add nginx rules for fail2ban

7351a4f0 · Vitaly Lipatov · fa4656da · 7351a4f0 · 7351a4f0 · 7351a4f0
Commit 7351a4f0 authored Mar 26, 2014 by Vitaly Lipatov
4 changed files
--- a/fail2ban/filter.d/nginx-admin.conf
+++ b/fail2ban/filter.d/nginx-admin.conf
+# Fail2Ban configuration file
+#
+# Author: Vitaly Lipatov
+#
+# $Revision: 728 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values: TEXT
+#
+failregex = ^<HOST> - -.*POST.*$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+#ignoreregex = 
--- a/fail2ban/filter.d/nginx-excess-admlim.conf
+++ b/fail2ban/filter.d/nginx-excess-admlim.conf
+# Fail2Ban configuration file
+#
+# Author: Vitaly Lipatov
+#
+# $Revision: 728 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values: TEXT
+#
+failregex = .* limiting requests, excess: .* by zone "admlim", client: <HOST>, server:
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
--- a/fail2ban/filter.d/nginx-excess.conf
+++ b/fail2ban/filter.d/nginx-excess.conf
+# Fail2Ban configuration file
+#
+# Author: Vitaly Lipatov
+#
+# $Revision: 728 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values: TEXT
+#
+failregex = .* limiting requests, excess: .* by zone ".*lim", client: <HOST>, server:
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+#ignoreregex = 
--- a/fail2ban/test.d/nginx-excess-admlim
+++ b/fail2ban/test.d/nginx-excess-admlim
+2014/03/09 07:13:59 [error] 477887#0: *15917125 limiting requests, excess: 3.304 by zone "admlim", client: 108.160.152.93, server: borbazaveru.info, request: "GET /administrator/index.php HTTP/1.0", host: "borbazaveru.com"