daedparrotsoftware
New Pleskian
We currently have a dedicated Centos 7.5 server running Plesk Parallels 12.5 and hosting a few wordpress sites.
We also have the server behind the CloudFlare CDN & Cloudflare DNS and Firewall.
This has worked great for controlling malicious traffic, but we still had some attacks coming straight to the server (bypassing cloudflare).
So, we created an iptables firewall that uses a whitelist - basically DROPS all services and ports for anything - any IP - not whitelisted, instead of using Blacklists.
We whitelist all the CloudFlare network IP's, and a few other IP's like our own, wordfence, paypal, and so on.
This approach is faster and works better than blocking 'blacklists' - which can get huge. (In fact, we are creating a bash script - a template - so anyone who wants to, can do this (which I will post somewhere here so people can use/critique).
NOW, the question: I know that - according to a Plesk engineer - Onyx has it's own firewall system - psa-firewall - and does NOT use iptables.
So, CAN we, and HOW do we, use the Onyx firewall to accomplish the same thing as I outlined above?
The docs are a bit...sparse on the Onyx firewall. I am trying to get help/information BEFORE taking that upgrade step, because going back, would be incredibly...painful.
My thanks, for any and all help.
Sid
NOTE - we tried fail2ban and the Plesk 12.5 firewall. Could NOT get it to do quite the same job, and performance took a nose dive shortly after implementation, mostly due to Fai2Ban jails and a LOT of blacklist IP's.
We also have the server behind the CloudFlare CDN & Cloudflare DNS and Firewall.
This has worked great for controlling malicious traffic, but we still had some attacks coming straight to the server (bypassing cloudflare).
So, we created an iptables firewall that uses a whitelist - basically DROPS all services and ports for anything - any IP - not whitelisted, instead of using Blacklists.
We whitelist all the CloudFlare network IP's, and a few other IP's like our own, wordfence, paypal, and so on.
This approach is faster and works better than blocking 'blacklists' - which can get huge. (In fact, we are creating a bash script - a template - so anyone who wants to, can do this (which I will post somewhere here so people can use/critique).
NOW, the question: I know that - according to a Plesk engineer - Onyx has it's own firewall system - psa-firewall - and does NOT use iptables.
So, CAN we, and HOW do we, use the Onyx firewall to accomplish the same thing as I outlined above?
The docs are a bit...sparse on the Onyx firewall. I am trying to get help/information BEFORE taking that upgrade step, because going back, would be incredibly...painful.
My thanks, for any and all help.
Sid
NOTE - we tried fail2ban and the Plesk 12.5 firewall. Could NOT get it to do quite the same job, and performance took a nose dive shortly after implementation, mostly due to Fai2Ban jails and a LOT of blacklist IP's.