sw-nginx-module-ipset-access in CentOS/RHEL 9 (x86_64) - Zero-latency IP blocking using Linux kernel ipsets (v2)
| Website: | https://github.com/GetPageSpeed/ngx_ipset_access_module |
|---|---|
| License: | BSD |
| Vendor: | GetPageSpeed LLC |
- Description:
High-performance NGINX module for IP-based access control using Linux kernel ipsets. Key Features: - Blacklist/Whitelist modes: Block or allow IPs based on ipset membership - Honeypot auto-add: Automatically add malicious IPs to ipsets with configurable timeouts and custom HTTP status codes - Built-in rate limiting: Per-IP rate limiting with auto-ban to ipsets - JavaScript challenges: Proof-of-work challenges to filter bots - Dual-stack support: Works with both IPv4 and IPv6 ipsets - FirewallD compatible: Integrates with firewall-cmd managed ipsets - Whitelist bypass: Whitelisted IPs skip rate limiting and challenges - Dry-run mode: Test rules in production without blocking - Prometheus metrics: Native /metrics endpoint for monitoring - LRU cache: Shared memory cache for high-performance lookups Uses libipset directly (no CLI fallback) for kernel-level performance. Compatible with realip module for proper client IP detection behind proxies. Note: This module requires CAP_NET_ADMIN capability. The selinux subpackage includes a systemd override and helper library to enable this automatically. After installation, enable this module by running: plesk sbin nginx_modules_ctl --enable ipset-access
- Distro notes:
This package is compatible with all RHEL-based distributions, including CentOS, AlmaLinux, Oracle Linux, Rocky Linux, etc.
How to Install sw-nginx-module-ipset-access in CentOS/RHEL 9 (x86_64)
Important: The Plesk control panel must be installed on your server before using this repository.
# The Plesk control panel must be installed on your server. sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm sudo dnf -y install dnf-plugins-core sudo dnf config-manager --enable getpagespeed-extras-plesk sudo dnf -y install sw-nginx-module-ipset-access