[INSTALLATION] Fail2ban/crowdsec and their interaction with this project, worth it?
maxdd opened this issue · comments
Hello,
this is not really an installation issue per se but more like a question related about the synergy between tools such as fail2ban and crowdsec.
My understanding was that nginx ultimate bad bot blocker also contains a list of IPs which are somewhat up-to-date, is that the case or the main intention of the tool is to reject attacks mainly based on patterns/ua and leave the bad IPs as a secondary feature?
Are then fail2ban/crowdsec overkill against nginx logs?
@maxdd - I always used UBBB with fail2ban
(which was already detecting & blocking clients who generated too many bad 40x
's)
-
I think the proper place for rate limiting requests is in the firewall (all web clients should behave nicely)
-
I prefer
nftables
firewalls as it's a single config for ipv4 / ipv6 & ipset functionality is built in. -
Blocking bad ip's in ipsets at the nftables
ingress
level hook is a good choice for performance (i.e before packets traverse connection tracking & before prerouting) - requires kernel5.10+
& nftables0.9.7+