Fail2Ban Filter Regex Modified

2025-09-10 23:34:41 +00:00 · 2017-01-11 15:28:58 +02:00 · 2017-01-11 15:28:58 +02:00 · 02180d6746
commit 02180d6746
parent 72ca64c0e4
3 changed files with 13 additions and 13 deletions
--- a/Fail2Ban/filter.d/nginxrepeatoffender.conf
+++ b/Fail2Ban/filter.d/nginxrepeatoffender.conf
@ -2,12 +2,12 @@
 # Fail2Ban Blacklist for Repeat Offenders of Nginx (filter.d)
 #
 # Author: Mitchell Krog <mitchellkrog@gmail.com>
-# Version: 1.0
+# Version: 1.1
 #
 # Add on for Nginx Ultimate Bad Bot blocker
 # GitHub: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
 #
-# Tested On: Fail2Ban 0.91
+# Tested On: Fail2Ban 0.9.3
 # Server: Ubuntu 16.04
 # Firewall: IPTables
 #
@ -21,9 +21,9 @@
 #
 # Based on: The Recidive Jail from Fail2Ban
 #			This custom filter and action will monitor your Nginx logs and perma-ban
-#			any IP address that has generated far too many 444 errors over a 1 week period
+#			any IP address that has generated far too many 444 or 403 errors over a 1 week period
 #			and ban them for 1 day. This works like a charm as an add-on for my Nginx Bad
-#			Bot Blocker which takes care of generating the 444 errors based on the extensive
+#			Bot Blocker which takes care of generating the 444 or 403 errors based on the extensive
 #			list of Bad Referers, Bots, Scrapers and IP addresses it covers.
 #			See - https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker for more info
 #
@ -51,7 +51,7 @@ _daemon = fail2ban\.actions\s*
 # jail using this filter 'nginxrepeatoffender', or change this line!
 _jailname = nginxrepeatoffender

-failregex = ^<HOST> -.*GET.*444\s0
+failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) \/<block> \S+\" (?:403|444) .+$
 ignoreregex = 

 [Init]