diff options
Diffstat (limited to 'guides')
| -rw-r--r-- | guides/cloud/vps.org | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/guides/cloud/vps.org b/guides/cloud/vps.org index c5f5f92..b649fa8 100644 --- a/guides/cloud/vps.org +++ b/guides/cloud/vps.org @@ -36,3 +36,37 @@ So instead, I'll Match User … PasswordAuthentication yes #+end_src +* Web server +With the following files in =$HOME=: +#+begin_src conf +# nginx-botsearch.local +[Init] + +block = \S*(php|wp-|wordpress|jenkins|hudson|sql|boaform)[^,]* + +[Definition] + +# Change from distro: just remove the leading slash before <block>. +failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) <block> \S+\" 404 .+$ + ^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: <HOST>\, server\: \S*\, request: \"(GET|POST|HEAD) \/<block> \S+\"\, .*?$ + +# jail.local +[nginx-http-auth] +enabled = true + +[nginx-botsearch] +enabled = true +logpath = /var/log/nginx/access.log +#+end_src + +Do: +#+begin_src sh +sudo apt install nginx +sudo cp ~/nginx-botsearch.local /etc/fail2ban/filter.d/ +sudo cp ~/jail.local /etc/fail2ban/ +sudo systemctl restart fail2ban +#+end_src + +Check how these rules fare against real bot searches with +~fail2ban-regex /var/log/nginx/access.log +/etc/fail2ban/filter.d/nginx-botsearch.local~. |