Specify the redirect host value when http is used on an https protocol
If you’ve enabled SSL=1 and the User enters http, then DA will give them the server IP redirect by default. This option will allow the admin to specify the value of the hostname in the redirect, which has an added benefit of forcing them to use the host that matches the certificate to valid ssl errors.
The directadmin.conf option will be:
ssl_redirect_host=host.name.com
The default setting is for the value to not be present in the directadmin.conf.
When it’s not present, the server IP will be used. With the option present, it’s value will be used (even it’s it’s blank) so make sure it only there if you want to use it.
Source: http://www.directadmin.com/
Disable ICMP Redirect and Enable IP Spoofing Protection
ICMP redirects are used by routers to tell the server that there is a better path to other networks than the one chosen by the server.
However, an intruder could potentially use ICMP redirect packets to alter the hosts’s routing table by causing traffic to use a path you didn’t intend.
To disable ICMP Redirect Acceptance, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.conf.all.accept_redirects = 0
# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
Enable IP Spoofing Protection
IP spoofing is a technique where an intruder sends out packets which claim to be from another host by manipulating the source address. IP spoofing is very often used for denial of service attacks.
To enable IP Spoofing Protection, turn on Source Address Verification.
Edit the /etc/sysctl.conf file and add the following line:
net.ipv4.conf.all.rp_filter = 1
Redirect all HTTP traffic through the proxy.
If you would like to redirect all HTTP traffic through the proxy without needing to set up a proxy manually in all your applications you will need to add some rules
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp –dport 80 -j DNAT –to-destination 10.0.0.1:3128
And
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128
Where eth1,eth0 are the LAN, WAN devices and 10.0.0.1 is the IP address of your LAN device.
How to redirect port using IPTABLES
You can redirect the port in IPTABLES using the prerouting parameter.
Following is the command you can use to redirect the traffic of port 8080 to port 80.
$ /sbin/iptables -t nat -I PREROUTING -p tcp –dport 8080 -j REDIRECT –to-port 80
$ /etc/init.d/iptables save
$ /etc/init.d/iptables restart
You can change the ports in the above command according to your need.
How to redirect port using IPTABLES
You can redirect the port in IPTABLES using the prerouting parameter.
Following is the command you can use to redirect the traffic of port 8080 to port 80.
$ /sbin/iptables -t nat -I PREROUTING -p tcp –dport 8080 -j REDIRECT –to-port 80
$ /etc/init.d/iptables save
$ /etc/init.d/iptables restart
You can change the ports in the above command according to your need.