Dear all,

I ran NodeJS as a kind of Webapplication Server serving an AngularJS
frontend. They communicate solely over WebSockets, using the SailsJS
implementation of Socket.IO. Between frontend (client) and the NodeJS
backend, sits nginx as a proxy, configured like so:

|server { listen 1337 ssl; location /socket.io/ { proxy_pass
https://localhost:1338; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } |

So far, so good. I now want to monitor and secure the Websocket
connection. In particular, I want to prevent XSS attacks and exclude IPs
trying to brute force the login to my application. I'm pretty new to
that stuff, but I've found out that there are tools working together
with nginx which can fulfill my needs here. (In particular, fail2ban and
nginx-naxsi)

However, I did not find out till now, whether and how these tools would
work with my design (proxied websocket).

fail2ban works on log files. Right now, nginx does *not* log the
websocket traffic. Is it possible to configure nginx so that it logs the
proxied websocket traffic? I mean, the actual traffic, not the
establishing of the socket connection, but what is actually being
exchanged between client (browser) and server (NodeJS). That should
appear in some nginx log file in order to make fail2ban work.

Same goes for nginx-naxsi, I guess.
Does nginx, in my configuration, even care about what browser and NodeJS
are exchanging via websocket? How can I make nginx inspect the content
of the websocket connection so that I can filter out malicious requests
based on nginx-naxsi rules?

Thanks in advance for any hints!
Best,
Christian

(PS: Already had asked a similar question on serverfault, but not no avail.)

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx