【筆記】用 Fail2ban 捕捉 4XX (Apache)
發表於 : 2020-05-17, 23:07
免責聲明:此文為網路捉取,非本人撰寫,經實作可用,故分享。純屬分享,採用與否請自行決定,本人不負責任何後果。歡迎多多指教!
代碼: 選擇全部
# nano /etc/fail2ban/filter.d/nginx-4xx.conf
#
[Definition]
failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$
ignoreregex =
#Add this to your jail.conf
[nginx-4xx]
enabled = true
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
# ==========================================
# nginx-403.conf
[Definition]
failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*" 403
ignoreregex =
# nginx-404.conf
[Definition]
failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*" 404
ignoreregex =
[nginx-403]
enabled = true
port = http,https
filter = nginx-403
logpath = /var/log/nginx/access.log
maxretry = 5
findtime = 300
[nginx-404]
enabled = true
port = http,https
filter = nginx-404
logpath = /var/log/nginx/access.log
maxretry = 10
findtime = 300
# ==========================================
# Fail2Ban configuration file
#
# Author: Chris Cohoat
#
[Definition]
failregex = &lt;HOST&gt; - - \[.*\] &quot;(GET|POST).*HTTP.* 404
ignoreregex = .*(robots.txt|favicon.ico|jpg|png)
[nginx-404]
enabled = true
filter = nginx-404
port = http, https
logpath = /var/log/nginx/error.log
findtime = 60
bantime = 3600
maxretry = 30
# ==========================================
[nginx-post-passwd-limit]
enabled=true
filter=nginx-post-passwd-limit
action=iptables[name=nppl, port=http, protocol=tcp]
logpath=/var/log/nginx/access.log
findtime=3600
bantime=7200
maxretry=10
# nginx-post-passwd-limit.conf
[Definition]
failregex=<HOST>.*POST.*wp-login\.php.*
[nginx-404-limit]
enabled=true
filter=nginx-404-limit
action=iptables[name=n4l, port=http, protocol=tcp]
logpath=/var/log/nginx/access.log
findtime=10
bantime=7200
maxretry=10
# nginx-404-limit.conf
[Definition]
failregex=<HOST>.*\s404\s.*
ignoreregex=<HOST>.*robots.txt.*\s404\s.*
<HOST>.*rss.xml.*\s404\s.*