Difference between revisions of "FAIL2BAN - Filter.d - http-401"

From wiki.1001solutions.net
 
(One intermediate revision by the same user not shown)
Line 6: Line 6:
 
# /etc/fail2ban/filter.d/http-401.conf
 
# /etc/fail2ban/filter.d/http-401.conf
 
#
 
#
# to hunt:
+
# To hunt:
 
#
 
#
 
# 80.214.431.42 - - [14/Oct/2018:21:27:32 +0200] "POST /users/login HTTP/2.0" 401 30 "https://app.buzeo.me/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0" "-"
 
# 80.214.431.42 - - [14/Oct/2018:21:27:32 +0200] "POST /users/login HTTP/2.0" 401 30 "https://app.buzeo.me/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0" "-"
 
 
# Fail2Ban filter for WordPress
 
#
 
  
 
[Definition]
 
[Definition]
Line 24: Line 20:
  
 
  <nowiki>
 
  <nowiki>
[http-403]
+
[http-401]
 
enabled = true
 
enabled = true
 
port = http,https
 
port = http,https

Latest revision as of 04:30, 28 March 2020


Filter.d

# /etc/fail2ban/filter.d/http-401.conf
#
# To hunt:
#
# 80.214.431.42 - - [14/Oct/2018:21:27:32 +0200] "POST /users/login HTTP/2.0" 401 30 "https://app.buzeo.me/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0" "-"

[Definition]
failregex =  <HOST>- - \[.*\] ".*" 401
ignoreregex = 


Jail.conf

[http-401]
enabled = true
port = http,https
logpath = /var/log/nginx/*error*.log
          /var/log/nginx/*access*.log
bantime = 999999999
maxretry = 10
findtime = 600