Create a Post
Blason_R
Advisor

Cloudguard Appsec Integration with existing nginx reverse proxy

Hi Team,

Does AppSec works with nginx reverse proxy? Lets say I have 5 portals behind nginx reverse proxy as a on-prem server.

Can I -

  • Deploy on-prem Nginx integration with AppSec
  • Also we are deciding to move to the cloud wondering then can we move to the cloud?

 

 

0 Kudos
11 Replies
Nir_Shamir
Employee
Employee

Hi,

You can deploy our Agent on a Linux Server with NGINX deployed on it.

I have done it in a lab environment and it worked with no issues.

When you move to a cloud environment you can just deploy another agent in the new deployment on the server or as a CloudGuard AppSec Gateway to protect it.

Blason_R
Advisor

Hi,

What if I have multiple portals configured in reverse proxy? Can single agent detect those multiple portals? How are the SKUs per portal or per agent.

0 Kudos
Nir_Shamir
Employee
Employee

I think the license is per amount of requests or something like that.

anyway you configure on the Agent the IP addresses that it needs to protect so if the requests are going to IP addresses on that server then he will protect all of the portals.

0 Kudos
Blason_R
Advisor

Thanks man - the Idea is currently we are using mod_sec and protecting apps like

  • example.com
  • test.testing.com
  • one.notsecurenet.in

etc..

0 Kudos
Shay_Levin
Admin
Admin

Hi @Blason_R , 

If you need help with deployment, let me know and i will make sure you will get assistance.

0 Kudos
Blason_R
Advisor

Thanks Shay - Since we have done numerous Nginx reverse proxy installations we are pretty confident on it. However I am replicating and testing in my partner portal account and in my test environment. So far is going good and have integrated with nginx.

Once I am confident we then can replicate the same story with our customers as Nginx reverse proxy. However I am confused about commercials and workings.

lets discuss that later for sure - Let me first finish the technical part and if I am stuck will contact you for sure.

 

TIA

Blason_R
Advisor

Thanks Guys!! It worked perfectly with my test setup and nginx reverse proxy. 😀

Trying few more scenarios with multiple URLs.

0 Kudos
Blason_R
Advisor

Hi @Shay_Levin 

I am facing this unique issue in further testing. Now my reverse proxy holds two URLs

www.hackme.com

www.box.com

I created two assets for two different websites. However both my websites are getting blocked by Check Point Infinity agent even though I set the profile accordingly. Now for testing purpose I stopped the agent with cpnano -q and both the sites started accessing properly. However when I start the agent it blocks again.

Any reason why?

I restarted the agent but its still blocking the legitimate requests

0 Kudos
Nir_Shamir
Employee
Employee

@Blason_R  what do you see in the logs ? what is the reason it was blocked ?

could be that the site is vulnerable ?

0 Kudos
Blason_R
Advisor

Thanks @Nir_Shamir I had a offline discussion with Shay, Gal and Eyal and found the issue. Well certain features are still in EA and have activated prevent mode directly without learning mode.

Blason_R
Advisor

Thanks a lot @Shay_Levin  for helping me out on resolving the issue. It was due to the setting on asset for blocking non-relevant applications and since my web server was listening on other portal request is being blocked by agent.

We added the setting in nginx web server and bypassed that location.

Thanks a lot Team!!