我希望 fail2ban 能够阻止这些行并阻止其中包含的示例 IP 地址:
[Tue Dec 08 12:17:13.622175 2015] [:error] [pid 30390] [client 62.210.88.201:38139] script '/var/www/html/httptest.php' not found or unable to stat
[Tue Dec 08 13:22:25.363614 2015] [:error] [pid 30386] [client 62.210.88.201:54141] script '/var/www/html/httptest.php' not found or unable to stat
[Tue Dec 08 14:36:01.790899 2015] [:error] [pid 28831] [client 62.210.88.201:42431] script '/var/www/html/httptest.php' not found or unable to stat
Fail2ban 已成功配置为保护此机器上的其他服务,但我似乎无法让它在这些线路上运行。
[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 2
是否仅仅因为“port = http,https”并且应该是“ports = all”?
相关过滤器“apache-noscript.conf”按如下方式修改。
^%(_apache_error_client)s script '/\S*httptest\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$
答案1
不,这port部分不是问题。port用于定义在正则表达式规则匹配后,禁令适用于哪个端口。
我猜你的正则表达式没有正常工作。你可以使用fail2ban-regex命令来查看它是否真的有效,并在必要时进行更正。以下是示例命令:
fail2ban-regex '/var/log/apache*/*access.log' /etc/fail2ban/filter.d/apache-noscript.conf
您还可以使用以下命令查看监狱状态:
fail2ban-client status