29 lines
914 B
Text
29 lines
914 B
Text
# fail2ban filter configuration for nginx forbidden accesses
|
|
#
|
|
# If you have configured nginx to forbid some paths in your webserver, e.g.:
|
|
#
|
|
# location ~ /\. {
|
|
# deny all;
|
|
# }
|
|
#
|
|
# if a client tries to access https://yoursite/.user.ini then you will see
|
|
# in nginx error log:
|
|
#
|
|
# 2018/09/14 19:03:05 [error] 2035#2035: *9134 access forbidden by rule, client: 10.20.30.40, server: www.example.net, request: "GET /.user.ini HTTP/1.1", host: "www.example.net", referrer: "https://www.example.net"
|
|
#
|
|
# By carefully setting this filter we ban every IP that tries too many times to
|
|
# access forbidden resources.
|
|
#
|
|
# Author: Michele Bologna https://www.michelebologna.net/
|
|
|
|
[INCLUDES]
|
|
|
|
before = nginx-error-common.conf
|
|
|
|
[Definition]
|
|
failregex = ^%(__prefix_line)saccess forbidden by rule, client: <HOST>
|
|
ignoreregex =
|
|
|
|
datepattern = {^LN-BEG}
|
|
|
|
journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
|