Scalability WAF Protection and Caching using HAproxy, Varnish and OWASP ModSecurity with Nginx on Ubuntu 24.04

Skalabilitas Proteksi WAF dan Cache menggunakan HAproxy, Varnish dan ModSecurity OWASP dengan Nginx pada Ubuntu 24.04


  • Pastikan sudah menginstall HAproxy, Varnish Cache dan OWASP ModSecurity Nginx
  • Artikel ini berhubungan dengan ke tiga link artikel diatas
  • HAProxy : 192.168.10.10 (port 80, 443, 8080, 8765)
  • Waf1 : 192.168.10.11 (port 80)
  • Waf2 : 192.168.10.12 (port 80)
  • Cache1 : 192.168.10.13 (port 80)
  • Cache2 : 192.168.10.14 (port 80)
  • Web1 : 192.168.10.15 (port 80)
  • Web2 : 192.168.10.16 (port 80)
  • Domain : sys-ops.id.sideka.my.id
  • Flow 1 (normal) : User > HAProxy > WAF > Varnish Cache > Web Server
  • Flow 2 (jika waf backend down) : User > HAProxy > Varnish Cache > Web Server
  • Flow 3 (jika cache backend down) : User > HAProxy > WAF > Web Server
  • Flow 4 (jika waf backend dan cache backend down) : User > HAProxy > Web Server

Konfigurasi HAProxy

  • File konfigurasi haproxy : /etc/haproxy/haproxy.cfg
global
    log /dev/log local0
    log /dev/log local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon
    
    # Ciphers 
    tune.ssl.default-dh-param 2048
    ssl-default-bind-options prefer-client-ciphers ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3 
    ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384

defaults
    maxconn 5000
    fullconn 5000
    retries 10
    log     global
    mode    http
    option  httplog
    option  dontlognull
    timeout connect 30s
    timeout client  30s
    timeout server  30s
    http-reuse always
    option  http-server-close
    option  http-keep-alive
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

# Enable HAProxy Cache 128MB of RAM
cache haproxy-cache
    total-max-size 128
    max-age 60m
    max-object-size 1000000
    process-vary off

# Enable HAProxy Statistics
listen stats
    bind *:8765 ssl crt /etc/haproxy/certs/sys-ops.id.sideka.my.id.pem alpn h2,http/1.1
    stats enable
    stats uri /
    stats realm Haproxy\ Statistics
    stats auth admin:admin
    stats refresh 15s

# HAProxy HTTP Frontend WAF
frontend http_front_waf
    bind *:80
    mode http

    # Automatically handle the X-Forwarded-For header
    option forwardfor
    http-request set-header X-Forwarded-For %[src]

    # Enable Gzip Compression
    compression algo gzip
    compression type text/html text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss
    compression offload

    # Add security headers
    http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    http-response set-header X-Content-Type-Options "nosniff"
    http-response set-header X-Frame-Options "SAMEORIGIN"
    http-response set-header X-XSS-Protection "1; mode=block"
    http-response set-header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline';"
    http-response set-header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' data: https:; font-src 'self' data: https:; frame-src 'self' data: https: blob:"
    http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
    http-response set-header Permissions-Policy "microphone=(), geolocation=(self), fullscreen=()"
    
    # Enable cache lookup for frontend
    http-request cache-use haproxy-cache
    http-response cache-store haproxy-cache

    # Force Redirect HTTP to HTTPS
    redirect scheme https code 301 if !{ ssl_fc }
    
    # ACL Bypass Backend Down
    acl no_cache nbsrv(http_back_cache) eq 0
    acl no_waf nbsrv(http_back_waf) eq 0
    use_backend http_back_web if no_waf no_cache
    use_backend http_back_cache if no_waf

    use_backend http_back_waf

# HAProxy HTTPS Frontend WAF
frontend https_front_waf
    bind *:443 ssl crt /etc/haproxy/certs/sys-ops.id.sideka.my.id.pem alpn h2,http/1.1
    mode http

