vikarti.anatra/nginx-ultimate-bad-bot-blocker
1
0
Fork 0
mirror of https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker.git synced 2025-09-03 02:59:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
nginx-ultimate-bad-bot-blocker/Fail2Ban/filter.d/nginxrepeatoffender.conf
Mitchell Krog UB1 7d5bb0d19a Correction to Regex Expression
2017-01-12 17:16:12 +02:00

61 lines
2 KiB
Text
Raw Blame History

# /etc/fail2ban/filter.d/nginxrepeatoffender.conf
# Fail2Ban Blacklist for Repeat Offenders of Nginx (filter.d)
#
# Author: Mitchell Krog <mitchellkrog@gmail.com>
# Version: 1.1
#
# Add on for Nginx Ultimate Bad Bot blocker
# GitHub: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
#
# Tested On: Fail2Ban 0.9.3
# Server: Ubuntu 16.04
# Firewall: IPTables
#
# Dependancies: requires nginxrepeatoffender.conf in /etc/fail2ban/action.d folder
# requires jail settings called [nginxrepeatoffender]
# requires nginx.repeatoffender file in /etc/fail2ban
# create with sudo touch /etc/fail2ban/nginx.repeatoffender
# chmod +x /etc/fail2ban/nginx.repeatoffender
#
# Drawbacks: Only works with IPTables
#
# Based on: The Recidive Jail from Fail2Ban
# This custom filter and action will monitor your Nginx logs and perma-ban
# any IP address that has generated far too many 444 or 403 errors over a 1 week period
# and ban them for 1 day. This works like a charm as an add-on for my Nginx Bad
# Bot Blocker which takes care of generating the 444 or 403 errors based on the extensive
# list of Bad Referers, Bots, Scrapers and IP addresses it covers.
# See - https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker for more info
#
# This custom action requires a custom jail in your
# jail.local file for Fail2Ban
#
# Your jail file would be configured as follows
#
# [nginxrepeatoffender]
# enabled = true
# logpath = %(nginx_access_log)s
# filter = nginxrepeatoffender
# banaction = nginxrepeatoffender
# bantime = 86400 ; 1 day
# findtime = 604800 ; 1 week
# maxretry = 20
#
[Definition]
_daemon = fail2ban\.actions\s*
# The name of the jail that this filter is used for. In jail.conf, name the
# jail using this filter 'nginxrepeatoffender', or change this line!
_jailname = nginxrepeatoffender
failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) \/ \S+\" (?:403|444) .+$
ignoreregex =
[Init]
journalmatch = _SYSTEMD_UNIT=fail2ban.service PRIORITY=5
# Author: Mitchell Krog
Reference in a new issue View git blame Copy permalink