Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
fail2ban mod_antiloris failregex
jail.conf:
[apache-antiloris]
enabled = true
filter = antiloris
action = iptables-multiport[name=apache-antiloris,port="80,443"]
logpath = /var/log/httpd/error_log
filter.d/antiloris.conf:
[Definition]
# Option: failregex
# Notes.: regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P[\w\-.^_]+)
# Values: TEXT
#
failregex = Rejected, too many connections in READ state from <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.