commit de7a794002b0d6a66e9dc231b550cdfc6f5cba4c
parent 080117c8febb7604b872b7fd92dcee0c02cee598
Author: Kévin Le Gouguec <kevin.legouguec@gmail.com>
Date: Sat, 24 Jul 2021 00:18:37 +0200
Start noting down how to setup nginx
Diffstat:
1 file changed, 34 insertions(+), 0 deletions(-)
diff --git a/guides/cloud/vps.org b/guides/cloud/vps.org
@@ -36,3 +36,37 @@ So instead, I'll
Match User …
PasswordAuthentication yes
#+end_src
+* Web server
+With the following files in =$HOME=:
+#+begin_src conf
+# nginx-botsearch.local
+[Init]
+
+block = \S*(php|wp-|wordpress|jenkins|hudson|sql|boaform)[^,]*
+
+[Definition]
+
+# Change from distro: just remove the leading slash before <block>.
+failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) <block> \S+\" 404 .+$
+ ^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: <HOST>\, server\: \S*\, request: \"(GET|POST|HEAD) \/<block> \S+\"\, .*?$
+
+# jail.local
+[nginx-http-auth]
+enabled = true
+
+[nginx-botsearch]
+enabled = true
+logpath = /var/log/nginx/access.log
+#+end_src
+
+Do:
+#+begin_src sh
+sudo apt install nginx
+sudo cp ~/nginx-botsearch.local /etc/fail2ban/filter.d/
+sudo cp ~/jail.local /etc/fail2ban/
+sudo systemctl restart fail2ban
+#+end_src
+
+Check how these rules fare against real bot searches with
+~fail2ban-regex /var/log/nginx/access.log
+/etc/fail2ban/filter.d/nginx-botsearch.local~.
