starred/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2026-04-25 16:55:56 +03:00
Code Issues 618 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1411] Request for WAF Integration like Fail2ban #7902

New issue
Open
opened 2026-03-12 23:12:21 +03:00 by kerem · 3 comments
kerem commented 2026-03-12 23:12:21 +03:00
Owner
Copy link

Originally created by @devopsminds on GitHub (Oct 28, 2025).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1411

Is your feature request related to a problem? Please describe.

It would be great to have WAF including fail2ban kind of stuff which is similar to cloudflare

Describe the solution you'd like

Its mainly to block or protect against DDOS attack

Describe alternatives you've considered
Cloudflare or fail2ban

Additional context

  1. option to block unwanted IPs
  2. Implement Rate limiting
  3. May nice to have custom rules if possible
Originally created by @devopsminds on GitHub (Oct 28, 2025). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1411 **Is your feature request related to a problem? Please describe.** It would be great to have WAF including fail2ban kind of stuff which is similar to cloudflare **Describe the solution you'd like** Its mainly to block or protect against DDOS attack **Describe alternatives you've considered** Cloudflare or fail2ban **Additional context** 1. option to block unwanted IPs 2. Implement Rate limiting 3. May nice to have custom rules if possible
kerem commented 2026-03-12 23:12:31 +03:00
Author
Owner
Copy link

@enwikuna commented on GitHub (Oct 28, 2025):

Not sure if NGINX is the correct place to do this. I would suggest you use a docker stack with NGINX UI and install a Fail2Ban on your local system. This will block any traffic before it's even reaching any of your services. I highly recommend this. Doing it inside NGINX UI feels wrong and would not give you that flexibility you would need as a sysadmin.

<!-- gh-comment-id:3458952360 --> @enwikuna commented on GitHub (Oct 28, 2025): Not sure if NGINX is the correct place to do this. I would suggest you use a docker stack with NGINX UI and install a Fail2Ban on your local system. This will block any traffic before it's even reaching any of your services. I highly recommend this. Doing it inside NGINX UI feels wrong and would not give you that flexibility you would need as a sysadmin.
kerem commented 2026-03-12 23:12:36 +03:00
Author
Owner
Copy link

@cheewah-cd commented on GitHub (Nov 10, 2025):

I would suggest to use crowdsec rather than fail2ban.
In order to integrate with crowdsec, it needs to use openresty with the crowdsec bouncer.
With some modification with the nginx-ui , it should be able to integrate with the openresty and crowdsec bouncer.
https://github.com/crowdsecurity/cs-openresty-bouncer
What i did is to use the dockerfile from the crowdsec and inject the nginx-ui binary into the image and fix all the requirements from both.
It is able to pass the nginx-ui requirement test.
I hope the nginx-ui can support the crowdsec, since it comes with WAF and IPS in one package instead of nginx + modsec + fail2ban

<!-- gh-comment-id:3509201195 --> @cheewah-cd commented on GitHub (Nov 10, 2025): I would suggest to use crowdsec rather than fail2ban. In order to integrate with crowdsec, it needs to use openresty with the crowdsec bouncer. With some modification with the nginx-ui , it should be able to integrate with the openresty and crowdsec bouncer. https://github.com/crowdsecurity/cs-openresty-bouncer What i did is to use the dockerfile from the crowdsec and inject the nginx-ui binary into the image and fix all the requirements from both. It is able to pass the nginx-ui requirement test. I hope the nginx-ui can support the crowdsec, since it comes with WAF and IPS in one package instead of nginx + modsec + fail2ban
kerem commented 2026-03-12 23:12:42 +03:00
Author
Owner
Copy link

@Buco7854 commented on GitHub (Nov 29, 2025):

I would suggest to use crowdsec rather than fail2ban. In order to integrate with crowdsec, it needs to use openresty with the crowdsec bouncer. With some modification with the nginx-ui , it should be able to integrate with the openresty and crowdsec bouncer. https://github.com/crowdsecurity/cs-openresty-bouncer What i did is to use the dockerfile from the crowdsec and inject the nginx-ui binary into the image and fix all the requirements from both. It is able to pass the nginx-ui requirement test. I hope the nginx-ui can support the crowdsec, since it comes with WAF and IPS in one package instead of nginx + modsec + fail2ban

No need for openresty you can just use libnginx-mod-http-lua:
https://docs.crowdsec.net/u/bouncers/nginx/

