gigantor Posted December 8, 2021 Posted December 8, 2021 Hello, I want to put an nginx reverse proxy in front of my IPS server. Has anyone done this? Is there a special config for nginx? Thanks
IveLeft... Posted December 8, 2021 Posted December 8, 2021 You will really need to give a lot more information about what you exactly want to do and what you have server wise. Here are the Nginx docs gigantor 1
Randy Calvert Posted December 8, 2021 Posted December 8, 2021 The question is what benefit are you looking to gain from it. Adding that layer in front is going to make things more difficult for you going forward. For example, if Nginx has something cached, and you make a change in the ACP to a theme or a setting... but it does not bust the Nginx cache, you could be stuck troubleshooting other issues you did not anticipate or need to potentially address. You're going to have to weigh if the benefit that comes from adding it is outweighed by the potential problems and the extra maintenance involved.
gigantor Posted December 8, 2021 Author Posted December 8, 2021 (edited) 1 hour ago, Randy Calvert said: The question is what benefit are you looking to gain from it. I was thinking security. I use Nginx reverse proxy with the open source ModSecurity (Web Application Firewall) module for other public facing servers for compliance reasons, and want to do the same with IPS. "Even when you understand security, it is difficult to create secure applications, especially when working under the pressures so common in today’s enterprise. The NGINX ModSecurity Web Application Firewall (WAF) protects applications against sophisticated Layer 7 attacks that might otherwise lead to systems being taken over by attackers, loss of sensitive data, and downtime. The NGINX ModSecurity WAF is based on the widely used ModSecurity open source software. " Detect and stop a broad range of Layer 7 attacks: SQL injection (SQLi), cross‑site scripting (XSS), and Local File Include (LFI), which which together account for over 90% of known Layer 7 attacks Cross‑site request forgery (CSRF), Remote File Include (RFI), remote code execution (RCE), and HTTP protocol violations Other common attack vectors, detected by your own custom regex‑based rules 1 hour ago, Randy Calvert said: For example, if Nginx has something cached I hear that, we could disable caching... Edited December 8, 2021 by gigantor
gigantor Posted December 8, 2021 Author Posted December 8, 2021 (edited) One can use the WAF with the OWASP ruleset, it's supposed to be the cat's meow in web app security these days. Edited December 8, 2021 by gigantor
Randy Calvert Posted December 8, 2021 Posted December 8, 2021 Personally instead of doing Nginx, I would use a cloud based WAF to filter a request before it ever gets to my server/datacenter. The further away you can fight an attacker the better. gigantor 1
IveLeft... Posted December 9, 2021 Posted December 9, 2021 I prefer Immunity (although paid for) https://blog.imunify360.com/modsecurity-rules-how-to-guide https://www.imunify360.com/about-us/ We used to use OWASP - Imunify is a lot better for less false positives - Part of the cloudlinux suite, used them since 2012 gigantor 1
Marc Posted December 9, 2021 Posted December 9, 2021 I have moved this to the self hosted guidance forum for you, where it is better placed for someone to assist
gigantor Posted January 5, 2022 Author Posted January 5, 2022 I went ahead and got nginx / modsecurity /owasp working. No issues at all, our community is actually faster now.
Recommended Posts