fail2ban/config/filter.d/apache-botsearch.conf

40 lines
1.2 KiB
Plaintext
Raw Normal View History

# Fail2Ban filter to match web requests for selected URLs that don't exist
#
# This filter is aimed at blocking specific URLs that don't exist. This
# could be a set of URLs places in a Disallow: directive in robots.txt or
# just some web services that don't exist caused bots are searching for
# exploitable content. This filter is designed to have a low false postitive
# rate due.
#
# An alternative to this is the apache-noscript filter which blocks all
# types of scripts that don't exist.
#
#
# This is normally a predefined list of exploitable or valuable web services
# that are hidden or aren't actually installed.
#
[INCLUDES]
# overwrite with apache-common.local if _apache_error_client is incorrect.
2015-02-03 14:54:05 +00:00
# Load regexes for filtering from botsearch-common.conf
before = apache-common.conf
2015-02-03 14:54:05 +00:00
botsearch-common.conf
[Definition]
failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): <webroot><block>(, referer: \S+)?\s*$
2014-01-09 21:40:24 +00:00
^%(_apache_error_client)s script '<webroot><block>' not found or unable to stat(, referer: \S+)?\s*$
ignoreregex =
[Init]
# Webroot represents the webroot on which all other files are based
webroot = /var/www/
# DEV Notes:
#
# Author: Daniel Black