diff options
author | Michele Bologna <michele.bologna@gmail.com> | 2018-09-14 22:12:52 +0200 |
---|---|---|
committer | Michele Bologna <michele.bologna@gmail.com> | 2018-09-14 22:21:24 +0200 |
commit | 1fb7ffe759f5d4ff73a6d271c5b98c8c18a0ad1c (patch) | |
tree | 24e148e4741c513b9266d7943bafa0f8e19b4fc8 | |
parent | 8a0c06ba9ea3baad77cf84d2e8d4a055ea95b782 (diff) | |
download | fail2ban-1fb7ffe759f5d4ff73a6d271c5b98c8c18a0ad1c.tar.gz |
Feat: ban nginx forbidden accesses
If you have configured nginx to forbid some paths in your webserver, e.g.:
location ~ /\. {
deny all;
}
if a client tries to access https://yoursite/.user.ini then you will see
in nginx error log:
2018/09/14 19:03:05 [error] 2035#2035: *9134 access forbidden by rule, client: 10.20.30.40, server: www.example.net, request: "GET /.user.ini HTTP/1.1", host: "www.example.net", referrer: "https://www.example.net"
By carefully setting this filter we ban every IP that tries too many times to
access forbidden resources.
Author: Michele Bologna https://www.michelebologna.net/
-rw-r--r-- | config/filter.d/nginx-forbidden.conf | 21 | ||||
-rw-r--r-- | fail2ban/tests/files/logs/nginx-forbidden | 5 |
2 files changed, 26 insertions, 0 deletions
diff --git a/config/filter.d/nginx-forbidden.conf b/config/filter.d/nginx-forbidden.conf new file mode 100644 index 00000000..3c54e61e --- /dev/null +++ b/config/filter.d/nginx-forbidden.conf @@ -0,0 +1,21 @@ +# fail2ban filter configuration for nginx forbidden accesses +# +# If you have configured nginx to forbid some paths in your webserver, e.g.: +# +# location ~ /\. { +# deny all; +# } +# +# if a client tries to access https://yoursite/.user.ini then you will see +# in nginx error log: +# +# 2018/09/14 19:03:05 [error] 2035#2035: *9134 access forbidden by rule, client: 10.20.30.40, server: www.example.net, request: "GET /.user.ini HTTP/1.1", host: "www.example.net", referrer: "https://www.example.net" +# +# By carefully setting this filter we ban every IP that tries too many times to +# access forbidden resources. +# +# Author: Michele Bologna https://www.michelebologna.net/ + +[Definition] +failregex = \[error\] \d+#\d+: \*\d+ access forbidden by rule, client: <HOST> +ignoreregex = diff --git a/fail2ban/tests/files/logs/nginx-forbidden b/fail2ban/tests/files/logs/nginx-forbidden new file mode 100644 index 00000000..6da3ed01 --- /dev/null +++ b/fail2ban/tests/files/logs/nginx-forbidden @@ -0,0 +1,5 @@ +# failJSON: { "time": "2018-09-14T19:03:05", "match": true , "host": "12.34.56.78" } +2018/09/14 19:03:05 [error] 2035#2035: *9134 access forbidden by rule, client: 12.34.56.78, server: www.example.net, request: "GET /wp-content/themes/evolve/js/back-end/libraries/fileuploader/upload_handler.php HTTP/1.1", host: "www.example.net", referrer: "http://example.net/foo.php" + +# failJSON: { "time": "2018-09-13T15:42:05", "match": true , "host": "12.34.56.78" } +2018/09/13 15:42:05 [error] 2035#2035: *287 access forbidden by rule, client: 12.34.56.78, server: www.example.com, request: "GET /wp-config.php~ HTTP/1.1", host: "www.example.com" |