mirror of https://github.com/fail2ban/fail2ban
Merge pull request #2226 from mbologna/nginx-forbidden
Feat: ban nginx forbidden accessespull/3435/merge
Sergey G. Brester
GitHub
commit
a9b30eb86e
|
|
@ -19,6 +19,7 @@ ver. 1.0.3-dev-1 (20??/??/??) - development nightly edition
|
||||||
(value read from `/proc/sys/net/ipv6/conf/all/disable_ipv6`) if available, otherwise seeks over local IPv6 from network interfaces
|
(value read from `/proc/sys/net/ipv6/conf/all/disable_ipv6`) if available, otherwise seeks over local IPv6 from network interfaces
|
||||||
if available for platform and uses DNS to find local IPv6 as a fallback only
|
if available for platform and uses DNS to find local IPv6 as a fallback only
|
||||||
* improve `ignoreself` by considering all local addresses from network interfaces additionally to IPs from hostnames (gh-3132)
|
* improve `ignoreself` by considering all local addresses from network interfaces additionally to IPs from hostnames (gh-3132)
|
||||||
|
* `filter.d/nginx-forbidden.conf` - new filter to ban forbidden locations, e. g. using `deny` directive (gh-2226)
|
||||||
|
|
||||||
|
|
||||||
ver. 1.0.2 (2022/11/09) - finally-war-game-test-tape-not-a-nuclear-alarm
|
ver. 1.0.2 (2022/11/09) - finally-war-game-test-tape-not-a-nuclear-alarm
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,25 @@
|
||||||
|
# fail2ban filter configuration for nginx forbidden accesses
|
||||||
|
#
|
||||||
|
# If you have configured nginx to forbid some paths in your webserver, e.g.:
|
||||||
|
#
|
||||||
|
# location ~ /\. {
|
||||||
|
# deny all;
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# if a client tries to access https://yoursite/.user.ini then you will see
|
||||||
|
# in nginx error log:
|
||||||
|
#
|
||||||
|
# 2018/09/14 19:03:05 [error] 2035#2035: *9134 access forbidden by rule, client: 10.20.30.40, server: www.example.net, request: "GET /.user.ini HTTP/1.1", host: "www.example.net", referrer: "https://www.example.net"
|
||||||
|
#
|
||||||
|
# By carefully setting this filter we ban every IP that tries too many times to
|
||||||
|
# access forbidden resources.
|
||||||
|
#
|
||||||
|
# Author: Michele Bologna https://www.michelebologna.net/
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
failregex = \[error\] \d+#\d+: \*\d+ access forbidden by rule, client: <HOST>
|
||||||
|
ignoreregex =
|
||||||
|
|
||||||
|
datepattern = {^LN-BEG}
|
||||||
|
|
||||||
|
journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
|
||||||
|
|
@ -395,6 +395,10 @@ logpath = %(nginx_error_log)s
|
||||||
port = http,https
|
port = http,https
|
||||||
logpath = %(nginx_access_log)s
|
logpath = %(nginx_access_log)s
|
||||||
|
|
||||||
|
[nginx-forbidden]
|
||||||
|
port = http,https
|
||||||
|
logpath = %(nginx_error_log)s
|
||||||
|
|
||||||
# Ban attackers that try to use PHP's URL-fopen() functionality
|
# Ban attackers that try to use PHP's URL-fopen() functionality
|
||||||
# through GET/POST variables. - Experimental, with more than a year
|
# through GET/POST variables. - Experimental, with more than a year
|
||||||
# of usage in production environments.
|
# of usage in production environments.
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
# failJSON: { "time": "2018-09-14T19:03:05", "match": true , "host": "12.34.56.78" }
|
||||||
|
2018/09/14 19:03:05 [error] 2035#2035: *9134 access forbidden by rule, client: 12.34.56.78, server: www.example.net, request: "GET /wp-content/themes/evolve/js/back-end/libraries/fileuploader/upload_handler.php HTTP/1.1", host: "www.example.net", referrer: "http://example.net/foo.php"
|
||||||
|
|
||||||
|
# failJSON: { "time": "2018-09-13T15:42:05", "match": true , "host": "12.34.56.78" }
|
||||||
|
2018/09/13 15:42:05 [error] 2035#2035: *287 access forbidden by rule, client: 12.34.56.78, server: www.example.com, request: "GET /wp-config.php~ HTTP/1.1", host: "www.example.com"
|
||||||
Loading…
Reference in New Issue