2015-10-29 22:15:20 +00:00
|
|
|
# Fail2ban filter configuration for nginx :: limit_req
|
|
|
|
# used to ban hosts, that were failed through nginx by limit request processing rate
|
|
|
|
#
|
|
|
|
# Author: Serg G. Brester (sebres)
|
|
|
|
#
|
|
|
|
# To use 'nginx-limit-req' filter you should have `ngx_http_limit_req_module`
|
|
|
|
# and define `limit_req` and `limit_req_zone` as described in nginx documentation
|
|
|
|
# http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
|
|
|
|
#
|
|
|
|
# Example:
|
|
|
|
#
|
|
|
|
# http {
|
|
|
|
# ...
|
|
|
|
# limit_req_zone $binary_remote_addr zone=lr_zone:10m rate=1r/s;
|
|
|
|
# ...
|
|
|
|
# # http, server, or location:
|
|
|
|
# location ... {
|
|
|
|
# limit_req zone=lr_zone burst=1 nodelay;
|
|
|
|
# ...
|
|
|
|
# }
|
|
|
|
# ...
|
|
|
|
# }
|
|
|
|
# ...
|
|
|
|
#
|
|
|
|
|
|
|
|
[Definition]
|
|
|
|
|
|
|
|
# Specify following expression to define exact zones, if you want to ban IPs limited
|
|
|
|
# from specified zones only.
|
|
|
|
# Example:
|
|
|
|
#
|
|
|
|
# ngx_limit_req_zones = lr_zone|lr_zone2
|
|
|
|
#
|
|
|
|
ngx_limit_req_zones = [^"]+
|
|
|
|
|
2015-10-29 22:55:23 +00:00
|
|
|
# Use following full expression if you should range limit request to specified
|
|
|
|
# servers, requests, referrers etc. only :
|
|
|
|
#
|
2017-11-26 21:29:52 +00:00
|
|
|
# failregex = ^\s*\[[a-z]+\] \d+#\d+: \*\d+ limiting requests, excess: [\d\.]+ by zone "(?:%(ngx_limit_req_zones)s)", client: <HOST>, server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(, referrer: "\S+")?\s*$
|
2015-10-29 22:55:23 +00:00
|
|
|
|
|
|
|
# Shortly, much faster and stable version of regexp:
|
2017-11-26 21:29:52 +00:00
|
|
|
failregex = ^\s*\[[a-z]+\] \d+#\d+: \*\d+ limiting requests, excess: [\d\.]+ by zone "(?:%(ngx_limit_req_zones)s)", client: <HOST>,
|
2015-10-29 22:15:20 +00:00
|
|
|
|
|
|
|
ignoreregex =
|
|
|
|
|
2016-10-05 17:34:21 +00:00
|
|
|
datepattern = {^LN-BEG}
|
2021-02-12 08:29:03 +00:00
|
|
|
|
|
|
|
journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
|
|
|
|
|