Fail2Ban blocking behaviours depending on the status code

security nginx fail2ban

Solution 1:

You should add a filter in /etc/fail2ban/filter.d/ with a relevant name - e.g. nginx-{403,404}.conf.

They should contain something like the following lines :

nginx-403.conf :

[Definition]
failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*" 403
ignoreregex =

nginx-404.conf :

[Definition]
failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*" 404
ignoreregex =

Then you should call them from your jail.conf or whatsoever your conf file is :

For 403 :

[nginx-403]

enabled = true
port    = http,https
filter  = nginx-403
logpath = /var/log/nginx/access.log
maxretry = 5
findtime = 300

And for 404 :

[nginx-404]

enabled = true
port    = http,https
filter  = nginx-404
logpath = /var/log/nginx/access.log
maxretry = 10
findtime = 300

Related

How can I create persistent SSH connection to "stream" commands over a period of time?
S3 Interfaces for Backup, etc [closed]
"Organizational issues" -- sore spots of IT? [closed]
Why is ALPN not supported by my server?
How can I get an email alert when RAID array is degraded? VMware ESXi 5.0, MegaRAID SAS 9260-4i
Cannot use `systemctl --user` due to "Failed to get D-bus connection: permission denied"
`execute` as vagrant user, not root, with chef-solo?
Cannot get CredSSP authentication to work in PowerShell
Can't get detached screen to resume
Crate a new, read-only user in postgres
First attempt to migrate EC2 MySQL to Amazon RDS no going well - SUPER privileges
EC2 Auto-Scaling with Spot and On-Demand Instances?