github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: apache modsecurity from 0.9 branch

pull/532/head
Daniel Black 2013-12-28 22:28:11 +00:00
parent 6666f41ee6
commit c074773805
3 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -46,6 +46,7 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
Daniel Black Daniel Black
* filter.d/solid-pop3d -- added thanks to Jacques Lav!gnotte on mailinglist. * filter.d/solid-pop3d -- added thanks to Jacques Lav!gnotte on mailinglist.
* Add filter for apache-modsecurity
Bas van den Dikkenberg & Steven Hiscocks Bas van den Dikkenberg & Steven Hiscocks
* filter.d/nsd.conf -- also amended Unix date template to match nsd format * filter.d/nsd.conf -- also amended Unix date template to match nsd format

18
config/filter.d/apache-modsecurity.conf Normal file
View File

@ -0,0 +1,18 @@
# Fail2Ban apache-modsec filter
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# apache-common.local
before = apache-common.conf
[Definition]
failregex = ^%(_apache_error_client)s ModSecurity: (\[.*?\] )*Access denied with code [45]\d\d.*$
ignoreregex =
# https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats
# Author: Daniel Black

11
config/jail.conf
View File

@ -187,6 +187,17 @@ logpath = /var/log/apache*/*error.log
maxretry = 6 maxretry = 6
[apache-modsecurity]
enabled = false
filter = apache-modsecurity
action = iptables-multiport[name=apache-modsecurity,port="80,443"]
logpath = /var/log/apache*/*error.log
/home/www/myhomepage/error.log
maxretry = 2
[nginx-http-auth]
[nginx-http-auth] [nginx-http-auth]
enabled = false enabled = false