Skip to content

Instantly share code, notes, and snippets.

@stephanethomas
Created April 27, 2012 08:45
Show Gist options
  • Save stephanethomas/2507550 to your computer and use it in GitHub Desktop.
Save stephanethomas/2507550 to your computer and use it in GitHub Desktop.
Fail2ban Denial Of Service Filter
# Fail2Ban configuration file
#
# 93.114.132.34 - - [27/Apr/2012:09:50:55 +0200] "GET / HTTP/1.1" 200 3241 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
# sd-31638.dedibox.fr:80 193.33.237.205 - - [26/Apr/2012:13:27:46 +0200] "GET /db/main.php HTTP/1.0" 403 249 "-" "-"
#
[Definition]
# Option: failregex
# Notes.: regex to match any GET entry in the logfile, so basically all valid
# and not valid entries are a match. You should setup the maxretry and
# findtime carefully in order to avoid false positives.
# Values: TEXT
#
failregex = ^(?:[a-zA-Z0-9.-]+:\d+ )?<HOST> .*\"GET
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment