FAIL2BAN - Filter.d - http-crlf
From IT-Arts.net
! Should be customized to your needs !
Filter.d
[Definition]
# http-crlf.conf
# HTTP Response Splitting (CRLF Injection)
# Matches attempts to inject headers or CRLF sequences into the response
failregex = ^<HOST>.*(\r\n|\n\r|\r|\n).*Host:.*$
ignoreregex =
Jail.conf
[http-crlf] enabled = true banaction = %(banaction_allports)s logpath = /var/log/nginx/*.access.log maxretry = 1 bantime = -1 findtime = 3d backend = polling