    # Automatically handle the X-Forwarded-For header
    option forwardfor
    http-request set-header X-Forwarded-For %[src]

    # Enable Gzip Compression
    compression algo gzip
    compression type text/html text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss
    compression offload

    # Add security headers
    http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    http-response set-header X-Content-Type-Options "nosniff"
    http-response set-header X-Frame-Options "SAMEORIGIN"
    http-response set-header X-XSS-Protection "1; mode=block"
    http-response set-header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline';"
    http-response set-header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' data: https:; font-src 'self' data: https:; frame-src 'self' data: https: blob:"
    http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
    http-response set-header Permissions-Policy "microphone=(), geolocation=(self), fullscreen=()"

    # Enable cache lookup for frontend
    http-request cache-use haproxy-cache
    http-response cache-store haproxy-cache

    # ACL Bypass Backend Down
    acl no_cache nbsrv(http_back_cache) eq 0
    acl no_waf nbsrv(http_back_waf) eq 0
    use_backend http_back_web if no_waf no_cache
    use_backend http_back_cache if no_waf

    use_backend http_back_waf

# HAProxy Backend WAF
backend http_back_waf
    # Load Balance Method (roundrobin, leastconn, source, random)
    balance leastconn

    # Persistence Connection
    stick-table type ip size 1m expire 30m
    stick on src

    # Remove Header Server
    http-response del-header Server

    # Health Check
    option httpchk
    http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
    option http-server-close
    option http-keep-alive

    # Enable cache lookup for backend
    http-request cache-use haproxy-cache
    http-response cache-store haproxy-cache

    # Backend server pool
    server waf1 192.168.10.11:80 check maxconn 2500
    server waf2 192.168.10.12:80 check maxconn 2500

# HAProxy HTTP Frontend Cache
frontend http_front_cache
    bind *:8080
    mode http

    # Enable Gzip Compression
    compression algo gzip
    compression type text/html text/plain application/xml text/css text/js te>
    compression offload

    # Add security headers
    http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    http-response set-header X-Content-Type-Options "nosniff"
    http-response set-header X-Frame-Options "SAMEORIGIN"
    http-response set-header X-XSS-Protection "1; mode=block"
    http-response set-header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline';"
    http-response set-header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' data: https:; font-src 'self' data: https:; frame-src 'self' data: https: blob:"
    http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
    http-response set-header Permissions-Policy "microphone=(), geolocation=(self), fullscreen=()"

    # Enable cache lookup for frontend
    http-request cache-use haproxy-cache
    http-response cache-store haproxy-cache

    # ACL Bypass Backend Down
    acl no_cache nbsrv(http_back_cache) eq 0
    use_backend http_back_web if no_cache no_cache

    use_backend http_back_cache

# HAProxy Backend Cache
backend http_back_cache
    # Load Balance Method (roundrobin, leastconn, source, random)
    balance leastconn

    # Persistence Connection
    stick-table type ip size 1m expire 30m
    stick on src

    # Remove Header Server
    http-response del-header Server

    # Health Check
    option httpchk
    http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
    option http-server-close
    option http-keep-alive

    # Enable cache lookup for backend
    http-request cache-use haproxy-cache
    http-response cache-store haproxy-cache

    # Backend server pool
    server cache1 192.168.10.13:80 check maxconn 2500
    server cache2 192.168.10.14:80 check maxconn 2500

# HAProxy Backend Web
backend http_back_web
    # Load Balance Method (roundrobin, leastconn, source, random)
    balance leastconn

    # Persistence Connection
    stick-table type ip size 1m expire 30m
    stick on src

    # Remove Header Server
    http-response del-header Server

    # Health Check
    option httpchk
    http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
    option http-server-close
    option http-keep-alive

    # Enable cache lookup for backend
    http-request cache-use haproxy-cache
    http-response cache-store haproxy-cache

    # Backend server pool
    server web1 192.168.10.15:80 check maxconn 2500
    server web2 192.168.10.16:80 check maxconn 2500

