med
Mr.Med
893 satisfied customers
I CAN'T GET INTO MY EMAIL. I CAN'T REEMEMBER MY PASSWORD AS
I CAN'T GET INTO MY EMAIL. I CAN'T REEMEMBER MY PASSWORD ***** I HAVE NEVER BEEN ASKED FOR IT. HELP!! … read more
Viet - Computer Tech
Viet - Computer Tech
Computer Technican
Bachelor\u0027s Degree
952 satisfied customers
It is my phone.. It is my phone that is blocked. Alcatel
it is my phone. My name is*****: What's the brand/model/Operating System (OS) of your computer? Customer: It is my phone that is blocked … read more
Josh
Josh
It Support Specialist
Associate Degree
5,125 satisfied customers
I think I got scammed by support sapien, how do I know.
I think I got scammed by support sapien, how do I know … read more
Specialist Sean S.
Specialist Sean S.
Computer Support Technician
663 satisfied customers
I am having trouble opening Word Office Home & Student 2016
I am having trouble opening Word Office Home & Student 2016 for PC which I purchased 2***-**-****. I was given a Product Key (D4T9C-X7X43-M3G7K-VKMWM-Y2D7Z) . I do not know if this is still a valid "p… read more
Specialist Sean S.
Specialist Sean S.
Computer Support Technician
663 satisfied customers
I use Microsoft Live Mail to access and manage my g mail
I use Microsoft Live Mail to access and manage my g mail account. For an entirely independent reason, I changed my gmail password ***** google will no longer accept a login fro Live Mail … read more
Viet - Computer Tech
Viet - Computer Tech
Computer Technican
Bachelor\u0027s Degree
952 satisfied customers
I just got a new cell phone can i use this numger on line.
i just got a new cell phone can i use this numger on line … read more
Karthik
Karthik
Senior Engineer
Bachelor of Engineering
27 satisfied customers
Need to retrieve previous Email account for Email. Previous
Need to retrieve previous Email account for Email. Previous was :***@******.***. Now is***@******.*** … read more
GeekGal
GeekGal
IT Director
Bachelors Degree
422 satisfied customers
I tried to log in to my Facebook after deactivating my
Hi! I tried to log in to my Facebook after deactivating my account. When i took it back I got the code generator long story stort, I pressed send code again to many Times. I forgot that my fb is conne… read more
Josh
Josh
It Support Specialist
Associate Degree
5,125 satisfied customers
How do I turn on typing in Google? Hold on...I need go
How do I turn on typing in Google? JA: What kind of computer do you have? Customer: Hold on...I need go check. One Sec. JA: Have you installed any updates recently? Customer: not that I know of. Let m… read more
Josh
Josh
It Support Specialist
Associate Degree
5,125 satisfied customers
I cannot register my malware protection product. IBM Lenovo
I purchased your malware product today and received a registration code that does not work.… read more
Karthik
Karthik
Senior Engineer
Bachelor of Engineering
27 satisfied customers
Something wrong with my email it will not let me open emails
Hi something wrong with my email it will not let me open emails ***@******.*** then it blocks them … read more
Viet - Computer Tech
Viet - Computer Tech
Computer Technican
Bachelor\u0027s Degree
952 satisfied customers
Nothing on my computer....trying to locate some who uses
nothing on my computer....trying to locate some who uses Skype in Ukraine....how do I do that? … read more
Chris L.
Chris L.
IT/Web Manager
Vocational, Technical or Trade Scho
29 satisfied customers
The Google search feature for the Ohio Agricultural
The Google search feature for the Ohio Agricultural Department ends up with my phone number. The Ag Dept is in Columbus; I'm in Bowling Green. I'm really tired of getting phone calls for the Ag. Dept.… read more
PC_Wizzard
PC_Wizzard
IT Technician
32 satisfied customers
Is there a way in which I can move my Outlook 2007 porgram,
Is there a way in which I can move my Outlook 2007 porgram, including all (All Mail, Task, Business Manager Contacts, and Notes) from one computer to another? Both computers are running Windows XP Pro… read more
lifesaver
lifesaver
Computer Software Engineer
Bachelor's Degree
4,288 satisfied customers
I need to know the Gmail and the password that was used to
i need to know the Gmail and the password ***** was used to sign in in my google gmile on nov10 itcame from my motorola 3 G Phone … read more
Karthik
Karthik
Senior Engineer
Bachelor of Engineering
27 satisfied customers
Disclaimer: Information in questions, answers, and other posts on this site ("Posts") comes from individual users, not JustAnswer; JustAnswer is not responsible for Posts. Posts are for general information, are not intended to substitute for informed professional advice (medical, legal, veterinary, financial, etc.), or to establish a professional-client relationship. The site and services are provided "as is" with no warranty or representations by JustAnswer regarding the qualifications of Experts. To see what credentials have been verified by a third-party service, please click on the "Verified" symbol in some Experts' profiles. JustAnswer is not intended or designed for EMERGENCY questions which should be directed immediately by telephone or in-person to qualified professionals.

Disclaimer: Information in questions, answers, and other posts on this site ("Posts") comes from individual users, not JustAnswer; JustAnswer is not responsible for Posts. Posts are for general information, are not intended to substitute for informed professional advice (medical, legal, veterinary, financial, etc.), or to establish a professional-client relationship. The site and services are provided "as is" with no warranty or representations by JustAnswer regarding the qualifications of Experts. To see what credentials have been verified by a third-party service, please click on the "Verified" symbol in some Experts' profiles. JustAnswer is not intended or designed for EMERGENCY questions which should be directed immediately by telephone or in-person to qualified professionals.

Show MoreShow Less

Ask Your Question

x