updated login page with qwen

2025-07-29 23:06:15 +03:00
parent ccb5c172ae
commit 0ce522d04a
35 changed files with 1708 additions and 80 deletions
--- a/proxy-md.md
+++ b/proxy-md.md
@@ -0,0 +1,129 @@
+```docker-compose.yml
+version: '3.8'
+
+services:
+  nginx:
+    image: owasp/modsecurity:nginx
+    container_name: secure_nginx
+    ports:
+      - "80:80"
+    volumes:
+      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./nginx/html:/usr/share/nginx/html:ro
+      - ./nginx/modsecurity/modsecurity.conf:/etc/modsecurity/modsecurity.conf:ro
+      - ./nginx/log:/var/log/nginx
+    restart: always
+
+  fail2ban:
+    image: crazymax/fail2ban:latest
+    container_name: fail2ban
+    volumes:
+      - ./fail2ban/jail.local:/data/jail.local:ro
+      - ./fail2ban/filter.d:/data/filter.d:ro
+      - ./nginx/log:/var/log/nginx:ro
+      - fail2ban-data:/data
+    restart: always
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+
+volumes:
+  fail2ban-data:
+```
+
+```conf
+worker_processes 1;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    modsecurity on;
+    modsecurity_rules_file /etc/modsecurity/modsecurity.conf;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log main;
+
+    limit_req_zone $binary_remote_addr zone=limit1:10m rate=5r/s;
+
+    server {
+        listen 80;
+        server_name localhost;
+
+        root /usr/share/nginx/html;
+        index index.html;
+
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header Referrer-Policy "no-referrer-when-downgrade" always;
+        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
+
+        location / {
+            limit_req zone=limit1 burst=10 nodelay;
+            try_files $uri $uri/ =404;
+        }
+    }
+}
+```
+
+nginx/html/index.html
+
+```
+<!DOCTYPE html>
+<html>
+<head>
+    <title>ModSecurity + Fail2Ban</title>
+</head>
+<body>
+    <h1>Güvenlik Duvarı Aktif!</h1>
+</body>
+</html>
+```
+
+nginx/modsecurity/modsecurity.conf
+
+```
+SecRuleEngine On
+SecRequestBodyAccess On
+SecResponseBodyAccess Off
+
+SecRule REQUEST_HEADERS:User-Agent "curl" "id:10001,phase:1,deny,status:403,msg:'Curl client blocked'"
+
+# Basit rate limit sayacı
+SecAction "id:10010,phase:1,initcol:ip=%{REMOTE_ADDR},pass,nolog"
+SecRule IP:REQCOUNT "@gt 20" "id:10011,phase:2,deny,status:429,msg:'Too many requests'"
+SecAction "id:10012,phase:2,pass,nolog,setvar:ip.reqcount=+1"
+```
+
+fail2ban/jail.local
+
+```
+[nginx-req-limit]
+enabled = true
+filter = nginx-req-limit
+action = iptables[name=HTTP, port=http, protocol=tcp]
+logpath = /var/log/nginx/access.log
+maxretry = 5
+findtime = 60
+bantime = 3600
+```
+
+fail2ban/filter.d/nginx-req-limit.conf
+
+```
+[Definition]
+failregex = <HOST> -.* "(GET|POST).*HTTP.*" 429
+ignoreregex =
+
+```
+
+mkdir -p nginx/html nginx/modsecurity fail2ban/filter.d
+docker-compose up -d