Forked from JulienBlancher/filter.d_nginx-auth.conf
Last active
December 5, 2016 19:13
-
-
Save pbredenberg/01ed3fa5fc82ae2ebaa99b699fd162b1 to your computer and use it in GitHub Desktop.
Fail2ban Config with Nginx and SSH
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Auth filter /etc/fail2ban/filter.d/nginx-auth.conf: | |
# | |
# Blocks IPs that makes too much accesses to the server | |
# | |
[Definition] | |
failregex = ^<HOST> -.*"(GET|POST).*HTTP.*" | |
ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Ddos filter /etc/fail2ban/filter.d/nginx-dos.conf: | |
# | |
# Block IPs trying to ddos the server. | |
# | |
# | |
[Definition] | |
failregex = ^<HOST> -.*"(GET|POST).*HTTP.*" | |
ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Login filter /etc/fail2ban/filter.d/nginx-login.conf: | |
# | |
# Blocks IPs that fail to authenticate using web application's log in page | |
# | |
# Scan access log for HTTP 200 + POST /sessions => failed log in | |
# | |
[Definition] | |
failregex = ^<HOST> -.*POST /wp-login.php.* HTTP/1\.." 200 | |
ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Noscript filter /etc/fail2ban/filter.d/nginx-noscript.conf: | |
# | |
# Block IPs trying to execute scripts such as .php, .pl, .exe and other funny scripts. | |
# | |
# Matches e.g. | |
# 192.168.1.1 - - "GET /something.php | |
# | |
[Definition] | |
failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\scgi) | |
ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Proxy filter /etc/fail2ban/filter.d/nginx-proxy.conf: | |
# | |
# Block IPs trying to use server as proxy. | |
# | |
# Matches e.g. | |
# 192.168.1.1 - - "GET http://www.something.com/ | |
# | |
[Definition] | |
failregex = ^<HOST> -.*GET http.* | |
ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ssh] | |
enabled = true | |
port = ssh | |
filter = sshd | |
logpath = /var/log/auth.log | |
[ssh-ddos] | |
enabled = true | |
port = ssh | |
filter = sshd-ddos | |
logpath = /var/log/auth.log | |
# | |
# HTTP servers | |
# | |
[nginx-auth] | |
port = http,https | |
filter = nginx-auth | |
action = iptables-multiport[name=NoAuthFailures] | |
logpath = /var/log/nginx/*error*.log | |
[nginx-login] | |
port = http,https | |
filter = nginx-login | |
action = iptables-multiport[name=NoLoginFailures] | |
logpath = /var/log/nginx/*access*.log | |
[nginx-badbots] | |
port = http,https | |
filter = apache-badbots | |
action = iptables-multiport[name=BadBots] | |
logpath = /var/log/nginx/*access*.log | |
maxretry = 1 | |
[nginx-proxy] | |
port = http,https | |
action = iptables-multiport[name=NoProxy] | |
filter = nginx-proxy | |
logpath = /var/log/nginx/*access*.log | |
maxretry = 0 | |
[nginx-dos] | |
port = http,https | |
filter = nginx-dos | |
logpath = /var/log/nginx/*access*.log | |
findtime = 120 | |
maxretry = 200 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment