Download the PHP package deltasystems/aws-fail2ban without Composer
On this page you can find all versions of the php package deltasystems/aws-fail2ban. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download deltasystems/aws-fail2ban
More information about deltasystems/aws-fail2ban
Files in deltasystems/aws-fail2ban
Package aws-fail2ban
Short Description fail2ban actions that are compatible with AWS resoureces
License MIT
Homepage https://github.com/DeltaSystems/aws-fail2ban
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package aws-fail2ban
Credits: Originally forked from https://github.com/anthonymartin/aws-acl-fail2ban
aws-fail2ban
This package adds capability to fail2ban for managing IPSets on AWS (classic waf-regional and new wafv2). An IPSet that is managed via fail2ban can be easily added to a WAF/ACL rule that blocks addresses in that IPSet. This allows for fail2ban integration with AWS Loadbalancers and other resources that can be associated with an AWS WAF to allow banning at the edge of your AWS environment.
Dependencies
- An IAM account with an applicable IAM policy and an API Access Key (see the examples folder).
- AWS CLI must be installed and your access credentials must be setup as specified in AWS CLI docs (either through a ~/.aws/config or through an environment variable). https://docs.aws.amazon.com/cli/latest/userguide/install-cliv1.html
- For waf-regional, you need to have created a regional WAF, an IPSet and recorded the IPSet id.
- For wafv2, you need to have a regional WAFv2 ACL, an IPSet and recorded the IPSet id and name.
- For either waf option, you should an ACL rule that blocks IP addresses created in the IPSet that you configured.
- If you haven't configured Nginx/Apache to use X-Forwarded-For, you will need to do that first so that you are capturing the real client IP address and not the loadbalancer's IP address.
AWS Docs - https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html NGINX Access Logs - https://ma.ttias.be/nginx-access-log-log-the-real-users-ip-instead-of-the-proxy/ NGINX Proxy - https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/ Apache Access Logs - https://aws.amazon.com/premiumsupport/knowledge-center/log-client-ip-load-balancer-apache/ Cloudflare - https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-
Installation
- The recommended method of installation is by using composer to install:
composer require deltasystems/aws-fail2ban- alternatively, you can clone or download this repository. - Ensure that your apache configuration and your fail2ban configuration is correct. Some help has been provided below.
fail2ban Configuration
- Copy
fail2ban/action.d/aws-acl.confin/etc/fail2ban/action.d/directory. Modify with IPSet information recorded above. - (Optional) Create a filter to match whatever log file you are trying to log.
- Create or update your jail configuration. See examples in code.
