FAIL2BAN - Filter.d - http-command-inj

From IT-Arts.net


Return to Wiki Index


! Should be customized to your needs !

Filter.d

[Definition]
# http-command-inj.conf
# Command Injection
# Matches typical command injection patterns like 'cat /etc/passwd', or 'ls; rm -rf'
           failregex = ^<HOST>.*(cat.*\/etc\/passwd|ls;.*rm.*-rf|\/bin\/bash).*$

ignoreregex =


Jail.conf

[http-command-inj]
enabled  = true
banaction = %(banaction_allports)s
logpath  = /var/log/nginx/*.access.log
maxretry = 1
bantime  = -1
findtime = 3d
backend = polling
Retrieved from "https://it-arts.net/index.php?title=FAIL2BAN_-_Filter.d_-_http-command-inj&oldid=808"