Discover Centmin Mod today
Register Now

Beta Branch add tools/csfincapsula.sh script to auto whitelist incapsula ips in 1…

Discussion in 'Centmin Mod Github Commits' started by eva2000, Mar 26, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    29,016
    6,585
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,775
    Local Time:
    12:54 PM
    Nginx 1.13.x
    MariaDB 5.5
  2. eva2000

    eva2000 Administrator Staff Member

    29,016
    6,585
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,775
    Local Time:
    12:54 PM
    Nginx 1.13.x
    MariaDB 5.5
    Add to 123.09beta01 tools/csfincapsula.sh script for whitelisting and real ip detection setup for Incapsula WAF/CDN/DDOS users similar to tools/csfcf.sh script for Cloudflare users.
    Query Incapsula API for plain text list of their IP addresses
    Code (Text):
    curl -s --data "resp_format=text" https://my.incapsula.com/api/integration/v1/ips  
    199.83.128.0/21
    198.143.32.0/19
    149.126.72.0/21
    103.28.248.0/22
    185.11.124.0/22
    192.230.64.0/18
    45.64.64.0/22
    107.154.0.0/16
    2a02:e980::/29
    

    Query Incapsula API for plain text list of their IP addresses and manipulating to output format for commands to whitelist in CSF Firewall
    Code (Text):
    curl -s --data "resp_format=text" https://my.incapsula.com/api/integration/v1/ips | while read i; do echo "csf -a ${i} incapsula"; done
    csf -a 199.83.128.0/21 incapsula
    csf -a 198.143.32.0/19 incapsula
    csf -a 149.126.72.0/21 incapsula
    csf -a 103.28.248.0/22 incapsula
    csf -a 185.11.124.0/22 incapsula
    csf -a 192.230.64.0/18 incapsula
    csf -a 45.64.64.0/22 incapsula
    csf -a 107.154.0.0/16 incapsula
    csf -a 2a02:e980::/29 incapsula
    


    testing tools/csfincapsula.sh script
    Code (Text):
     ./csfincapsula.sh
    ./csfincapsula.sh {ips|csf|nginx|auto}

    Code (Text):
    ./csfincapsula.sh ips
    --------------------------------------------
     Downloading Incapsula P list
     from: Incapsula API
    --------------------------------------------
    
    --------------------------------------------
     Format for Centminmod.com Nginx Installer
      1). add to nginx.conf
      2). add to /etc/csf/csf.allow
    --------------------------------------------
    --------------------------------------------
      1). add to nginx.conf
    --------------------------------------------
    set_real_ip_from 199.83.128.0/21;
    set_real_ip_from 198.143.32.0/19;
    set_real_ip_from 149.126.72.0/21;
    set_real_ip_from 103.28.248.0/22;
    set_real_ip_from 185.11.124.0/22;
    set_real_ip_from 192.230.64.0/18;
    set_real_ip_from 45.64.64.0/22;
    set_real_ip_from 107.154.0.0/16;
    set_real_ip_from 2a02:e980::/29;
    real_ip_header X-Forwarded-For;
    
    --------------------------------------------
      2). add to /etc/csf/csf.allow
    --------------------------------------------
    csf -a 199.83.128.0/21 incapsula
    csf -a 198.143.32.0/19 incapsula
    csf -a 149.126.72.0/21 incapsula
    csf -a 103.28.248.0/22 incapsula
    csf -a 185.11.124.0/22 incapsula
    csf -a 192.230.64.0/18 incapsula
    csf -a 45.64.64.0/22 incapsula
    csf -a 107.154.0.0/16 incapsula
    csf -a 2a02:e980::/29 incapsula
    --------------------------------------------

    Code (Text):
    ./csfincapsula.sh nginx
    
    created /usr/local/nginx/conf/incapsula.conf include file
    

    contents of /usr/local/nginx/conf/incapsula.conf include file
    Code (Text):
    cat /usr/local/nginx/conf/incapsula.conf
    
    include /usr/local/nginx/conf/incapsula_customips.conf;
    set_real_ip_from 199.83.128.0/21;
    set_real_ip_from 198.143.32.0/19;
    set_real_ip_from 149.126.72.0/21;
    set_real_ip_from 103.28.248.0/22;
    set_real_ip_from 185.11.124.0/22;
    set_real_ip_from 192.230.64.0/18;
    set_real_ip_from 45.64.64.0/22;
    set_real_ip_from 107.154.0.0/16;
    real_ip_header X-Forwarded-For;
    

    now the auto run which adds incapsula ips to CSF firewall whitelist and creates the include file /usr/local/nginx/conf/incapsula.conf automatically.
    Code (Text):
    ./csfincapsula.sh auto
    --------------------------------------------
     Add Incapsula P list to CSF
     from: Incapsula API
    --------------------------------------------
    
    --------------------------------------------
      Add to /etc/csf/csf.allow
    --------------------------------------------
    Adding 199.83.128.0/21 to csf.allow and iptables ACCEPT...
    csf: IPSET adding [199.83.128.0/21] to set [chain_ALLOW]
    Adding 198.143.32.0/19 to csf.allow and iptables ACCEPT...
    csf: IPSET adding [198.143.32.0/19] to set [chain_ALLOW]
    Adding 149.126.72.0/21 to csf.allow and iptables ACCEPT...
    csf: IPSET adding [149.126.72.0/21] to set [chain_ALLOW]
    Adding 103.28.248.0/22 to csf.allow and iptables ACCEPT...
    csf: IPSET adding [103.28.248.0/22] to set [chain_ALLOW]
    Adding 185.11.124.0/22 to csf.allow and iptables ACCEPT...
    csf: IPSET adding [185.11.124.0/22] to set [chain_ALLOW]
    Adding 192.230.64.0/18 to csf.allow and iptables ACCEPT...
    csf: IPSET adding [192.230.64.0/18] to set [chain_ALLOW]
    Adding 45.64.64.0/22 to csf.allow and iptables ACCEPT...
    csf: IPSET adding [45.64.64.0/22] to set [chain_ALLOW]
    Adding 107.154.0.0/16 to csf.allow and iptables ACCEPT...
    csf: IPSET adding [107.154.0.0/16] to set [chain_ALLOW]
    Adding 2a02:e980::/29 to csf.allow and iptables ACCEPT...
    csf: IPSET adding [2a02:e980::/29] to set [chain_6_ALLOW]
    
    created /usr/local/nginx/conf/incapsula.conf include file
    

    /etc/csf/csf.ignore ignore list
    Code (Text):
    cat /etc/csf/csf.ignore
    ###############################################################################
    # Copyright 2006-2017, Way to the Web Limited
    # URL: http://www.configserver.com
    # Email: sales@waytotheweb.com
    ###############################################################################
    # The following IP addresses will be ignored by all lfd checks
    # One IP address per line
    # CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24)
    # Only list IP addresses, not domain names (they will be ignored)
    #
    
    127.0.0.1
    199.83.128.0/21
    198.143.32.0/19
    149.126.72.0/21
    103.28.248.0/22
    185.11.124.0/22
    192.230.64.0/18
    45.64.64.0/22
    107.154.0.0/16
    2a02:e980::/29