Open burjuyz opened 1 year ago
yes totally agreed we need to integrate with fail2ban
Hi @ahmedabokandil, I am just wondering, why you need fail2ban in the first place? It doesn't seems like it can stop DDOS, or improve security in web serving. If you need further security features regarding access to the management panel (e.g. 2FA or password-less login), you should be using another business grade reverse proxy before Zoraxy for managing authentication to the management panel.
Hi @tobychui , thanks for your reply , but i will tell you why this important when we enable basic authentication to protect an backend servers , if someone tried brute force attack to get password we can block it using fail2ban , what do you think ?
@ahmedabokandil thanks for your explanation. Fail2ban is an existing project that would alter the firewall rules of the host OS, which is way out of the scope of Zoraxy (as a reverse proxy server). Integrating another huge project into Zoraxy just doesn't make sense on its own.
But if what you mean is something like a maximum retry per preset time period (and the IP get banned if over that retry counts) in the basic auth mechanism, I think it is a valid enhancement request.
Hey, we @crowdsecurity also would like to add log parser / scenario support. The remediation, however, would purely up to you if you would like to implement we do have golang libraries if not user can use the firewall remediation but would not be effective if they use something like CF.
YEs great feature is implemented Crowdsec ;)
Support for crowdsec would be nice.
I just migrated from NPM to Zoraxy, as now we can have ACL per subdomain, and its awesome.
I agree for crowdsec, it would be so usefull
Thanks again for that amazing project !
Please consider to add fail2ban for security reasons. As for example you could check SWAG solution