Tutorial on how to deploy the Nginx WAF module firewall on the Banwagonhost VPS server to improve security

If we have any friends who use Banwagonhost VPS, they should know that the default Banwagonhost VPS host, including products from other server vendors, will not be protected. If there is an attack and the pressure exceeds a certain level, the service provider will automatically stop the server. If our Banwagonhost VPS host is attacked and suspended for more than three times, it may result in the server being blocked. Therefore, we must make WAF firewall settings when using the website building server. In this current article, we are going to install the NGINX WAF module in the WEB environment using the LNMP script installation package used in the current server environment to improve security.

Lao Yang personally recommends that if there is an attack on our server, it is recommended to replace the high-defense server. For example, Boao Cloud Hong Kong High Defense Server and Banwagonhost VPS are not resistant to attacks, or we can use Cloudflare.

First, prepare the environment

This article was tested in the LNMP Junge NGINX environment. We can refer to it if necessary and make sure to back up the data.

LNMP = v1.7 Nginx version = 1.20.1 gcc version = 4.8.5

Second, install the WAF firewall

Compile and install the LTS version of the ngx_waf module.

cd /usr/local/src/ && git clone -b lts https://github.com/ADD-SP/ngx_waf.git / && cd ngx_waf / && make cd /usr/local/src/ && git clone https://github.com/libinjection/libinjection.git lib/libinjection cd /usr/local/src/ngx_waf / && git clone https://github.com/DaveGamble/cJSON.git lib/cjson cd /usr/local/src/ngx_waf / && git clone https://github.com/libinjection/libinjection.git inc/libinjection cd /usr/local/src/ && git clone https://github.com/jedisct1/libsodium.git --branch stable libsodium-src / && cd libsodium-src / && ./configure --prefix=/usr/local/src/libsodium --with-pic / && export LIB_SODIUM=/usr/local/src/libsodium / && make -j$(nproc) && make check -j $(nproc) && make install cd /usr/local/src/ && git clone https://github.com/troydhanson/uthash.git / && export LIB_UTHASH=/usr/local/src/uthash

Enter the directory where lnmp1.7 is located and edit

~/lnmp1.7/include/upgrade_nginx.sh this file:

vi ~/lnmp1.7/include/upgrade_nginx.sh

Find the ./configure line after else (about line 62), and append –add-module=/usr/local/src/ngx_waf –with-cc-opt=’-std= to the end of this string of compilation parameters. gnu99'.

Compile:

cd ~/lnmp1.7 ./upgrade.sh nginx

Enter the version number, press Enter, and wait patiently for the compilation to complete. (For the Nginx version number, you can find the pre-upgraded version number on the nginx download page, enter it and press Enter).

Third, configure waf firewall

In the host configuration file e.g. Add the following code to the server block of the /usr/local/nginx/conf/vhost/www.cnbanwagong.com.conf file:

# enable module waf on; #Specify the directory where the rule file is located waf_rule_path /usr/local/src/ngx_waf/assets/rules/; #Specify the working mode of the firewall waf_mode DYNAMIC; # Specify the upper limit of request frequency to 1000 times per minute. If the request frequency exceeds 60 minutes, you will be blacklisted. waf_cc_deny rate=1000r/m duration=60m; # Cache the detection results of up to 50 detection targets waf_cache capacity=50; # Reduce bandwidth usage when attacked waf_http_status cc_deny=444;

After the modification is completed, restart nginx to make the configuration take effect.

In conclusion, we can configure other parameters if needed. Set their respective parameters. After installation, we can test the effect.

Recommended discounts/cost-effective packages for bricklayers

Warm reminder: If you have difficulty choosing, just choose the CN2 GIA-E plan in the middle. The quarterly payment is $49.99, and you can switch between up to 12 computer rooms at will.

Banwagonhost discount code: BWH3HYATVBJW, discount 6.58%, available everywhere. The table below summarizes more preferential packages for bricklayer removal.

plan Memory CPU harddisk Traffic/month bandwidth engine room price Buy

CN2 (cheapest)	1GB	1 core	20GB	1TB	1Gbps	DC3 CN2 DC8 ZNET	$49.99/year	Buy
CN2	2GB	1 core	40GB	2TB	1Gbps		$52.99/half year $99.99/year	Buy
CN2 GIA-E (Most recommended)	1GB	2 cores	20GB	1TB	2.5Gbps	DC6 CN2 GIA-E DC9 CN2 GIA Japan SoftBank JPOS_1 China Unicom Netherlands EUNL_9	$49.99/quarter $169.99/year	Buy
CN2 GIA-E	2GB	3 core	40GB	2TB	2.5Gbps		$89.99/quarter $299.99/year	Buy
HK	2GB	2 cores	40GB	0.5TB	1Gbps	Hong Kong CN2 GIA	$89.99/month $899.99/year	Buy
HK	4GB	4 core	80GB	1TB	1Gbps		$155.99/month $1559.99/year	Buy

Select a suggestion:

• Getting started: Los Angeles CN2 package, currently the cheapest, optional CN2 GT computer room, the entry-level choice.
• Recommendation: Los Angeles CN2 GIA-E package, affordable, super fast, with many optional computer rooms, and the most cost-effective.
• High-end: Hong Kong CN2 GIA package, the price is higher, but impeccable.

Recommended site searches: domain name space agency, foreign virtual space, Shandong website registration, domain name value evaluation, free domain name registration, server Hong Kong, Korean cheap server, mainland China dynamic ip agency, Hong Kong server defense, Ministry of Industry and Information Technology registration,