Project InfoSponsor & PartnerInstalling ispCPFAQDocumentationDevelopment
Current time: 11-22-2024, 05:22 PM Hello There, Guest! (LoginRegister)

ispCP - Board - Support / ispCP Omega International Area / German Corner / Plauderecke v / ispCP mit NGINX als Reverse-Proxy einsetzen [Schutz vor SynCookies und HttpDDoS]

Post Reply 
 
Thread Rating:
  • 1 Votes - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
ispCP mit NGINX als Reverse-Proxy einsetzen [Schutz vor SynCookies und HttpDDoS]
Author Message
Blister Offline
Junior Member
*

Posts: 48
Joined: Sep 2010
Reputation: 0
Post: #5
RE: ispCP mit NGINX als Reverse-Proxy einsetzen [Schutz vor SynCookies und HttpDDoS]
/etc/fail2ban/jail.conf (bereits vorhanden)
Code:
[SynDDOS]
enabled  = true
filter   = AntiSynDDOS
action   = iptables-complete[name=AntiSynDDOS]
           mail-whois[name=Mein-Servername-AntiSynDDOS, dest=meine-email@adresse.de]
logpath  = /var/log/nginx/reverse.log
maxretry = 50
bantime  = 3600

[httpDDOS]
enabled  = true
filter   = AntihttpDDOS
action   = iptables-complete[name=AntihttpDDOS]
           mail-whois[name=Mein-Servername-AntihttpDDOS, dest=meine-email@adresse.de]
logpath  = /var/log/nginx/reverse.log
maxretry = 50
bantime  = 3600


/etc/fail2ban/filter.d/AntihttpDDOS.conf (muss erstellt werden)
Code:
[Definition]
failregex = ^<HOST> -.*"(GET|POST).*HTTP/1\.." 444 0.*
ignoreregex =


/etc/fail2ban/filter.d/AntiSynDDOS.conf (muss erstellt werden)
Code:
[Definition]
failregex = <HOST> -.*400 0.*
ignoreregex =


/etc/fail2ban/action.d/iptables-complete.conf (muss erstellt werden)
Code:
[Definition]

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart = iptables -N fail2ban-<name>
              iptables -A fail2ban-<name> -j RETURN
              iptables -I INPUT -j fail2ban-<name>

# Option:  actionend
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#
actionstop = iptables -D INPUT -j fail2ban-<name>
             iptables -F fail2ban-<name>
             iptables -X fail2ban-<name>

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
#
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
#
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP

[Init]

# Defaut name of the chain
#
name = default

# Option:  port
# Notes.:  specifies port to monitor
# Values:  [ NUM | STRING ]  Default:
#
port = ssh

# Option:  protocol
# Notes.:  internally used by config reader for interpolations.
# Values:  [ tcp | udp | icmp | all ] Default: tcp
#
protocol = all


Die Angaben unter "bantime" werden in Sekunden angegeben.
Danach startest du fail2ban neu und du bist fertig.


Gruß
Julian
(This post was last modified: 08-16-2011 05:25 AM by Blister.)
07-29-2011 07:41 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Messages In This Thread
RE: ispCP mit NGINX als Reverse-Proxy einsetzen [Schutz vor SynCookies und HttpDDoS] - Blister - 07-29-2011 07:41 AM

Forum Jump:


User(s) browsing this thread: 4 Guest(s)

Contact Us | isp Control Panel ( ispCP ) | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication