Ping a Specific Port

Question

Axel

Asked: 2019-09-30 22:53:56 +0800 CST2019-09-30 22:53:56 +0800 CST 2019-09-30 22:53:56 +0800 CST

Banning IP on 404 requests using fail2ban not working

772

Server: Ubuntu 16.04/Nginx

Scenario: I'm trying to ban IP's based on multiple 404 requests on my server.

I've created a filter in /etc/fail2ban/filter.d/banbadrequest.conf

[definition]
failregex = ^<HOST> - .* "(GET|POST|HEAD).*HTTP.*" 404 .*$
ignoreregex =.*(robots.txt|favicon.ico|jpg|png)

added a new jail in the location /etc/fail2ban/jail.conf

[banbadrequest]
enabled = true
port = http,https
filter = banbadrequest
logpath = /var/log/nginx/error.log
logpath = /var/log/nginx/access.log
bantime = 3600
findtime = 600
maxretry = 5

But when I restart the fail2ban service, it fails to restart and exits. Can anyone point out what am I doing wrong here?

1 Answers

Voted

Ergec · Answer 1 · 2019-10-01T22:48:55+08:00

Best Answer

Ergec

2019-10-01T22:48:55+08:002019-10-01T22:48:55+08:00

This config does not prevent fail2ban to restart on my server but try these changes. It may help.

Use capital D in [Definition]

Add action to jail

action = iptables-multiport[name=banbadrequests, port="http,https", protocol=tcp]

Use logpath like this

logpath = /var/log/nginx/error.log
          /var/log/nginx/access.log

Add your custom jails in jail.local not jail.conf

Hope it helps

0

Banning IP on 404 requests using fail2ban not working

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?