Hi,
I’ve found a lot of “attempts using mod proxy” in my logwatch.
So I tried to search and find this :
http://www.fail2ban.org/wiki/index.php/HOWTO_apache_proxy_filter
First, I’ve create a apache-proxy.conf file :
nano /etc/fail2ban/filter.d/apache-proxy.conf
with :
# Fail2Ban configuration file
#
# Author: James Roe
# Use in apache access logs
[Definition]
# Matches lines such as:
# 192.168.1.1 - - "GET http://www.infodownload.info/proxyheader.php ...
failregex = ^(?:(?![0-9\.]* - - \[.*\] "([A-Z]* /.* HTTP/1\.[0-9]|-)")<HOST>)
ignoreregex =
Then, I’ve edit the jail.conf file here :
nano /etc/fail2ban/jail.conf
with :
[apache-proxy]
enable = true
port = http,https
filter = apache-proxy
logpath = /var/log/nginx/access.log
maxretry = 0
findtime = 604800
bantime = 604800
Finally, I’ve reload the fail2ban and nginx services :
service fail2ban reload
service nginx reload
It seems to do the work : about 8 attempts banned.
My question is : as I am a newbie, are these commands goods ?
I think it could be better if the name’s rule was nginx-proxy.conf, [nginx-proxy] and filter = nginx-proxy
I’m french so sorry for my english.
@ + !