Skip to content

PHP-code for integrating reCAPTCHA with Nemesida WAF

License

Notifications You must be signed in to change notification settings

nemesida-waf/nw-captcha

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

nw-captcha

An example of PHP code for integrating Nemesida WAF with reCAPTCHA functionality (unblocking from IP addresses identified by Nemesida WAF as sources of DDoS, brute-force and flood attacks). nw-captcha along with configured Nginx is also available as a Docker-image.

Nemesida WAF with reCAPTCHA

Get reCAPTCHA keys

In the control panel Google reCAPTCHA get the site and secret keys for reCAPTCHA v2 and make changes in the file settings.php.

Initiate the SQLite file:

Create an SQLite file, initiate its structure. Navigate to the directory where the file will be stored (for example, /opt/nw-captcha/) and create it:

mkdir -p /opt/nw-captcha/
sqlite3 /opt/nw-captcha/nw.db

Create the required table:

  create table client
  (
      url         text,
      token       text,
      uuid        text,
      waf_id      text
  );

  create unique index client_uuid_uindex
      on client (uuid);

Init SQLite file

Description of parameters:

  • url - URL of the server with the Nemesida WAF dynamic module installed (e.g. SCHEMA://HOST[:PORT]);
  • token - the value of the nwaf_ban_captcha_token parameter;
  • uuid is a unique instance ID Nemesida WAF;
  • waf_id - the ID of the group license keys.

Add records to the database for each server with Nemesida WAF.

Example:

INSERT INTO client(url, token, uuid, waf_id) VALUES ("https://example.ru","token","uuid","waf_id");

The UUID and WAF ID are available in the Nginx service's error.log log.

Example:

# cat /var/log/nginx/error.log | grep 'WAF ID'

2022/01/01 00:00:00 [info] ...: Nemesida WAF: UUID: XXX; WAF ID: XXX. ...

Update the DB_PATH parameter in settings.php.

Activation

On a server with Nemesida WAF installed, in the settings nwaf.conf, set the parameter nwaf_ban_captcha_token, which defines the secret string for unlocking the IP address.


Docker image

Docker container deploying

To deploy a container with nw-captcha, follow these steps:

  1. Upload an image containing nw-captcha along with the configured Nginx:
# docker pull nemesida/nw-captcha
  1. Create a directory:
# mkdir -p /opt/nwaf/nw-captcha
  1. In the configuration files directory, create a file first-launch:
# touch /opt/nwaf/nw-captcha/first-launch
  1. Launch the container with nw-captcha using the commands:
# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/nw-captcha:/nw-captcha -p 80:80 nemesida/nw-captcha

where:

  • --rm - deleting the container after completion of work;
  • -d - running the container in the background;
  • /opt/nwaf/nw-captcha:/nw-captcha - mounting a directory with configuration files inside the container;
  • -p 80:80 - port forwarding 80 of the container to the external port 80.

To view the container ID (the CONTAINER ID column), you can use the command:

# docker ps -a

You can stop the container with the command:

# docker stop /container ID/
  1. Allow read access for everyone for the nw-captcha directory:
# chmod -R 0555 /opt/nwaf/nw-captcha
  1. Install SQLite3 and make configuration changes.

  2. To launch the container, run the following commands:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/nw-captcha:/nw-captcha -p 80:80 nemesida/nw-captcha

where:

  • --rm - deleting the container after completion of work;
  • -d - running the container in the background;
  • /opt/nwaf/nw-captcha:/nw-captcha - mounting a directory with configuration files inside the container;
  • -p 80:80 - port forwarding 80 of the container to the external port 80.

Docker image updating

  1. Before updating the image nw-captcha, check whether the container is running. To do this, you need to view the container ID (the CONTAINER ID column) using the command:
# docker ps -a
  1. If the container is running, stop it using the command:
# docker stop /container ID/
  1. When the container is stopped, delete the image:
# rm docker image nemesida/nw-captcha
  1. Upload an image containing nw-captcha:
# docker pull nemesida/nw-captcha
  1. Launch the container with the image nw-captcha using the command:
# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/nw-captcha/:/nw-captcha nemesida/nw-captcha

About

PHP-code for integrating reCAPTCHA with Nemesida WAF

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages