# Fail2ban filter configuration for nginx :: limit_req # used to ban hosts, that were failed through nginx by limit request processing rate # # Author: Serg G. Brester (sebres) # # To use 'nginx-limit-req' filter you should have `ngx_http_limit_req_module` # and define `limit_req` and `limit_req_zone` as described in nginx documentation # http://nginx.org/en/docs/http/ngx_http_limit_req_module.html # # Example: # # http { # ... # limit_req_zone $binary_remote_addr zone=lr_zone:10m rate=1r/s; # ... # # http, server, or location: # location ... { # limit_req zone=lr_zone burst=1 nodelay; # ... # } # ... # } # ... # [INCLUDES] before = nginx-error-common.conf [Definition] # Specify following expression to define exact zones, if you want to ban IPs limited # from specified zones only. # Example: # # ngx_limit_req_zones = lr_zone|lr_zone2 # ngx_limit_req_zones = [^"]+ # Depending on limit_req_log_level directive (may be: info | notice | warn | error): __err_type = [a-z]+ # Use following full expression if you should range limit request to specified # servers, requests, referrers etc. only : # # failregex = ^%(__prefix_line)slimiting requests, excess: [\d\.]+ by zone "(?:%(ngx_limit_req_zones)s)", client: , server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(, referrer: "\S+")?\s*$ # Shortly, much faster and stable version of regexp: failregex = ^%(__prefix_line)slimiting requests, excess: [\d\.]+ by zone "(?:%(ngx_limit_req_zones)s)", client: , ignoreregex = datepattern = {^LN-BEG} journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx