LoweBowe
/
CinemaPress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
CinemaPress/config/default/fail2ban/filter.d/nginxrepeatoffender.conf

67 lines
2.1 KiB
Plaintext
Raw Blame History

# /etc/fail2ban/filter.d/nginxrepeatoffender.conf
# Fail2Ban Blacklist for Repeat Offenders of Nginx (filter.d)
#
# Author: Mitchell Krog <mitchellkrog@gmail.com>
# Version: 1.1
#
# Add on for Nginx Bad Bot blocker
# GitHub: https://github.com/mariusv/nginx-badbot-blocker
#
# Contributed by: Mitchell Krog
# Github: https://github.com/mitchellkrogza
#
# Tested On: Fail2Ban 0.9.3
# Server: Ubuntu 16.04
# Firewall: IPTables
#
# Dependancies: requires nginxrepeatoffender.conf in /etc/fail2ban/filter.d folder
# requires jail settings called [nginxrepeatoffender]
# requires nginx.repeatoffender file in /etc/fail2ban
# create with sudo touch /etc/fail2ban/nginx.repeatoffender
# chmod +x /etc/fail2ban/nginx.repeatoffender
#
# Drawbacks: Only works with IPTables
#
# Based on: The Recidive Jail from Fail2Ban
# This custom filter and action will monitor your Nginx logs and perma-ban
# any IP address that has generated far too many 403 or 444 errors over a 1 week period
# and ban them for 1 day. This works like a charm as an add-on for the Nginx Bad
# Bot Blocker which takes care of generating the 444 and 403 errors based on the extensive
# list of Bad Referers, Bots, Scrapers and IP addresses it covers.
# Thus custom Fail2Ban filter helps prevent the agressive one's from constantly filling
# up your Nginx server logs.
#
# This custom action requires a custom jail in your
# jail.local file for Fail2Ban
#
# Your jail file would be configured as follows
#
# [nginxrepeatoffender]
# enabled = true
# logpath = %(nginx_access_log)s
# filter = nginxrepeatoffender
# banaction = nginxrepeatoffender
# bantime = 86400 ; 1 day
# findtime = 604800 ; 1 week
# maxretry = 20
#
[Definition]
_daemon = fail2ban\.actions\s*
# The name of the jail that this filter is used for. In jail.conf, name the
# jail using this filter 'nginxrepeatoffender', or change this line!
_jailname = nginxrepeatoffender
failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) .* \S+\" (?:403|444) .+$
ignoreregex =
[Init]
journalmatch = _SYSTEMD_UNIT=fail2ban.service PRIORITY=5
# Author: Mitchell Krog
Reference in New Issue View Git Blame Copy Permalink