# Fail2Ban filter to block web requests for stuff that doesn't exist
#
# This is normally a predefined list of exploitable or valuable web services
# that are hidden or aren't actually installed.
#

[INCLUDES]

# overwrite with apache-common.local if _apache_error_client is incorrect.
before = apache-common.conf

[Definition]

failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): <webroot><block>(, referer: \S+)?\s*$

ignoreregex = 


[Init]

# Webroot represents the webroot on which all other files are based
webroot = /var/www/
# Block is the actual non-found directories to block
block = (<webmail>|<phpmyadmin>|<wordpress>)[^,]*

# These are just convient definitions that assist the blocking of stuff that 
# isn't installed
webmail = roundcube|mail|horde|webmail

phpmyadmin = (typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)

wordpress = wp-(login|signup)\.php


# DEV Notes:
#
# Author: Daniel Black