diff --git a/debian/resources/fail2ban/jail.package b/debian/resources/fail2ban/jail.package index 393304d..f3425b1 100644 --- a/debian/resources/fail2ban/jail.package +++ b/debian/resources/fail2ban/jail.package @@ -55,3 +55,24 @@ action = iptables-allports[name=fusionpbx, protocol=all] maxretry = 5 findtime = 600 bantime = 600 + +[nginx-404] +enabled = true +port = http,https +filter = nginx-404 +logpath = /var/log/nginx/access*.log +bantime = 600 +findtime = 600 +maxretry = 10 + +[nginx-dos] +# Based on apache-badbots but a simple IP check (any IP requesting more than +# 240 pages in 60 seconds, or 4p/s average, is suspicious) +# Block for two full days. +enabled = true +port = http +filter = nginx-dos +logpath = /var/log/nginx/access*.log +findtime = 60 +bantime = 172800 +maxretry = 240 \ No newline at end of file diff --git a/debian/resources/fail2ban/jail.source b/debian/resources/fail2ban/jail.source index 697cfd0..d307eb3 100644 --- a/debian/resources/fail2ban/jail.source +++ b/debian/resources/fail2ban/jail.source @@ -55,3 +55,22 @@ action = iptables-allports[name=fusionpbx, protocol=all] maxretry = 5 findtime = 600 bantime = 600 + +[nginx-404] +enabled = true +port = http,https +filter = nginx-404 +logpath = /var/log/nginx/access*.log +bantime = 600 +findtime = 600 +maxretry = 10 + +[nginx-dos] +# Based on apache-badbots +enabled = true +port = http +filter = nginx-dos +logpath = /var/log/nginx/access*.log +findtime = 60 +bantime = 172800 +maxretry = 240 diff --git a/debian/resources/fail2ban/nginx-404.conf b/debian/resources/fail2ban/nginx-404.conf new file mode 100644 index 0000000..bf25532 --- /dev/null +++ b/debian/resources/fail2ban/nginx-404.conf @@ -0,0 +1,5 @@ +# Fail2Ban configuration file +# +[Definition] +failregex = - - \[.*\] "(GET|POST).*HTTP.* 404 +ignoreregex = \ No newline at end of file diff --git a/debian/resources/fail2ban/nginx-dos.conf b/debian/resources/fail2ban/nginx-dos.conf new file mode 100644 index 0000000..6e2cd23 --- /dev/null +++ b/debian/resources/fail2ban/nginx-dos.conf @@ -0,0 +1,14 @@ +# Fail2Ban configuration file + +[Definition] +# Option: failregex +# Notes.: Regexp to catch a generic call from an IP address. +# Values: TEXT +# +failregex = ^ -.*"(GET|POST).*HTTP.*"$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex =