# Fail2Ban filter to block web requests for scripts (on non scripted websites) # # This matches many types of scripts that don't exist. This could generate a # lot of false positive matches in cases like wikis and forums where users # no affiliated with the website can insert links to missing files/scripts into # pages and cause non-malicious browsers of the site to trigger against this # filter. # # If you'd like to match specific URLs that don't exist see the # apache-botsearch filter. # [INCLUDES] # overwrite with apache-common.local if _apache_error_client is incorrect. before = apache-common.conf [Definition] script = /\S*(?:php(?:[45]|[.-]cgi)?|\.asp|\.exe|\.pl) prefregex = ^%(_apache_error_client)s (?:(?:AH0(?:01(?:28|30)|1(?:264|071)): )|(?:(?:[Ff]ile|script|[Gg]ot) )).+$ failregex = ^(?:(?:AH001(?:28|30): )?[Ff]ile does not exist|(AH01264: )?script not found or unable to stat):