Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/vasfed/nginx_ipset_blacklist

nginx module to use linux netfilter ipsets as blacklists
https://github.com/vasfed/nginx_ipset_blacklist

ipset nginx nginx-module

Last synced: 6 days ago
JSON representation

nginx module to use linux netfilter ipsets as blacklists

Awesome Lists containing this project

README 

        
== nginx_ipset_blacklist



An nginx module for using netfilter ipsets as a black/white list.

In comparison to standard nginx access module this allows for dynamic list updating, without nginx reload/restart.



== Installation



* Get youself a linux server with root access

* Install ipset 4.4 (see http://ipset.netfilter.org/install.html)

* Get nginx source code, unpack etc.

* Install libssl-dev, pcre and other nginx requirements

* Configure nginx with this module:

    ./configure --with-module=/path/to/nginx_ipset_blacklist

* Compile, install

* Configure nginx to run workers as root (this is needed to allow access to ipsets)

* Create yout ipset and add some 'offending' ips to it:

    sudo ipset -N myblacklist iphash

    sudo ipset -A myblacklist 127.0.0.1

* Start nginx

* Profit!



== Usage

Sample nginx config:

    user root;

    worker_processes  1;

    

    events {

      worker_connections  1024;

    }

    

    http {

      blacklist "myblacklist";

      include       mime.types;

      default_type  application/octet-stream;

      

      server {

        # your server configuration goes here

      }

      

      server {

        whitelist "my_whitelist"; # this server will not use global blacklist, but instad use local whitelist

        ...

      }

    }



For blocked ips server will respond with 403 error to any request.



== Author

nginx_ipset_blacklist was written by Vasily Fedoseyev aka Vasfed