New
- Added a sort of Web Application Firewall (WAF).
This is a new feature that will ban IPs which overload your backends. If your backend service (like Forgejo, for example) is taking long time to response to many requests DisWall will count that time and ban those IPs. BTW, it works for the whole /24 subnets, so all those LLM-teaching bots will not bother you and your server!
It works by reading Nginx access logs, modified in a certain way (adding request time and upstream response time to the log line).
So, for this feature to work you need to make three steps:
- Open the
nginx.conffile and add this line:
log_format timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" $request_time $upstream_response_time';
- Open your service file like
/etc/nginx/conf.d/forgejo.confand modify logging line:
access_log /var/log/nginx/forgejo.access.log timed;
- Add that log path to the
DisWallconfig file:
[nginx]
logs = ["/var/log/nginx/error.log"] # If you've configured this line before
access = ["/var/log/nginx/forgejo.access.log"] # This line can contain multiple logs, separated by comma (as the line before)
And then you can reload nginx (service nginx reload) and restart Diswall (service diswall restart).
Bug Fixes & Improvements
- Whole project was refactored and reworked to use new async_nats crate, so we can use all the new features of NATS.
- Various fixes and stability improvements.
- Updated a lot of dependencies.