Wondering if Suricata can be deployed on Nginx in reverse proxy mode? May be in IDS or IPS mode? My Nginx reverse proxy is acting as a WAF and I wanted to leverage Suricata on same server to catch the application level or Network level attacks.
Is that possible?
In fact wondering hiw do I configure suricata to cater only HTTP/HTTPS level attacks since I am going to use it on my Nginx Instance to monitor the attacks at this moment for my backend servers.
I do not want to enable all other protocols and need only HTTP/tls level protection.
If in IPS mode you can send to Suricata only HTTP/HTTPS (ports/traffic).
As mentioned in the documentation:
iptables -I INPUT -p tcp --sport 80 -j NFQUEUE
iptables -I OUTPUT -p tcp --dport 80 -j NFQUEUE
Or if just interested in IDS mode, run on the internal interface of your reverse proxy and use a pcap filter to limit it to port 80, or 80 and 8080, etc.