-
-
Save PacodiazDG/67237e32c5d27edcc342e85f3333046a to your computer and use it in GitHub Desktop.
Revisions
-
SamStudio8 created this gist
Jun 7, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,22 @@ # Fail2Ban configuration file # # NOTE # You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives. # # Author: http://www.go2linux.org # Modified by: samnicholls.net # * Mon 6 Jun 2016 - Updated failregex to capture HOST group correctly [Definition] # Option: failregex # NOTE: The failregex assumes a particular vhost LogFormat: # LogFormat "%t [%v:%p] [client %h] \"%r\" %>s %b \"%{User-Agent}i\"" # This is more in-keeping with the error log parser that contains an explicit [client xxx.xxx.xxx.xxx] # but you could obviously alter this to match your own (or the default LogFormat) failregex = \[[^]]+\] \[.*\] \[client <HOST>\] "GET .* # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT ignoreregex = This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,22 @@ # Fail2Ban configuration file # # NOTE # You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives. # # Author: http://www.go2linux.org # Modified by: samnicholls.net # * Mon 6 Jun 2016 - Updated failregex to capture HOST group correctly [Definition] # Option: failregex # NOTE: The failregex assumes a particular vhost LogFormat: # LogFormat "%t [%v:%p] [client %h] \"%r\" %>s %b \"%{User-Agent}i\"" # This is more in-keeping with the error log parser that contains an explicit [client xxx.xxx.xxx.xxx] # but you could obviously alter this to match your own (or the default LogFormat) failregex = \[[^]]+\] \[.*\] \[client <HOST>\] "POST .* # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT ignoreregex = This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,23 @@ ... # Simple attempt to block very basic DOS attacks over GET # Tolerate ~3.3 GET/s in 30s (100 GET in less than 30s) [http-get-dos] enabled = true port = http,https filter = http-get-dos logpath = /var/log/apache2/custom_access.log maxRetry = 100 findtime = 30 bantime = 6000 # Simple attempt to block very basic DOS attacks over POST # Tolerate ~2 POST/s in 30s (60 POST in less than 30s) [http-post-dos] enabled = true port = http,https filter = http-post-dos logpath = /var/log/apache2/custom_access.log maxRetry = 60 findtime = 29 bantime = 6000