banjax icon indicating copy to clipboard operation
banjax copied to clipboard
verified publisher icon equalitie

Banjax Installation on Centos

Open Samirarahiqi opened this issue 4 years ago • 12 comments

Hi everybody, I have a Apache Traffic Server . And now I want to use banjax on it. Now the ATS has been installed on my server (ATS v 8.0.8). I installed banjax based on guide in github. When I installed it from so file all the tests were passed and there is not any error. But there is not any banjax.so file . And when I installed it from source there is an error , how can I fix it ? OS : Centos ATS version : 8.0.8 Error : [ 19%] Building CXX object CMakeFiles/banjax_static.dir/src/banjax.cpp.o /opt/banjax/src/banjax.cpp:13:10: fatal error: ts/ts.h: No such file or directory #include <ts/ts.h> ^~~~~~~~~ compilation terminated. make[2]: *** [CMakeFiles/banjax_static.dir/src/banjax.cpp.o] Error 1 make[1]: *** [CMakeFiles/banjax_static.dir/all] Error 2 make: *** [all] Error 2 ts error

Samirarahiqi avatar Feb 17 '21 06:02 Samirarahiqi

Hi! Thanks for the interest. You just have to install the ATS dev headers to fix your current problem, but I feel like I should warn you this plugin is going away soon (we're moving to an Nginx-based setup).

joelanders avatar Feb 17 '21 16:02 joelanders

Hi! Thanks for the interest. You just have to install the ATS dev headers to fix your current problem, but I feel like I should warn you this plugin is going away soon (we're moving to an Nginx-based setup).

Hi. Thanks for your guide . But I have installed ATS dev headers on ATS. Did you mean as below ?! Can you explain it more ? apt-get install build-essential git libzmq-dev unzip automake libtool pkg-config libssl-dev libboost-dev

Samirarahiqi avatar Feb 17 '21 16:02 Samirarahiqi

I think you need to apt-get install trafficserver-dev since that's where "ts.h" comes from.

joelanders avatar Feb 17 '21 16:02 joelanders

I think you need to apt-get install trafficserver-dev since that's where "ts.h" comes from.

So if I want to install it on Centos, should I do as: "yum install trafficserver-devel-7"?!

Samirarahiqi avatar Feb 17 '21 16:02 Samirarahiqi

Well that sounds like it will provide the headers for ATS 7.x and you said earlier you're on 8.x.

joelanders avatar Feb 17 '21 16:02 joelanders

Talking with a colleague just now, it sounds like we've never tried to use this plugin with ATS 8.x, so I really think this won't be worth your time :/.

joelanders avatar Feb 17 '21 16:02 joelanders

Talking with a colleague just now, it sounds like we've never tried to use this plugin with ATS 8.x, so I really think this won't be worth your time :/.

Is there an alternative that can prevent DDOS attacks on ATS servers?

Samirarahiqi avatar Feb 17 '21 16:02 Samirarahiqi

Have you seen fail2ban?

joelanders avatar Feb 17 '21 17:02 joelanders

Have you seen fail2ban?

Yes. But I want to use a safer method.

Samirarahiqi avatar Feb 17 '21 17:02 Samirarahiqi

Which features specifically are you looking for? Pretty much all Banjax does is:

  • You specify some regexes and rate limits. If some IP goes over the rate-limit, they get banned. But you'd have to set up this other Swabber tool of ours that does the iptables stuff.
  • You can turn on one of a few kinds of "challenges": a sha-inverse proof-of work thing (users will see a "please wait" page while their browser runs some javascript), a password challenge, or a captcha.

joelanders avatar Feb 17 '21 17:02 joelanders

So if you want the first thing (the regex rate-limiting banning thing), I think that's pretty much what fail2ban does.

I'm not sure of an ATS plugin that does the second thing (the captchas + sha-inverse proof-of-work page).

joelanders avatar Feb 17 '21 17:02 joelanders

https://github.com/crowdsecurity ^ I don't know anything about this project and have never used it, but it might be worth a look?

joelanders avatar Feb 17 '21 17:02 joelanders