mirror of https://github.com/fail2ban/fail2ban
35 lines
1.0 KiB
Plaintext
35 lines
1.0 KiB
Plaintext
# fail2ban filter configuration for nginx
|
|
|
|
|
|
[Definition]
|
|
|
|
mode = normal
|
|
|
|
mdre-auth = ^\s*\[error\] \d+#\d+: \*\d+ user "(?:[^"]+|.*?)":? (?:password mismatch|was not found in "[^\"]*"), client: <HOST>, server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(?:, referrer: "\S+")?\s*$
|
|
mdre-fallback = ^\s*\[crit\] \d+#\d+: \*\d+ SSL_do_handshake\(\) failed \(SSL: error:\S+(?: \S+){1,3} too (?:long|short)\)[^,]*, client: <HOST>
|
|
|
|
mdre-normal = %(mdre-auth)s
|
|
mdre-aggressive = %(mdre-auth)s
|
|
%(mdre-fallback)s
|
|
|
|
failregex = <mdre-<mode>>
|
|
|
|
ignoreregex =
|
|
|
|
datepattern = {^LN-BEG}
|
|
|
|
journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
|
|
|
|
# DEV NOTES:
|
|
# mdre-auth:
|
|
# Based on samples in https://github.com/fail2ban/fail2ban/pull/43/files
|
|
# Extensive search of all nginx auth failures not done yet.
|
|
#
|
|
# Author: Daniel Black
|
|
|
|
# mdre-fallback:
|
|
# Ban people checking for TLS_FALLBACK_SCSV repeatedly
|
|
# https://stackoverflow.com/questions/28010492/nginx-critical-error-with-ssl-handshaking/28010608#28010608
|
|
# Author: Stephan Orlowsky
|
|
|