# Fail2Ban filter to match web requests for selected URLs that don't exist # # This filter is aimed at blocking specific URLs that don't exist. This # could be a set of URLs places in a Disallow: directive in robots.txt or # just some web services that don't exist caused bots are searching for # exploitable content. This filter is designed to have a low false postitive # rate due. # # An alternative to this is the apache-noscript filter which blocks all # types of scripts that don't exist. # # # This is normally a predefined list of exploitable or valuable web services # that are hidden or aren't actually installed. # [INCLUDES] # overwrite with apache-common.local if _apache_error_client is incorrect. before = apache-common.conf [Definition] failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): (, referer: \S+)?\s*$ ^%(_apache_error_client)s script '' not found or unable to stat(, referer: \S+)?\s*$ ignoreregex = [Init] # Webroot represents the webroot on which all other files are based webroot = /var/www/ # Block is the actual non-found directories to block block = (||)[^,]* # These are just convient definitions that assist the blocking of stuff that # isn't installed webmail = roundcube|(ext)?mail|horde|(v-?)?webmail phpmyadmin = (typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin) wordpress = wp-(login|signup)\.php # DEV Notes: # # Author: Daniel Black