From 6da1248bceaea5aebfd86064677e12e94735d0b3 Mon Sep 17 00:00:00 2001 From: Binhao Qian Date: Thu, 17 Apr 2025 03:36:59 +0800 Subject: [PATCH] add filter to block unintended directory browsing --- config/filter.d/apache-noindex.conf | 19 +++++++++++++++++++ fail2ban/tests/files/logs/apache-noindex | 8 ++++++++ 2 files changed, 27 insertions(+) create mode 100644 config/filter.d/apache-noindex.conf create mode 100644 fail2ban/tests/files/logs/apache-noindex diff --git a/config/filter.d/apache-noindex.conf b/config/filter.d/apache-noindex.conf new file mode 100644 index 00000000..bea26f58 --- /dev/null +++ b/config/filter.d/apache-noindex.conf @@ -0,0 +1,19 @@ +# Fail2Ban filter to block unintended requests for directory browsing +# +# Directory browsing is ontrolled by Indexes Option in apache2. The option +# can by set per directory. This filter helps to block unintended requests. +# for direcotry browsing. + +[INCLUDES] + +# overwrite with apache-common.local if _apache_error_client is incorrect. +before = apache-common.conf + +[Definition] + +failregex = ^%(_apache_error_client)s ((AH01276: )?.*Cannot serve directory .* directory index forbidden by Options directive$|Directory index forbidden by Options directive: .*$) + +ignoreregex = + +# Author: Binhao Qian + diff --git a/fail2ban/tests/files/logs/apache-noindex b/fail2ban/tests/files/logs/apache-noindex new file mode 100644 index 00000000..8087f43a --- /dev/null +++ b/fail2ban/tests/files/logs/apache-noindex @@ -0,0 +1,8 @@ +# Apache 2.2 +# failJSON: { "time": "2025-04-16T16:18:16", "match": true , "host": "13.82.231.149" } +[Sat Apr 16 16:18:16 2025] [error] [client 13.82.231.149] Directory index forbidden by Options directive: /some/path/to/public/wp-includes/ + +# Apache 2.4 +# failJSON: { "time": "2025-04-16T16:18:17", "match": true , "host": "13.82.231.149" } +[Wed Apr 16 16:18:17.927866 2025] [autoindex:error] [pid 27978] [client 13.82.231.149:11585] AH01276: Cannot serve directory /some/path/to/public/wp-includes/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive +