Difference between revisions of "FAIL2BAN - Filter.d - http-401"
From wiki.1001solutions.net
(One intermediate revision by the same user not shown) | |||
Line 6: | Line 6: | ||
# /etc/fail2ban/filter.d/http-401.conf | # /etc/fail2ban/filter.d/http-401.conf | ||
# | # | ||
− | # | + | # To hunt: |
# | # | ||
# 80.214.431.42 - - [14/Oct/2018:21:27:32 +0200] "POST /users/login HTTP/2.0" 401 30 "https://app.buzeo.me/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0" "-" | # 80.214.431.42 - - [14/Oct/2018:21:27:32 +0200] "POST /users/login HTTP/2.0" 401 30 "https://app.buzeo.me/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0" "-" | ||
− | |||
− | |||
− | |||
− | |||
[Definition] | [Definition] | ||
Line 24: | Line 20: | ||
<nowiki> | <nowiki> | ||
− | [http- | + | [http-401] |
enabled = true | enabled = true | ||
port = http,https | port = http,https |
Latest revision as of 04:30, 28 March 2020
Filter.d
# /etc/fail2ban/filter.d/http-401.conf # # To hunt: # # 80.214.431.42 - - [14/Oct/2018:21:27:32 +0200] "POST /users/login HTTP/2.0" 401 30 "https://app.buzeo.me/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0" "-" [Definition] failregex = <HOST>- - \[.*\] ".*" 401 ignoreregex =
Jail.conf
[http-401] enabled = true port = http,https logpath = /var/log/nginx/*error*.log /var/log/nginx/*access*.log bantime = 999999999 maxretry = 10 findtime = 600