Skip to content

Instantly share code, notes, and snippets.

@Padilo300
Created January 30, 2024 13:10
Show Gist options
  • Save Padilo300/35cf7f5af60a769d36fdf36537af0973 to your computer and use it in GitHub Desktop.
Save Padilo300/35cf7f5af60a769d36fdf36537af0973 to your computer and use it in GitHub Desktop.
linux ddos simple protect
#!/bin/bash
apt-get update
a2enmod remoteip
a2enmod ratelimit
apt install fail2ban
touch /etc/fail2ban/jail.local
echo "[http-get-dos]" | tee -a /etc/fail2ban/jail.local
echo "enabled = true" | tee -a /etc/fail2ban/jail.local
echo "port = http,https" | tee -a /etc/fail2ban/jail.local
echo "filter = http-get-dos" | tee -a /etc/fail2ban/jail.local
echo "logpath = /var/log/apache2/*/*/access.log" | tee -a /etc/fail2ban/jail.local
echo "maxretry = 100" | tee -a /etc/fail2ban/jail.local
echo "findtime = 60" | tee -a /etc/fail2ban/jail.local
echo "bantime = 600" | tee -a /etc/fail2ban/jail.local
touch /etc/fail2ban/filter.d/http-get-dos.conf
echo "[Definition]" | tee -a /etc/fail2ban/filter.d/http-get-dos.conf
echo 'failregex = ^<HOST> -.*"(GET|POST).*HTTP.*" 403' | tee -a /etc/fail2ban/filter.d/http-get-dos.conf
echo "ignoreregex =" | tee -a /etc/fail2ban/filter.d/http-get-dos.conf
service fail2ban restart
echo "Базовая настройка завершена!"
echo "добавьте в файлы виртуальных хостов (000-default.conf например и остальные)"
echo "следующую строку:"
echo "RemoteIPHeader CF-Connecting-IP";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment