mirror of https://github.com/fail2ban/fail2ban
44 lines
1.2 KiB
Plaintext
44 lines
1.2 KiB
Plaintext
# fail2ban filter configuration for nginx
|
|
|
|
[INCLUDES]
|
|
|
|
before = nginx-error-common.conf
|
|
|
|
[Definition]
|
|
|
|
mode = normal
|
|
|
|
__err_type = <_ertp-<mode>>
|
|
|
|
_ertp-auth = error
|
|
mdre-auth = ^%(__prefix_line)suser "(?:[^"]+|.*?)":? (?:password mismatch|was not found in "[^\"]*"), client: <HOST>, server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(?:, referrer: "\S+")?\s*$
|
|
_ertp-fallback = crit
|
|
mdre-fallback = ^%(__prefix_line)sSSL_do_handshake\(\) failed \(SSL: error:\S+(?: \S+){1,3} too (?:long|short)\)[^,]*, client: <HOST>
|
|
|
|
_ertp-normal = %(_ertp-auth)s
|
|
mdre-normal = %(mdre-auth)s
|
|
_ertp-aggressive = (?:%(_ertp-auth)s|%(_ertp-fallback)s)
|
|
mdre-aggressive = %(mdre-auth)s
|
|
%(mdre-fallback)s
|
|
|
|
failregex = <mdre-<mode>>
|
|
|
|
ignoreregex =
|
|
|
|
datepattern = {^LN-BEG}
|
|
|
|
journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
|
|
|
|
# DEV NOTES:
|
|
# mdre-auth:
|
|
# Based on samples in https://github.com/fail2ban/fail2ban/pull/43/files
|
|
# Extensive search of all nginx auth failures not done yet.
|
|
#
|
|
# Author: Daniel Black
|
|
|
|
# mdre-fallback:
|
|
# Ban people checking for TLS_FALLBACK_SCSV repeatedly
|
|
# https://stackoverflow.com/questions/28010492/nginx-critical-error-with-ssl-handshaking/28010608#28010608
|
|
# Author: Stephan Orlowsky
|
|
|