当前的 fail2ban 版本 0.9.1 没有针对 Tomcat 的预配置过滤器。如果有人需要,这里有一个对我有用的正则表达式。请注意,我的应用程序预计不会出现任何 404 错误。对于更典型的网站,请考虑不使用 failregex 的第一行。
[INCLUDES]
[Definition]
# 1. match on 40x http status code
# 2. URLs should start with a forward slash - (often proxy requests start with http://blahh)
# 3. match on http 1.0 - let's not support it, even for search engines
failregex = <HOST> - - \[.*\] "GET .* HTTP/1.1" 40\d \d+$
<HOST> - - \[.*\] "GET http
<HOST> - - \[.*\] "GET .* HTTP/1.0"
ignoreregex =
答案1
哦,这里是 jail 定义(添加到 jail.local):
[tomcat]
enabled = true
port = http,https
filter = tomcat
logpath = /opt/tomcat8/logs/localhost_access_log.*.txt
maxretry = 1
action = iptables-allports