Jump to letter: [
MNS
]
sw-nginx-module-ipset-access in CentOS/RHEL 8 (x86_64) - Zero-latency IP blocking using Linux kernel ipsets (v2)
- Description:
High-performance NGINX module for IP-based access control using Linux kernel ipsets.
Key Features:
- Blacklist/Whitelist modes: Block or allow IPs based on ipset membership
- Honeypot auto-add: Automatically add malicious IPs to ipsets with configurable timeouts and custom HTTP status codes
- Built-in rate limiting: Per-IP rate limiting with auto-ban to ipsets
- JavaScript challenges: Proof-of-work challenges to filter bots
- Dual-stack support: Works with both IPv4 and IPv6 ipsets
- FirewallD compatible: Integrates with firewall-cmd managed ipsets
- Whitelist bypass: Whitelisted IPs skip rate limiting and challenges
- Dry-run mode: Test rules in production without blocking
- Prometheus metrics: Native /metrics endpoint for monitoring
- LRU cache: Shared memory cache for high-performance lookups
Uses libipset directly (no CLI fallback) for kernel-level performance.
Compatible with realip module for proper client IP detection behind proxies.
Note: This module requires CAP_NET_ADMIN capability. The selinux subpackage
includes a systemd override and helper library to enable this automatically.
After installation, enable this module by running:
plesk sbin nginx_modules_ctl --enable ipset-access
- Distro notes:
This package is compatible with all RHEL-based distributions, including CentOS, AlmaLinux, Oracle Linux, Rocky Linux, etc.
How to Install sw-nginx-module-ipset-access in CentOS/RHEL 8 (x86_64)
Important: The Plesk control panel must be installed on your server before using this repository.
# The Plesk control panel must be installed on your server.
sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm
sudo dnf -y install dnf-plugins-core
sudo dnf config-manager --enable getpagespeed-extras-plesk
sudo dnf -y install sw-nginx-module-ipset-access
Packages