Search Results

This is an example that lets you use Shorewall https://shorewall.org/index.html and IPsets to dynamically allowlist IPs. You can achieve great power with these simple steps: Install the Knocknoc Agent on the Shorewall host and enrol it into the Knocknoc se...

Checking to see if an ACL is present in HAProxy For when you aren't sure if the whole process is working, you can manually connect to the HAProxy socket and print out the contents. socat is the way forward here. Install it with your favourite package manager...

Nginx support via script was added in knocknoc-agent version 1.0.30. This allows for flexible ACL management from Knocknoc server for nginx. Setup for the Nginx server To get started, make sure you have knocknoc-agent version 1.0.30 or above installed. The ...

Apache 2.4 and above have slightly different ACL syntax, so this page covers how you can use Knocknoc to manage ACLs. The script for managing Apache ACLs as per this document was added to knocknoc-agent in version 1.0.31 Setup for your Apache webserver SSH t...

Gsuite can be setup as an Identity Provider if you have Gsuite Business Startter or above plan. The basis of this guide is the official docs here: https://support.google.com/a/answer/6087519?hl=en which should be referred to in case any thing changes from the...

The  FortiOS integration allows Knocknoc to dynamically add and remove user's source IP from a named address group. This address group can then be used in whatever Firewall rule you like, opening up many possibilities for securing access to systems behind Fort...

Passive, Active or a combination Passive - Knocknoc's Allowlist features provides a passive integration with firewalls that support a External Dynamic Lists or EDLs.  This feature allows the firewall to pull from the Knocknoc server a list of IPs of authentic...

The Knocker utility is a command-line tool for managing various backends or server features with ease. It provides commands for enabling, disabling, installing, uninstalling, and performing health checks for supported backends. Usage (on Agent) /opt/knocknoc...

Below is a concise guide for a sysadmin (or developer) to set up and configure AWS WAF with a custom HTML 403 response and integrate it with your update-aws-waf-ipset.sh script (which follows the argument order <ACTION> <ACL_NAME_OR_ID> <IP_ADDRESS>). This gui...

Knocknoc keeps a track of source IP addresses and tries to be kind to users that share IPs. Think: shared office IP NAT address when using an Internet-hosted Knocknoc. This means that if two users are coming from the same IP, revoking a session for the first ...

Debian distros (Ubuntu etc) If you are getting the this error: Failed to fetch https://packages.knocknoc.io/debian/dists/bookworm/InRelease The following signatures were invalid: EXPKEYSIG E3AB5DF76BBF701F Knocknoc Support <support@knocknoc.io> You may ha...