Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Added regex "^.*\[client <HOST>\] ModSecurity:" to /etc/fail2ban/filter.d/apache-modsecurity.conf filters of fail2ban
# Fail2Ban apache-modsec filter
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# apache-common.local
before = apache-common.conf
[Definition]
failregex = ^%(_apache_error_client)s ModSecurity: (\[.*?\] )*Access denied with code [45]\d\d.*$
^.*\[client <HOST>\] ModSecurity:
ignoreregex =
# https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats
# Author: Daniel Black
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment