0

I'd like to find a way to block websites like https://checkip.amazonaws.com or at least restrict them to the point they can no longer output my server's public IP address.

For example, if I do curl https://checkip.amazonaws.com my output would simply be 1.1.1.1 (or in other words, my IP address).

Is there a way to have an app that would inspect the output of each website my server tries to connect to and if the output contains a specific string, it automatically blocks it?

Thanks!

OpenSource
  • 1
  • 1
  • 1
    But this doesn't hide it from the public... it only hides the address from yourself. What is the point of that? – u1686_grawity Nov 06 '21 at 19:28
  • Basically, I just want to hide it from myself. I run a reverse proxy across some servers hosted on specific nodes. Their IP should remain hidden, so users can never get access to the public IP by just looking up https://checkip.amazonaws.com/ and similar. – OpenSource Nov 06 '21 at 19:35
  • well, if you want to establish bi-directional communication with someone (and if you are using HTTP on top of TCP, you do want bi-directional communication), then each side will send packets with source ip and destination ip and it needs to make sence. You can have a middlebox that sits at the middle of the connection and changes IP addresses in packets (which will be a proxi server or a NAT). The last sentence describes a firewall. Although, since most of web-sites use HTTPs, you probably won't be able to inspect it. – Effie Nov 06 '21 at 19:54
  • Also, i think there are also non-web based services that return you your IP, e.g., STUN servers. So, i would go with NAT. – Effie Nov 06 '21 at 19:56
  • If you block sites like checkip, myip, etc, that won’t deny any other host to get your IP address. Then, what you should do is clarifying which connexion you want to *allow* (it is the reverse logic). You should also clarify the architecture : is your firewall external (between Internet and your server), or just firewall rules on your server. – Frédéric Loyer Nov 06 '21 at 20:47
  • You can have your server use a VPS for outgoing/egress traffic. Maybe the same VPS used for ingress could be used if the provider offers such a service, else have an other one. When your hostile customer resolves your address, if properly done it will only find the VPS' address. – A.B Nov 11 '21 at 09:43

0 Answers0