fail2ban/config/filter.d/apache-modsecurity.conf

# Fail2Ban apache-modsec filter
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# apache-common.local
before = apache-common.conf

[Definition]


failregex = ^%(_apache_error_client)s ModSecurity:  (\[.*?\] )*Access denied with code [45]\d\d.*$

ignoreregex = 

# https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats
# Author: Daniel Black
ENH: apache modsecurity from 0.9 branch 2013-12-28 22:28:11 +00:00			`# Fail2Ban apache-modsec filter`
			`#`

			`[INCLUDES]`

			`# Read common prefixes. If any customizations available -- read them from`
			`# apache-common.local`
			`before = apache-common.conf`

			`[Definition]`


			`failregex = ^%(_apache_error_client)s ModSecurity: (\[.?\] )Access denied with code [45]\d\d.*$`

			`ignoreregex =`

			`# https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats`
			`# Author: Daniel Black`