An example of PHP code for integrating Nemesida WAF with reCAPTCHA functionality (unblocking from IP addresses identified by Nemesida WAF as sources of DDoS, brute-force and flood attacks). nw-captcha along with configured Nginx is also available as a Docker-image.
In the control panel Google reCAPTCHA get the site
and secret
keys for reCAPTCHA v2 and make changes in the file settings.php
.
Create an SQLite file, initiate its structure. Navigate to the directory where the file will be stored (for example, /opt/nw-captcha/) and create it:
mkdir -p /opt/nw-captcha/ sqlite3 /opt/nw-captcha/nw.db
Create the required table:
create table client ( url text, token text, uuid text, waf_id text ); create unique index client_uuid_uindex on client (uuid);
Description of parameters:
url
- URL of the server with the Nemesida WAF dynamic module installed (e.g. SCHEMA://HOST[:PORT]);token
- the value of the nwaf_ban_captcha_token parameter;uuid
is a unique instance ID Nemesida WAF;waf_id
- the ID of the group license keys.
Add records to the database for each server with Nemesida WAF.
Example:
INSERT INTO client(url, token, uuid, waf_id) VALUES ("https://example.ru","token","uuid","waf_id");
The UUID and WAF ID are available in the Nginx service's error.log
log.
Example:
# cat /var/log/nginx/error.log | grep 'WAF ID' 2022/01/01 00:00:00 [info] ...: Nemesida WAF: UUID: XXX; WAF ID: XXX. ...
Update the DB_PATH
parameter in settings.php
.
On a server with Nemesida WAF installed, in the settings nwaf.conf
, set the parameter nwaf_ban_captcha_token
, which defines the secret string for unlocking the IP address.
To deploy a container with nw-captcha
, follow these steps:
- Upload an image containing
nw-captcha
along with the configured Nginx:
# docker pull nemesida/nw-captcha
- Create a directory:
# mkdir -p /opt/nwaf/nw-captcha
- In the configuration files directory, create a file
first-launch
:
# touch /opt/nwaf/nw-captcha/first-launch
- Launch the container with
nw-captcha
using the commands:
# iptables -t filter -N DOCKER # docker run --rm -d -v /opt/nwaf/nw-captcha:/nw-captcha -p 80:80 nemesida/nw-captcha
where:
--rm
- deleting the container after completion of work;-d
- running the container in the background;/opt/nwaf/nw-captcha:/nw-captcha
- mounting a directory with configuration files inside the container;-p 80:80
- port forwarding80
of the container to the external port80
.
To view the container ID (the CONTAINER ID column), you can use the command:
# docker ps -a
You can stop the container with the command:
# docker stop /container ID/
- Allow read access for everyone for the
nw-captcha
directory:
# chmod -R 0555 /opt/nwaf/nw-captcha
-
Install
SQLite3
and make configuration changes. -
To launch the container, run the following commands:
# iptables -t filter -N DOCKER # docker run --rm -d -v /opt/nwaf/nw-captcha:/nw-captcha -p 80:80 nemesida/nw-captcha
where:
--rm
- deleting the container after completion of work;-d
- running the container in the background;/opt/nwaf/nw-captcha:/nw-captcha
- mounting a directory with configuration files inside the container;-p 80:80
- port forwarding80
of the container to the external port80
.
- Before updating the image
nw-captcha
, check whether the container is running. To do this, you need to view the container ID (the CONTAINER ID column) using the command:
# docker ps -a
- If the container is running, stop it using the command:
# docker stop /container ID/
- When the container is stopped, delete the image:
# rm docker image nemesida/nw-captcha
- Upload an image containing
nw-captcha
:
# docker pull nemesida/nw-captcha
- Launch the container with the image
nw-captcha
using the command:
# iptables -t filter -N DOCKER # docker run --rm -d -v /opt/nwaf/nw-captcha/:/nw-captcha nemesida/nw-captcha