theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
93a7785b0c167d9cfa1c5883b5dbf5372578d894
The-World-Is-Yours/README.md
T
theraw 93a7785b0c Update README.md
2018-02-23 11:59:45 +01:00

3.2 KiB
Raw Blame History

Nginx L7 DDoS Protection! 💥

(Please Read Whole Page, All Things Are Important Then If You Want You Can Use IT.)

As of now available for use is just Ubuntu version. (Ubuntu 14.04) to try it you need to have a fresh installation of Ubuntu 14.04 in you VM/VPS/DEDICATED so

  1. git clone https://github.com/theraw/The-World-Is-Yours.git

  2. cd The-World-Is-Yours/; chmod +x *

  3. ./install

  4. wget https://raw.githubusercontent.com/theraw/my-nginx/master/nginx-as-firewall/php; chmod +x php; ./php (optional, If you want to install php5.6-fpm, runs on 127.0.0.1:9000)

Informations.

=> /nginx/ - Nginx Path,

=> /ngnx/live/ - Vhosts Config Files Dir,

=> /nginx/logs/ - Core Logs Files,

=> /nginx/modsecurity/ - ModSecurity Rules Dir,

=> /hostdata/ - Place where to store your webroot (Domains files),

=> /hostdata/yourdomain.com/ - Ex of domain dir,

=> /hostdata/yourdomain.com/public_html/ - Ex of your domain webroot,

=> /hostdata/yourdomain.com/logs/ - Place where to store your Domains logs (err.log, access.log),

=> /hostdata/yourdomain.com/ssl/ - Place where to store domain ssl/key,

=> /hostdata/yourdomain.com/cache/ - Place where to store site cache.

Check.

  1. L7 (Cookie Based Protection)

  2. Kernel Settings

  3. Naxsi Rules Included

  4. Example of Naxsi

  5. ModSecurity is not loaded. However you need to set it up by yourself. you have a folder /nginx/modsecurity/ which ModSecurity rules are stored, open /nginx/modsecurity/modsecurity.conf add those

Include crs-setup.conf
Include rules/*.conf

ModSecurity is by default enabled as "detect only" you can turn it on always by doing this

SecRuleEngine On

Using modSecurity for your site

server { 
     ..... 
        modsecurity on;
        modsecurity_rules_file /nginx/modsecurity/modsecurity.conf; 
        location / { 
     ..... 
        } 
}

Careful Using modsec rules like

   location / { 
       modsecurity_rules_file /nginx/modsecurity/modsecurity.conf; 
   }

it means that's enabled just for your main place / not for other dirs in your site ex /admin/ (:

Test it! curl 'http://localhost/?q="><script>wanna hack</script>'

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>

To-Do

[x] Support Ubuntu Trusty.

[-] Support Ubuntu Xenial+.

[-] Support Debian.

[-] Support Centos.

[-] Integrate Fail2Ban > IpTables.

[-] ....

Warn!

  1. If you want to use mariadb 10.+, You need to use Ubuntu amd64 only or don't compile nginx with mysql module! or you will have problems which i wasn't able to solve..

Want a pro version?

Contact : raw@dope.al (Only business talk. Including Support, Installation, Nginx Plus, Custom Settings, Monitoring etc)

Reference in New Issue View Git Blame Copy Permalink