diff options
| author | Sergey G. Brester <serg.brester@sebres.de> | 2023-04-13 19:09:00 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-13 19:09:00 +0200 |
| commit | e73748c4422196d7e40b9e3a1d5c6cf2e81d49c1 (patch) | |
| tree | 8d332b7509b70c40c55c3f699d95b39f961b31e0 /config | |
| parent | 7dc32971f8fa9fb4b4260e4a641aaedde68756d2 (diff) | |
| parent | 27294c4b9ee5d5568a1d5f83af744ea39d5a1acb (diff) | |
| download | fail2ban-e73748c4422196d7e40b9e3a1d5c6cf2e81d49c1.tar.gz | |
Merge branch 'master' into mikrotik
Diffstat (limited to 'config')
| -rw-r--r-- | config/action.d/cloudflare-token.conf | 11 | ||||
| -rw-r--r-- | config/filter.d/nginx-forbidden.conf | 25 | ||||
| -rw-r--r-- | config/jail.conf | 4 |
3 files changed, 35 insertions, 5 deletions
diff --git a/config/action.d/cloudflare-token.conf b/config/action.d/cloudflare-token.conf index 8c5c37de..287621eb 100644 --- a/config/action.d/cloudflare-token.conf +++ b/config/action.d/cloudflare-token.conf @@ -50,11 +50,12 @@ actionban = curl -s -X POST "<_cf_api_url>" \ # <time> unix timestamp of the ban time # Values: CMD # -actionunban = id=$(curl -s -X GET "<_cf_api_url>?mode=<cfmode>¬es=<notes>&configuration.target=<cftarget>&configuration.value=<ip>" \ - <_cf_api_prms> \ - | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \ - | tr -d ' "' \ - | head -n 1) +actionunban = id=$(curl -s -X GET "<_cf_api_url>" \ + --data-urlencode "mode=<cfmode>" --data-urlencode "notes=<notes>" --data-urlencode "configuration.target=<cftarget>" --data-urlencode "configuration.value=<ip>" \ + <_cf_api_prms> \ + | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \ + | tr -d ' "' \ + | head -n 1) if [ -z "$id" ]; then echo "<name>: id for <ip> cannot be found using target <cftarget>"; exit 0; fi; \ curl -s -X DELETE "<_cf_api_url>/$id" \ <_cf_api_prms> \ diff --git a/config/filter.d/nginx-forbidden.conf b/config/filter.d/nginx-forbidden.conf new file mode 100644 index 00000000..62d15a41 --- /dev/null +++ b/config/filter.d/nginx-forbidden.conf @@ -0,0 +1,25 @@ +# fail2ban filter configuration for nginx forbidden accesses +# +# If you have configured nginx to forbid some paths in your webserver, e.g.: +# +# location ~ /\. { +# deny all; +# } +# +# if a client tries to access https://yoursite/.user.ini then you will see +# in nginx error log: +# +# 2018/09/14 19:03:05 [error] 2035#2035: *9134 access forbidden by rule, client: 10.20.30.40, server: www.example.net, request: "GET /.user.ini HTTP/1.1", host: "www.example.net", referrer: "https://www.example.net" +# +# By carefully setting this filter we ban every IP that tries too many times to +# access forbidden resources. +# +# Author: Michele Bologna https://www.michelebologna.net/ + +[Definition] +failregex = \[error\] \d+#\d+: \*\d+ access forbidden by rule, client: <HOST> +ignoreregex = + +datepattern = {^LN-BEG} + +journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx diff --git a/config/jail.conf b/config/jail.conf index f4990e09..b2fb7ec0 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -395,6 +395,10 @@ logpath = %(nginx_error_log)s port = http,https logpath = %(nginx_access_log)s +[nginx-forbidden] +port = http,https +logpath = %(nginx_error_log)s + # Ban attackers that try to use PHP's URL-fopen() functionality # through GET/POST variables. - Experimental, with more than a year # of usage in production environments. |