how to add filter and jail config for fail2ban
Step 1 : add filter
vi /etc/fail2ban/filter.d/nginx-wp-author.conf
add the content like this ( here am blocking (GET /?author= () )
[Definition]
failregex = ^<HOST> .* "(GET|POST).*\/\?author=[0-9]+.*"
ignoreregex =
Step 2 : add jail config for this,
vi /etc/fail2ban/jail.d/nginx-wp-author.conf
then paste the content
[nginx-wp-author]
enabled = true
filter = nginx-wp-author
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 600
bantime = 86400
action = iptables-multiport[name=wp-author, port="http,https", protocol=tcp]
Step 3 : restart Fail2ban service
systemctl restart fail2ban
then check the status of fail2ban service
systemctl status fail2ban
Step 4 : Verify filter (first check its loaded, then verify)
fail2ban-client statusfail2ban-client status nginx-wp-author
0 comments:
Post a Comment