Last update at :2024-06-17,Edit by888u
If we have any friends who use Bricklayer VPS, they should know that the default Bricklayer VPS host, including products from other server vendors, will not be protected. If there is an attack and the pressure exceeds a certain level, the service provider will automatically stop the server. If our Bricklayer VPS host is attacked and suspended for more than three times, it may result in the server being blocked. Therefore, we must make WAF firewall settings when using the website building server. In this current article, we are going to install the NGINX WAF module in the WEB environment using the LNMP script installation package used in the current server environment to improve security.
Lao Yang personally recommends that if there is an attack on our server, it is recommended to replace the high-defense server. For example, Boao Cloud Hong Kong high-defense server and Bricklayer VPS are not resistant to attacks, or we can use Cloudflare.
First, prepare the environment
This article was tested in the LNMP Junge NGINX environment. We can refer to it if necessary and make sure to back up the data.
LNMP = v1.7 Nginx version = 1.20.1 gcc version = 4.8.5
Second, install WAF firewall
Compile and install the LTS version of the ngx_waf module.
cd /usr/local/src / && git clone -b lts https://github.com/ADD-SP/ngx_waf.git / && cd ngx_waf / && make cd /usr/local/src/ && git clone https://github.com/libinjection/libinjection.git lib/libinjection cd /usr/local/src/ngx_waf / && git clone https://github.com/DaveGamble/cJSON.git lib/cjson cd /usr/local/src/ngx_waf / && git clone https://github.com/libinjection/libinjection.git inc/libinjection cd /usr/local/src/ && git clone https://github.com/jedisct1/libsodium.git --branch stable libsodium-src / && cd libsodium-src / && ./configure --prefix=/usr/local/src/libsodium --with-pic / && export LIB_SODIUM=/usr/local/src/libsodium / && make -j$(nproc) && make check -j $(nproc) && make install cd /usr/local/src/ && git clone https://github.com/troydhanson/uthash.git / && export LIB_UTHASH=/usr/local/src/uthash
Enter the directory where lnmp1.7 is located and edit
~/lnmp1.7/include/upgrade_nginx.sh this file:
vi ~/lnmp1.7/include/upgrade_nginx.sh
Find the ./configure line after else (about line 62), and append –add-module=/usr/local/src/ngx_waf –with-cc-opt=’-std= to the end of this string of compilation parameters. gnu99'.
Compile:
cd ~/lnmp1.7 ./upgrade.sh nginx
Enter the version number, press Enter, and wait patiently for the compilation to complete. (For the Nginx version number, you can find the pre-upgraded version number on the nginx download page, enter it and press Enter).
Third, configure waf firewall
In the host configuration file e.g.
Add the following code to the server block of the /usr/local/nginx/conf/vhost/www.cnbanwagong.com.conf file:
# Enable module waf on; #Specify the directory where the rule file is located waf_rule_path /usr/local/src/ngx_waf/assets/rules/; #Specify the working mode of the firewall waf_mode DYNAMIC; # Specify the upper limit of request frequency to 1000 times per minute. If the request frequency exceeds 60 minutes, you will be blacklisted. waf_cc_deny rate=1000r/m duration=60m; # Cache the detection results of up to 50 detection targets waf_cache capacity=50; # Reduce bandwidth usage when attacked waf_http_status cc_deny=444;
After the modification is completed, restart nginx to make the configuration take effect.
In conclusion, we can configure other parameters if needed. Set their respective parameters. After installation, we can test the effect.
Recommended discounts/cost-effective packages for bricklayers
Warm reminder: If you have difficulty choosing, just choose the CN2 GIA-E plan in the middle. The quarterly payment is $49.99, and you can switch between up to 12 computer rooms at will.Bricklayer discount code: BWH3HYATVBJW, discount 6.58%, available everywhere. The table below summarizes more preferential packages for bricklayer removal.
| Plan | Memory | CPU | Hard disk | Traffic/month | Bandwidth | Computer room | Price | Buy |
|---|---|---|---|---|---|---|---|---|
| CN2 (cheapest) |
1GB | 1 core | 20GB | 1TB | 1Gbps | DC3 CN2 DC8 ZNET |
$49.99/year | Buy |
| CN2 | 2GB | 1 core | 40GB | 2TB | 1Gbps | $52.99/half a year $99.99/year |
Buy | |
| CN2 GIA-E (Most recommended) |
1GB | 2 cores | 20GB | 1TB | 2.5Gbps | DC6 CN2 GIA-E DC9 CN2 GIA Japan SoftBank JPOS_1 China Unicom Netherlands EUNL_9 |
$49.99/quarter $169.99/year |
Buy |
| CN2 GIA-E | 2GB | 3 core | 40GB | 2TB | 2.5Gbps | $89.99/quarter $299.99/year |
Buy | |
| HK | 2GB | 2 cores | 40GB | 0.5TB | 1Gbps | Hong Kong CN2 GIA | $89.99/month $899.99/year |
Buy |
| HK | 4GB | 4 core | 80GB | 1TB | 1Gbps | $155.99/month $1559.99/year |
Buy |
Select a suggestion:
- Getting started: Los Angeles CN2 package, currently the cheapest, optional CN2 GT computer room, the entry-level choice.
- Recommendation:Los Angeles CN2 GIA-E package, affordable, super fast, with many optional computer rooms, and the most cost-effective.
- High-end: Hong Kong CN2 GIA package, the price is higher, but impeccable.
Recommended site search: dynamic ip vps, Foshan high defense server, overseas server, registration-free virtual host, free php space application, US host purchase, https proxy ip, high defense server, registration network, which foreign server rental company OK,
发表评论