Welcome to Centmin Mod Community
Register Now

Nginx Automated Geo Ban

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Floren, Aug 25, 2014.

Tags:
  1. Floren

    Floren Active Member

    148
    76
    28
    Jun 6, 2014
    Ratings:
    +76
    Local Time:
    4:36 PM
    We implemented this at AXIVO, since we had many users hammering our servers unnecessarily.
    @eva2000, I'm sure you can work something to adjust the tutorial for Centminmod? The idea is to demonstrate how easy is to implement a solid ban solution in Nginx, without the complexity of fail2ban, etc.

    I'm sure others will be interested to add an automated layer of security. However, the question is how to determine the proper number of strikes for a busy server? I think GoAccess will allow you to this, then you can tweak the number of strikes easy.

    Tutorial Link
     
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,902
    6,908
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,403
    Local Time:
    7:36 AM
    Nginx 1.13.x
    MariaDB 5.5
    Interesting approaching to banning users :)

    Curious if you're doing anything to handle legit users like Google and search bots, 3rd party web monitoring services that check your servers every 60 seconds etc ?
     
  3. Floren

    Floren Active Member

    148
    76
    28
    Jun 6, 2014
    Ratings:
    +76
    Local Time:
    4:36 PM
    @eva2000, it is a very good idea to add exception for that. Easiest way would be to filter the Useragent, I'm going to add this to the script.
     
    • Like Like x 1
  4. Floren

    Floren Active Member

    148
    76
    28
    Jun 6, 2014
    Ratings:
    +76
    Local Time:
    4:36 PM
    Actually i'll let you hacker your way into script, @eva2000. That script was provided as a tutorial. :)
    Is pretty easy, add a grep -v and use an array to store the Useragent exceptions.
     
    • Like Like x 1
  5. eva2000

    eva2000 Administrator Staff Member

    30,902
    6,908
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,403
    Local Time:
    7:36 AM
    Nginx 1.13.x
    MariaDB 5.5
    no worries :)

    Has me thinking though, are there ways to stress and load test your Axivo YUM repo to see how much capacity it can handle ? How much bandwidth is your Axivo YUM repo consuming on average/peaks ?