Skip to content

Instantly share code, notes, and snippets.

@AysadKozanoglu AysadKozanoglu/jail.conf

Last active Jun 16, 2020
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
fail2ban nginx 404 400 403 444 filter /etc/fail2ban/filter.d/nginx-4xx.conf enable
Raw
jail.conf
# to enable this filter add to jail.conf following (/etc/fail2ban/jail.conf)
# Thanks to -> TheBarret
[nginx-4xx]
enabled = true
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
Raw
nginx.conf
# vim /etc/fail2ban/filter.d/nginx-4xx.conf
[Definition]
failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$
ignoreregex =
@chovy

This comment has been minimized.

Sign in to view
Copy link

chovy commented Feb 25, 2019

How do we enable this?
@TheBarret

This comment has been minimized.

Sign in to view
Copy link

TheBarret commented Sep 14, 2019
edited

How do we enable this?

Add this to your jail.conf
[nginx-4xx]
enabled = true
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
@sigismund

This comment has been minimized.

Sign in to view
Copy link

sigismund commented Jun 1, 2020

Do not use this rule. It's regex is too wide and fail2ban will trigger bans based on non-malicious requests.
@TheBarret

This comment has been minimized.

Sign in to view
Copy link

TheBarret commented Jun 1, 2020

Do not use this rule. It's regex is too wide and fail2ban will trigger bans based on non-malicious requests.

Works fine here tho, no problems so far.
@sigismund

This comment has been minimized.

Sign in to view
Copy link

sigismund commented Jun 1, 2020

Sorry. You are right.

I re-tested filter and noticed that I used fail2ban-regex --print-all-missed instead of fail2ban-regex --print-all-matched in my first test.
@AysadKozanoglu

This comment has been minimized.

Sign in to view
Copy link
Owner Author

AysadKozanoglu commented Jun 3, 2020

@TheBarret thanks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.