joby/webserver-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

updated fail2ban definitions to match new nginx log format

Browse source
This commit is contained in:
Joby 2024-10-23 15:19:38 -06:00
parent c54bc33b6b
commit 1e378032b0
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
install/fail2ban-nginx.sh
View file

@ -11,19 +11,19 @@ echo "Setting up fail2ban for Nginx errors with strict, moderate, and lenient ja
# Create the filter files
cat > /etc/fail2ban/filter.d/nginx-4xx-strict.conf << EOL
[Definition]
failregex = ^<HOST> .* "(GET|POST|HEAD|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH).*" (401|403) .*$
failregex = ^[^ ]+ <HOST> .* "(GET|POST|HEAD|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH).*" (401|403) .*$
ignoreregex =
EOL
cat > /etc/fail2ban/filter.d/nginx-4xx-moderate.conf << EOL
[Definition]
failregex = ^<HOST> .* "(GET|POST|HEAD|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH).*" (400|405|406|408|413|444) .*$
failregex = ^[^ ]+ <HOST> .* "(GET|POST|HEAD|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH).*" (400|405|406|408|413|444) .*$
ignoreregex =
EOL
cat > /etc/fail2ban/filter.d/nginx-4xx-lenient.conf << EOL
[Definition]
failregex = ^<HOST> .* "(GET|POST|HEAD|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH).*" (404|429) .*$
failregex = ^[^ ]+ <HOST> .* "(GET|POST|HEAD|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH).*" (404|429) .*$
ignoreregex =
EOL