theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
54 Commits 9 Branches 3 Tags
85f5e60947ca1115c442e91dda38817fdec1124a
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
theraw 85f5e60947 Update install
2018-01-01 21:41:12 +01:00
CENTOS7
Create install
2017-12-01 20:52:11 +01:00
DEBIAN7
Create install
2017-12-01 20:53:18 +01:00
static
Update nbuild.sh
2018-01-01 21:40:27 +01:00
UBUNTU14
Create install
2017-12-01 20:51:37 +01:00
config
Update config
2017-12-01 20:40:39 +01:00
install
Update install
2018-01-01 21:41:12 +01:00
README.md
Update README.md
2018-01-01 15:59:30 +01:00

README.md

Nginx L7 DDoS Protection! 💥

(Please Read Whole Page, All Things Are Important Then If You Want You Can Use IT.)

As of now available for use is just Ubuntu version. (Ubuntu 14.04) to try it you need to have a fresh installation of Ubuntu 14.04 in you VM/VPS/DEDICATED so

  1. git clone https://github.com/theraw/The-World-Is-Yours.git

  2. cd The-World-Is-Yours/; chmod +x *

  3. ./install

  4. wget https://raw.githubusercontent.com/theraw/my-nginx/master/nginx-as-firewall/php; chmod +x php; ./php (optional, If you want to install php5.6-fpm, runs on 127.0.0.1:9000)

Informations.

=> /nginx/ - Nginx Path,

=> /ngnx/live/ - Vhosts Config Files Dir,

=> /nginx/logs/ - Core Logs Files,

=> /nginx/modsecurity/ - ModSecurity Rules Dir,

=> /hostdata/ - Place where to store your webroot (Domains files),

=> /hostdata/yourdomain.com/ - Ex of domain dir,

=> /hostdata/yourdomain.com/public_html/ - Ex of your domain webroot,

=> /hostdata/yourdomain.com/logs/ - Place where to store your Domains logs (err.log, access.log),

=> /hostdata/yourdomain.com/ssl/ - Place where to store domain ssl/key,

=> /hostdata/yourdomain.com/cache/ - Place where to store site cache.

Check.

  1. L7 (Cookie Based Protection) => https://github.com/theraw/The-World-Is-Yours/blob/master/static/nginx.conf#L19-L301

  2. Kernel Settings => https://github.com/theraw/The-World-Is-Yours/blob/master/static/sysctl.conf#L1-L34

  3. Naxsi Rules Included => https://github.com/theraw/The-World-Is-Yours/blob/master/static/nginx.conf#L392 example of Naxsi => https://github.com/theraw/The-World-Is-Yours/blob/master/static/vhost/default#L8-L15

  4. ModSecurity is not loaded. However you need to set it up by yourself. you have a folder /nginx/modsecurity/ which ModSecurity rules are stored, open /nginx/modsecurity/modsecurity.conf add those

Include crs-setup.conf
Include rules/*.conf

ModSecurity is by default enabled as "detect only" you can turn it on always by doing this

SecRuleEngine On

Using modSecurity for your site

server { 
     ..... 
        modsecurity on;
        modsecurity_rules_file /nginx/modsecurity/modsecurity.conf; 
        location / { 
     ..... 
        } 
}

Careful Using modsec rules like

   location / { 
       modsecurity_rules_file /nginx/modsecurity/modsecurity.conf; 
   }

it means that's enabled just for your main place / not for other dirs in your site ex /admin/ (:

Test it! curl 'http://localhost/?q="><script>wanna hack</script>'

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>

To-Do

[x] Create install script for Ubuntu.

[-] Create install script for Debian.

[-] Create install script for Centos.

[-] Integrate Fail2Ban > IpTables.

[-] ....

Warn!

  1. If you want to use mariadb 10.+, You need to use Ubuntu amd64 only or don't compile nginx with mysql module! or you will have problems which i wasn't able to solve..
Reference in New Issue View Git Blame Copy Permalink
S
Description
No description provided
Readme Apache-2.0 81 MiB
Languages
Shell 99.5%
HTML 0.5%