Konfigurasi WAF

  • File konfigurasi : /usr/local/nginx/conf/conf.d/default.conf
  • Edit server Waf1 dan Waf2
server {
    listen      80;
    listen      [::]:80;
    server_name localhost;

    modsecurity             on;
    modsecurity_rules_file  /usr/local/nginx/conf/modsecurity.conf;

    location ^~ / {
        index index.html index.htm index.php;
        try_files $uri $uri/ /index.php?$args;

        proxy_pass http://192.168.10.10:8080/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;

        set $static_fileYsIv9c7Y 0;
        if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
        {
            set $static_fileYsIv9c7Y 1;
            expires 12h;
        }
        if ( $static_fileYsIv9c7Y = 0 )
        {
            add_header Cache-Control no-cache;
        }
    }
}

Konfigurasi Varnish Cache

  • File konfigurasi : /etc/varnish/default.vcl
  • Edit server Cache1 dan Cache2
vcl 4.1;

import directors;

backend web1 {
    .host = "192.168.10.15";
    .port = "80";
    .probe = {
        .url = "/";
        .timeout = 3s;
        .interval = 5s;
        .window = 5;
        .threshold = 3;
    }
}

backend web2 {
    .host = "192.168.10.16";
    .port = "80";
    .probe = {
        .url = "/";
        .timeout = 3s;
        .interval = 5s;
        .window = 5;
        .threshold = 3;
    }
}

sub vcl_init {
    new balancer = directors.round_robin();
    balancer.add_backend(web1);
    balancer.add_backend(web2);
}

sub vcl_recv {
    set req.backend_hint = balancer.backend();

    # Bypass cache for WP Admin
    if (req.http.Cookie ~ "wordpress_logged_in" || req.url ~ "^/wp-(login|admin)/") {
        return (pass);
    }

    # Bypass cache for admin or logged-in users
    if (req.http.Cookie ~ "sessionid") {
        return (pass);
    }

    # Cache static files
    if (req.url ~ "\.(png|gif|jpg|jpeg|swf|css|js|html|ico|woff|woff2|ttf|eot)$") {
        return (hash);
    }

    # Bypass cache for certain dynamic pages
    if (req.url ~ "\.php$") {
        return (pass);
    }

    return (hash);
}

sub vcl_hash {
    hash_data(req.url);
    if (req.http.host) {
        hash_data(req.http.host);
    } else {
        hash_data(server.ip);
    }
    return (lookup);
}

sub vcl_backend_response {
    if (bereq.url ~ "\.(png|gif|jpg|jpeg|swf|css|js|html|ico|woff|woff2|ttf|eot)$") {
        unset beresp.http.Server;
        if (beresp.http.content-type ~ "(text|application|javascript|css|html)") {
            set beresp.do_gzip = true;
        }
        unset beresp.http.set-cookie;
        set beresp.grace = 1d;
        set beresp.ttl = 60s;
        return (deliver);
    } else {
        if (bereq.url ~ "\.php$") {
            # PHP dynamic content; do not cache by default
            set beresp.uncacheable = true;
            return (pass);
        }
        # Optionally, cache other dynamic content with specific rules
        unset beresp.http.Server;
        if (beresp.http.content-type ~ "(text|application|javascript|css|html)") {
            set beresp.do_gzip = true;
        }
        unset beresp.http.set-cookie;
        set beresp.grace = 1d;
        return (deliver);
    }
}

sub vcl_deliver {
    unset resp.http.via;
    unset resp.http.x-varnish;
    set resp.http.grace = req.http.grace;
    if (obj.hits > 0) {
        set resp.http.X-Cache = "HIT";
    } else {
        set resp.http.X-Cache = "MISS";
    }
    return (deliver);
}

