crypto-firewall icon indicating copy to clipboard operation
crypto-firewall copied to clipboard
verified publisher icon chartingshow

Integrate Crypto Firewall with Popular Web Servers

Open summercms opened this issue 7 months ago • 0 comments

Enhancement idea

  • [ ] Integrate Crypto Firewall with Popular Web Servers.
  • [ ] Apache.
  • [ ] Nginx.
  • [ ] Microsoft IIS.
  • [ ] Lighttpd.
  • [ ] Google App Engine.
  • [ ] Caddy.
  • [ ] HAProxy.

Description

Server Name Default Config Filename File Extension Notes
Apache HTTP Server httpd or apache2 .conf Usually httpd.conf or in /etc/apache2/sites-available/. .htaccess is also used for per-directory rules.
Nginx nginx .conf Main config: nginx.conf, plus separate files in /etc/nginx/conf.d/ or /etc/nginx/sites-available/.
Microsoft IIS web .config web.config is XML-based, lives in app root. Machine-wide config is applicationHost.config.
Lighttpd lighttpd .conf Main config is usually /etc/lighttpd/lighttpd.conf.
Google App Engine app .yaml app.yaml for service config; IP blocking done via GCP firewall rules, not YAML.
Caddy Caddyfile (none) Config file is literally named Caddyfile with no extension, unless using JSON config.
HAProxy haproxy .cfg Usually haproxy.cfg in /etc/haproxy/.

1. Apache HTTP Server

# Apache .htaccess or httpd.conf
deny from 1.117.26.65
deny from 1.12.239.227

2. Nginx

(inside a server {} or location {} block in nginx.conf)

# Nginx blocklist
deny 1.117.26.65;
deny 1.12.239.227;

3. Microsoft IIS

(Using web.config with IP restrictions — requires IP Security feature enabled)

<configuration>
  <system.webServer>
    <security>
      <ipSecurity allowUnlisted="true">
        <add ipAddress="1.117.26.65" allowed="false" />
        <add ipAddress="1.12.239.227" allowed="false" />
      </ipSecurity>
    </security>
  </system.webServer>
</configuration>

4. Lighttpd

(inside lighttpd.conf)

# Lighttpd blocklist
$HTTP["remoteip"] == "1.117.26.65" { url.access-deny = ( "" ) }
$HTTP["remoteip"] == "1.12.239.227" { url.access-deny = ( "" ) }

5. Google App Engine

(in app.yaml, using built-in firewall rules — note that GAE firewall rules are set via GCP console or gcloud, not app.yaml directly)

Example gcloud command:

gcloud app firewall-rules create 1000 \
    --action=deny --source-range=1.117.26.65 --description="Block IP"

gcloud app firewall-rules create 1001 \
    --action=deny --source-range=1.12.239.227 --description="Block IP"

GAE’s IP blocking is handled at the platform level, not via config file.

6. Caddy

(Caddy doesn’t have native IP blocking, but you can use matcher blocks)

@blocked {
    remote_ip 1.117.26.65 1.12.239.227
}
respond @blocked "Access Denied" 403

7. HAProxy

(in haproxy.cfg)

acl blacklist src 1.117.26.65 1.12.239.227
http-request deny if blacklist

Notes

n/a

Links

n/a

summercms avatar Aug 09 '25 14:08 summercms