GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Vasfed → nginx_ipset_blacklist

Vasfed / nginx_ipset_blacklist

Licence: other
nginx module to use linux netfilter ipsets as blacklists

Programming Languages

c
50402 projects - #5 most used programming language

Labels

nginxipsetnginx-module

Projects that are alternatives of or similar to nginx ipset blacklist

Ngx dynamic limit req module
The ngx_dynamic_limit_req_module module is used to dynamically lock IP and release it periodically.
Stars: ✭ 57 (+67.65%)
Mutual labels:  nginx-module
Glider
glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
Stars: ✭ 1,710 (+4929.41%)
Mutual labels:  ipset
NginxExecute
The NginxExecute module executes the shell command through GET POST and HEAD to display the result.
Stars: ✭ 47 (+38.24%)
Mutual labels:  nginx-module
Nginx Builder
A tool to build deb or rpm package of required Nginx version from the source code, with the ability to connect third-party modules. Nginx parameters are set in the yaml configuration file.
Stars: ✭ 123 (+261.76%)
Mutual labels:  nginx-module
Nginx Http Echo Module
A simple Nginx echo module
Stars: ✭ 192 (+464.71%)
Mutual labels:  nginx-module
ipset
Golang wrapper of ipset.
Stars: ✭ 21 (-38.24%)
Mutual labels:  ipset
Lua Nginx Redis
🌺 Redis、Lua、Nginx、OpenResty 笔记和资料
Stars: ✭ 757 (+2126.47%)
Mutual labels:  nginx-module
ipset-netgear-r7000-dd-wrt
Packages and kernel modules for ipset support for the Netgear R7000 running DD-WRT firmware
Stars: ✭ 45 (+32.35%)
Mutual labels:  ipset
Nginx Module Vts
Nginx virtual host traffic status module
Stars: ✭ 2,518 (+7305.88%)
Mutual labels:  nginx-module
Nginx-builder
A tool to build deb or rpm package of required Nginx version from the source code, with the ability to connect third-party modules. Nginx parameters are set in the yaml configuration file.
Stars: ✭ 143 (+320.59%)
Mutual labels:  nginx-module
Ngx healthcheck module
nginx module for upstream servers health check. support stream and http upstream. 该模块可以为Nginx提供主动式后端服务器健康检查的功能(同时支持四层和七层后端服务器的健康检测)
Stars: ✭ 145 (+326.47%)
Mutual labels:  nginx-module
Ssowat
A simple SSO for NGINX, written in Lua
Stars: ✭ 190 (+458.82%)
Mutual labels:  nginx-module
go-ipset
🔥 Go bindings for the IPtables ipset http://ipset.netfilter.org userspace utility
Stars: ✭ 110 (+223.53%)
Mutual labels:  ipset
Zstd Nginx Module
Nginx modules for the Zstandard compression
Stars: ✭ 64 (+88.24%)
Mutual labels:  nginx-module
nftables-example
A playground ruleset to get to know nftables syntax
Stars: ✭ 19 (-44.12%)
Mutual labels:  ipset
Nginx Nonewlines
This is an nginx module to strip the served HTML of all newlines (\n and \r characters)
Stars: ✭ 17 (-50%)
Mutual labels:  nginx-module
Blocklist Ipsets
ipsets dynamically updated with firehol's update-ipsets.sh script
Stars: ✭ 2,011 (+5814.71%)
Mutual labels:  ipset
nginx-module-stream-sts
Nginx stream server traffic status core module
Stars: ✭ 51 (+50%)
Mutual labels:  nginx-module
nginx-opentracing
Instrument nginx for OpenTracing.
Stars: ✭ 21 (-38.24%)
Mutual labels:  nginx-module
blackip
IP Blocklist for Ipset / Squid-Cache
Stars: ✭ 81 (+138.24%)
Mutual labels:  ipset
View All Similar Projects ➔

nginx_ipset_blacklist

An nginx module for using netfilter ipsets as a black/white list. In comparison to standard nginx access module this allows for dynamic list updating, without nginx reload/restart.

Installation

  • Get youself a linux server with root access

  • Install ipset 4.4 (see ipset.netfilter.org/install.html)

  • Get nginx source code, unpack etc.

  • Install libssl-dev, pcre and other nginx requirements

  • Configure nginx with this module:

    ./configure --with-module=/path/to/nginx_ipset_blacklist

  • Compile, install

  • Configure nginx to run workers as root (this is needed to allow access to ipsets)

  • Create yout ipset and add some 'offending' ips to it:

    sudo ipset -N myblacklist iphash
sudo ipset -A myblacklist 127.0.0.1

  • Start nginx

  • Profit!

Usage

Sample nginx config:

user root;
worker_processes  1;

events {
  worker_connections  1024;
}

http {
  blacklist "myblacklist";
  include       mime.types;
  default_type  application/octet-stream;

  server {
    # your server configuration goes here
  }

  server {
    whitelist "my_whitelist"; # this server will not use global blacklist, but instad use local whitelist
    ...
  }
}

For blocked ips server will respond with 403 error to any request.

Author

nginx_ipset_blacklist was written by Vasily Fedoseyev aka Vasfed

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].