Created
January 22, 2016 04:13
-
-
Save altan-me/6617c960d0a00c1485c7 to your computer and use it in GitHub Desktop.
fail2ban Config files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[DEFAULT] | |
# "ignoreip" can be an IP address, a CIDR mask or a DNS host | |
ignoreip = 127.0.0.1 | |
bantime = 86400 | |
maxretry = 5 | |
[nginx-auth] | |
enabled = true | |
filter = nginx-auth | |
action = iptables-multiport[name=NoAuthFailures, port="http,https"] | |
logpath = /var/log/nginx/error.log | |
bantime = 600 # 10 minutes | |
maxretry = 6 | |
[nginx-login] | |
enabled = true | |
filter = nginx-login | |
action = iptables-multiport[name=NoLoginFailures, port="http,https"] | |
logpath = /var/log/nginx/access.log | |
bantime = 600 # 10 minutes | |
maxretry = 6 | |
[nginx-badbots] | |
enabled = true | |
filter = apache-badbots | |
action = iptables-multiport[name=BadBots, port="http,https"] | |
logpath = /var/log/nginx/access.log | |
bantime = 86400 # 1 day | |
maxretry = 1 | |
[nginx-noscript] | |
enabled = true | |
action = iptables-multiport[name=NoScript, port="http,https"] | |
filter = nginx-noscript | |
logpath = /var/log/nginx/access.log | |
maxretry = 6 | |
bantime = 86400 # 1 day | |
[nginx-proxy] | |
enabled = true | |
action = iptables-multiport[name=NoProxy, port="http,https"] | |
filter = nginx-proxy | |
logpath = /var/log/nginx/access.log | |
maxretry = 0 | |
bantime = 86400 # 1 day | |
[ssh] | |
enabled = true | |
port = ssh | |
filter = sshd | |
logpath = /var/log/auth.log | |
maxretry = 5 | |
[ssh-ddos] | |
enabled = true | |
port = ssh | |
filter = sshd-ddos | |
logpath = /var/log/auth.log | |
maxretry = 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Auth filter /etc/fail2ban/filter.d/nginx-auth.conf: | |
# | |
# Blocks IPs that fail to authenticate using basic authentication | |
# | |
[Definition] | |
failregex = no user/password was provided for basic authentication.*client: <HOST> | |
user .* was not found in.*client: <HOST> | |
user .* password mismatch.*client: <HOST> | |
ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Login filter /etc/fail2ban/filter.d/nginx-login.conf: | |
# | |
# Blocks IPs that fail to authenticate using web application's log in page | |
# | |
# Scan access log for HTTP 200 + POST /sessions => failed log in | |
[Definition] | |
failregex = ^<HOST> -.*POST /sessions HTTP/1\.." 200 | |
ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Noscript filter /etc/fail2ban/filter.d/nginx-noscript.conf: | |
# | |
# Block IPs trying to execute scripts such as .php, .pl, .exe and other funny scripts. | |
# | |
# Matches e.g. | |
# 192.168.1.1 - - "GET /something.php | |
# | |
[Definition] | |
failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\scgi) | |
ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Proxy filter /etc/fail2ban/filter.d/nginx-proxy.conf: | |
# | |
# Block IPs trying to use server as proxy. | |
# | |
# Matches e.g. | |
# 192.168.1.1 - - "GET http://www.something.com/ | |
# | |
[Definition] | |
failregex = ^<HOST> -.*GET http.* | |
ignoreregex = |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment