Setup and Run The Webshield
Prerequisites๐
WebShield analyzes Tempesta FW access logs, stored in Clickhouse, so to use WebShield, you need to install Tempesta FW and configure access log in Clickhouse.
Please ensure that both Tempesta FW and Tempesta Logger are installed, and that the access_log table exists in the ClickHouse database.
Download MaxMind GeoLite City database (GeoLite2-City)
Clone the project and prepare basic configuration:๐
$ git clone git@github.com:tempesta-tech/webshield.git
$ cd webshield
$ sudo ./setup.sh
Copy GeoLite2-City.mmdb, downloaded at the previous step, to
/etc/tempesta/webshield/city.db or change the path in
/etc/tempesta/webshield/app.env.
If you installed Tempesta FW from sources,
then you need to set the path to tempesta.sh in TEMPESTA_EXECUTABLE_PATH
variable in /etc/tempesta/webshield/app.env
Configure Tempesta FW blocking rules paths and files๐
The default configuration in /etc/tempesta/webshield/app.env defines the paths as
PATH_TO_TFT_CONFIG="/etc/tempesta/fw/tft/blocked.conf"
PATH_TO_TFH_CONFIG="/etc/tempesta/fw/tfh/blocked.conf"
You need to change the lines if you have Tempesta FW installed at non-standard paths. Create directories for fingerprint rules:
$ mkdir /etc/tempesta/fw/tft
$ mkdir /etc/tempesta/fw/tfh
Add blocking rule sets to Tempesta FW configuration file๐
If you uses standard configuration paths from the last step, then you can just copy and paste the example configuration at the below or use the same patsh from the last step.
tft {
!include /etc/tempesta/fw/tft
}
tfh {
!include /etc/tempesta/fw/tfh
}
Once the configuration is updated, reload Tempesta FW:
$ service tempesta --reload
This setup allows the WebShield to dynamically update tft and tfh blocking rules.
Check Clickhouse configuration๐
$ grep CLICKHOUSE /etc/tempesta/webshield/app.env
CLICKHOUSE_HOST="127.0.0.1"
CLICKHOUSE_PORT=9000
CLICKHOUSE_USER="default"
CLICKHOUSE_PASSWORD=""
CLICKHOUSE_TABLE_NAME="access_log"
CLICKHOUSE_DATABASE="default"
Start the daemon๐
$ python3 app.py