How to block HTTP requests based on HTTP header fields using iptables

The trick is to:
  • filter the right TCP packet (not just process all packets going to/from the webserver's port ... that'd be a serious waste of CPU power) ... in this task the "Recent" match module can be of great help
  • use the "String" match module to seach the first couple of bytes of the targeted packet for a string match