Load Balanced Nginx Firewall on Ubuntu
I am setting up two nginx web servers which will be behind a load balancer, either haproxy or nginx powered... not sure yet. Even though I plan on using Sucuri Web Firewall, it can be bypassed so I'd like to implement my own web application firewall as well.
If I was using Apache, of course, I'd use mod_security. But since I'm not, I'm not entirely sure what is available for nginx.
Also, I'm somewhat unsure where to implement it in a load balanced environment. Do I put it on it's own server (512mb) in front of the load balancer or do I put it on the same server as the load balancer? I don't think it'd be a good idea to put it on the web servers themselves though. I maybe wrong though.
What are your ideas?