github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Feat: ban nginx forbidden accesses 

If you have configured nginx to forbid some paths in your webserver, e.g.:

    location ~ /\. {
      deny all;
    }

if a client tries to access https://yoursite/.user.ini then you will see
in nginx error log:

    2018/09/14 19:03:05 [error] 2035#2035: *9134 access forbidden by rule, client: 10.20.30.40, server: www.example.net, request: "GET /.user.ini HTTP/1.1", host: "www.example.net", referrer: "https://www.example.net"

By carefully setting this filter we ban every IP that tries too many times to
access forbidden resources.

Author: Michele Bologna https://www.michelebologna.net/
pull/2226/head
Michele Bologna 2018-09-14 22:12:52 +02:00
parent 8a0c06ba9e
commit 1fb7ffe759
2 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
config/filter.d/nginx-forbidden.conf Normal file
View File

@ -0,0 +1,21 @@
# fail2ban filter configuration for nginx forbidden accesses
#
# If you have configured nginx to forbid some paths in your webserver, e.g.:
#
# location ~ /\. {
# deny all;
# }
#
# if a client tries to access https://yoursite/.user.ini then you will see
# in nginx error log:
#
# 2018/09/14 19:03:05 [error] 2035#2035: *9134 access forbidden by rule, client: 10.20.30.40, server: www.example.net, request: "GET /.user.ini HTTP/1.1", host: "www.example.net", referrer: "https://www.example.net"
#
# By carefully setting this filter we ban every IP that tries too many times to
# access forbidden resources.
#
# Author: Michele Bologna https://www.michelebologna.net/
[Definition]
failregex = \[error\] \d+#\d+: \*\d+ access forbidden by rule, client: <HOST>
ignoreregex =

5
fail2ban/tests/files/logs/nginx-forbidden Normal file
View File

@ -0,0 +1,5 @@
# failJSON: { "time": "2018-09-14T19:03:05", "match": true , "host": "12.34.56.78" }
2018/09/14 19:03:05 [error] 2035#2035: *9134 access forbidden by rule, client: 12.34.56.78, server: www.example.net, request: "GET /wp-content/themes/evolve/js/back-end/libraries/fileuploader/upload_handler.php HTTP/1.1", host: "www.example.net", referrer: "http://example.net/foo.php"
# failJSON: { "time": "2018-09-13T15:42:05", "match": true , "host": "12.34.56.78" }
2018/09/13 15:42:05 [error] 2035#2035: *287 access forbidden by rule, client: 12.34.56.78, server: www.example.com, request: "GET /wp-config.php~ HTTP/1.1", host: "www.example.com"