FAIL2BAN - Filter.d - http-lfi
From IT-Arts.net
! Should be customized to your needs !
Filter.d
[Definition]
# http-lfi.conf
# Local File Inclusion (LFI)
# Matches patterns that indicate an attempt to include local files (e.g. ../../etc/passwd)
failregex = ^<HOST>.*(\.\./|\.\.\\).*\/etc\/passwd.*$
Jail.conf
[http-lfi] enabled = true banaction = %(banaction_allports)s logpath = /var/log/nginx/*.access.log maxretry = 1 bantime = -1 findtime = 3d backend = polling
