FAIL2BAN - Filter.d - http-sql-like

From IT-Arts.net


Return to Wiki Index


! Should be customized to your needs !

Filter.d

[Definition]
# http-sql-like.conf
# SQL-like SELECT Statements that could indicate SQL Injection Attempts
# This also tries to capture long SELECT/INSERT/UPDATE queries with SQL injection techniques
           failregex = ^<HOST>.*(select.*from.*|insert.*into.*|update.*set.*|delete.*from.*).*$

ignoreregex =


Jail.conf

[http-sql-like]
enabled  = true
banaction = %(banaction_allports)s
logpath  = /var/log/nginx/*.access.log
maxretry = 1
bantime  = -1
findtime = 3d
backend = polling
Retrieved from "https://it-arts.net/index.php?title=FAIL2BAN_-_Filter.d_-_http-sql-like&oldid=844"