Pengujian

  • Pengujian HAProxy dan Varnish cache
  • Cek log haproxy
tail -f /var/log/haproxy.log | grep https://sys-ops.id.sideka.my.id
--------------------------------------------------------------------------------------
2024-06-22T12:11:06.188949+00:00 haproxy haproxy[1476]: 114.142.172.8:3728 [22/Jun/2024:12:11:06.183] 
   https_front_waf~ http_back_waf/waf1 0/0/0/4/4 200 2263 - - ---- 1/1/0/0/0 0/0 "GET https://sys-ops.id.sideka.my.id/ HTTP/2.0"
2024-06-22T12:11:06.413721+00:00 haproxy haproxy[1476]: 114.142.172.8:3728 [22/Jun/2024:12:11:06.390] 
   https_front_waf~ http_back_waf/waf1 0/0/2/10/22 200 1993 - - ---- 1/1/3/3/0 0/0 "GET https://sys-ops.id.sideka.my.id/styles.css HTTP/2.0"
2024-06-22T12:11:06.590135+00:00 haproxy haproxy[1476]: 114.142.172.8:3728 [22/Jun/2024:12:11:06.412] 
   https_front_waf~ http_back_waf/waf1 0/0/1/4/176 200 24128 - - ---- 1/1/2/2/0 0/0 "GET https://sys-ops.id.sideka.my.id/particles.min.js HTTP/2.0"
2024-06-22T12:11:07.394173+00:00 haproxy haproxy[1476]: 114.142.172.8:3728 [22/Jun/2024:12:11:07.171] 
   https_front_waf~ http_back_waf/waf1 0/0/0/5/221 200 3590 - - ---- 1/1/2/2/0 0/0 "GET https://sys-ops.id.sideka.my.id/script.js HTTP/2.0"
2024-06-22T12:11:07.394424+00:00 haproxy haproxy[1476]: 114.142.172.8:3728 [22/Jun/2024:12:11:06.400] 
   https_front_waf~ http_back_waf/waf1 0/0/1/7/993 200 169151 - - ---- 1/1/1/1/0 0/0 "GET https://sys-ops.id.sideka.my.id/cat.png HTTP/2.0"
2024-06-22T12:11:09.995415+00:00 haproxy haproxy[1476]: 114.142.172.8:3728 [22/Jun/2024:12:11:06.382] 
   https_front_waf~ http_back_waf/waf1 0/0/0/5/3610 200 2934922 - - ---- 1/1/0/0/0 0/0 "GET https://sys-ops.id.sideka.my.id/tailwind.min.css HTTP/2.0"
2024-06-22T12:11:11.508576+00:00 haproxy haproxy[1476]: 114.142.172.8:3728 [22/Jun/2024:12:11:11.502] 
   https_front_waf~ http_back_waf/waf1 0/0/0/6/6 200 5144 - - ---- 1/1/0/0/0 0/0 "GET https://sys-ops.id.sideka.my.id/favicon.ico HTTP/2.0"
  • HAProxy stats

  • Pengujian HAProxy dan WAF
  • Cek log mod security
tail -f /var/log/nginx/modsec_audit.log
--------------------------------------------------------------------------------------
---RAyObUnV---A--
[22/Jun/2024:12:03:23 +0000] 171905780338.439668 192.168.10.10 49610 192.168.10.11 80
---RAyObUnV---B--
GET /?id=1%20and%20%E2%80%98c%E2%80%99=%E2%80%99c%E2%80%99 HTTP/1.1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-fetch-site: none
sec-ch-ua-platform: "Windows"
pragma: no-cache
upgrade-insecure-requests: 1
sec-ch-ua-mobile: ?0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
cache-control: no-cache
sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"
sec-fetch-user: ?1
sec-fetch-mode: navigate
host: sys-ops.id.sideka.my.id
sec-fetch-dest: document
accept-language: en-US,en;q=0.9
priority: u=0, i
x-forwarded-for: 114.142.172.8
x-forwarded-for: 114.142.172.8

---RAyObUnV---E--
<html>\x0d\x0a<head><title>403 Forbidden</title></head>\x0d\x0a<body>\x0d\x0a
<center><h1>403 Forbidden</h1></center>\x0d\x0a<hr><center>nginx/1.26.1</center>\x0d\x0a</body>
\x0d\x0a</html>\x0d\x0a<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a
<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a
<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a
<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a
<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a
<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a

