Hello
I got A LOT tentative of connexion on my server (especially on nginx), and and would like to make a rules for fail2ban to ban some ip after a number of tentative.
But i don’t know how to do a rule. I don’t know if i must do a rule on fail2ban or nginx.
for exemaple, i have this kind of request :
2018/07/12 09:00:30 [crit] 1076#1076: *1492 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 217.182.143.96, server: 0.0.0.0:443
2018/07/12 09:00:30 [crit] 1076#1076: *1500 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 217.182.143.96, server: 0.0.0.0:443
2018/07/12 09:00:31 [crit] 1076#1076: *1515 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 217.182.143.96, server: 0.0.0.0:443
2018/07/12 09:00:31 [crit] 1076#1076: *1522 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 217.182.143.96, server: 0.0.0.0:443
217.182.143.96 - - [12/Jul/2018:09:00:34 +0200] “\x15\x03\x02\x00\x02\x01\x00” 400 166 “-” “-”
217.182.143.96 - - [12/Jul/2018:09:00:34 +0200] “\x15\x03\x02\x00\x02\x01\x00” 400 166 “-” “-”
217.182.143.96 - - [12/Jul/2018:09:00:34 +0200] “\x15\x03\x02\x00\x02\x01\x00” 400 166 “-” “-”
217.182.143.96 - - [12/Jul/2018:09:00:34 +0200] “\x15\x03\x02\x00\x02\x01\x00” 400 166 “-” “-”
217.182.143.96 - - [12/Jul/2018:09:00:35 +0200] “\x15\x03\x02\x00\x02\x01\x00” 400 166 “-” “-”
And i would like to ban this guy for some day for example.
What is the way ?