I put up a vps with nginx and the logs show dodgy requests within minutes, how do you guys deal with these?

Edit: Thanks for the tips everyone!

  • swifteh
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    2
    ·
    1 year ago

    Any service I have that is public facing is proxied through Cloudflare. I run a firewall on the host that only allows traffic from Cloudflare IPs. Those IPs are updated via a cron job that calls this script: https://github.com/Paul-Reed/cloudflare-ufw I also have a rule set up in Cloudflare that blocks traffic from other countries.

    For WAF, I use modsecurity with nginx. It can be a little time consuming to set up and weed out false positives, but it works really well when you get it configured properly.

    Some of my applications are set up with Cloudflare Access. I use this with Azure AD free tier and SAML, but it could be set up with self hosted solutions like authentik.