-
-
Save emxsys/6d4fffaa31f92023dc226b1956b8bb89 to your computer and use it in GitHub Desktop.
Simple fail2ban DOS jail
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fail2Ban configuration file | |
| # | |
| # NOTE | |
| # You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives. | |
| # | |
| # Author: http://www.go2linux.org | |
| # Modified by: samnicholls.net | |
| # * Mon 6 Jun 2016 - Updated failregex to capture HOST group correctly | |
| [Definition] | |
| # Option: failregex | |
| # NOTE: The failregex assumes a particular vhost LogFormat: | |
| # LogFormat "%t [%v:%p] [client %h] \"%r\" %>s %b \"%{User-Agent}i\"" | |
| # This is more in-keeping with the error log parser that contains an explicit [client xxx.xxx.xxx.xxx] | |
| # but you could obviously alter this to match your own (or the default LogFormat) | |
| failregex = \[[^]]+\] \[.*\] \[client <HOST>\] "GET .* | |
| # Option: ignoreregex | |
| # Notes.: regex to ignore. If this regex matches, the line is ignored. | |
| # Values: TEXT | |
| ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fail2Ban configuration file | |
| # | |
| # NOTE | |
| # You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives. | |
| # | |
| # Author: http://www.go2linux.org | |
| # Modified by: samnicholls.net | |
| # * Mon 6 Jun 2016 - Updated failregex to capture HOST group correctly | |
| [Definition] | |
| # Option: failregex | |
| # NOTE: The failregex assumes a particular vhost LogFormat: | |
| # LogFormat "%t [%v:%p] [client %h] \"%r\" %>s %b \"%{User-Agent}i\"" | |
| # This is more in-keeping with the error log parser that contains an explicit [client xxx.xxx.xxx.xxx] | |
| # but you could obviously alter this to match your own (or the default LogFormat) | |
| failregex = \[[^]]+\] \[.*\] \[client <HOST>\] "POST .* | |
| # Option: ignoreregex | |
| # Notes.: regex to ignore. If this regex matches, the line is ignored. | |
| # Values: TEXT | |
| ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| # Simple attempt to block very basic DOS attacks over GET | |
| # Tolerate ~3.3 GET/s in 30s (100 GET in less than 30s) | |
| [http-get-dos] | |
| enabled = true | |
| port = http,https | |
| filter = http-get-dos | |
| logpath = /var/log/apache2/custom_access.log | |
| maxRetry = 100 | |
| findtime = 30 | |
| bantime = 6000 | |
| # Simple attempt to block very basic DOS attacks over POST | |
| # Tolerate ~2 POST/s in 30s (60 POST in less than 30s) | |
| [http-post-dos] | |
| enabled = true | |
| port = http,https | |
| filter = http-post-dos | |
| logpath = /var/log/apache2/custom_access.log | |
| maxRetry = 60 | |
| findtime = 29 | |
| bantime = 6000 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment