FAIL2BAN - Filter.d - http-ddos

From wiki.1001solutions.net



Filter.d

# /etc/fail2ban/filter.d/http-ddos.conf
# Any http request match this definition

[Definition] 
failregex = ^<HOST> -.*"(GET|POST).*
ignoreregex =


Jail.conf

[http-ddos]
enabled = true
port = http,https
filter = http-ddos
#logpath = /var/log/apache2/*access.log
logpath = /var/log/nginx/*access.log
bantime = 9999999999
# ! be careful there !
maxretry = 300
findtime = 300
#ignoreip = W.X.Y.Z