FAIL2BAN - Filter.d - http-suspicious

From IT-Arts.net


Return to Wiki Index


! Should be customized to your needs !

Filter.d

[Definition]
# http-suspicious.conf
# General Suspicious URL Patterns (including bad characters like `\`, `;`, `&`, etc.)
           failregex = ^<HOST>.*(\/\.\.\/|\.\.\/|\.\.\\|\\|%%3b|%%26|%%2f|%%2e%%2e).*$

ignoreregex =


Jail.conf

[http-suspicious]
enabled  = true
banaction = %(banaction_allports)s
logpath  = /var/log/nginx/*.access.log
maxretry = 1
bantime  = -1
findtime = 3d
backend = polling
Retrieved from "https://it-arts.net/index.php?title=FAIL2BAN_-_Filter.d_-_http-suspicious&oldid=809"