---RAyObUnV---F--
HTTP/1.1 403
Server: nginx/1.26.1
Date: Sat, 22 Jun 2024 12:03:23 GMT
Content-Length: 555
Content-Type: text/html
Connection: keep-alive

---RAyObUnV---H--
ModSecurity: Warning. detected SQLi using libinjection. [file "/usr/local/nginx/conf/owasp-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] 
[line "46"] [id "942100"] [rev ""] [msg "SQL Injection Attack Detected via libinjection"] 
[data "Matched Data: 1&sos found within ARGS:id: 1 and 'c'='c'"] [severity "2"] [ver "OWASP_CRS/4.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] 
[tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] 
[hostname "192.168.10.11"] [uri "/"] [unique_id "171905780338.439668"] [ref "v9,21t:urlDecodeUni"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) 
[file "/usr/local/nginx/conf/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "222"] [id "949110"] [rev ""] 
[msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.3.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] 
[tag "OWASP_CRS"] [hostname "192.168.10.11"] [uri "/"] [unique_id "171905780338.439668"] [ref ""]

  • Cek log varnish cache
tail -f /var/log/varnish/varnishncsa.log
--------------------------------------------------------------------------------------
192.168.10.10 - - [22/Jun/2024:12:15:33 +0000] "GET https://sys-ops.id.sideka.my.id/ HTTP/1.0" 200 1602 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
192.168.10.10 - - [22/Jun/2024:12:15:33 +0000] "GET https://sys-ops.id.sideka.my.id/tailwind.min.css HTTP/1.0" 200 2934001 "https://sys-ops.id.sideka.my.id/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
192.168.10.10 - - [22/Jun/2024:12:15:33 +0000] "GET https://sys-ops.id.sideka.my.id/styles.css HTTP/1.0" 200 1078 "https://sys-ops.id.sideka.my.id/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
192.168.10.10 - - [22/Jun/2024:12:15:33 +0000] "GET https://sys-ops.id.sideka.my.id/script.js HTTP/1.0" 200 2661 "https://sys-ops.id.sideka.my.id/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
192.168.10.10 - - [22/Jun/2024:12:15:33 +0000] "GET https://sys-ops.id.sideka.my.id/cat.png HTTP/1.0" 200 168419 "https://sys-ops.id.sideka.my.id/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
192.168.10.10 - - [22/Jun/2024:12:15:33 +0000] "GET https://sys-ops.id.sideka.my.id/particles.min.js HTTP/1.0" 200 23364 "https://sys-ops.id.sideka.my.id/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
  • Cek log web server nginx
tail -f /var/log/nginx/access.log
--------------------------------------------------------------------------------------
192.168.10.13 - - [22/Jun/2024:12:23:48 +0000] "GET /cat.png HTTP/1.1" 200 168419 "https://sys-ops.id.sideka.my.id/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "114.142.172.8, 114.142.172.8, 192.168.10.10, 192.168.10.10"
192.168.10.13 - - [22/Jun/2024:12:23:48 +0000] "GET /script.js HTTP/1.1" 200 2661 "https://sys-ops.id.sideka.my.id/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "114.142.172.8, 114.142.172.8, 192.168.10.10, 192.168.10.10"
192.168.10.10 - - [22/Jun/2024:12:23:48 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-" "-"
192.168.10.13 - - [22/Jun/2024:12:23:48 +0000] "GET /tailwind.min.css HTTP/1.1" 200 295305 "https://sys-ops.id.sideka.my.id/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "114.142.172.8, 114.142.172.8, 192.168.10.10, 192.168.10.10"

Note

  • Perlu diperhatikan pada modsecurity, jika website terjadi anomali saat loading (css,js terblokir) bisa untuk di nonaktifkan rule id modsecurity, bisa di cek pada log modsec_audit.log
  • Perlu di perhatikan pada varnish cache, edit dan sesuaikan untuk bypass cache pada admin area sesuai kebutuhan website

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.