theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
119 Commits 9 Branches 3 Tags
303baced3bb30137e173c4a4ef41b95c8134a9a0
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
theraw 303baced3b Update install
2018-02-26 10:48:53 +01:00
ArchLinux
Update install
2018-02-25 14:44:19 +01:00
CENTOS7
Create install
2017-12-01 20:52:11 +01:00
iptables
Update install
2018-02-24 15:45:47 +01:00
static
Update nbuild.sh
2018-02-26 10:42:32 +01:00
UBUNTU14
Update whitelist-ips.conf
2018-01-06 01:36:05 +01:00
config
Update config
2017-12-01 20:40:39 +01:00
install
Update install
2018-02-26 10:48:53 +01:00
README.md
Update README.md
2018-02-26 10:42:45 +01:00

README.md

Nginx L7 DDoS Protection! 💥

(Please Read Whole Page, All Things Are Important Then If You Want You Can Use IT.)

To-Do

  • Support Ubuntu Trusty.
  • Support Ubuntu Xenial+.
  • Support Debian.
  • Support Centos.
  • Support Arch Linux.
  • ModSecurity Support.
  • Naxsi Support.
  • L7 Protection.
  • AutoBan System.
  • Integrate Fail2Ban > IpTables.
  • GUI ?
  • .....

Installation

As of now available for use is just Ubuntu version. (Ubuntu 14.04) to try it you need to have a fresh installation of Ubuntu 14.04 in you VM/VPS/DEDICATED so

  1. git clone https://github.com/theraw/The-World-Is-Yours.git

  2. cd The-World-Is-Yours/; chmod +x *

  3. ./install

Informations.

=> /nginx/                                = Nginx Path,
=> /nginx/live/                           = Vhosts Config Files Dir,
=> /nginx/logs/                           = Core Logs Files,
=> /nginx/modsecurity/                    = ModSecurity Rules Dir,
=> /hostdata/                             = Place to store your domain folders.
=> /hostdata/yourdomain.com/              = Ex of domain dir (private folder),
=> /hostdata/yourdomain.com/public_html/  = Ex of your domain webroot (public files only),
=> /hostdata/yourdomain.com/logs/         = Place where to store your Domains logs (access.log) (private folder),
=> /hostdata/yourdomain.com/ssl/          = Place where to store domain ssl/key (private folder),
=> /hostdata/yourdomain.com/cache/        = Place where to store site cache (private folder).

// Private Folder - Means this cannot be accessed by public.
// Public Folder  - Means files into this folder can be accessed by public.

Check.

1 . L7 (Cookie Based Protection)

2 . Auto Ban System based on Connection for ip

3 . Kernel Settings

4 . Naxsi Rules Included

5 . Example of Naxsi

6 . ModSecurity is not loaded. However you need to set it up by yourself. you have a folder /nginx/modsecurity/ which ModSecurity rules are stored, open /nginx/modsecurity/modsecurity.conf add those

Include crs-setup.conf
Include rules/*.conf

ModSecurity is by default enabled as "detect only" you can turn it on always by doing this

SecRuleEngine On

Using modSecurity for your site

server { 
     ..... 
        modsecurity on;
        modsecurity_rules_file /nginx/modsecurity/modsecurity.conf; 
        location / { 
     ..... 
        } 
}

Careful Using modsec rules like

   location / { 
       modsecurity_rules_file /nginx/modsecurity/modsecurity.conf; 
   }

it means that's enabled just for your main place / not for other dirs in your site ex /admin/ (:

Test it! curl 'http://localhost/?q="><script>wanna hack</script>'

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink
S
Description
No description provided
Readme Apache-2.0 81 MiB
Languages
Shell 99.5%
HTML 0.5%