LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-20-2017, 11:36 PM   #16
bmxakias
Member
 
Registered: Jan 2016
Posts: 254

Original Poster
Rep: Reputation: Disabled

Can i use the HEAD parameter as a user may ask for a topic using GET or Post for a word Supername and get banned ?

Like this?


Quote:
^<HOST> .* ".*(?i)HEAD /Supername.*?"
or

Quote:
^<HOST>.*HEAD.*(?i)Supername.*

Promise no more questions
 
Old 08-21-2017, 05:49 AM   #17
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
First example is what I'd go with.
 
Old 08-23-2017, 11:02 PM   #18
bmxakias
Member
 
Registered: Jan 2016
Posts: 254

Original Poster
Rep: Reputation: Disabled
Ok i just test it and it doesn't hit


Log file request is:

Quote:
123.456.789.000 - - [20/Aug/2017:07:33:34 +0000] "GET /software-wvs-test-for-some-inexistent-file HTTP/1.1" 404 6379 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21

My /etc/fail2ban/jail.local entry is:

Quote:
[nginx-software]
enabled = true
filter = nginx-software
action = csfdeny[name=nginx-software]
logpath = /home/nginx/domains/*/log/access.log
/usr/local/nginx/logs/*access*.log
bantime = 604800
maxretry = 1

And my software config nginx-software.conf is:

Quote:
[Definition]
# Notes : Block Software
failregex = ^<HOST> .* ".*?(?i)GET /software-wvs-test-for-some-inexistent-file.*?"
ignoreregex =
 
Old 08-24-2017, 05:44 AM   #19
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by bmxakias View Post
Ok i just test it and it doesn't hit


Log file request is:
Use a real IP and try again.

or
Code:
fail2ban-regex /var/log/nginx/access.log /etc/fail2ban/filter.d/nginx-software

Last edited by Habitual; 08-24-2017 at 05:46 AM.
 
Old 08-25-2017, 09:59 AM   #20
bmxakias
Member
 
Registered: Jan 2016
Posts: 254

Original Poster
Rep: Reputation: Disabled
Ok it works thanks
 
Old 08-25-2017, 10:02 AM   #21
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Velcro!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Question regarding fail2ban jail.conf munkz Linux - Security 3 08-28-2013 01:49 AM
Fail2ban Log NotAComputerGuy Linux - Security 7 01-10-2013 07:17 PM
Fail2ban noscript jail is banning googlebot...should I make an exception? sneakyimp Linux - Security 4 12-08-2012 01:01 PM
[SOLVED] fail2ban regex help needed ! papampi Linux - Security 30 06-19-2012 09:29 AM
fail2ban log errors for ssh jail linuxlover.chaitanya Linux - Security 2 07-24-2010 07:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration