Reporting on forwarded connections to nginx
-
Hi Guys,
Not sure where to place this question at the moment please relocate if needed.
I'm trying to figure out the best way to report on http and https connections traveling through pfsense to my nginx reverse proxies to track abuse of web services siting on ISP config behind the nginx.
We have had several successful hacks dumping Chinese pdf's and then using the servers as file servers on my clients joomla and wordpress sites.
I don't manage the sites directly but we are working with the clients to make sure everything is kept up to date and best practices are followed. I am also looking at nginx reporting but that seems a little weak for just quickly detecting and visually reporting behavior changes in traffic or content.
We are using nginx as a reverse proxy to ISPConfig.
I will continue to look for other tools and the various layers but as i really like pfSsense I'm trying to figure out if there is a tool/package/built in report that can also provide another layer of visibility and potentially even an automated response.
I have looked at the ntop package and while its good its only good while we are experiencing issues and even then its not the easiest to decern what exactly is going on because of its limited http URL reporting.
Most of the sites are quite small (in terms of traffic) and im guessing there must be a module out there somewhere some one must have had this problem.
Thanks for the help in advance.
Apologies if i dropped this in the wrong place.