<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Dear all,</p>
<p>I ran NodeJS as a kind of Webapplication Server serving an
AngularJS frontend. They communicate solely over WebSockets, using
the SailsJS implementation of Socket.IO. Between frontend (client)
and the NodeJS backend, sits nginx as a proxy, configured like so:</p>
<pre><code>server {
listen 1337 ssl;
location /socket.io/ {
proxy_pass <a class="moz-txt-link-freetext" href="https://localhost:1338">https://localhost:1338</a>;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
</code></pre>
So far, so good. I now want to monitor and secure the Websocket
connection. In particular, I want to prevent XSS attacks and exclude
IPs trying to brute force the login to my application.
I'm pretty new to that stuff, but I've found out that there are
tools working together with nginx which can fulfill my needs here.
(In particular, fail2ban and nginx-naxsi)<br>
<br>
However, I did not find out till now, whether and how these tools
would work with my design (proxied websocket).<br>
<br>
fail2ban works on log files. Right now, nginx does <b>not</b> log
the websocket traffic. Is it possible to configure nginx so that it
logs the proxied websocket traffic? I mean, the actual traffic, not
the establishing of the socket connection, but what is actually
being exchanged between client (browser) and server (NodeJS). That
should appear in some nginx log file in order to make fail2ban work.<br>
<br>
Same goes for nginx-naxsi, I guess.<br>
Does nginx, in my configuration, even care about what browser and
NodeJS are exchanging via websocket? How can I make nginx inspect
the content of the websocket connection so that I can filter out
malicious requests based on nginx-naxsi rules?<br>
<br>
Thanks in advance for any hints!<br>
Best,<br>
Christian<br>
<p>(PS: Already had asked a similar question on serverfault, but not
no avail.)<br>
</p>
</body>
</html>