<!-- gh-comment-id:3591931130 --> @Buco7854 commented on GitHub (Nov 29, 2025): > I would suggest to use crowdsec rather than fail2ban. In order to integrate with crowdsec, it needs to use openresty with the crowdsec bouncer. With some modification with the nginx-ui , it should be able to integrate with the openresty and crowdsec bouncer. https://github.com/crowdsecurity/cs-openresty-bouncer What i did is to use the dockerfile from the crowdsec and inject the nginx-ui binary into the image and fix all the requirements from both. It is able to pass the nginx-ui requirement test. I hope the nginx-ui can support the crowdsec, since it comes with WAF and IPS in one package instead of nginx + modsec + fail2ban No need for openresty you can just use libnginx-mod-http-lua: https://docs.crowdsec.net/u/bouncers/nginx/
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
weblate
main
renovate/uuid-14.x
renovate/typescript-6.x
renovate/all-minor-patch
cursor/interface-conversion-error-36ec
cursor/docker-api-stat-path-27ca
cursor/nginx-ui-disk-i-o-3d99
cursor/cloudflare-dns-comments-299c
cursor/access-log-dark-mode-font-dfdc
copilot/fix-ai-chat-title-error
cursor/propfind-method-logging-33b5
cursor/docker-client-version-update-d1b4
copilot/fix-nginx-ui-api-errors
cursor/update-x-forwarded-proto-header-handling-1223
cursor/fix-nginx-ui-issue-1455-gpt-5.1-codex-high-079c
cursor/update-nginx-ui-to-vue-3-gpt-5.1-codex-high-3100
cursor/investigate-nginx-ui-issue-1446-gpt-5.1-codex-high-2be0
v1
v2.3.8
v2.3.7
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.1
v2.2.0-patch.1
v2.2.0
v2.1.17
v2.1.16
v2.1.15
v2.1.14
v2.1.13
v2.1.12
v2.1.11
v2.1.10
v2.1.9
v2.1.8
v2.1.7
v2.1.6
v2.1.5
v2.1.4-patch.1
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0-patch.1
v2.1.0
v2.1.0-rc.3
v2.1.0-rc.2
v2.1.0-rc.1
v2.1.0-beta.1
v2.0.2
v2.0.1
v2.0.0
v2.0.0-rc.8-patch.1
v2.0.0-rc.8
v2.0.0-rc.7-patch.6
v2.0.0-rc.7-patch.7
v2.0.0-rc.7-patch.8
v2.0.0-rc.7-patch.5
v2.0.0-rc.7-patch.4
v2.0.0-rc.7-patch.3
v2.0.0-rc.7-patch.2
v2.0.0-rc.7-patch.1
v2.0.0-rc.7
v2.0.0-rc.6-patch.5
v2.0.0-rc.6-patch.4
v2.0.0-rc.6-patch.3
v2.0.0-rc.6-patch.2
v2.0.0-rc.6-patch.1
v2.0.0-rc.6
v2.0.0-rc.5
v2.0.0-rc.4-patch.3
v2.0.0-rc.4-patch.2
v2.0.0-rc.4-patch.1
v2.0.0-rc.4
v2.0.0-rc.3-patch.1
v2.0.0-rc.3
v2.0.0-rc.2
v2.0.0-rc.1-patch.2
v2.0.0-rc.1-patch.1
v2.0.0-rc.1
v2.0.0-beta.42
v2.0.0-beta.41
v2.0.0-beta.40
v2.0.0-beta.39-risefront.6
v2.0.0-beta.39-risefront.5
v2.0.0-beta.39-risefront.4
v2.0.0-beta.39-risefront.3
v2.0.0-beta.39-risefront.2
v2.0.0-beta.39-risefront
v2.0.0-beta.39
v2.0.0-beta.38
v2.0.0-beta.37-patch.5
v2.0.0-beta.37-patch.3
v2.0.0-beta.37-patch.4
v2.0.0-beta.37-patch.2
v2.0.0-beta.37-patch.1
v2.0.0-beta.37
v2.0.0-beta.36
v2.0.0-beta.35
v2.0.0-beta.34
v2.0.0-beta.33
v2.0.0-beta.32-patch.1
v2.0.0-beta.32
v2.0.0-beta.31
v2.0.0-beta.30
v2.0.0-beta.29
v2.0.0-beta.28
v2.0.0-beta.27
v2.0.0-beta.26
v2.0.0-beta.25-patch.2
v2.0.0-beta.25-patch.1
v2.0.0-beta.25
v2.0.0-beta.24
v2.0.0-beta.23-patch.2
v2.0.0-beta.23-patch.1
v2.0.0-beta.23
v2.0.0-beta.22
v2.0.0-beta.21
v2.0.0-beta.20
v2.0.0-beta.19
v2.0.0-beta.18-patch.2
v2.0.0-beta.18-patch.1
v2.0.0-beta.18
v2.0.0-beta.17
v2.0.0-beta.16
v2.0.0-beta.15
v2.0.0-beta.14
v2.0.0-beta.13-patch
v2.0.0-beta.13
v2.0.0-beta.12
v2.0.0-beta.11
v2.0.0-beta.10-patch
v2.0.0-beta.10
v2.0.0-beta.9
v2.0.0-beta.8-patch
v2.0.0-beta.8
v2.0.0-beta.7
v2.0.0-beta.6-patch.2
v2.0.0-beta.6-patch
v2.0.0-beta.6
v2.0.0-beta.5-patch
v2.0.0-beta.5
v2.0.0-beta.4-patch
v2.0.0-beta.4
v2.0.0-beta.3
v2.0.0-beta.2
v2.0.0-beta.1
v1.9.9-4
v1.9.9-3
v1.9.9-2
v1.9.9
v1.9.9-1
v1.8.4-patch
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.9
v1.7.8
v1.7.7
v1.7.6
v1.7.5
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0-patch
v1.7.0
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.3
v1.6.2
v1.6.1
v1.6.0-fix
v1.6.0
v1.5.2
v1.5.1
v1.5.0
v1.5.0-beta9
v1.5.0-beta8
v1.5.0-beta7
v1.5.0-beta6
v1.5.0-beta5
v1.5.0-beta4-fix
v1.5.0-beta4
v1.5.0-beta3
v1.5.0-beta2
v1.5.0-beta1
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc1
v1.3.3-rc1
v1.3.2
v1.3.1-fix
v1.3.1
v1.3.0
v1.3.0-rc1
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc.3
v1.2.0-rc.2
v1.2.0-rc.1
v1.2.0-alpha.4
v1.2.0-alpha.3
v1.2.0-alpha.2
v1.1.0
Labels
Clear labels   
Q/A

   
bug

   
casdoor

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
help wanted

   
invalid

   
lego

   
platform:openwrt

   
platform:windows

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
Q/A
bug
casdoor
dependencies
docker
documentation
duplicate
enhancement
help wanted
invalid
lego
platform:openwrt
platform:windows
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-ui#7902
No description provided.