I've been revisiting the idea of adding dynamic protections for Zimbra servers, especially as recent discussions have highlighted related challenges. For instance, there's an ongoing request for a Web Application Firewall (WAF) enhancement, which you can vote on here: https://pm.zimbra.com/p/web-application ... or Zimbra. A WAF feature that could be toggled on/off within Nginx would be ideal for many admins.
Currently, I'm exploring the feasibility of using a CAPTCHA mechanism to slow down bots during large-scale attacks targeting Zimbra servers. This is still in the planning stage, but I've started gathering ideas, with some initial input generated using GPT-4. You can review the shared details here: https://chatgpt.com/share/6744ad03-32 ... ated Ideas
For reference, the IP blocking via ipset is already functional, so my focus has shifted. Most admins might prefer a setup where logged IPs are handled by fail2ban, as opposed to directly calling ipset through a script, which has concerns about fork/exec overhead. My expertise with mod_security and custom rule writing has improved since I began exploring this, but there's always more to refine.
I’ve also considered using Nginx's counters for logging to reduce dependency on a WAF. However, past chatbot-generated recommendations about Nginx syntax have been prone to inaccuracies, so thorough verification is needed. One of those generated ideas was using lua code so that could solve for both captcha and dynamic ip blocking.
Before proceeding further, has anyone implemented a CAPTCHA-based approach to dynamically mitigate bot activity and enhance DosFilter protection? I see significant potential in a WAF system that Zimbra could use to push out rules for 0-day threats, buying time for patch development and QA testing.
Jim
Currently, I'm exploring the feasibility of using a CAPTCHA mechanism to slow down bots during large-scale attacks targeting Zimbra servers. This is still in the planning stage, but I've started gathering ideas, with some initial input generated using GPT-4. You can review the shared details here: https://chatgpt.com/share/6744ad03-32 ... ated Ideas
For reference, the IP blocking via ipset is already functional, so my focus has shifted. Most admins might prefer a setup where logged IPs are handled by fail2ban, as opposed to directly calling ipset through a script, which has concerns about fork/exec overhead. My expertise with mod_security and custom rule writing has improved since I began exploring this, but there's always more to refine.
I’ve also considered using Nginx's counters for logging to reduce dependency on a WAF. However, past chatbot-generated recommendations about Nginx syntax have been prone to inaccuracies, so thorough verification is needed. One of those generated ideas was using lua code so that could solve for both captcha and dynamic ip blocking.
Before proceeding further, has anyone implemented a CAPTCHA-based approach to dynamically mitigate bot activity and enhance DosFilter protection? I see significant potential in a WAF system that Zimbra could use to push out rules for 0-day threats, buying time for patch development and QA testing.
Jim
Statistics: Posted by JDunphy — Mon Nov 25, 2024 5:32 pm