Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IPS/IDS for webhosting purpose?
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPS/IDS for webhosting purpose? (Read 1950 times)
labsy
Jr. Member
Posts: 59
Karma: 1
IPS/IDS for webhosting purpose?
«
on:
September 26, 2023, 12:11:42 am »
Hi,
what direction is IDS/IPS protecting? From LAN to WAN or vice versa?
I mean, I am using OPNSense only to protect a dozen of web and mail servers behind (NAT-ed) and I am wondering, if there's any use of IDS/IPS at all in this case?
For example... rule ET POLICY Cleartext WordPress Login ... will it kick-in if attacker is comming from WAN, trying to hack one of Wordpress sites that I am hosting?
Logged
bazbaz
Jr. Member
Posts: 53
Karma: 2
Re: IPS/IDS for webhosting purpose?
«
Reply #1 on:
October 26, 2023, 09:14:51 am »
yes, and you may enable suricata on internal (after NAT) interface
«
Last Edit: October 26, 2023, 09:16:36 am by bazbaz
»
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1596
Karma: 176
Re: IPS/IDS for webhosting purpose?
«
Reply #2 on:
October 26, 2023, 09:21:03 am »
Visualization:
https://forum.opnsense.org/index.php?topic=36326.0
If you enable Suricata in Inline IPS mode on LAN, the packets will be dropped at the moment they come IN the LAN interface and match a rule, and the moment they go OUT of the LAN interface and match a rule.
As @bazbaz said, enable it on internal interfaces, not on the wan.
Logged
Hardware:
DEC740
bimbar
Sr. Member
Posts: 435
Karma: 25
Re: IPS/IDS for webhosting purpose?
«
Reply #3 on:
October 26, 2023, 11:29:11 am »
Might be a better idea to use nginx for that.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IPS/IDS for webhosting purpose?