Suricata with Nginx Reverse Proxy

Hi Team,

Wondering if Suricata can be deployed on Nginx in reverse proxy mode? May be in IDS or IPS mode? My Nginx reverse proxy is acting as a WAF and I wanted to leverage Suricata on same server to catch the application level or Network level attacks.

Is that possible?

Blason R

In fact wondering hiw do I configure suricata to cater only HTTP/HTTPS level attacks since I am going to use it on my Nginx Instance to monitor the attacks at this moment for my backend servers.
I do not want to enable all other protocols and need only HTTP/tls level protection.

If in IPS mode you can send to Suricata only HTTP/HTTPS (ports/traffic).

As mentioned in the documentation:

iptables -I INPUT -p tcp --sport 80  -j NFQUEUE
iptables -I OUTPUT -p tcp --dport 80 -j NFQUEUE
1 Like

Or if just interested in IDS mode, run on the internal interface of your reverse proxy and use a pcap filter to limit it to port 80, or 80 and 8080, etc.

1 Like