I ran NodeJS as a kind of Webapplication Server serving an AngularJS frontend. They communicate solely over WebSockets, using the SailsJS implementation of Socket.IO. Between frontend (client) and the NodeJS backend, sits nginx as a proxy, configured like so:
server {
listen 1337 ssl;
location /socket.io/ {
proxy_pass https://localhost:1338;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
So far, so good. I now want to monitor and secure the Websocket connection. In particular, I want to prevent XSS attacks and exclude IPs trying to brute force the login to my application. I'm pretty new to that stuff but after some research I came across fail2ban and nginx-naxsi which might be exactly what I need. However, I have no idea how I can make them work with my setup.
Is this even possible? Can I somehow intercept the traffic tunneled through a Websocket in the proxy (being nginx)?