GetPageSpeed Extras

ea-nginx-nftset-access

Repository / Letter E / ea-nginx-nftset-access

How to install ea-nginx-nftset-access in CentOS/RHEL 9 (x86_64)

Zero-latency IP blocking using Linux kernel nftables sets

License: Proprietary Vendor: GetPageSpeed LLC https://nginx-extras.getpagespeed.com/modules/nftset-access/

Important: cPanel with EasyApache 4 must be installed on your server before using this repository.

Install

# cPanel with EasyApache 4 must be installed on your server.
sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm
sudo dnf -y install dnf-plugins-core
sudo dnf config-manager --enable getpagespeed-extras-ea4
sudo dnf -y install ea-nginx-nftset-access

Description

Zero-latency IP blocking using Linux kernel nftables sets High-performance NGINX module for IP-based access control using Linux kernel nftables sets. Key Features: - Blacklist/Whitelist modes: Block or allow IPs based on nftables set membership - Multiple sets: Check against multiple nft sets in one directive - Live updates: Modify nft sets without reloading NGINX - Honeypot auto-add: Automatically add malicious IPs to nftables sets with configurable timeouts - Built-in rate limiting: Per-IP rate limiting with auto-ban to nftables sets - JavaScript challenges: Proof-of-work challenges to filter bots - Dual-stack support: Works with both IPv4 and IPv6 nftables sets - Custom status codes: Return any HTTP status when blocking - CIDR support: Use interval sets for network ranges - Prometheus metrics: Native /metrics endpoint for monitoring - JSON stats API: Detailed statistics endpoint - LRU cache: Shared memory cache for high-performance lookups Successor to ipset-access module, using modern nftables instead of legacy ipset. Compatible with realip module for proper client IP detection behind proxies. Note: This module requires CAP_NET_ADMIN capability. The selinux subpackage includes a systemd override and helper library to enable this automatically. This module is built for cPanel EasyApache 4 (EA4) nginx compatibility.

Compatibility

This package is compatible with all RHEL-based distributions, including CentOS, AlmaLinux, Oracle Linux, Rocky Linux, etc.

RPMs

Package Size Changelog
ea-nginx-nftset-access-1.31.2+3.0.0-4.gps.el9.x86_64 24 KiB no changelog
ea-nginx-nftset-access-1.31.1+3.0.0-4.gps.el9.x86_64 24 KiB no changelog
ea-nginx-nftset-access-1.31.1+3.0.0-3.gps.el9.x86_64 24 KiB no changelog

Subscribe