nginx with fail2ban and mod_security
- by Mahesh
I forgot to update my fail2ban config for nginx. I just moved to nginx from apache.
Today, I got a lot of cals from a single IP.
IP tried to access login pages with post and get methods
IP tried to use nginx as a proxy (GET http:/...)
IP searched images, js, css folders
IP tried to inject -d url_allow_fopen =1 and something similar.
Most of the calls ended with 404.
http {
limit_req_zone $binary_remote_addr zone=app:10m rate=5r/s;
...
server {
...
location / {
limit_req zone=app burst=50;
}
I got approximately 50 requests from that ip for a second. So i updated my nginx like the above. Will it avoid too many connections per second now?
I have updated my fail2ban jail.local to support nginx.
I am confused with the nginx-noscript.conf
[Definition]
failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\scgi)
ignoreregex =
I am serving php with nginx. I checked apache's noscript.conf and which has .php extension on it too. I tested this above settings before restarting fail2ban and got thousands of ips matched. I removed php and nothing matched.
Do i need .php| in nginx-noscript.conf?
Using mod_security and fail2ban together bring any problem?
When i was searching today, i came to know mod_security is available for nginx too. So i am planning to use it too.
