基本上,目前我们的服务器设置得太安全了,fail2ban 会禁止只是浏览网站的用户,即使只是缺少一张图片。
我需要禁用以下哪个 apache 设置来阻止这种情况发生:
[apache]
enabled = true
port = http,https
filter = apache-auth
action = iptables[name=httpd, port=http, protocol=tcp]
sendmail-whois[name=httpd, dest="%(destemail)s", [email protected]]
logpath = /var/log/apache*/*error.log
maxretry = 3
[apache-ssl]
enabled = true
port = http,https
filter = apache-auth
action = iptables[name=httpd, port=https, protocol=tcp]
sendmail-whois[name=httpd, dest="%(destemail)s", [email protected]]
logpath = /var/log/apache*/*error.log
maxretry = 3
[apache-multiport]
enabled = true
port = http,https
filter = apache-auth
action = iptables[name=httpd, port=http, protocol=tcp]
logpath = /var/log/apache*/*error.log
maxretry = 3
[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
action = iptables[name=httpd, port=http, protocol=tcp]
sendmail-whois[name=httpd, dest="%(destemail)s", [email protected]]
logpath = /var/log/apache*/*error.log
maxretry = 20
bantime = 300 #5mins
[apache-noscript-ssl]
enabled = true
port = http,https
filter = apache-noscript
action = iptables[name=httpd, port=https, protocol=tcp]
sendmail-whois[name=httpd, dest="%(destemail)s", [email protected]]
logpath = /var/log/apache*/*error.log
maxretry = 20
bantime = 300 #5mins
[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
action = iptables[name=httpd, port=http, protocol=tcp]
sendmail-whois[name=httpd, dest="%(destemail)s", [email protected]]
logpath = /var/log/apache*/*error.log
maxretry = 3
[apache-overflows-ssl]
enabled = true
port = http,https
filter = apache-overflows
action = iptables[name=httpd, port=https, protocol=tcp]
sendmail-whois[name=httpd, dest="%(destemail)s", [email protected]]
logpath = /var/log/apache*/*error.log
maxretry = 3
答案1
检查 fail2ban 日志以了解禁止用户的原因。