Nginx Reverse Proxy + Mod Security WAF + fail2ban + geoip2 - XtreamUI | Streamcreed 1.1
Proxy Install v1.1OS Ubuntu 20.04 LTS Server
Register for free to get accountID and licenseKEY from geoip2 lite at : dev.maxmind.com
- Nginx , Mod Security , Fail2ban , Mariadb for store ip banned ( next version whit webadmin ).
- Block User Agent -> /etc/nginx/useragent.rules
- Block ISP -> /etc/nginx/block_isp.conf
- Block ASN Number -> /etc/nginx/block_asn.conf
- Country Whitelist -> /etc/nginx/country_whitelist.conf ( Default block all country ) ( possibility to block for example US country but exclude some ip/range from US ( it.wikipedia.org )
- IP Whitelist for exclusion to req_limit zone -> /etc/nginx/ip_whitelist.conf
- SQL Injection prevention
- Ip Whitelist for exclusion to fail2ban -> /etc/fail2ban/jail.local find line :
[DEFAULT]
ignoreip = 127.0.0.1/8 10.0.0.0/8 192.168.0.0/16 172.16.0.0/16 add_ip_or_range_to_exclude_here
- Save and reload/restart fail2ban -> systemctl stop | start | reload | restart fail2ban
- Restart / Reload / Stop / Start Nginx -> systemctl stop | start | reload | restart nginx
- Restart / Reload / Stop / Start file2ban -> systemctl stop | start | reload | restart fail2ban
- Log Files :
- /var/log/nginx/error.log
- /var/log/nginx/access.log
- /var/log/fail2ban.log
- /opt/log/modsec_audit.log
- unban ip from nginx-req-limit -> fail2ban-client set nginx-req-limit unbanip IP_ADDRESS_HERE
- unban ip from nginx-4xx -> fail2ban-client set nginx-4xx unbanip IP_ADDRESS_HERE
- unban all ip --> fail2ban-client unban --all
- Disable ban for nginx-4xx -> /etc/fail2ban/jail.local and set enable = false :
[nginx-4xx]
enabled = false
....
bantime = 7200
then reload fail2ban --> systemctl restart fail2ban
- To add or remove mod security rules go to /etc/nginx/rules/ and move from this directory to another then reload nginx. systemctl reload nginx
- To disable mod securtiy go to /etc/nginx/nginx.conf and find : ModSecurityEnabled on; to ModSecurityEnabled off;
