【筆記】用 Fail2ban 捕捉 4XX (Apache)

vega · 文章由 **vega** » 2020-05-17, 23:07

免責聲明：此文為網路捉取，非本人撰寫，經實作可用，故分享。純屬分享，採用與否請自行決定，本人不負責任何後果。歡迎多多指教！

# nano /etc/fail2ban/filter.d/nginx-4xx.conf
#
[Definition]
failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$
ignoreregex =


#Add this to your jail.conf
[nginx-4xx] enabled = true port = http,https logpath = /var/log/nginx/access.log maxretry = 3


# ==========================================
# nginx-403.conf
[Definition]
failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*" 403
ignoreregex =

# nginx-404.conf
[Definition]
failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*" 404
ignoreregex =

[nginx-403]
enabled = true
port    = http,https
filter  = nginx-403
logpath = /var/log/nginx/access.log
maxretry = 5
findtime = 300

[nginx-404]
enabled = true
port    = http,https
filter  = nginx-404
logpath = /var/log/nginx/access.log
maxretry = 10
findtime = 300

#  ==========================================
# Fail2Ban configuration file
#
# Author: Chris Cohoat
#
[Definition]
failregex = &amp;lt;HOST&amp;gt; - - \[.*\] &amp;quot;(GET|POST).*HTTP.* 404
ignoreregex =&nbsp;.*(robots.txt|favicon.ico|jpg|png)

[nginx-404]
enabled = true
filter = nginx-404
port = http, https
logpath = /var/log/nginx/error.log
findtime = 60
bantime = 3600
maxretry = 30

# ==========================================
[nginx-post-passwd-limit]
enabled=true
filter=nginx-post-passwd-limit
action=iptables[name=nppl, port=http, protocol=tcp]
logpath=/var/log/nginx/access.log
findtime=3600
bantime=7200
maxretry=10

# nginx-post-passwd-limit.conf 
[Definition]
failregex=<HOST>.*POST.*wp-login\.php.*

[nginx-404-limit]
enabled=true
filter=nginx-404-limit
action=iptables[name=n4l, port=http, protocol=tcp]
logpath=/var/log/nginx/access.log
findtime=10
bantime=7200
maxretry=10

# nginx-404-limit.conf
[Definition]
failregex=<HOST>.*\s404\s.*
ignoreregex=<HOST>.*robots.txt.*\s404\s.*
            <HOST>.*rss.xml.*\s404\s.*