From 8e5366a7e9bba1ff013f88b89fd84882b975b814 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 10 Jan 2014 07:34:01 +1100 Subject: [PATCH] DOC: for apache-botsearch and apache-botsearch --- config/filter.d/apache-botsearch.conf | 12 +++++++++++- config/filter.d/apache-noscript.conf | 8 ++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/config/filter.d/apache-botsearch.conf b/config/filter.d/apache-botsearch.conf index 95df97ca..3f887dc5 100644 --- a/config/filter.d/apache-botsearch.conf +++ b/config/filter.d/apache-botsearch.conf @@ -1,4 +1,14 @@ -# Fail2Ban filter to block web requests for stuff that doesn't exist +# Fail2Ban filter to match web requests for selected URLs that don't exist +# +# This filter is aimed at blocking specific URLs that don't exist. This +# could be a set of URLs places in a Disallow: directive in robots.txt or +# just some web services that don't exist caused bots are searching for +# exploitable content. This filter is designed to have a low false postitive +# rate due. +# +# An alternative to this is the apache-noscript filter which blocks all +# types of scripts that don't exist. +# # # This is normally a predefined list of exploitable or valuable web services # that are hidden or aren't actually installed. diff --git a/config/filter.d/apache-noscript.conf b/config/filter.d/apache-noscript.conf index 9a591ca3..d0f130f6 100644 --- a/config/filter.d/apache-noscript.conf +++ b/config/filter.d/apache-noscript.conf @@ -1,5 +1,13 @@ # Fail2Ban filter to block web requests for scripts (on non scripted websites) # +# This matches many types of scripts that don't exist. This could generate a +# lot of false positive matches in cases like wikis and forums where users +# no affiliated with the website can insert links to missing files/scripts into +# pages and cause non-malicious browsers of the site to trigger against this +# filter. +# +# If you'd like to match specific URLs that don't exist see the +# apache-botsearch filter. # [INCLUDES]