Menu
▾
▴
Re: [mod-security-users] apache 2 mod_security iptables
|
From: jin&hitman&Barracuda <jin...@gm...> - 2020-12-26 09:11:24
|
Hi, I've used failban for a bunch of smtp servers and it didn't go well. But there is another project (crowdsec) and i guess that it is worth to mention here. The project have many features which failban don't have. I haven't try it yet but i will soon. May be you'd like to look at it. Crowdsec: A Fail2Ban alternative written in Go - https://github.com/crowdsecurity/crowdsec By the way, while i was using failban, i had a script (which i wrote) to add/remove ip adresses to openbsd firewall which is a lot easier than iptables. On Sat, Dec 26, 2020, 11:37 Jeffery Wilkins <djc...@gm...> wrote: > im looking for some people who host http servers (apache/nginx) and who > are familiar with mod_security and iptables firewalls > the setup that I am after is if an IP address hits my website and does a > typical vuln scan my web server sends them back no response and they > silently get added to an iptables ipset blacklist that lasts for 1 week > I already have mod_security (OWASP RULES) on my apache 2 server at > (192.168.2.10) and a pfsense style firewall at (192.168.2.1) > kind of like a web server honeypot if you will > my current setup is already pretty powerful if you even send a simple > TCP SYN packet to port 21,22 or even 23 you automatically get added to > my routers firewall and dropped for 7 days for both in and outbound > forgive me for asking alot but I really want to buckle down on these > stupid automated vuln scanners and keep them off my network > I have already looked into things like fail2ban but that only protects > the webserver itself and does not integrate with my routers firewall at > all protecting the network as a whole > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
