Re: [Fail2ban-users] Custom filter for Nginx

Sun, 19 Feb 2017 02:19:35 -0800 

What are you actually trying to achieve ???

If you want a filter that can scan your logs looking for 403 and 444
errors, I wrote a custom filter below which works very well for me. It
picks up any excessive amounts of 403 or 444 errors generated by a client
and bans them for one day. Not sure if it’s what you are looking for though.

https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/blob/master/Fail2Ban/filter.d/nginxrepeatoffender.conf

Still want to send a PR for this but have not had time or even know if it’s
needed as some of the other nginx filters already existing in Fail2Ban can
be customised with additional regex using a .local version of the filter.

Kind Regards
Mitchell




From: Cogumelos Maravilha <cogumelosmaravi...@sapo.pt>
<cogumelosmaravi...@sapo.pt>
Reply: Cogumelos Maravilha <cogumelosmaravi...@sapo.pt>
<cogumelosmaravi...@sapo.pt>
Date: 19 February 2017 at 11:55:02 AM
To: fail2ban-users@lists.sourceforge.net
<fail2ban-users@lists.sourceforge.net>
<fail2ban-users@lists.sourceforge.net>
Subject:  Re: [Fail2ban-users] Custom filter for Nginx

Sorry, full lines:

185.93.180.104 - - [18/Feb/2017:19:15:33 +0000] "POST /login.php HTTP/1.1"
403 162 "-" "() { OpenVAS:; };

185.93.180.104 - - [18/Feb/2017:19:15:33 +0000] "POST /index.php HTTP/1.1"
403 162 "-" "-" 0.000

Thanks

On 02/19/2017 07:02 AM, Dudi Goldenberg wrote:

These lines does not contain the related IP address, so you can’t block…



Regards,



D.


>[18/Feb/2017:19:15:33 +0000] "GET /login.php HTTP/1.1" 403 162 "-" "-"
0.000
>[18/Feb/2017:19:15:32 +0000] "POST /cgi-bin/status HTTP/1.1" 403 162 "-"
"-" 0.000


------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org!
http://sdm.link/slashdot_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to