Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
fail2ban nginx 404 400 403 444 filter /etc/fail2ban/filter.d/nginx-4xx.conf enable
# to enable this filter add to jail.conf following (/etc/fail2ban/jail.conf)
# Thanks to -> TheBarret
[nginx-4xx]
enabled = true
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
# vim /etc/fail2ban/filter.d/nginx-4xx.conf
[Definition]
failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$
ignoreregex =
@chovy

This comment has been minimized.

Copy link

@chovy chovy commented Feb 25, 2019

How do we enable this?

@TheBarret

This comment has been minimized.

Copy link

@TheBarret TheBarret commented Sep 14, 2019

How do we enable this?

Add this to your jail.conf
[nginx-4xx]
enabled = true
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3

@sigismund

This comment has been minimized.

Copy link

@sigismund sigismund commented Jun 1, 2020

Do not use this rule. It's regex is too wide and fail2ban will trigger bans based on non-malicious requests.

@TheBarret

This comment has been minimized.

Copy link

@TheBarret TheBarret commented Jun 1, 2020

Do not use this rule. It's regex is too wide and fail2ban will trigger bans based on non-malicious requests.

Works fine here tho, no problems so far.

@sigismund

This comment has been minimized.

Copy link

@sigismund sigismund commented Jun 1, 2020

Sorry. You are right.

I re-tested filter and noticed that I used fail2ban-regex --print-all-missed instead of fail2ban-regex --print-all-matched in my first test.

@AysadKozanoglu

This comment has been minimized.

Copy link
Owner Author

@AysadKozanoglu AysadKozanoglu commented Jun 3, 2020

@TheBarret thanks

@AndiSusanto15

This comment has been minimized.

Copy link

@AndiSusanto15 AndiSusanto15 commented Oct 24, 2020

tank you. helpfull...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment