theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
66ba82cf92c911d94a80992b8fce4367e30f1543
The-World-Is-Yours/README.md
T
theraw 66ba82cf92 Update README.md
2018-04-09 20:42:13 +02:00

4.3 KiB
Raw Blame History

Nginx L7 DDoS Protection! 💥

(Please Read Whole Page, All Things Are Important Then If You Want You Can Use IT.)

During the installation maybe it can fail, please create one issue if it happen. The reason can be maybe if your system is 32bit only, because i have test this script only with 64bit.

Another reason can be missing packages from your repository. if so please for Ubuntu 14.04 change your repo to THIS .

To-Do

  • Support Ubuntu Trusty.
  • Support Ubuntu Xenial+.
  • Support Debian.
  • Support Centos.
  • Support Arch Linux.
  • ModSecurity Support.
  • Naxsi Support.
  • L7 Protection.
  • AutoBan System.
  • Integrate Fail2Ban > IpTables.
  • GUI ?
  • Monitor requests in live time from browser.
  • .....

Installation

As of now available for use is just Ubuntu version. (Ubuntu 14.04) to try it you need to have a fresh installation of Ubuntu 14.04 in you VM/VPS/DEDICATED so

  1. git clone https://github.com/theraw/The-World-Is-Yours.git

  2. cd The-World-Is-Yours/; chmod +x *

  3. ./install

Informations.

=> /nginx/                                = Nginx Path,
=> /nginx/live/                           = Vhosts Config Files Dir,
=> /nginx/logs/                           = Core Logs Files,
=> /nginx/modsecurity/                    = ModSecurity Rules Dir,
=> /hostdata/                             = Place to store your domain folders.
=> /hostdata/yourdomain.com/              = Ex of domain dir (private folder),
=> /hostdata/yourdomain.com/public_html/  = Ex of your domain webroot (public files only),
=> /hostdata/yourdomain.com/logs/         = Place where to store your Domains logs (access.log) (private folder),
=> /hostdata/yourdomain.com/ssl/          = Place where to store domain ssl/key (private folder),
=> /hostdata/yourdomain.com/cache/        = Place where to store site cache (private folder).

// Private Folder - Means this cannot be accessed by public.
// Public Folder  - Means files into this folder can be accessed by public.

Check.

1 . L7 (Cookie Based Protection) AND Replace "proxy2.dope.. links with yours click here to find aes which should be stored on a external link or in a place where L7 is disabled because it will not work if you put it in main site dir!.

2 . Auto Ban System based on Connection for ip

3 . Kernel Settings

4 . Naxsi Rules Included

5 . Example of Naxsi

6 . Check Iptables rules It will not be automatically enabled, because this changes based on providers in ovh it work in azure it doesn't work. so you need to manually activate iptables!

7 . ModSecurity is not loaded. However you need to set it up by yourself. you have a folder /nginx/modsecurity/ which ModSecurity rules are stored, open /nginx/modsecurity/modsecurity.conf add those

Include crs-setup.conf
Include rules/*.conf

ModSecurity is by default enabled as "detect only" you can turn it on always by doing this

SecRuleEngine On

Using modSecurity for your site

server { 
     ..... 
        modsecurity on;
        modsecurity_rules_file /nginx/modsecurity/modsecurity.conf; 
        location / { 
     ..... 
        } 
}

Careful Using modsec rules like

   location / { 
       modsecurity_rules_file /nginx/modsecurity/modsecurity.conf; 
   }

it means that's enabled just for your main place / not for other dirs in your site ex /admin/ (:

Test it! curl 'http://localhost/?q="><script>wanna hack</script>'

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink