yprez/nginx.conf

Forked from AysadKozanoglu/jail.conf

Created March 27, 2017 18:39

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/yprez/af39209a4a3638ae0bad166529fbccb4.js"></script>
Save yprez/af39209a4a3638ae0bad166529fbccb4 to your computer and use it in GitHub Desktop.

Download ZIP

fail2ban nginx 404 400 403 444 filter /etc/fail2ban/filter.d/nginx-4xx.conf

Raw

	# nano /etc/fail2ban/filter.d/nginx-4xx.conf
	#

	[Definition]
	failregex = ^<HOST>."(GET\|POST)." (404\|444\|403\|400) .*$
	ignoreregex =

beatquantum commented Apr 27, 2022

As some scanners use HTTP HEAD, I prefer to use the following instead:

failregex = ^."(GET|POST|HEAD)." (404|444|403|400) .*$

However, I noticed that this rule does not work on nginx HTTP 400 errors when the access.log file does not capture the source IP. Another one to investigate, I guess.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment