Re: [mod-security-users] apache 2 mod_security iptables
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] apache 2 mod_security iptables
|
From: Reindl H. <h.r...@th...> - 2020-12-26 09:42:35
|
Am 26.12.20 um 10:11 schrieb jin&hitman&Barracuda: > Hi, > > I've used failban for a bunch of smtp servers and it didn't go well. But > there is another project (crowdsec) and i guess that it is worth to > mention here. The project have many features which failban don't have. I > haven't try it yet but i will soon. May be you'd like to look at it. > > Crowdsec: A Fail2Ban alternative written in Go - > https://github.com/crowdsecurity/crowdsec > <https://github.com/crowdsecurity/crowdsec> > > By the way, while i was using failban, i had a script (which i wrote) to > add/remove ip adresses to openbsd firewall which is a lot easier than > iptables. you don't write iptables rules for each and every address https://ipset.netfilter.org/ is your friend https://ipset.netfilter.org/ipset.man.html * you have *one* iptables rule with the ipset match * one command adds or removes and ip to the set * it's dramatically faster -> hash-table * you can block millions of ips without performance drop > On Sat, Dec 26, 2020, 11:37 Jeffery Wilkins <djc...@gm... > <mailto:djc...@gm...>> wrote: > > im looking for some people who host http servers (apache/nginx) and who > are familiar with mod_security and iptables firewalls > the setup that I am after is if an IP address hits my website and > does a > typical vuln scan my web server sends them back no response and they > silently get added to an iptables ipset blacklist that lasts for 1 week > I already have mod_security (OWASP RULES) on my apache 2 server at > (192.168.2.10) and a pfsense style firewall at (192.168.2.1) > kind of like a web server honeypot if you will > my current setup is already pretty powerful if you even send a simple > TCP SYN packet to port 21,22 or even 23 you automatically get added to > my routers firewall and dropped for 7 days for both in and outbound > forgive me for asking alot but I really want to buckle down on these > stupid automated vuln scanners and keep them off my network > I have already looked into things like fail2ban but that only protects > the webserver itself and does not integrate with my routers firewall at > all protecting the network as a whole |
